By the time she got a letter on January 21 warning her of possible fraud at her credit union, Carol Blackwell’s account had already been robbed of $1,900.
“I thought it might be my fault,” Blackwell said. However, she wasn’t the only victim. At least two other Educational Employees Credit Union (EECU) customers have reported fraudulent charges against their EECU accounts, and the breach was apparently wide enough to prompt the Fresno-based institution to issue the warning letter. EECU’s Facebook page was also updated with information about how to protect bank accounts from electronic attacks on January 23.
While Blackwell said the fraudulent charges against her account occurred “overseas,” others have said EECU security personnel told them the unusual activity originated in Cambodia. In Blackwell’s case, the fraudulent charges occurred on January 20, the day before she received EECU’s warning letter. In the other cases, the fraudulent activity happened the weekend prior.
Blackwell discovered her checking account had been emptied when she attempted to use an automated teller machine at a local branch and was told to contact a bank employee. When she reported the unauthorized charges to a teller, Blackwell was told the money would be replaced and a new card issued, a process that would take more than a week, she said.
“They acted like it was not a big deal,” Blackwell said, adding that she has no idea how her account was exposed. “I don’t know how they got it.”
According to Public Information Officer Megan Rapozo of the Tulare County Sheriff’s Department, in cases such as these the banks are considered the victim of the fraud. Sergeant Damon Maurice, public information officer for the Visalia Police Department, said that agency has not received any reports of bank accounts being accessed fraudulently, but urged those who may have been affected to file a police report to document the incident.
“If they think there’s fraud, by all means file a report,” he said.
EECU’s website has been updated to include a warning about a recent phishing scam that involved its members receiving automated telephone calls with false reports their bank cards had been blocked and offering assistance. It is unknown if the phishing scam and the recent breaches of customer accounts are related. The notice urged anyone who had received such a call to hang up on the caller and contact EECU at (800) 538-3328.
EECU failed to return several calls to its corporate offices when asked for information about the breached accounts. The branch manager at EECU’s Mooney Boulevard location in Visalia was unable to comment on the matter.
Jaleeza Aguirre, a resident of Lindsay, also experienced unauthorized withdrawals from her EECU account. Aguirre received a message from EECU security personnel while attending church on January 18. Three payments from her account were called into question, two for amounts less than $10, which Aguirre said the EECU representative believed were intended to see if the money could be accessed, and a third for $537.
Aguirre said she was told to destroy her bank card and visit an EECU branch to complete paperwork about the theft. She was unable to do so until after the Martin Luther King Jr. Holiday weekend, and was then required to write a letter of explanation about the breach. Aguirre was advised she could be held responsible for the theft, depending on the outcome of EECU’s investigation into the matter. She was also told the charges appear to have originated in Cambodia.
EECU, Aguirre said, promised the money would be replaced in her account by January 23; however, her account had not been credited by January 29. She was also told the credit union was updating its bank cards with security chips, and the process would cause a delay in issuing her a new card. At press time, she had not yet received a new card, and was told it should arrive around February 3.
The bank representative Aguirre spoke with told her there had been numerous breached accounts, she said.
“She (the EECU employee) said she had been seeing this a lot,” Aguirre said.
Aguirre was advised to use cash, services like PayPal and credit cards to make purchases in the meantime. Online security experts advise further measures to protect against similar fraud, including changing passwords on sensitive accounts frequently, using different passwords for each account, erasing old emails with account numbers, keeping anti-virus software up to date and using security-encrypted websites with the HTTPS prefix when transferring sensitive personal or financial information.
Aguirre, however, was still concerned about the safety of her deposits, especially after learning that her sister-in-law, who does not bank at EECU, had also been the victim of a similar attack. Her concern prompted her to empty her account, leaving just enough funds to cover automatic withdrawals.
“I’m kind of scared still,” she said.