MOBILE |   ABOUT US   |  HOME   |  LOCATIONS   |  CONTACT PATRIOT   |  EMAIL SIGN-UP   |  SITE MAP  

  Search




Fraud, Scam & Computer Hacking Alerts - and Security Tips

All year round, it is important to be aware of potential scams. As we become aware of scams that might affect our members, we will post alerts to our website. Please be careful as there are many scams that are occurring both by mail, email, phone and text message. If it sounds too good to be true, it probably is. Con artists work hard to get their hands on your money and your personal and financial information. To help reduce the risk and protect you, here is a list of potential scams and security breaches along with tips to be safer and smarter.
Another Heartbleed-Style Open SSL Vulnerability Discovered - 06-5-14
On Jun 5 2014, it was announced that six new vulnerabilities in the popular Open SSL cryptographic software library had been uncovered. Many sites that you access on the internet with https use the Open SSL software. Open SSL encrypts your data, including passwords and personal information, when it travels to a server for applications such as websites, email, instant messaging (IM), and some virtual private networks (VPNs). This weakness creates the potential for hackers to steal the information that is normally protected by the encryption software.
There are no actions needed by members at this time. However, for your protection, we encourage you to employ the following best practices for safe and secure internet use:
  • Use a strong password that contains a combination of upper- and lower-case letters, numbers, and symbols
  • Change your password every few months
  • Whenever possible, utilize sites that require multi-factor authentication such as security questions, image verification, etc
  • Do not use the same password for all of the sites you visit
  • Be cautious about using public Wi-Fi networks
  • Maintain up-to-date antivirus software
Patriot is currently working with our vendors to identify and remediate any vulnerabilities with our systems. While we are still in process, we have not found any vulnerabilities that would compromise your information. We will be posting an update once we have completed our research and remediation.

>>> Back to Top


EBay Asks Customers to Change Passwords - 05-21-14
Personal information for all of eBay’s 145 million active buyers could have been accessed in a hack two months ago, a company spokeswoman said, as the online auction giant advised all users to change their passwords. The database contained encrypted passwords and was compromised from late February into March. The hacked database contained customer information including names, phone numbers, birth dates, home addresses and email addresses. It did not include financial information. For further details from NBC News, please click here: NBC News article.
>>> Back to Top


Internet Explorer Security Alert Update- May 2, 2014
United States Computer Emergency Readiness Team (US-CERT) has provided an update for the vulnerability impacting Internet Explorer versions 6 through 11 web browser (http://www.us-cert.gov/ncas/current-activity/2014/05/01/Microsoft-Releases-Security-Update-Internet-Explorer-Use-After-Free). Microsoft has released out-of-band updates (https://technet.microsoft.com/library/security/ms14-021) to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.
Patriot Federal Credit Union is taking actions to mitigate this vulnerability to protect our internal networks. Members, especially those using e-Branch and Mobile Banking, should take action to protect their home and mobile computing devices. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update.
>>> Back to Top

Adobe Flash® Player and Internet Explorer Security Alerts - May 1, 2014
United States Computer Emergency Readiness Team (US-CERT) has issued a vulnerability warnings for Microsoft Internet Explorer and Adobe Flash® Player. Microsoft is aware of "limited, targeted attacks" currently exploiting the use-after-free vulnerability, in conjunction with a flaw in Adobe Flash® Player. Adobe has released a security update for Flash Player. Microsoft has not yet released a patch. In the interim, security experts recommend patching Adobe Flash Player.
The vulnerability warning is for versions of the Internet Explorer 6 through 11 web browser (http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being). Currently, Microsoft does not have a patch solution to resolve this issue. Patriot Members, especially those using e-Branch and Mobile Banking, should take action to protect their home and mobile computing devices. US-CERT recommends all Internet users consider using an alternate web browser until an official update from Microsoft is available.
The vulnerability warning for Adobe Flash Player is version 13.0.0.182 and earlier, for Windows computers, and Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh computers. This is due to an identified security vulnerability (http://www.us-cert.gov/ncas/current-activity/2014/04/28/Adobe-Releases-Security-Updates-Flash-Player). Adobe has released a security update for these versions. Patriot Members, especially those using e-Branch and Mobile Banking, should take action to protect their home and mobile computing devices. Adobe recommends users to update to the newest version of Flash Player by downloading it from the Adobe Flasher Player Download Center (http://get.adobe.com/flashplayer).

>>> Back to Top

Google Representative Scam
The Chambersburg Chamber of Commerce was alerted by a Chamber Member who had received a phone call from a "Google Representative" explaining that if they did not pay a $299 fee, their company would no longer appear in a Google Search. When the Chamber Member began asking questions that the caller could not answer - the caller hung up. The Chamber Member took the initiative and called Google - who confirmed this is a SCAM. PLEASE BE AWARE AND PLEASE BE CAREFUL!
>>> Back to Top

Apple iOS Update
Apple has released an iOS update that fixes some security issues for iPhones, iPads, and iPods. If you are using a device that runs iOS and haven't updated to iOS 7.1.1 yet, we strongly suggest updating to iOS 7.1.1 as soon as it is convenient to make sure your mobile device is secure. Apple details how you can update your device's Operating System on their support page: http://support.apple.com/kb/ht4623.
>>> Back to Top

Heartbleed Bug
On April 7, it was announced that a serious vulnerability in the popular Open SSL cryptographic software library had been uncovered. Many sites that you access on the internet with https use the Open SSL software. Open SSL encrypts your data, including passwords and personal information, when it travels to a server for applications such as websites, email, instant messaging (IM), and some virtual private networks (VPNs). This weakness creates the potential for hackers to steal the information that is normally protected by the encryption software.
Patriot completed an intensive review of all of our systems and found no vulnerabilities that require members to take any actions such as changing passwords.
However, if your mobile device is running Jellybean Version 4.1.1, it is vulnerable to the Heartbleed bug and should be updated. This has nothing to do with Patriot websites or apps, but is an issue with the mobile device.
For your protection, we encourage you to employ the following best practices for safe and secure internet use:
  • Use a strong password that contains a combination of upper- and lower-case letters, numbers, and symbols.
  • Change your password every few months
  • Whenever possible, utilize sites that require multi-factor authentication such as security questions, image verification, etc.
  • Do not use the same password for all of the sites you visit.
  • Be cautious about using public Wi-Fi networks
  • Maintain up-to-date antivirus software
>>> Back to Top

Microsoft Announces Ending of Windows XP Support
Microsoft has provided support for Windows XP for the past 12 years. However the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences.
As a result, after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer be providing security updates to help protect your PC).
If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP. Additional details from Microsoft are available here: Microsoft Support.

>>> Back to Top

Sears a Possible Victim of Retail Hacking - March 3, 2014
Bloomberg News reported Saturday that US retail giant Sears "is investigating a possible security breach after a series of cyber attacks on other retailers have exposed the data of millions of consumers." Sears is apparently being aided in this investigation by both Verizon's digital forensics unit and the US Secret Service.
This news follows major retail breaches at Target, Neiman Marcus and others. Indeed, the email statement by Sears to Bloomberg has been repeated verbatim as the official statement: "There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach. We have found no information based on our review of our systems to date indicating a breach."
To date, then, it simply is not known whether Sears is investigating an actual or reported problem, or merely undertaking responsible governance - and it could be some weeks before the full story is revealed. The problem is that modern malware is very good at hiding its presence; and both Verizon and the Secret Service are saying nothing.
The problem for Sears, and its customers and shareholders, is a period of uncertainty that could result in the company being given the all-clear; the discovery of limited compromises to a single or few stores; or the discovery of a major breach like those at Target and Neiman Marcus. The involvement of the Secret Service in the investigation could suggest that at least something has already been discovered.
Please review your account carefully for the next several months and contact Patriot Federal Credit Union immediately if you determine that there are any unauthorized transactions.
If you have any questions or concerns, you may contact a Patriot Member Service Representative by telephone at 717-263-4444, 301-766-7328 or by e-mail at, [email protected], for further assistance.

>>> Back to Top

Apple Device Security & Mobile Banking Alert
Apple recently issued an important security update that addressed a flaw in Apple mobile devices. Apple recommends that you install this update as soon as you can to ensure your information is as safe as possible.
The flaw allows hackers to intercept and change e-mail messages and login credentials on multiple Apple products. This same flaw can be used by a hacker to pretend that he/she was the trusted website and steal data such as credit card numbers the phone user was sending when making an online purchase. It could also be used to install malicious software that would stay on the phone, secretly feeding information to the hackers long after the original attack was performed.
According to Apple the software update will protect against hackers and spies who may attempt to exploit the flaw to gain personal information. Please download and install iOS 7.0.6. If you are using iOS 6 on an iPhone 3G device, download and install 6.1.6. Please note that you must be connected to a wifi network in order to download and install the update.
Tap Settings > General > Software Update > Download and Install.
Additional details from Apple are available here: https://support.apple.com/kb/HT6147.
If you have any questions or concerns, you may contact a Patriot Member Service Representative by telephone at 717-263-4444, 301-766-7328 or by e-mail at, [email protected], for further assistance.

>>> Back to Top

Fake Norton Antivirus E-mail Scam
If you receive an e-mail telling you that your Norton Antivirus program has identified a virus because of the Target breach, then asking for your debit card information, this is a fraud. This e-mail is not being initiated by Patriot or any other financial institution. Never respond or provide any personal information by phone, email or online. Patriot will never send a text, email or phone call that asks you to provide card or account information. In this scam, the cybercriminal trys to convince the individual that they have malware on their computer and that they need to download antivirus software right away or provide personal information. The names of these programs are often close to popular legitimate titles, which makes the message appear real. However, this is a trick either to get the person to pay them for a product that doesn't exist, obtain personal information or to make them download a program that is malware itself, and destroys legitimate antivirus software that's already on the computer. If you have any questions or concerns, you may contact a Member Service Representative by telephone at 717-263-4444, 301-766-7328 or by e-mail at, [email protected], for further assistance.

>>> Back to Top

White Lodging Hotel Franchise Security Alert - February 5, 2014
A potential data breach has been reported involving the hotel franchise management company White Lodging. White Lodging - which maintains Hilton, Marriott, Sheraton and Westin hotel franchises - acknowledged their investigation of the breach, which may have exposed credit and debit card information for guests at various hotel locations. The compromise is said to have occurred primarily within hotel restaurants, gift shops and other establishments at White Lodging-managed hotels - not the property management systems that run front desk computers.
Patriot's Risk Management team is daily reviewing alerts to tag and monitor accounts that are confirmed to be associated with any data breaches. We are responding to members on an individual basis. Members will be contacted directly should there be uncharacteristic purchases. Please review your account carefully for the next several months and contact Patriot Federal Credit Union immediately if you determine that there are any unauthorized transactions. If you have any questions or concerns, you may contact a Member Service Representative by telephone at 717-263-4444, 301-766-7328 or by e-mail at, [email protected], for further assistance. Our entire focus is on safeguarding our members account data from fraudulent activity connected to any data breach.

>>> Back to Top

Yahoo Email Security Alert - January 31, 2014
The media recently reported that usernames and passwords of some of Yahoo's email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday. Yahoo didn't say how many accounts have been affected.
Listed below you will find tips to secure your passwords:
  1. Use a unique password for each of your important accounts like email and online banking: Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office - if a criminal gains access to one, all of them are compromised. So don't use the same password for an online newsletter as you do for your email or bank account. It may be less convenient, but picking multiple passwords keeps you safer.
  2. Keep your passwords in a secret place that isn't easily visible: Writing down your passwords isn't necessarily a bad idea. But if you do this, don't leave notes with your passwords in plain sight, on your computer or desk
  3. Use a long password made up of numbers, letters and symbols: The longer your password is, the harder it is to guess. So make your password long to help keep your information safe. Adding numbers, symbols and mixed-case letters makes it harder for would-be snoops or others to guess or crack your password. It's not very original, and it isn't very safe!
  4. Try using a phrase that only you know: One idea is to think of a phrase that only you know, and make it be related to a particular website to help you remember it. For example you could start with "My friends Tina and Jason send me a funny email once a day" and then use numbers and letters to recreate it. "MfT_Jsmafe1ad" is a password with lots of variations. Then repeat this process for other sites.
  5. Set up your password recovery options and keep them up-to-date: If you forget your password or get locked out, you need a way to get back into your account. Many services will send an email to you at a recovery email address if you need to reset your password, so make sure your recovery email address is up-to-date and an account you can still access.
>>> Back to Top

Michaels Store Security Alert - January 29, 2014
Ongoing investigations have been widely reported regarding criminal efforts to penetrate the data systems of U.S. retailers such as Target, Neiman Marcus and recently Michaels. A Michaels spokesperson said that their breach is likely to impact cardholders who shopped in their stores between October 1, 2013 and January 15, 2014. We believe it is appropriate to keep our members notified about any potential fraud issue.
Chuck Rubin, CEO, Michaels Stores has posted a letter along with a "Frequently Asked Questions" page on their website. You can access this information at the following address: Michaels-Customer Payment Card Information pdf.
Patriot continues to monitor credit union cards for fraud activity. Our Risk Management team is daily reviewing the alerts to tag and monitor accounts that are confirmed to be associated with the data breach. We are responding to members on an individual basis. As part of our normal fraud monitoring processes, member's accounts that appear to have fraudulent activity will be contacted directly. Our entire focus is on safeguarding our members account data from fraudulent activity connected to any data breach. If you should have any questions, please contact Patriot's Contact Center at 717-263-4444.

>>> Back to Top

Target Store Security Breach Update - January 15, 2014
The media has recently announced that as part of Target's ongoing forensic investigation, it has been determined that certain information, SEPARATE FROM THE PAYMENT CARD DATA previously disclosed was taken during the breach. This specific information (for up to 70 million people) includes the following: mailing addresses, phone numbers or e-mail addresses.
Target has created a Frequently Asked Questions page and has announced that they will be providing all U.S. customers one free year of credit monitoring and identity theft protection. Target will announce the details this week. Individuals interested in enrolling should go directly to Target's website at the following address: https://corporate.target.com/about/payment-card-issue/credit-monitoring-FAQ.aspx.
Patriot continues to monitor credit union cards for fraud activity. We are constantly monitoring this group of accounts. Our Risk Management team is daily reviewing the alerts to tag and monitor accounts that are confirmed to be associated with the data breach. Second, we are responding to members on an individual basis. Members will be contacted directly should there be uncharacteristic purchases. Our entire focus is on safeguarding our members account data from fraudulent activity connected to this data breach.

Target Store Security Breach Update - December 24, 2013
The Target security breach has caused concern for many of you, and Patriot wanted to offer some peace of mind before you begin your holiday break. Patriot’s fraud monitoring activities are already in motion, and we are supporting our members on two fronts.
First, as with any breach, we have already began monitoring credit union cards for fraud activity. We are constantly monitoring this group of accounts. Our Risk Management team is reviewing daily the alerts to tag and monitor accounts that are confirmed to be associated with the data breach. Second, we are responding to members on an individual basis. To date, 55% of these calls are from people who are worried about the potential for fraud and very few have actually identified fraud in their accounts. Members will be contacted directly should there be uncharacteristic purchases. Our entire focus is on safeguarding your account data from fraudulent activity connected to this data breach. We have increased staffing levels in our contact center through the holidays.
So, as you head into the holidays, we’re vigilant about monitoring your member accounts. And, we hope that gives you a little peace of mind.

>>> Back to Top

Target Store Security Breach Update - December 20, 2013
Recently Target stores announced the unauthorized access of credit card and debit card information which may impact any credit or debit card purchases made in a United States Target store from November 27 to December 15, 2013.
Patriot uses proactive and protective measures to ensure the integrity and security of your VISA credit card and debit card to help mitigate any possible fraud losses. For example, Patriot provides 24/7/365 day surveillance of suspicious activity on your card. Members will be contacted should there be uncharacteristic purchases. Please review your account carefully for the next several months and contact Patriot Federal Credit Union immediately if you determine that there are any unauthorized transactions.
Target's investigation is currently ongoing. Patriot will issue new credit cards and debit cards for any account that has been identified for fraudulent activity. Affected members will be able to continue to use their current card until a new card is issued.
If you have any questions or concerns, you may contact a Member Service Representative by telephone at 717-263-4444, 301-766-7328 or by e-mail at, [email protected], for further assistance. We apologize for any inconvenience this action initiated by Target may have caused you.

>>> Back to Top

Telephone Fraud: "Vishing" Alert
The National Credit Union Administration (NCUA) issued a warning on January 21 about a new telephone fraud attempt that is taking place. Known as a "vishing" scheme, the fraudulent call uses NCUA's name in an attempt to obtain personal financial information from credit union members.

Individuals have been contacted by an automated phone call claiming to be from NCUA and notifying consumers their debit cards have been compromised. The call then asks the individual to follow prompts and provide financial data and personal identification information.

If you are contacted by this so-called "vishing" scheme, immediately contact Patriot at our Contact Center Line, 888-777-9982.

Be assured, NCUA will not seek personal information from consumers over the telephone nor does NCUA handle any day-to-day maintenance of member account information. NCUA also urges consumers to never verify or release personal financial information to unknown callers.

>>> Back to Top

"Spear Fishing" Hacking Alert
The biggest risk for Target (TGT) shoppers whose personal data was recently compromised may come less from the original breach than from a wave of secondary scams seeking to pilfer far more important information.

Target's failure to safeguard consumer information puts the company's customers at risk of so-called "spear phishing." The an incident, now estimated to affect as many as 110 million people, involves far more information than just credit card numbers. It also includes names, email addresses and phone numbers.

Spear phishing is a more toxic version of the generic online "phishing" scams that aim to ferret out your personal information with a phone call or email. What makes spear phishing more dangerous is that fraudsters have enough information about the target to make the contact appear legitimate.

If you are in the habit of getting electronic bill notifications and paying your bills online, a spear phishing attack with the information stolen from Target could look nearly identical to the routine communication you receive from your credit card companies and bank. Here are two examples:

Dear John,
Your account xxxx-xxxx-xxxx-2056 has been compromised. Please click on the link below to contact our fraud department.

Or

Dear Sally,
Your online statement is ready to view. Please click on the link below and sign into your account.

Worse, because locations and phone numbers were also compromised, victims may have to ward off attacks from multiple fronts - email, social media and telephone. That makes it imperative that Target shoppers take these five steps to protect their accounts and identity.
  1. Accept the retailers' credit monitoring offer. Target has offered to provide one year of free credit monitoring and identity theft protection to every consumer who has shopped in their stores over the past year - regardless of whether or not they are affected by the data breach. Take them up on it.
  2. Double-check statements. If you used a credit card at Target, make a concerted effort to go through every item on the bill and continue to do this for several months. Don't just look for big items, said Bill Hardekopf, chief executive of credit card information site LowCards.com. In some cases, crooks charge small items to verify the card before ringing up big purchases.
  3. Respond, don't react. If you are contacted by email or phone to verify your account, view a statement or report fraud, stop and think before responding. A real creditor will allow you to call back - not to a number they specify, but to the listed number for the company - to respond to an inquiry. A real email contact about your monthly statements will follow an identical format as the statements you've received in the past. Look for any deviation before assuming it's legitimate. And be aware that any pressure tactic to push you to respond immediately is a red flag of fraud. Hang up on high-pressure callers. Ignore threatening emails.
  4. Don't click through. Even if you think the statement you've received via email is legitimate, consider opening a new browser window and going to the company's web site another way. There's no downside to being too cautious. On the other hand, clicking on a malicious link could load your computer up with viruses and "malware" that could put your entire electronic life at risk.
  5. Update your security software. If you don't have security software on your computer and phone (if you use it for banking or payments), get it. Keep it updated. Normally, if you click on a link that's about to take you to a suspicious site, the security software will issue a warning and allow you to back out before any damage is done. Don't ignore the warnings.
>>> Back to Top

Automated Phone Call Scam Targets Debit Card Accounts
If you receive an automated, recorded call that your debit card has been suspended due to a compromise, this is a fraud. These calls are not being initiated by Patriot or any other financial institution. The recording is asking members to press 1 and enter their account number. Never respond or provide any personal information by phone or online. Patriot will never send a text, email or phone call that asks you to provide card or account information

Here are more details about this type of scam
A credit union recently reported receiving hundreds of calls from members and nonmembers saying they received a phone call on their landline or cell phone with an automated message indicating their account may be locked or closed, or their card numbers were compromised. The victims were asked to enter their credit or debit card number.

Awareness about this type of a scam is critical to prevent your accounts from being compromised by this version of vishing (voice phishing). Again, you should never respond to these calls by providing the requested personal or financial information – no matter how urgent the message may seem. Please remember:
  • Never respond to any telephone call requesting personal or financial information.
  • Take caution when visiting social network sites and sharing personal information.
  • If you receive this type of call, report it to the following:
    • Credit union;
    • Federal Trade Commission (1-877-382-4357);
    • State attorney general;
    • Local law enforcement; and
    • Phone carrier – landline or cell phone provider.
  • If you slip up and respond to such a call by providing account or card information, notify Patriot to close or block your accounts to prevent fraudulent transactions.
  • And, if you slip up, and provide the requested information during the call, contact one of the three credit bureaus to place an "initial fraud alert" on their credit report.
>>> Back to Top

Fraudulent "www.harlandclarkes.com" Email
If you receive an email from "www.harlandclarkes.com" (with an 's') OR if it is forwarded to you:
  • DELETE IT IMMEDIATELY; and
  • DO NOT CLICK THE LINK PROVIDED; it contains a malicious link. Opening it could risk you downloading a virus.
SITUATION:
On Wednesday, March 7, the Corporate Security Group of Harland Clarke Holdings Corp. became aware that multiple Harland Clarke and Harland Financial Solutions clients had received an email from a sender FRAUDULENTLY claiming to be the iReports Data Warehouse. (To view a copy of the body of the email, click here.)

TO REITERATE:
This fraudulent email is NOT originating from any Harland Clarke Holdings business. It appears to be part of a malicious and isolated phishing spam attack.
>>> Back to Top

Targeted Tax Day Phishing
National Cybersecurity and Communication Integration Center issued a bulletin providing general guidance to public and private sector organizations and individuals about email attacks—phishing and spear phishing. During the tax filing time of year, DHS, IRS, and law enforcement agencies see increased phishing activity with respect to the income tax filing deadline. The objective of these types of attacks is to lure people to click on links or an attachment within the body of an email, leading that person to execute malicious computer code on their computer. The advisory offers some preventative strategies that minimize the likelihood of an attack becoming successful. Click here to read more.
>>> Back to Top

Zappos.com Site Hacking Alert
Online shoe and apparel retailer, Zappos.com, announced on Sunday, January 15, 2012, that hackers had broken into their company's system through one of its servers in Kentucky and obtained data on its 24+ million Zappos.com customers. The hackers took names, billing, shipping and email addresses, phone numbers and partial credit card numbers of Zappos customers, as well as their cryptographically scrambled passwords. Based on reports from Zappos, it appeared that users' full credit card information was safe, though they could be at risk if these customers used the same email and password combination to access other sites.

Zappos CEO Tony Hsieh stated the secure database that stores customers' critical card and other payment data was neither affected nor accessed. In addition to expiring and resetting customers' passwords, Zappos created a link that let each customer securely create a new password. Zappos also urged customers to change their passwords on any other websites where they use the stolen password or similar ones, and it warned them to be wary of emails and phone calls that ask for personal information or direct them to websites asking for personal information.

Zappos worked with law enforcement and sent an email, accessible at http://blogs.zappos.com/securityemail to notify its potentially impacted customers.

At this time we have no reason to believe there is fraudulent activity associated with this breach or that VISA SCAMS or MasterCard Alerts had been issued in connection with this event.
>>> Back to Top

Carty & Company
A member reported receiving a call from a company called Carty & Company and the caller said they had a relationship with Patriot Federal Credit Union. This company is a brokerage firm that has no affiliation with Patriot. Patriot Financial Services is our financial advisory service and you can learn more about our advisors here.
>>> Back to Top

Secret Shopper
Patriot had a member deposit a check for $2,000.00 drawn on State Street Bank & Trust in Boston, MA from F.T. Management Inc. 17 Federal St. Boston, MA. At the time of the deposit, the member did not mention that she had applied online for a "Secret Shopper position". The member visited a Patriot branch after she received the "paperwork" instructing her to deposit and cash the check at her bank. She was then to go to her local "JC Peenys" outlet and purchase item or items of her choice and to do the same at Sears and then complete a Western Union transaction (for the bulk of the funds). The form was titled "Global Survey & Management Services Inc." There were numerous typographical errors, misspelled words and variations in font. Patriot informed the member that this was a scam and was able to avoid a bad situation on this members account. Please be on the lookout for these types of mailings.
>>> Back to Top

SMiShing
Two members reported receiving text messages "from their credit union" to call the automated service at 240-349-0118. When the call was placed to this number, an electronic verification service recording explained that the callers credit card has been restricted and to enter their 16 digit card number in order to un-restrict their card.

You can be sure the text was not from Patriot Federal Credit Unoin. You should never provide any information to an unknown source.
>>> Back to Top

More SMiShing
In July, 2011, credit unions from around the country reported their members were receiving bogus text message alerts (smishing). The text message indicated it was from Credit Union Services and advised the member to call the number provided in the text message to have their card reactivated. This was a scam as we will never ask a member for this type of information using text messaging.

Please do not respond if you receive a text asking you to reactivate or give any account information. Call Patriot directly at our Contact Center Line, 888-777-9982.

Credit unions have reported multiple phone numbers provided in text messages sent to credit union members to call to have their card reactivated. One credit union reported that some of their members responded to the text and provided the requested card information.

The original "phishing" was through email, but there has been an increase in both smishing (text message phishing) and vishing (phone call phishing) attempts directed towards consumers asking for personal or financial information.

Remember that Patriot will never send a text, email or phone call that asks you to provide card or account information.

If you do provide card information to a fraudster and you realize the mistake, please contact Patriot to have the card(s) blocked immediately to help prevent potential card fraud.

>>> Back to Top

Fake Lottery or Sweepstakes
In January, 2011, a scam was reported that involved a fake lottery or sweepstakes called the UK & North America Consumer Promotion Draw. According to CUNA Mutual Group's Resource Protection Center, individuals received cashier checks bearing the name of Patriot Federal Credit Union, Pennsylvania, all in the amount of $3,920.00. The scam was to get the consumer to deposit the fake check and send the $2,785 to the scam artists by Western Union, which he/she essentially lost the consumer that money.

>>> Back to Top



Toll Free (888) 777-9982
800 Wayne Avenue • Chambersburg • PA 17201
© 2014 Patriot Federal Credit Union