Phishing Scam:   

 We have received notice that the credit union may have been a victim of a Phishing Scam. Phishing is typically completed by email and often directs users to enter personal or account information. The email normally directs you to click on a link, which will take you to a fake website whose look and feel is almost identical to the legitimate site.

The credit union will never ask you to verify your personal or account information through email. If you have any questions regarding this notice, or feel that you may have entered your information on a false site, please contact us at 303-770-4468.

DO NOT RESPOND to emails, voice messages, or text messages that ask you for your account number, credit card number, and personal identification numbers. Email messages that ask for this type of information are fraudulent, and should be reported immediately. We will never contact you and ask you for this information.

Risk Alert to Members - Home Depot Compromise

As you may have heard, Home Depot has reported their payments systems have been compromised. The breach affects customers who used their credit or debit cards between April 2014 and September 2014 at a Home Depot store in the U.S. and Canada. To learn more about the actions that Home Depot is taking, visit www.homedepot.com.

MCCU stresses the need for all consumers to closely monitor all payment card accounts and report unusual activity to the issuing financial immediately. Reviewing accounts needs to happen on all card accounts regardless if you have shopped at a store that has reported a breach.

According to The Identity Theft Resource Center® (www.idtheftcenter.org/), 546 breaches have been indentified in 2014, as of September 16, exposing over 18,953,433 records. In 2013, 619 breaches were reported.

Remember: Be proactive and montior your accounts. Do Not provide personal identifying information online or over the phone if you did not initiate the transaction.

What is a breach?

A breach is defined as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format.

According to The Identity Theft Resource Center® (www.idtheftcenter.org/), 619 breaches were recorded in 2013, exposing over 57,868,922 records (now over 88 Million with Target’s updated data exposing over 70 million consumers).

As you can see from the numbers, data breaches like the one at Target happen more frequently than you might be aware. The breaches typically highlight the vulnerabilities in merchant’s computer systems and controls in place to protect your personal information. Retailers are in the business of selling goods and services, at a profit, first and foremost. Regulations and oversight of retailers is nearly non-existent in the area of protecting your information. Over the years many of the breaches have discovered their data is not encrypted, they store the entire card number and other personal information versus encrypting data transmissions and truncating card and personal information.

Financial institutions are required, by multiple regulations, to protect consumer information. These methods include encryption of data transmissions, virtual private networks, firewalls and intrusions detection systems.

A majority of fraud that occurs at retailers is passed on to the financial institution that issued the card. As is, the expense of talking to our members, monitoring unusual volume levels, and if needed, reissue cards and pin numbers.

The responsibility of recognizing there is fraudulent activity falls on you, our member; as you are the only one who knows if the ACH, Debit Card Transaction or Credit Card Transaction was authorized. So please protect your account by frequently monitoring the balance and transaction activity.

The time is now to start asking your retailer how they protect your card data and personal information, before you swipe your card or sign up for their program!

Beware of Fake IRS Emails and Phone Calls

Tax scams that use email and phone calls that appear to come from the IRS are common these days. These scams often use the IRS name and logo or fake websites that look real.

Scammers often send an email or call to lure victims to give up their personal and financial information. The crooks then use this information to commit identity theft or steal your money. Some call their victims to demand payment on a pre-paid debit card or by wire transfer.

Be assured that the IRS will not initiate contact with you to ask for this information by phone or email.

If you get this type of ‘phishing’ email, the IRS offers this advice:

· Don’t reply to the message.
· Don’t open any attachments or click on any links. They may have malicious code that will infect your computer.
· Don’t give out your personal or financial information.
· Forward the email to phishing@irs.gov . Then delete it.

If you get an unexpected phone call from someone claiming to be from the IRS:

· Ask for a call back number and an employee badge number.
· If you think you may owe taxes, call the IRS at 800-829-1040. IRS employees can help you.
· If you don’t owe taxes or have no reason to think that you do, call the Treasury Inspector General for Tax Administration at 800-366-4484 to report the incident.
· You should also report it to the Federal Trade Commission by using their “FTC Complaint Assistant” on FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.

Be alert to scams that use the IRS as a lure. The IRS will not initiate contact with you through social media or text to ask for your personal or financial information.

More information on how to report phishing  or phone scams is available on IRS.gov.


In late November, an unauthorized party accessed a file containing T-Mobile customer names, addresses, Social Security numbers and/or driver’s license numbers. At this time, T-Mobile has not released the number of affected individuals. Although it is believed the primary goal of the access was to obtain credit card numbers (which were not included in the file), the information that was accessible could also potentially be misused. The number of customers that may have been compromised has not been disclosed.

Neiman Marcus

Luxury retailer Neiman Marcus announced that customers' credit card data may have been stolen in a data breach that was uncovered in mid-December. Neiman Marcus is currently stating that the compromise involves card present transactions only and that their online stores were not affected. The number of cards that may have been compromised or the timeframes of the breach have not been disclosed.


We have identified all member debit and credit card accounts that made in-store Target transactions between November 27 and December 15. We will be reissuing new cards to these members, as well as a new PIN. These members will also be contacted directly by MCCU Staff with further details.

For additional information about the data breach, please visit Target's website.