Free Credit Freezes from Equifax
Due to the recent Equifax incident, Equifax is offering free credit freezes until November 21, 2017. Additionally, the company will also refund fees to anyone who has already paid for freezes since September 7, 2017.
A credit freeze restricts access to your credit report making it more difficult for criminals to open new accounts in your name since creditors need to see your credit report before approving a new account. If they can’t see the file, they can’t open the new account.
Freezing your credit does not affect your credit score or prevent you from getting your free annual credit score. If you need to open a new account, apply for a job, rent an apartment, etc., you will need to lift the freeze temporarily. Keep in mind, a credit freeze will not prevent a thief from making charges to your account. You still need to monitor your bank accounts and credit cards for fraudulent transactions.
Protecting Your Personal Information
UPDATE: Scammers are taking advantage of the Equifax breach by calling consumers and acting as Equifax to "verify account information." This is a scam. Do not give any personal information. If you've received a call you think is fake, report it to the FTC. Click here to read the full article from the FTC.
The safety and security of our members’ accounts is our first priority. Equifax announced on Thursday, September 7, 2017, hackers recently gained access to the personal information of over 143 million U.S. consumers. If you haven’t already, visit www.equifaxsecurity2017.com to learn whether your information has been compromised.
If you are potentially impacted by the cybersecurity incident, Equifax is offering one year of TrustedID Premier to all U.S. consumers, this includes:
- Copies of your Equifax Credit Report
- 3-Bureau Credit File Monitoring (monitors and automatically alerts key changes to your Equifax, Experian, and TransUnion credit files)
- Equifax credit report lock
- Social security number monitoring by searching suspicious websites for your SSN
- $1 million in identity theft insurance to help pay for certain out-of-pocket expenses in the event you are a victim of identity theft
How can you protect yourself?
Monitoring your credit and personal information are both crucial to protecting yourself from becoming a victim of fraud or stolen identity.
According to StopIdentityFraud, 1 in 4 Americans will be a victim of identity theft.1 Take these steps to protect yourself:
- Set alerts with the three credit bureaus (Equifax, Experian, and TransUnion) to get notified of fraud on your accounts
- Reset your financial account login information
- Review all account statements and credit reports diligently
- Watch out for fake emails or websites asking for personal information (phishing scams)
- Set up and manage spending alerts in Online Banking
- Report any suspicious activity to us or your other financial institution(s) and IdentityTheft.gov
- Monitor your personal information and credit report at www.annualcreditreport.com
- Enroll in a credit monitoring service
Whether or not you are impacted by this breach, hacking incidents and phishing emails are becoming more prevalent in today’s world. It’s important to stay alert and on top of your accounts to minimize your risk.
As a reminder: Unless you reach out to us in regard to opening an account or questions about your account, we never send emails or call you requesting personal information. If you receive anything from us that looks suspicious, contact us immediately. We’re always here to help.
- Federal Trade Commission: Identity Theft: Learn the steps to protecting yourself and recovering from identity theft.
- Top 5 Credit Monitoring Services: Find the option that best fits your needs.
General Electric Credit Union (GECU) does not endorse individual vendors, products, or services included above. We provide information and listings only which we hope are helpful.
Equifax Cybersecurity Incident
Equifax recently identified a cybersecurity incident impacting potentially 143 million U.S. consumers.
Announced September 7, 2017, criminals exploited a U.S. website application vulnerability gaining access to Equifax files and information possibly including: names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Additionally, approximately 209,000 credit card numbers and identifying information for 182,000 consumers may have been compromised.
Equifax established a dedicated website where you can learn more about the incident and find out if you were impacted: www.equifaxsecurity2017.com. You can sign up for credit file monitoring and identity theft protection through TrustedID Premier – complimentary for one year to U.S. consumers. This service includes 3-Bureau monitoring of Equifax, Experian, and TransUnion credit reports, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance, and internet scanning for social security numbers.
Additionally, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.
What steps should you take immediately?
- Determine whether your personal information may have been impacted by visiting www.equifaxsecurity2017.com.
- Be vigilant in reviewing your account statements and credit reports.
- Set up account and spending alerts.
- Report any unauthorized activity to us and other financial institution(s).
- Monitor your personal information; visit www.ftc.gov/idtheft for steps to better protect yourself from identity theft.
Learn more and read Equifax’s announcement at www.equifaxsecurity2017.com.
Malicious Activity Alert
A recent outbreak has been identified in the news associated with the Petya-Petrwrap malware family. Similar to the recent “WannaCry” cyberattack, this threat will encrypt the files on a computer, rendering them inaccessible unless a ransom is paid. It is unclear how the ransomware is spreading, but it is believed to be currently spreading via the same path as WannaCry – circulating itself to any additional computers it can reach via the network.
We have taken numerous steps to proactively prepare and mitigate the risk on our own internal systems.
As a reminder, you should continue to be aware of email phishing and non-reputable websites:
- Be suspicious of emails from sources you do not know or recognize.
- Do not click on links or open attachments from unknown senders.
- Be wary of any email requesting personal or financial information.
- Read the message content carefully and look for misspelled words and poor grammar. This is typically a sign of a phishing email.
- Beware if the message uses time-based constraints (i.e. "click the link within 24 hours or else").
- NEVER enter your password or personal data into a site or window you've arrived at by following a link in an email. Even if it's a site you trust, it's better to go directly to the site by using your bookmark or typing in the site's address directly to your browser.
- Do not download software from websites that are not reputable.
For more information on the Petya/Petrwrap cyber threat: https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue
As you may have heard from various news sources over the weekend, a cyberattack using ransomware known as WannaCry (WannaCrypt) is affecting over 200,000 computers and numerous organizations across 150 countries. With many returning to work yesterday, after the weekend, the virus continues to spread.
Ransomware is a malware that prevents end users from accessing their PCs by encrypting files and asking for ransom to decrypt the files. This particular attack is targeting a Windows Server vulnerability.
General Electric Credit Union has not been impacted by WannaCry. We stay current with all software and system updates and continually monitor our systems to ensure top security efforts. Currently, all applicable systems have the required Microsoft updates and as such, have no vulnerabilities to this – or this type – of cyberattack.
Note to Microsoft users: Update your system software
Microsoft released a patch in March 2017 that addresses such WannaCry (WannaCrypt) ransomware vulnerability. To help secure your systems, ensure this patch has been installed on your computer. Microsoft has provided the following description:
While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as WannaCry (WannaCrypt) appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so.
For additional information, as well as helpful diagnostic tools, visit the Microsoft Malware Protection Center (MMPC) on the Microsoft website.
How can you protect yourself from cyberattacks?
We encourage you to take a moment and review the steps below to help reduce the threat of malware.
- Remain alert when opening emails from unknown senders.
- Report suspicious emails with unknown attachments or links to your email provider.
- Back up your data on all devices to prevent possible loss.
- Update your personal computer systems and ensure your anti-virus is up to date.
- Be wary of any email requesting personal or financial information.
- NEVER enter your password or personal data into a site you’ve arrived at by following a link in an email. It’s better to go directly to the site by typing in the site’s address.
By taking simple steps like these, you can better protect yourself from cyberattacks. For more information on the WannaCry attack or to get additional tips on protecting your computer, visit the Microsoft Malware Protection page.
If you have questions about communications you receive from GECU, or you want to verify the authenticity, please call us at: 513.243.4328/800.542.7093.
We may include links in our emails that link you to information on our website about our products, services, and special pricing or promotional offers. However, we will never ask you for personal information in an email from us (for example, username, password, Social Security number or account number). We will also never include links that take you to a non-secure page where you are asked to provide this information. To determine whether an email that you have received from GECU is legitimate, you may contact our member services at: 513.243.4328/800.542.7093.
If you receive an email or other correspondence requesting that you provide any sensitive information via email or to a website that does not seem to be affiliated with the site, or that otherwise seems suspicious to you, please do not provide such information and report such requests to us at: email@example.com.