CU SECURITY & TECHNOLOGY News - Providing a brief summary of news and information related to security and technology issues for credit unions - Plus some interesting and fun web sites . . .
Tuesday, June 30, 2009
Need A Speaker For Your Next Conference?
Rory Rowland as Mr. Bean . . . .
Bringing your conference program to life. Call for information, references,
smiles and education. Check out the video at: http://www.youtube.com/watch?v=InWRkiag4yg
Rory Rowland
14401 Covington Rd.
Independence, MO 64055
816-478-3249
roryrowland@yahoo.com
(No, that's Mr. Bean, above. Rory is below. Click on photos to enlarge.)
Bringing your conference program to life. Call for information, references,
smiles and education. Check out the video at: http://www.youtube.com/watch?v=InWRkiag4ygRory Rowland
14401 Covington Rd.
Independence, MO 64055
816-478-3249
roryrowland@yahoo.com
(No, that's Mr. Bean, above. Rory is below. Click on photos to enlarge.)
Monday, June 29, 2009
Several CUs report more scams
Credit unions in Maine and Texas reported that recent scams have targeted their members.
The scams have involved:
> Brewer (Maine) FCU, which is warning its members about attempts to fleece their accounts. Scam artists are sending checks to credit union members for items bought on Craigslist and other Internet sites that are "in excess of the purchase price with a request to return the excess," said a Brewer FCU press release. Or, scammers send checks to members and ask that the checks be cashed for the scammers. "Inevitably these checks are returned either for insufficient funds or because they are fraudulent altogether," the $39.1 million-asset credit union said (Bangor Daily News June 23).
> The $6.2 million-asset, Sugar Land (Texas) Employees FCU, whose members have been targeted by text messages sent by scammers posing as the credit union. The messages claim that members' debit cards had to be deactivated for security reasons, and that members should call an 800 number and give out personal information to reactivate their cards, according to the Texas attorney general's office (The Fort Worth Star-Telegram June 21).
> New Dimensions FCU, Waterville, Maine, which is advising members to ignore pre-recorded phone calls that tells members--for instance--that their Visa card has been restricted for supermarket use only, and that they must call a specific phone number to contact Visa security and a press "1" to speak to someone. The $5.8 million-asset credit union and local police are advising members that the calls are a scam and to ignore them.
The scams have involved:
> Brewer (Maine) FCU, which is warning its members about attempts to fleece their accounts. Scam artists are sending checks to credit union members for items bought on Craigslist and other Internet sites that are "in excess of the purchase price with a request to return the excess," said a Brewer FCU press release. Or, scammers send checks to members and ask that the checks be cashed for the scammers. "Inevitably these checks are returned either for insufficient funds or because they are fraudulent altogether," the $39.1 million-asset credit union said (Bangor Daily News June 23).
> The $6.2 million-asset, Sugar Land (Texas) Employees FCU, whose members have been targeted by text messages sent by scammers posing as the credit union. The messages claim that members' debit cards had to be deactivated for security reasons, and that members should call an 800 number and give out personal information to reactivate their cards, according to the Texas attorney general's office (The Fort Worth Star-Telegram June 21).
> New Dimensions FCU, Waterville, Maine, which is advising members to ignore pre-recorded phone calls that tells members--for instance--that their Visa card has been restricted for supermarket use only, and that they must call a specific phone number to contact Visa security and a press "1" to speak to someone. The $5.8 million-asset credit union and local police are advising members that the calls are a scam and to ignore them.
Sunday, June 28, 2009
2009 CU Security Conference Photos
The 2009 Credit Union InfoSECURITY Conference brought together dozens of experts in the field of security for credit unions. Lake Las Vegas provided a unique setting for a unique conference. Attendees enjoyed free lodging in condominiums, Power Point handouts on USB drives and a program ending networking pool party.
Here are a few photos taken at the conference.
Here are a few photos taken at the conference.
..
Below (and above) is what you saw when you walked out of the conference meeting room. (Click to enlarge photos)
Friday, June 26, 2009
Cell phone in the toilet bowl? Here’s how to fix it
Your cell phone, pager or iPod has fallen into the toilet bowl, swimming pool or kitchen sink full of water. You fish it out. After you've washed your hands -- depending on the circumstance -- what can you do?
Here's five techniques for restoring the gadget to life. Here's a short description (don't try this without reading his entire post):
1. Remove the battery -- immediately. Then take off the battery cover and other compartments, he says.
2. Submerge the device in a container filled with the alcohol for five minutes.
3. Let the device dry for an hour or so. "The alcohol will evaporate very quickly but be sure it's really dry," "FiscalGeek" says.
4. If that doesn't work after several tries, move on to the other options:
5. Store the phone overnight in a sealed bag of dry rice. The rice acts as a desiccant. (We'll save you the trouble of looking that up. It means "a drying agent.")
Use a Dri-Z-Air dehumidifier.
Finally, maybe a hair blower will work.
It's worth a try to salvage the phone or other gadget. Otherwise, you're left with his final suggestion:
Smash it with a hammer and buy a new device. This one works every time.
Tuesday, June 23, 2009
Top 10 Worst People in Anyone's Life
Top 10: Worst Names for the Special Service People in Your Life:
Of all the people you count on weekly to help you get through life, here are the top ten worst choices by area of relationship and/or service:
10. Your hotel innkeeper is Norman Bates.
9. Your limo driver is Evel Knievel.
8. Your primary care physician is Dr. Edward Scissorhands.
7. Your international travel agent is Mr. Phineas T. Fogg.
6. Your personal tailor is Bozo the Clown.
5. Your personal trainer is Ozzy Osbourne.
4. Your barber is Sweeney Todd.
3. Your spiritual advisor is Charles Manson.
2. Your investment manager is Charles Ponzi.
1. And finally .... or fatally .... and on a much more personal note, your "significant other" is either Ann Coulter, Nancy Pelosi, Nancy Grace, Rush Limbaugh, Larry King, Al Franken, Lizzie Borden, Bill O'Reilly, Hillary Clinton, Jerry Springer, Barney Frank, Madonna, or Rosie O'Donnell.
Of all the people you count on weekly to help you get through life, here are the top ten worst choices by area of relationship and/or service:
10. Your hotel innkeeper is Norman Bates.
9. Your limo driver is Evel Knievel.
8. Your primary care physician is Dr. Edward Scissorhands.
7. Your international travel agent is Mr. Phineas T. Fogg.
6. Your personal tailor is Bozo the Clown.
5. Your personal trainer is Ozzy Osbourne.
4. Your barber is Sweeney Todd.
3. Your spiritual advisor is Charles Manson.
2. Your investment manager is Charles Ponzi.
1. And finally .... or fatally .... and on a much more personal note, your "significant other" is either Ann Coulter, Nancy Pelosi, Nancy Grace, Rush Limbaugh, Larry King, Al Franken, Lizzie Borden, Bill O'Reilly, Hillary Clinton, Jerry Springer, Barney Frank, Madonna, or Rosie O'Donnell.
Friday, June 19, 2009
How good is Microsoft's free antivirus software?
Microsoft has officially unveiled its long-awaited consumer antivirus offering. Formerly code-named “Morro,” it’s now been christened Microsoft Security Essentials, and it will enter public beta testing next week. If you have a licensed copy of Windows XP (Service Pack 2 or above), Windows Vista, or Windows 7, you’ll be able to download and install the software at no additional charge. No subscription is required for ongoing definition updates, either. The final release is scheduled for this fall.
The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.
The MSE download is impressively lightweight. The x64 copy I installed on Windows 7 was 3.8 MB in size; x86 copies are 4.8 MB for Vista/Windows 7 and 7.7 MB for Windows XP. Installation (including the most recent definition updates) took less than four minutes and, as promised, the initial setup didn’t require any personal information or registration. After I accepted the license agreement, the software informed me that it needed to update its virus definitions and then proceeded to get the most recent updates on its own.
You can bet that the beta release will be seriously tested by independent labs and especially by Microsoft’s for-profit competitors in the coming weeks. If it has any weaknesses, expect to see them heavily publicized. Meanwhile, I’m sufficiently impressed by MSE in operation to give it a more in-depth workout on multiple systems here.
The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.
The MSE download is impressively lightweight. The x64 copy I installed on Windows 7 was 3.8 MB in size; x86 copies are 4.8 MB for Vista/Windows 7 and 7.7 MB for Windows XP. Installation (including the most recent definition updates) took less than four minutes and, as promised, the initial setup didn’t require any personal information or registration. After I accepted the license agreement, the software informed me that it needed to update its virus definitions and then proceeded to get the most recent updates on its own.
You can bet that the beta release will be seriously tested by independent labs and especially by Microsoft’s for-profit competitors in the coming weeks. If it has any weaknesses, expect to see them heavily publicized. Meanwhile, I’m sufficiently impressed by MSE in operation to give it a more in-depth workout on multiple systems here.
ATM fraud ring arrests made, stole from Florida CUs
Police in Jacksonsville, Fla., recently made three arrests in a complex ATM fraud ring involving more than 100 people. The ring defrauded a number of Florida credit unions.
Ophel Day, Tony Fudge and Jacob Dunn were arrested for depositing bad checks into ATMs and then making withdrawals or purchases before the checks bounced, according to federal investigators (WJXT Jacksonville June 17).
The fraud has cost local credit unions from $300,000 to $500,000, police said. Affected credit unions include Jacksonville-based Vystar CU and Mulberry, Fla.-based Community First CU.
More arrests will be made, Paul Elliot of the Secret Service said
The scam begins when account holders sell their ATM cards and personal identification numbers for up to $500 to a "recruiter" in the ring, authorities said. The recruiter then passes the information on to the scam's ringleader. Individuals giving up their card then report the card as stolen.
Recruiters deposit checks that are counterfeit, stolen or from closed accounts into ATMs. The active accounts allow a percentage of the money deposited to be immediately withdrawn, with subsequent withdrawals and purchases from businesses conducted before the check is returned, authorities said.
Account holders often report that their cards are stolen or lost after the thefts occur. Many are reimbursed for losses they claim--which results in a double whammy to the financial institutions involved, authorities added.
Ophel Day, Tony Fudge and Jacob Dunn were arrested for depositing bad checks into ATMs and then making withdrawals or purchases before the checks bounced, according to federal investigators (WJXT Jacksonville June 17).
The fraud has cost local credit unions from $300,000 to $500,000, police said. Affected credit unions include Jacksonville-based Vystar CU and Mulberry, Fla.-based Community First CU.
More arrests will be made, Paul Elliot of the Secret Service said
The scam begins when account holders sell their ATM cards and personal identification numbers for up to $500 to a "recruiter" in the ring, authorities said. The recruiter then passes the information on to the scam's ringleader. Individuals giving up their card then report the card as stolen.
Recruiters deposit checks that are counterfeit, stolen or from closed accounts into ATMs. The active accounts allow a percentage of the money deposited to be immediately withdrawn, with subsequent withdrawals and purchases from businesses conducted before the check is returned, authorities said.
Account holders often report that their cards are stolen or lost after the thefts occur. Many are reimbursed for losses they claim--which results in a double whammy to the financial institutions involved, authorities added.
Newest report shows fraud trends
The recently released May 2009 Online Fraud report from RSA Security Inc.'s Anti-Fraud Command Center provides information for credit unions and others about the latest fraud trends and forecasts for the next 12 to 18 months.
These include:
> Muling--the evolution of recruitment scams directed towards unsuspecting individuals to aid in the monetization of stolen goods;
> Evolving supply chains, including fraud-as-a-service, which helps online criminals commit fraud;
> Significant increase in attacks against the enterprise;
Evolution in crimeware and attack vectors including: a rise in use of the latest crimeware delivery method; fast-flux botnets (a network of compromised computers); improvements in both Trojan functionality and infrastructure; and consolidation of "traditional" phishing and malware attacks.
The number of phishing attacks in April dropped 7% from March attacks, the report said.
In the next 12 to 18 months, RSA said it expects to see an increase in enterprise fraud in which online criminals can gain access to sensitive corporate data such as intellectual property and business plans.
To stay ahead of the fraudsters, RSA recommends that companies deploy a layered approach to security, which has three core elements:
> Understand the threat landscape--Organizations must understand the threats that are targeting their business and the relative risks they pose. By doing so, organizations can mitigate the risks of online fraud or even prevent it from occurring at all.
> Use multi-factor authentication to protect the login--Username and password authentication is not enough to protect access to sensitive data today. Multi-factor authentication--including two-factor and risk-based authentication--are critical to preventing unauthorized access to a user's sensitive and personal data.
Monitor transactions and activities that occur post-login--Going beyond authentication solutions that can challenge users to assure their identity login, organizations should consider implementing a transaction-monitoring solution that analyzes and challenges high-risk transactions after login has occurred. Transaction monitoring can help identify suspicious post-login activities and mark them for further review.
These include:
> Muling--the evolution of recruitment scams directed towards unsuspecting individuals to aid in the monetization of stolen goods;
> Evolving supply chains, including fraud-as-a-service, which helps online criminals commit fraud;
> Significant increase in attacks against the enterprise;
Evolution in crimeware and attack vectors including: a rise in use of the latest crimeware delivery method; fast-flux botnets (a network of compromised computers); improvements in both Trojan functionality and infrastructure; and consolidation of "traditional" phishing and malware attacks.
The number of phishing attacks in April dropped 7% from March attacks, the report said.
In the next 12 to 18 months, RSA said it expects to see an increase in enterprise fraud in which online criminals can gain access to sensitive corporate data such as intellectual property and business plans.
To stay ahead of the fraudsters, RSA recommends that companies deploy a layered approach to security, which has three core elements:
> Understand the threat landscape--Organizations must understand the threats that are targeting their business and the relative risks they pose. By doing so, organizations can mitigate the risks of online fraud or even prevent it from occurring at all.
> Use multi-factor authentication to protect the login--Username and password authentication is not enough to protect access to sensitive data today. Multi-factor authentication--including two-factor and risk-based authentication--are critical to preventing unauthorized access to a user's sensitive and personal data.
Monitor transactions and activities that occur post-login--Going beyond authentication solutions that can challenge users to assure their identity login, organizations should consider implementing a transaction-monitoring solution that analyzes and challenges high-risk transactions after login has occurred. Transaction monitoring can help identify suspicious post-login activities and mark them for further review.
Friday, June 12, 2009
Reach a human when you call customer service
This is an amazing concept: A Web site called gethuman.com ("get human")gives instructions for avoiding the interminable voice menus used by companies and government agencies -- and reaching a real customer-service person. We're bookmarking this baby. If the company you need to contact isn't listed, a tips page tells you how to find the 
"When you do finally find a human, ask them how to connect directly the next time (in case your call gets disconnected, etc.), and be sure to tell us so we can then list their number here," the site says.
The site, founded by consumer advocate Paul English, provides a message board and also rates companies' customer-service phone system performance against the gethuman standards. We don't need to tell you that the F's vastly outnumber the A's.
There's also a translation guide for what the voice menu really means. "Your call is important to us" means this, according to gethuman.com: "You are not important enough for us to have a human answer your call, but we think you are stupid enough to feel good when we say you are important."
Funny Money: Why Banks Want to be Our Friend
Redneck Bank is still alive and kicking. They're offering checking accounts of various types and they're the buzz of the finance news 
world for their tongue-in-cheek approach to banking.
(Click on photo to enlarge)
You can see their website here, complete with braying donkey, outhouse for "personal bidness" and lots and lots of Flash animation tutorials and info. (Note: they're not a "bank", per se, they're an extension of Bank of the Wichitas).
Click here to visit: http://www.redneckbank.com/
world for their tongue-in-cheek approach to banking.(Click on photo to enlarge)
You can see their website here, complete with braying donkey, outhouse for "personal bidness" and lots and lots of Flash animation tutorials and info. (Note: they're not a "bank", per se, they're an extension of Bank of the Wichitas).
Click here to visit: http://www.redneckbank.com/
Feds Hunting for $120 Million of CU Funds Missing From U.S. Mortgage
Michael McGrath, the founder and owner of U.S. Mortgage and its CU National Corp., is scheduled to plead guilty in federal court to bank fraud and conspiracy charges in what is growing into one of the biggest financial scandals ever to hit credit unions.
Customer Service Hall of Shame
MSN Money's 3rd annual survey finds which companies, despite tough times, still put customers first -- and which ones seem intent on walking all over them.
MSN Money released its third annual Customer Service Hall of Shame survey results. The results revealed that financial intuitions and telecommunication services keep slipping in the minds of consumers when it comes to customer service and nine out of the 10 companies that made it to this year’s shame list are repeat offenders!
Once again, the coveted number one worst customer service spot was reserved for AOL. The rest of the shame awards go to:
#2 Comcast
#3 Sprint
#4 Capital One
#5 Time Warner Cable
#6 HSBC
#7 Qwest
#8 Abercrombie and Fitch
#9 Bank of America
#10 Citigroup
On the bright side, some companies are satisfying consumers, especially low-cost entertainment and bulk food companies that provide great value in this economic climate. The number one Hall of Fame spot is awarded to USAA and the second to Trader Joe’s.
To check out the entire Hall of Shame list, visit:
http://articles.moneycentral.msn.com/SmartSpending/ConsumerActionGuide/HowCompaniesWereRanked.aspx
MSN Money released its third annual Customer Service Hall of Shame survey results. The results revealed that financial intuitions and telecommunication services keep slipping in the minds of consumers when it comes to customer service and nine out of the 10 companies that made it to this year’s shame list are repeat offenders!
Once again, the coveted number one worst customer service spot was reserved for AOL. The rest of the shame awards go to:
#2 Comcast
#3 Sprint
#4 Capital One
#5 Time Warner Cable
#6 HSBC
#7 Qwest
#8 Abercrombie and Fitch
#9 Bank of America
#10 Citigroup
On the bright side, some companies are satisfying consumers, especially low-cost entertainment and bulk food companies that provide great value in this economic climate. The number one Hall of Fame spot is awarded to USAA and the second to Trader Joe’s.
To check out the entire Hall of Shame list, visit:
http://articles.moneycentral.msn.com/SmartSpending/ConsumerActionGuide/HowCompaniesWereRanked.aspx
Thursday, June 11, 2009
95% of Blogs Abandoned
The NY Times reports that according to a 2008 survey only 7.4 million out of the 133 million blogs the company tracks had been updated in the past 120 days meaning that "95 percent of blogs being essentially abandoned, left to lie fallow on the Web, where they become public remnants of a dream -- or at least an ambition -- unfulfilled."
Richard Jalichandra, chief executive of Technorati, said that at any given time there are 7 million to 10 million active blogs on the Internet, but it's probably between 50,000 and 100,000 blogs that are generating most of the page views.
"There's a joke within the blogging community that most blogs have an audience of one." Many people who think blogging is a fast path to financial independence also find themselves discouraged.
Richard Jalichandra, chief executive of Technorati, said that at any given time there are 7 million to 10 million active blogs on the Internet, but it's probably between 50,000 and 100,000 blogs that are generating most of the page views.
"There's a joke within the blogging community that most blogs have an audience of one." Many people who think blogging is a fast path to financial independence also find themselves discouraged.
Tuesday, June 9, 2009
Employed women to outnumber men
Did you know that men make up about 82% of job losses so far? Employed women will soon outnumber employed men for the first time in U.S. history, according to the U.S. Bureau of Labor Statistics.
Security video records ghostly vibes in CU
Anderson City Employees FCU, located in the South Carolina city's brand new Municipal Business Center, is experiencing some otherworldly vibes in the form of not-yet-explained moving blurs picked up by its security camera.
The moving blur is white and floats around the room to a chair, sits down and disappears. Sometimes there are two blurs. The local NBC affiliate, KFOR, has the sightings on a video. Use the resource link below to view it.
The sightings began last month after security guard Rob Colbert spotted movement out of the corner of his eye while working late. He checked the security tape. It had captured the movement.
The blurs always occur in the same office. The most recent visit was last Thursday morning.
The center's IT director, Mark Cunningham, checked the cameras and found nothing wrong. The credit union closed the blinds to avoid any reflections from outside. But the apparition showed up again--this time more clearly.
IT cleaned the camera lens and resealed the camera cover, but the image reappeared. It doesn't cause any trouble and the credit union has nicknamed it "Clair, for clairvoyant."
The new center was built on a former service station lot but no one know of any ghosts lurking about.
"If it is a ghost, maybe it's Casper the friendly ghost," Frances Parham, CEO of the $1.6 million asset credit union, told the television reporters.
Click here to view the ghost video:
http://www.kfor.com/news/local/kfor-news-south-carolina-ghost-story,0,4375330.story
The moving blur is white and floats around the room to a chair, sits down and disappears. Sometimes there are two blurs. The local NBC affiliate, KFOR, has the sightings on a video. Use the resource link below to view it.
The sightings began last month after security guard Rob Colbert spotted movement out of the corner of his eye while working late. He checked the security tape. It had captured the movement.
The blurs always occur in the same office. The most recent visit was last Thursday morning.
The center's IT director, Mark Cunningham, checked the cameras and found nothing wrong. The credit union closed the blinds to avoid any reflections from outside. But the apparition showed up again--this time more clearly.
IT cleaned the camera lens and resealed the camera cover, but the image reappeared. It doesn't cause any trouble and the credit union has nicknamed it "Clair, for clairvoyant."
The new center was built on a former service station lot but no one know of any ghosts lurking about.
"If it is a ghost, maybe it's Casper the friendly ghost," Frances Parham, CEO of the $1.6 million asset credit union, told the television reporters.
Click here to view the ghost video:
http://www.kfor.com/news/local/kfor-news-south-carolina-ghost-story,0,4375330.story
ID thefts with victims' names on cards rise
The number of identity thefts where fraudsters obtained credit cards using victims' names rose during 2008, according to Javelin Strategy and Research.
Javelin attributed the increase to a credit card loan application process that requires less verified information and is easier than other types of loan applications. Also, credit cards provide the most financial gain for thieves, who often don't get caught (CardLine June 8).
The results, published by the Pleasanton, Calif.-based firm last week, are based on a survey conducted by the firm of 4,784 U.S. consumers last year.
Of those responding, 487 said they had been victims of identity theft. Of the identity theft victims, 146 indicated that a variety of fraudulent new accounts had been opened using their name.
Among the new-account fraud victims, one-third said criminals had opened new credit card accounts in their name, up from 26% from the previous year's survey.
Other findings:
> Twenty-six percent of the victims said fraudsters opened new store-branded credit cards in their names, down from 29% in 2007.
> Fifteen percent reported other types of fraudulent loans were in their names, down from 21%.
Javelin attributed the increase to a credit card loan application process that requires less verified information and is easier than other types of loan applications. Also, credit cards provide the most financial gain for thieves, who often don't get caught (CardLine June 8).
The results, published by the Pleasanton, Calif.-based firm last week, are based on a survey conducted by the firm of 4,784 U.S. consumers last year.
Of those responding, 487 said they had been victims of identity theft. Of the identity theft victims, 146 indicated that a variety of fraudulent new accounts had been opened using their name.
Among the new-account fraud victims, one-third said criminals had opened new credit card accounts in their name, up from 26% from the previous year's survey.
Other findings:
> Twenty-six percent of the victims said fraudsters opened new store-branded credit cards in their names, down from 29% in 2007.
> Fifteen percent reported other types of fraudulent loans were in their names, down from 21%.
Subscribe to:
Posts (Atom)
