Attention Members!
We have been seeing an increase in the number of brute force attacks attempting to gain access to Energy CU Members Online Cyberbanker. A brute force attack means scammers try various combinations of usernames and passwords again and again until they get in or until they reach 3 failed attempts, which then triggers the Credit Union to revoke access to protect our members. The stronger your password, the harder it is for a hacker to get in. Hackers like to use this time of the year, as seasonally higher transaction volumes make discovery harder. Preying on weak passwords, bad actors can attempt to access accounts, likely using sophisticated automated robo-like password generators. Energy CU immediately took steps to proactively reset all online banking access for those Members with weak passwords.
We are confident that any exposures have been identified and protective action has been taken. We are proactively contacting any Members with weak passwords that may have been impacted and we will support and stand by them and guide them accordingly on a case-by-case basis. Please note that if an Energy CU Member is a victim of confirmed fraud because of this issue, we will return 100% of the money lost from the affected account(s). Although we regret the inconvenience and frustration these actions have caused some of our Members, these fraud safety and security protocols have saved our Members and Community from experiencing significant and harmful losses.
In addition to the steps that Energy CU has taken, Members must:
- Adhere to industry standard complex password rules including, at a minimum: 8-30 characters and contain at least one(1) uppercase letter, one(1) lowercase letter, one(1) number and one(1) special character (*-/?@#$%^&).
- Monitor their accounts for signs of unusual activity and ensure they sign up for security alerts on their online banking account. Members who notice suspicious activity should contact Energy CU.
- Enroll in Transaction Alerts in Online Banking to alert them of any suspicious activity. eTransfers can be cancelled within 30 minutes of being sent; a Transaction Alert would afford them notice and opportunity to cancel the funds sent and update their Personal Access Code (PAC).
We understand this may have also resulted in frustration and inconveniences with paying bills and other banking transactions as they are finding themselves locked out of their online CyberBanker. As such, this increase may affect the volume of calls to Energy CU branches and we appreciate your patience as we help all our members. Please note that these brute force attacks are not a breach of Energy CU systems. Our systems and networks remain secure.
Please email our office directly if you have any questions or concerns.