Alert
close
scam alerts
magSearch
scam alerts
print this page email link of this page Online Banking Login

Scam Alerts

For Your Security Always Remember the Following:

Never click on a link or download attachments contained in an unsolicited email.

Go to the website yourself through your browser's address bar or use a bookmark you have set earlier, and as always, think before you click.

To learn how to avoid phishing scams like these visit: www.meriwest.com/phishing

Recent Scam Alerts:

Posted on 2/13/2019:

Fraudulent Phishing Messages targeting Meriwest and other Financial Institution members

Recently there have been reports of a phishing scam using pop-up banners targeting Meriwest and other Financial Institution members.  This banner discusses a breach at Fiserv, a provider of technology services to financial institutions including Meriwest, offering a free credit check.  Of course, in order to receive the free credit check, recipients are asked to provide a credit card information for “identity purposes”.

This message is not from Meriwest, Fiserv, or any other financial institution, rather it is an attempt to gain credit card information and compromise your account. This usually happens when your web browser is infected with malware.  

As a reminder, members must NEVER give sensitive information - such as passwords, credit card numbers, social security numbers, secret words or personal identification numbers (PIN) - over the phone, in an email or through a Web site. Please also note that Meriwest Credit Union NEVER requests members to renew or verify information about their account through a correspondence. We invite you to visit meriwest.com to learn more about phishing and how to protect your accounts.

Meriwest members who receive such requests for personal and account information are encouraged to contact Meriwest immediately to verify the legitimacy of the request.

Phishing Messages targeting Meriwest and other Financial Institutions

Posted on 12/19/2018:

Be aware of scam letters like these:

We are seeing a trend with fraudsters sending out the attached scam letter along with a counterfeit Meriwest cashier's check. Please be cautious and don't fall for these type of scams!

Also, please be on the alert, and know that you will NEVER receive a call, e-mail, or letter from Meriwest asking you to provide your account or personal information. If this happens, please do not provide any information until you contact the credit union directly.
Roaming Mantis Malware

Posted on 11/20/2018:

Important: Learn How To Avoid Fraud With These Online Holiday Shopping Tips:

If you haven’t already noticed, it’s the beginning of the holiday season. It’s a time for cheer, giving thanks, and of course…shopping! Retailers, both online and brick and mortar shops, have been hawking their upcoming Black Friday sale information since at least Halloween. So when you’re browsing online for great shopping deals, it’s always good to keep several things in mind so you don’t become a victim of cybercrime:

  • Don’t Click on Malvertising.  This is advertising that you see on the sides of your browser or in popups that is laced with malware. If you click on these: (1) You could download malware to your device; (2) You could be faced with a form asking for information such as login credentials, payment card details, or other identifying information that gets sent back to a criminal; (3) You could be redirected to another site asking for information. So, avoid clicking on those ads and if you are intrigued by something you see, go directly to the site/store by typing the name in the address bar.
  • Watch out for Phishing.  Cybercriminals can do many things to bait and hook you. They can send spam email to a mass list hoping someone will click a link or open an attachment that can get malware onto your device, or that can garner other information from you. Your browsing information is usually collected and used by someone to show you more targeted ads, for example. If criminals get that information, they can use it against you for targeted phishing. You should not only avoid clicking on ads you aren’t certain about, but don’t click links or attachments you are not 100% confident in either. Never click them if you don’t know the sender or, more importantly, if you are not expecting them - even if they appear to come from your financial institution.  Instead, contact the proposed sender using a phone number you already know or have looked up on their official website and ask about it. You can also log into your account directly and check any details there.
  • Don’t Store Payment Cards or Use Auto-Fill. You’re probably already on high alert about payment card fraud during the holidays and you should be. But also consider whether or not you have payment card details stored in your favorite retailers’ websites. If you do, it’s better not to do that. If one of them experiences a data breach, that information is likely to be stolen.  And when your browser tries to auto-fill your payment information, don’t let it. Criminals have found ways to cause you grief using the auto-fill feature in Chrome…and likely other browsers too. Either shut off the auto-fill function or remember to always type in your payment details manually. And never save this in your browser, no matter how convenient.
  • Setup Transaction Alerts and Check Your Accounts Frequently. Setting transaction alerts for online purchases on your cards is a good idea to monitor activity. Meriwest allows you to set these alerts and if a charge is made, you’ll receive a notification. You could set them for any transaction initially during the holidays so if your card number gets stolen, you can detect if criminals try to charge smaller amounts hoping you won’t notice right away. You can always change the alert settings at any time. You should always keep an eye on your charges, but try to be more diligent during the busy holidays when transaction activity usually increases. Save all your receipts and review them along with your bank and/or credit card statements to make sure everything is accurate. Additionally, while shopping in stores, remember that the Meriwest Debit card is chip enabled for security. Not to mention, that loading the Meriwest Debit card into your phones digital wallet is an extra layer of security and also provides the convenience of not having to carry your card or worry about losing it.
  • Beware of Pricing That is Too Good to be True. Check reviews on greatly discounted items to make sure they do not have major problems. A $250 TV might not seem like such a good deal if it does not make it to 2020. Online scammers often set up dummy websites, auction listings or ads that offer popular items far below market value. These scammers will kick into high gear for Cyber Monday. Trust your instincts and beware of scam sales. If it’s too good to be true, it probably is.
  • Read and Save a Dated Copy of the Return Policy. Many sales disputes stem from misunderstandings over return or refund policies. Make sure you read and understand the return policies before making a purchase. Some returns will require costly restocking fees and some sale items may not be eligible for return. Also, find out if you are responsible for shipping costs on a return item, as larger items could be costly to ship.
  • Shop with Trusted Retailers. It is important to make sure you are on the correct website by checking the domain name in the browser. Sometimes emails or online ads promising great deals will direct you to scam sites designed to look like a trusted retailer. The domain name at the top of your browser should contain “https://” to denote a secure site. Use unique and secure passwords when setting up online accounts.
  • Review Seller Ratings and Negative Feedback. Marketplace websites allow a wide range of individual sellers to offer products to a large audience. Many of these sites allow previous customers to rate their experience with a particular seller. Exercise caution when dealing with sellers who have an excess of poor feedback. Check the specific feedback to see what those who complained had to say.
  • Keep Payment Information Secure. Never pay for items purchased online with wire transfers, money orders or cash. These types of payment offer no tracking or protection in the event of a scam. When making an online payment for goods use a credit card, PayPal, Google Checkout or another secure online payment system. Some payment systems offer additional dispute resolution options.

Posted on 11/07/2018:

Direct Deposit Scam Is On

A familiar attempt to get at your hard-earned paycheck is resurfacing, says the FBI. The organization recently released a Public Service Announcement warning that cybercriminals are again targeting online payroll accounts for employees who use direct deposit, particularly those working in education, healthcare, and commercial airway transportation. The Better Business Bureau is also echoing the warning to consumers. The direct deposit scam is nothing new, but it’s back with a vengeance.  

Roaming Mantis Malware

The Internet Crime Complaint Center (IC3) is the Bureau’s virtual complaint desk for people who believe they’ve been victims of or have been defrauded by an online crime. The IC3 reports a spike in complaints from consumers about a direct deposit phishing scam aimed at getting login credentials. Hackers are posing as human resource employees and sending out phishing emails with links asking staff to update their credentials for direct deposit. Upon getting that information, hackers reroute paychecks to a different account (owned by them) or transfer the funds onto a prepaid debit card they own. In a new twist, hackers also change the rules of an account, preventing the employee from receiving any alerts about direct deposit changes. That means someone’s entire account can be changed without them knowing, until they realize their paycheck never made it to where it belongs.

Below are FBI warnings about direct deposit scams:

  • Never, ever provide login details or personal information to anyone and never send these via email.
  • While you should always use unique credentials for each account, be especially sure to use different login credentials exclusively for payroll purposes.
  • Always check a link by hovering your mouse over it to carefully check the URL address is legitimate. If it looks odd, don’t click it.
  • When in doubt about an email, contact the sender directly to verify using the phone or a by paying a personal visit.  (If something ever appears suspicious, report the incident to IT immediately by emailing #HelpDesk or by calling ext. 3206.)
  • Always use two-step verification when it’s available and especially when sensitive information is involved.

 As always, these types of scams likely are perpetrated via phishing email. So watch out for links or attachments that arrive in email that you are not expecting, come from unknown senders, or that you just cannot be 100% confident are legitimate. When it comes to your payroll, it’s always best to call the payroll department to verify such links first. It’s a simple step that can keep your paycheck where it belongs…in your account.

Have a great day and stay secure!

Posted on 9/29/2018:

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving.  A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

What’s happening?
For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc.). Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

The complete KrebsOnSecurity article can be found here: https://krebsonsecurity.com/2018/09/beware-of-hurricane-florence-relief-scams/

Posted on 8/15/2018:

With cybercrime a real threat to individuals and companies it is important to note what Meriwest is doing to protect your assets.

First, we have very sophisticated systems in place that look for unusual and suspicious activity.  We have a monitoring system that works for you 24/7 to allow us to mitigate activities should anything appear to be out of the ordinary.  We work very closely with our vendors to make sure we are up to date on best practices with regard to fraud detection and prevention. 

Secondly, we encourage all members to do their part by undertaking security precautions in managing your accounts. Those include not sharing your PIN or account access information, utilizing strong passwords for online access, establishing transaction alerts on accounts, and monitoring account activity through online or mobile banking. If you see anything out of the ordinary please contact us immediately at 877-637-4937.

Should you feel that your PIN may have been compromised at any time, you may contact our 24-hour Debit Card PIN change at 877-746-6746.

You may also contact our Fraud Prevention Service at 1-800-417-4592, for any suspected fraud on your ATM/Debit Card.

Additional recommendations and information regarding security can be found on our web site at www.meriwest.com/security.

Posted on 8/1/2018:

PayPal phishing schemes

PayPal phishing schemes are fairly common these days. Many, or even most of them are generic in nature. In other words, they don’t target a specific person or group. They are merely crafted in such a way that they can be sent to a large number of people at one time as spam. However, sometimes they arrive as if they could actually be from PayPal and are specific or somehow related to the recipient. This is called spear-phishing, because the attacker has some information which he can spear his target specifically. This tactic is more likely to result in success for the phisher.

Spear-phishing campaigns are on the increase and the use of PayPal as the bait is increasing in sophistication with each new campaign. Cisco researchers have found several versions of imposter PayPal web sites that are so well done, they can trick even the most phishing-savvy person into falling for the scams behind them.


Roaming Mantis Malware

What is making it even more problematic is that these phony websites are actually legitimately registered, sometimes even with actual security certificates attached. Many, such as one of the primary ones used – redirectly-paypal.com– are registered through a site called Wix. A list of many of the other fake ones is listed here:

  • helpcenter-paypal-rosolution[.]pepitoheyashi[.]ga
  • paiiypal[.]com
  • paypal-secure-account-information[.]reikitrainingjourney[.]com
  • paypal[.]com[.]user[.]accounts[.]lwproductions[.]net
  • paypalcomcgibinwebscrcmdloginsubmitdispatch58z8duft875dl80al[.]planetevents[.]co[.]in
  • paypalupdate[.]uploadppl[.]com
  • paypaluserupdateinfoforupaypalnowclosedbypaypal[.]bodybuildingexercise[.]org
  • update[.]paypal[.]com[.]kgreendesigns[.]co[.]za
  • www[.]paypal[.]com-webapps-cgi-bin-webscr-login-access[.]com
  • x-paypal.com/us/webapps/home
  • securitycheck-paypal.com

new version of chrome

Unfortunately, the fake sites use the color schemes, text styles, and images from the actual PayPal site, making them nearly impossible to detect. Some have also registered with very popular and legitimate hosts, such as CyrusOne LLC, which also hosts CarFax and Dell. However, there are some ways to tell if one is trying to trick you:

new version of chrome

  • Check the website name in the address bar. It should be “paypal.com” and have the “https” in front, as well as the secured site text and lock icon. If you’re using the U.S. site, it may even display as “paypal.com/us/home” and the “us” may be changed to the country for the site you’re using. For the German site, the “us” in that URL is replaced with “de,” for example.
  • Check for the little country flag in the lower corner of the site. As of time of writing, it’s in the lower right corner as you scroll down the site. If the site is in the U.S., that flag will be the U.S. flag.
  • If you see anything prior to the “.com” other than the word “paypal,” or anything prior to the word “paypal,” it is likely fake. In other words, the only thing that should be between the dots is the word “paypal,” followed immediately by the “.com.”
  • The green text, the lock, and the “https” are all positive, though not always definitive indicators of the legitimate site.

Some of these phishing sites actually try to get users to enter credentials other than the ones for PayPal. A common one attempts to spoof an Apple credential verification page. However, Apple and PayPal are not related, so an Apple login page should not show up.

new version of chrome

Another site uses Spanish language but targets English speakers. If the text is in another language, those behind it are most definitely up to no good.

It’s likely more of these sites and those using other well-known companies will be popping up in the future.  If you need to verify credentials or check something in your account for any online account, go directly to a bookmarked link or type in the address manually, being careful not to make typos. Then login there to do your sanity checks or to make changes. Don’t click on links in email messages to do this, even if you think they may be real. It’s just safer not to.

Posted on 6/13/2018:

Roaming Mantis Malware Hijacking Two-Factor Authentication from Online Banking

Today’s Security Tip is brought to you by a Stickley on Security article that warns about a new Roaming Mantis malware that is being used to collect login credentials to financial accounts and other sensitive information.

What can you do?

  • Change the password on your internet router
  • Be wary of pop-up messages asking to update Chrome “for a better browsing experience”
  • Only download apps from the official stores such as Google Play and the Apple App Store
  • Watch out for app requests to access various device permissions (contacts, text, phone, account details, etc.)- Never give apps access they don’t need.
  • Ensure strong passwords are utilized an your devices are updated with the latest security patches

The Article: Roaming Mantis Malware Hijacking Two-Factor Authentication from Online Banking

If you haven’t yet changed your default password on your internet router, stop right now and take a few minutes to do it. Not only is the FBI recommending this because of the recent discovery of the VPNFilter malware, but now there is more malware that can hijack that same router (and any others) and spy on users. Roaming Mantis, changes the router’s DNS (domain name system or domain name service) settings to direct traffic to fake versions of legitimate sites. In this case, it uses Android devices with malicious apps installed to steal login credentials to financial accounts.

This warning goes for home and business users that have devices that connect to the Internet. Those are the ones at risk for DNS hijacking. DNS translates a website address to an IP number - it can be thought of as your computer’s phone book. That’s why it’s serious if these DNS settings are modified. If a lot of users get sent to fake websites and enter in their credentials (i.e. username and password), it’s quite a successful day for the cybercriminal.

Once a person’s DNS is overwritten, this group redirects users to malicious websites that display a pop-up message promoting a Chrome upgrade for a better browsing experience. The malware will pop up with a warning message asking you to update your Chrome version on the mobile device.


Roaming Mantis Malware

If you click OK, it will download and install a fake version of Google Chrome, then ask for various permissions including access to the device’s account details, the management of texts and phone calls, and recording and video capabilities, as well as others. If the user goes so far as to give the app appropriate permissions, another dialogue box appears stating “Account No.exists risks, use after certification.”  That alone should be a big warning that something is amiss. If “Enter” is clicked, it’ asks for the name and birthdate associated to Gmail.

new version of chrome

With access to the texts/SMS, it can intercept multi-factor authentication codes too. Never give apps access they don’t need. Very rarely, if ever, does an app need access to your device’s account settings or administrator password. If it asks, definitely do more research. It’s likely the app is up to no good. This one tries to trick users into entering Gmail credentials. If it gets enough information out of the user, it can potentially get access to all kinds of accounts such as social media, email, and financial accounts.

While you’re making sure your password is strong, make sure your devices are updated with the latest security patches. Hopefully, you have already done this after the FBI’s warning about VPNFilter.

Also, be sure to only download apps for all of your devices from the official stores, such as Google Play or the Apple Store. While there is never a 100% guarantee that these are free of malware, they are less likely to have it. The apps typically go through more security scrutiny before they are allowed into those stores than those that can be found on third-party sites. In this case, it is a third-party site that hosts this malicious app. Kaspersky Lab found references to South Korean mobile banking and gaming apps, as well as to a Chinese social media site, Sohu. Roaming Mantis was detected at least 6,000 times by Kaspersky. This indicates that it’s capable of spreading very quickly.


Posted on 5/24/2018:

Be careful of what websites you and your family visit:

Do you or your kids play games online using the family computer? This is just one of the many ways your computer can get infected. Many foreign-based game websites market to gamers and younger audiences, and download malicious code to your computers registry. If you are noticing weird behavior and strange pop-ups when using your web browser, then your computer is most likely infected. If your computer is infected then your online activity can be tracked making you vulnerable to phishing scams which can expose your financial and personal information. Good Antivirus software can catch many of these attempts, but they do not prevent all viruses and malicious code from being downloaded to your computer. As antivirus software companies try to keep up with all the new attacks, hackers are always coming up with new techniques and ways to exploit the new technologies we use every day. Be careful, and discuss with your kids the danger of visiting untrusted websites. As always, think before you click.

In the example below, malware, that was downloaded from a game website (ArcadeGala), activated a new tab while a member was visiting www.meriwest.com which prompted a fake survey that appears to be from Meriwest Credit Union but is not. Be careful not to fall for this one!

Red Flag: If the website URL does not look right, then follow your instincts.
Supermarket Cutomer Sweepstakes Raffle Draw Scam(Image snap-shot taken by member)

Pop-up says: "Dear Meriwest Credit Union Visitor", then asks visitor to complete a survey. Do not fall for these tricks! Supermarket Cutomer Sweepstakes Raffle Draw Scam(Image snap-shot taken by member)

Posted on 5/1/2018:

Warning your computer is infected

This is an oldie, but a goodie in the world of scams. When browsing the internet, users may see pop-up messages prompting them to either “click here for a free scan” or “contact xxx-xxx-xxxx to remove virus.” However, the software or "free scan" offered in these pop-up alerts often doesn't work or will actually infect a computer with the dangerous programs it is supposedly meant to protect against. Also, the phone number listed on these pop-ups will usually direct users to a scam artist who will try to sell “anti-virus protection software” and ask to take control of the user’s computer or device to complete the installation process. Once they have control though, malicious software can be installed on the victim’s device to track their activity and monitor their keystrokes. Then, the waiting game begins. Scammers will watch their victim’s activity until they sign in to their online banking account(s) and from there, they can obtain the user’s login credentials.

In some cases, if users purchase this “software" from a scammer, they might contact the victim later on to advise that a virus infected their computer and they would like to issue a refund for the product purchased because they were unable to prevent the virus attack. However, these fraudsters may claim that they must be logged in to the user’s computer in order to issue the “refund credit” and request to remotely access the device. The objective with this angle is to build trust. The scam begins when they show the victim that they have “refunded” the money while being logged into their computer; however, the amount may be more (even several thousand dollars more) than the amount originally paid. These fraudsters allow the victim to see what they want them to see by manipulating their accounts, when in reality the funds were actually transferred from the victim’s own, internal account. Next, they will try to scare their target into thinking they will be taxed or in trouble with the IRS if the funds are not returned immediately. They will then pressure their target into sending the funds back in the form of a wire transfer, MoneyGram, or gift card. Watch out for these red flags. This is a scam!

How can you protect yourself?

  • NEVER click on pop-up alerts! Don't even click on the “X” to delete the pop-up alert as this may result in receiving more pop-ups. Instead, enter CTRL+ ALT + Delete for PCs, or Command + Option + Esc for Macs, to view a list of programs currently running and delete the pop-up alert from the program list.
  • NEVER click on an unknown link on/from a social media website.
  • Keep your computer updated with the latest anti-virus and anti-spyware software that you purchased from a trustworthy source. Also, use a well-known firewall.
  • NEVER open email attachments unless you can verify the sender and you trust them.
  • NEVER click on the links in spam email.
  • NEVER trust the contact details provided in a pop-up message for computer assistance. Instead, independently find a reputable computer repair service to assist you with your computer issues.
  • NEVER allow any unknown source to remotely access or take control of your computer.

If you have experienced any of these scams, stop using your computer immediately! Contact your financial institution(s) to notify them of the situation, review your statements for any unauthorized activity, and take your computer to a reputable computer repair service. Lastly, ensure to use increased caution in the future.

Posted on 4/13/2018:

Scammers Claiming to be Meriwest Employees

IMPORTANT
It has come to our attention that there are phone scams going on in our area. Please be on the alert, and know that you will NEVER receive a call or e-mail from Meriwest asking you to provide your account or personal information. If this happens, please do not provide any information until you contact the credit union directly.

Posted on 1/18/2018:

Phishing Scam: Supermarket Cutomer Sweepstakes Raffle Draw Scam

One or more Meriwest Members received a fictitious letter claiming they were a winner in this sweepstakes. This letter included a fake check.

Scam Letter:
"We are pleased to inform you that you are one of the winners of the "SUPPERMARKET CUSTOMER SWEEPSTAKES RAFFLE DRAW"
The raffle entry ticket attached to your name with serial number PWG 61900 is one of the size winning tickets of the grand prize and your share of the winning is $880,000 (Eight Hundred And Eighty Thousand Dollars Only)...."

If you come across a mailing like this or a similar variation, please don't fall for it!

Supermarket Cutomer Sweepstakes Raffle Draw Scam

Posted on 12/18/2017:

Phishing Scam: Malware Masquerades As A Secure Banking Message

After a big cyberattack, such as the data breach that hit Equifax recently, criminals frequently attempt to take advantage of the fear factor and trust customers and members have with their financial institutions. In a recent phishing campaign, discovered by Barracuda Networks, messages masquerade as legitimate and secured messages from banking institutions such as TD Commercial and Bank of America to trick people into installing malware onto their computers and devices.

In this one, an email is received that claims to be a secure message from a financial institution. Inside is one of three possible phishing lures that researchers have seen thus far: 

  • An attachment with included malware
  • Instructions to reply to sender
  • A set of instructions to perform actions that executes the malware
They are pretty difficult to detect as fake because they use domain names that look very close to the real ones. For example, they may be “Bank0fAmerica” where the “O” is replaced with a zero. This is called do-jacking or typosquatting. 

They also use actual logos and copy the confidentiality statements word for word, making it even more difficult to identify it as phishing. As a rule, simply never click on an unexpected link; especially if it is from an unknown email address.  

When receiving messages from financial institutions or any organization that has a confidential relationship with you, go directly into your account to check the secure message center rather than clicking links or attachments. There is no need to click links because these organizations always place those messages in your secure inbox in your account. 

There are multiple variations of this attack and they make it past antivirus products in some cases. Once malware is on the device, it can be made more dangerous. The attackers may be able to remotely access it and turn it into ransomware, spyware, or information stealing malware.


Bank of America scam

Posted on 12/7/2018:

Phishing Scam: Uber Breach

As you may have heard, Uber suffered a data breach a year ago in which the names, email addresses and phone numbers of 57 million customers and drivers were stolen.  Uber reported that they paid off the hackers who then supposedly “deleted the data,” but that cannot be confirmed.  Consequently, Uber-themed scams are to be expected.

Watch out for phishing emails related to this Uber data theft.   For instance, look out for messages claiming that your "Uber account was compromised" and that you need to change your password, or anything else related to Uber that could be suspicious.  Below is an example of how these messages could look:

Uber Breach

Posted on 9/27/2017:

Phishing Scam: Anonymous Text Messaging Scam

One or more members have reported receiving an anonymous text message requesting them to contact Meriwest. Don't fall for this scam. 

Q: What is Smishing? A: Like a “phishing” email scam, where fraudsters send an authentic-looking email to obtain personal or financial information, “smishing” messages are sent to you via SMS (text message) on your mobile phone.

Q: What is happening? A: Members have reported receiving a text message purportedly from Meriwest Credit Union requesting a call back at an unknown phone number. THIS IS NOT A VALID MERIWEST CREDIT UNION COMMUNICATION OR PHONE NUMBER. DO NOT PROVIDE YOUR CARD INFORMATION. 
The phone number is a recording which states:  "Welcome to Meriwest Credit Union, for security reasons we need to verify your account.  All direct deposits have been disabled until verification is complete. Please enter your 16-digit card number." 
Meriwest will never contact you requesting account information. Be cautious and never reply to anonymous messages via text, phone, or email. 

Q: I’m concerned that I received this text message.  Was there an internal data breach?
A: That is a valid concern with all the data breaches in the news lately.  However, at this point we have no reason to believe that a data breach occurred.  What we know so far is that a fraudster has decided to use Meriwest Credit Union’s name to perpetrate this scheme to gather Debit card information. 

Q: What information is being requested? A: The recorded line goes on to request ALL the card information (i.e. the full 16-digit card number, expiration date, CVC security code, zip code and PIN).  If this information is provided, it could be used to complete any type of transaction, such as: ATM cash withdrawals, online purchases, fill ups at the gas station pumps, you name it.

Q: What do I do if I provided my card information? A: Contact the Credit Union to cancel the card immediatelyto prevent any fraudulent transactions on your account.  You may visit any one of the Meriwest Financial Center locations or call us directly. We will need to know what card information was provided and may ask what phone number you received the text message.

Anonymous Text Messaging Scam

Posted on 9/6/2017:

Phishing Scam: Hurricane Harvey Disaster Scams

Hurricane Harvey hit hard, especially in Houston, Texas where it was badly flooded, and cyber criminals are exploiting this disaster.

Scammers are now tricking people into clicking malicious links on Facebook, Twitter and phishing emails soliciting charitable donations for the Hurricane Harvey flood victims. 

 For example:

  • Facebook pages dedicated to victim relief may contain links to scam websites.
  • Tweets are going out with links to alleged charitable websites soliciting donations, but in reality include links to scam sites or links that lead to a malware infection. 
  • Phishing emails are being sent asking for donations to #HurricaneHarvey Relief Fund. 

Previous disasters have been exploited like this and the bad guys are going at it again. Don't fall for these scams. If you want to make a donation, go directly to the Meriwest home page to find a safe place to donate, or visit the website of the charity of your choice by typing the web address in your browser or use a bookmark.

Do not click on any links in emails, social media pages or text messages you may receive. Please be wary of anything online covering the Hurricane Harvey disaster in the following weeks.... THINK BEFORE YOU CLICK.

Hurricane Harvey Disaster Scams

Posted on 8/25/2017:

Phishing Scam: AMC Sweepstakes Letter and Check Scam

One or more Meriwest Members received a fictitious letter claiming they were a winner in this sweepstakes. This letter included a fake check with a Meriwest logo. There has been an increase in Phishing Scams similar to this.

AMC Sweepstakes Letter and Check Scam

Posted on 7/29/2017:

Phishing Scam: North America Financial Services, Lottery Winner Scam

One or more Meriwest Members received a fictitious letter claiming they were a winner in a sweepstakes/lottery. This letter included a fake check with a Meriwest logo. There has been an increase in Phishing Scams similar to this.

North America Financial Services, Lottery Winner Scam