Better safe than sorry.
Security Center
Get tips and alerts to help you safeguard your accounts.
What to know about the latest Android malware
The Medusa banking trojan is designed to steal information from Android devices. Four years after it was first deployed, it is back with more tricks, including keylogging and screen capturing, to capture banking credentials. This new variant even mimics a black screen to make users think the phone is turned off while the malware works in the background. It is often spread through text messages, phone calls or emails and is unknowingly installed on a user’s device.
Detecting Infection
Early detection is crucial to minimizing the malware’s damage. Your device may be infected with malware if you notice the following signs:
Unexplained quick battery drainage
Mysterious data usage spikes
Slow performance
Screenshots on your camera roll that you didn’t take
- More notifications than usual
Protecting Yourself
Ardent’s eBanking deters unauthorized access to your accounts by using two-step multifactor authentication process (i.e. password and one-time passcode) when it detects a new device login or other unusual activity.
Add to your protection by doing following:
Make your eBanking password unique and complex (10+ characters, including letters, numbers and special characters)
Never share your username, password or one-time passcodes with others, including someone claiming to be an employee of Ardent
Be on the lookout for phishing attempts (text or email)
View your accounts regularly to spot suspicious activity early
Enable Google Play Protect on your phone
Download apps only from official stores – Google Play, Amazon Appstore and Samsung’s Galaxy Store
Install the latest updates for Android devices and apps
Avoid Being a Victim by Following These Don’ts
- Don’t send money to strangers through mobile service payment apps, such as Cash App and Venmo. Requests for payment through a social platform by someone you do know can be fraud, as well. To be safe, verify via phone or email to be sure requestor hasn’t been hacked. If you receive a payment from someone you don’t know, do not accept it. Instead, contact the app’s support team to report it.
- Don’t let scare tactics fool you. Scammers will try to apply pressure by mentioning law enforcement or the Federal Trade Commission. Call their bluff and contact the third party through another means of communication.
- Don’t purchase gift cards for any third parties as a form of payment.
- Don’t click on suspicious links or call phone numbers you see in advertisement pop-ups or unsolicited emails. Instead, visit the company’s website to verify their contact info and use the phone number you see listed there.
- Don’t give out your account or personal info to a third-party company that contacts you. Always go to the company website directly and use the contact info listed to verify the request.
- Don’t reply (by link or phone) to a text message allowing anything to be installed on your computer. Once software is installed, it could give the scammer access to eBanking and your funds.
Watch Out for The Latest Scams
Login Page Spoofing
Fraudsters are sophisticated enough to create login pages that look very similar to the real thing. If you are contacted with a link to log into eBanking, be on high alert. As always, contact us at 800.806.9465 if you receive a communication and are unsure how to proceed.
Phone Number Spoofing
Ardent has become aware that scammers are targeting members with phone calls “spoofed” to look like they are coming from Ardent. Callers claiming to be Ardent representatives then instruct members to confirm invalid charges they receive in fraud alerts. This allows the fraudulent activity to proceed. Please be aware that Ardent will never tell you how to respond to a fraud alert. If you have questions or are unsure about the validity of a call you’ve received, hang up and call us directly at 800.806.9465.
Gift Card Payment Scams
Scammers claiming to be from Ardent may attempt to contact you by phone, email or text message and demand payment via gift card from third parties or an outside payment service. Ardent will never ask you to purchase gift cards or use these services, so disregard these requests and report them to us by calling 800.806.9465.
What is Credential Stuffing?
Credential stuffing occurs when hackers use stolen information, such as usernames and passwords from database breaches or phishing software from one account, and attempt to gain access to another. The hackers prey on people’s habit of using the same usernames and passwords for multiple sites. Using automated tools, they run large amounts of stolen information across multiple sites looking to find the same usernames and passwords being used elsewhere. Once they find a match, they can monetize the personal and financial information they gather.
Companies of every size have been targeted. It’s estimated that credential stuffing costs companies more than $5 billion a year and creates havoc with consumers.
How can you protect yourself?
Your username is your first defense. Start by changing it up and not reusing it on multiple sites. Follow our best practices for creating a secure one. Of course, your password is important, as well. Like your username, your password should be complex and unique. Change it every few months or any time a breach is reported. Never share either with anyone. And take advantage of two-factor authentication for sites with sensitive information. Two-factor authentication requires a secure access code, as well as a password, making it harder for hackers to get into your accounts.
Tips for Creating a Secure Login ID
Avoid being an easy mark for hackers by putting as much thought into creating your Login ID as you do when selecting your password. Follow these Login ID best practices to keep your account information secure:
- Make sure your Login ID is easy for you to remember, but difficult for someone else to guess
- Create a complex string, which should consist of more than your first name initial plus last name or your first name alone
- Avoid using personal information, such as member number, social security number, birthdate or phone number
- Be sure to include uppercase and lowercase letters, numerals and special characters
- Steer clear of sequential numbers or letters
- Don’t use a Login ID you are using elsewhere
Once you create a secure Login ID, don’t store it anywhere other than an encrypted computer file. It’s never good to disclose it to others or write it down. And definitely don’t share your Login ID when requested via email. Ardent will never ever ask you to supply that information via email.
Text Message Scam
Financial institutions have seen a recent uptick in scammers pretending to be a trusted source asking cardholders via text and phone for personal identifying information, such as an account number, PIN, security code (CVV) or account password.
Please know that Ardent Credit Union will never text or call you asking for such personal identifying information. If you have any questions or concerns about text messages or calls, please call us directly at 800.806.9465.
For more information on these scams, please visit the Federal Trade Commission website.
Recent Data Breaches
From time-to-time personal data stored by retailers, banks and other institutions is compromised. In an effort to help you keep your data secure, we have some helpful tools, resources and tips for you.
Unless you have experienced fraud on your card or account, there is no need to change your card or account. However, if your information was compromised, criminals may try to gather additional data from you to carry out a fraud. Be extra diligent about not sharing information related to your card or account. For example, be suspicious of any attempts to ask you for your PIN or social security number via text or phone regardless of who the requestor claims to be.
We encourage members to take the appropriate steps to monitor their debit and credit cards and account information regularly. Additionally, we suggest you take the following actions:
- Sign up for account alerts through Ardent’s online and mobile banking to help you monitor your spending and account balance, as well as receive security alerts.
- Consider purchasing Identity Protection services through a trusted party. A few options are available through Ardent Insurance Agency. Take advantage of any free protection offered by the source of the breach.
- Visit IdentityTheft.gov - Assistant to learn more about how you can protect yourself.
If you have any concerns about activity you see on your account, please call us at 800.806.9465.
Learn about scams and stay informed
Sign up for AARP’s Fraud Watch:
https://www.aarp.org/money/scams-fraud/about-fraud-watch-network.html
Check out AARP’s interactive national fraud map:
www.aarp.org/money/scams-fraud/tracking-map/
Consumer Financial Protection Bureau offers information and tools for older Americans:
www.consumerfinance.gov/consumer-tools/educator-tools/resources-for-older-adults/
Stay alert to common frauds and scams by checking consumer protection sites such as:
www.fraud.org
External Web Site Policy and FBI Common Fraud Schemes:
www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes