The New York Credit Union Association has recently received several alerts from member credit unions about suspicious emails that appear to come from employees at the Association. The Association believes these emails are likely phishing attempts that could potentially be intended to siphon information, or dupe users into clicking on a malicious link or downloading a malicious attachment.

Users should not open an email attachment or click links in emails they are not expecting. If such an email is received, users should verify the authenticity of the email by contacting the sender directly (but not by responding to the suspicious email).

As a reminder, legitimate emails from the Association will always include the current domain of nycua.org (emails from our Affiliates will come from the domains ownerschoice.com and universalsharing.com). Old domains such as nyscul.org or cuany.org will never be used. It’s important to note, however, this alone does not ensure an email is legitimate.

When sending emails with attachments, the Association will always be specific about what is included in the attachment. If the email is vague or unclear about the attachment, it is most likely spam or a phishing attempt.

The Association is encouraging all member credit unions to utilize best practices and increased scrutiny when opening emails, especially those with attachments or links. As the Association pointed out in an email to member credit unions last year: “Unfortunately, email spoofing is an easy tactic for spammers to employ, and there is little that can be done other than exercising caution and vigilance. It is always best to err on the side of caution, delete the suspicious email and verify its authenticity directly with the individual who purportedly sent it.”

Additional questions can be directed to the Association’s Member Relations department at member.relations@nycua.org or (518) 437-8546.