Security & Fraud Center

Know what to look for and stay vigilant in the fight against fraud.
Online security and fraud prevention are vitally important issues to us at Empower Federal Credit Union. We want to share the latest information about online scams as well as general information you can use to protect your personal information, accounts and identity. Check back often for updates.

Text Alert Scam


ALERT: If you are in any doubt about ANY Empower-related message that you receive, stop, close the message, and call us. Legitimate texts may come from more than one Short Code, but texts from a full ten-digit number are probably a scam.  Messages coming from 86975, 40852 or 43783 are almost certainly legitimate.  Any ten-digit number can be very easily spoofed, so do not trust texts coming from Empower’s real phone numbers: 315-477-2200 or 800-462-5000.

NEVER respond to an alert or email using the contact information or instructions in the alert itself. Always go to the company’s trusted website or phone number. You can always call Empower directly at 315.477.2200 or 800.462.5000 or use the Message Center through the Empower mobile app. We are always delighted to speak to you and to have the opportunity to serve you better.

Two-Factor Authentication Within Account Settings

The Security tab is only available via online banking through our website. It is not currently included in the mobile app.

Empower Federal Credit Union’s Online Banking requires Two-Factor Authentication for online banking users as a security measure to further protect your account. This extra layer of security will require you to complete some extra verification steps before the transaction will process.

You may select the Two-Factor Authentication options that best meets your needs:
  • Sending an authentication code via email
  • Sending an authentication code via SMS/ Text (cell phone # must be confirmed for codes to be sent via text)
  • 2FA App
Where do I find the Two-Factor Authentication Settings?

Two-Factor Authentication options can be found on the Security tab (under settings) in Online Banking. At least one option must be enabled.

Two-Factor Authentication with a 2FA App:

To set up authentication with a 2FA app, first install the Authenticator App of your choice (e.g. Google Authenticator, Authy or Duo) to your mobile device, then log into your account settings. You may find it easier to do that on a separate device like a laptop for the initial setup. Not all security settings are available in the mobile app. In your account settings turn the 2FA APP setting to “On” and follow the instructions on the screen. Once the 2FA APP is set up and working, mark it as “preferred” and disable both SMS and email for maximum protection!



Trustworthy Authenticator Applications

These apps are free to use. There are no “in-app purchases” and no adverts. Before using the app, verify that its icon matches the one you intended to download: gray for Google Authenticator, green for Duo, red for Authy. DO NOT ever download the app that shows up at the top of the search as an Ad listing. NEVER trust these, even when you searched for exactly the right thing.

How do CAPTCHA prompts work? 
When you encounter a CAPTCHA, you will be prompted to either check a box or identify specific elements like stop signs to complete the verification process.
 
How is it determined who gets the CAPTCHA page and who doesn’t? 
When a security event triggers CAPTCHA, all members will be prompted to complete a CAPTCHA challenge. The exceptions are pre-configured biometric logins and on devices that have successfully completed a CAPTCHA in the last 30 days with saved data stored on the device.
 
What should occur if you are having trouble getting past CAPTCHA on mobile?  
We advise the use of biometric authentications. If you successfully set up biometric authentication on your device, you should not encounter CAPTCHA challenges in the future.
 
Can members with Multi-Factor Authentication (MFA) bypass CAPTCHA? 
No. CAPTCHA is an addition security element and operates independent of MFA. 
 
What if I’m unable to get past the Cloudflare page? 
Steps to troubleshoot are device specific. Please review the following system settings on your device: 
  • Ensure your operating system (OS) and browser are up to date. We recommend the latest version of iOS and Android for phones as well as the latest version of Chrome or Firefox on Windows and Macs. As a note, we do not recommend or support using jailbroken devices or devices with custom operating systems. 
  • We do not support the use of any ad-blockers, third-party VPN services, or accessing online banking via TOR open-source browser. If you are attempting to connect to online banking in this manner, please utilize a trusted network only. 
  • Delete and reinstall the Empower FCU Mobile Banking app if on mobile. 
  • Clear browser/mobile device cache. 
  • Try another browser on the desktop. If you receive the same results, we suggest opening a private browser tab.
  • Use a different network (Wi-Fi connection, cellular/mobile data). 

A regular email is just like a postcard. You can write whatever you want, but anyone who gets access to it between you and the recipient can read the whole thing.
 
 In contrast, a secure email is like a private and confidential envelope with an address window, only even better. Everyone can see who it is addressed to, but only the recipient can open it to see what it contains.
 
RECEIVING A SECURE MESSAGE

Because the message is secured, you may need to take a few easy steps to prove that you are the intended recipient. Two scenarios are possible:
 
SCENARIO 1
Decryption (opening the envelope) happens automatically for you because your system uses the same email encryption system that we do. It was sent securely, yet you can read it just like any other email.
 
SCENARIO 2
You get a message that looks like this:


This is not the email that the sender sent. This is a message telling you that a secure message is waiting for you.

Here are the steps you need to follow:

1. Click on the blue “Read the message” button. You will be sent to a website asking you to sign in using a Microsoft account (if you have one), or a one-time password. If you have a Microsoft account associated with the email address this message went to, simply sign in and you’ll see the secure email.



If you do not, or if you’re not sure, or if you have any difficulties, pick the one-time password option instead.
 
 2. After you click on “Or, sign in with a one-time passcode” you will get to a page asking for a passcode. The passcode is sent to the same email account that the secure email was sent to, so check your inbox.



It will look something like this.



3. Type in the code and click “Continue.”



4. That is it. The email and any attached documents that were sent to you can now be accessed. 
 
FREQUENTLY ASKED QUESTIONS
 
  1. Isn’t there a simpler way? Actually once you try this you’ll probably find that it’s very easy. Click the button to see the mail, click for a one-time passcode, type it in and you’re done. And if you have problems you can always call Empower and we’ll help you through it.
  2. Does this work on a mobile phone? Absolutely. In fact, most of these screenshots are from a cell phone.
  3. Can I reply securely? Yes you can, from the same webpage where you opened the secure email that was sent to you.

Phishing, Smishing, Vishing, and Pharming

Phishing emails look like they are from a legitimate company, but often ask for personal information such as your credit card number, birthdate, or social security number, or ask you to log in. Any information or passwords you provide go straight to the fraudsters.  “Smishing” is similar, but uses fraudulent text messages.  “Vishing” is similar, but attempts to trick people via voicemail.  “Pharming” is similar, but uses fraudulent websites. The best defense is to never click on links in any emails or messages that you were not expecting, and never provide sensitive information if you do not completely trust the request to do so.

If you’re concerned, reach out to the legitimate company directly, by a trusted phone number or website address – not the contact information provided in the suspicious message or website.
 

Identity Theft
The Federal Trade Commission has launched a nationwide identity theft education campaign to encourage consumers to keep close watch on their personal information and respond quickly when they think their data has been accessed without authorization. An education kit includes a victim recovery guide "Take Charge: Fighting Back Against Identity Theft", a training booklet "Talking About Identity Theft: A How - to Guide", and a 10-minute video on ID theft. The materials are available in English and Spanish. To talk to a counselor, or if you think your personal information has been stolen, call 1-877-IDTHEFT.
Empower Federal Credit Union is a full-service financial institution serving members throughout New York State.