Category Archives: Press Releases

GWUCUI Signs with ESP

Spokane Valley, WA – 07/30/2019 – George Washington University Credit Union Initiative (GWUCUI), Washington, DC, selects Enhanced Software Products as their core processing vendor.

Sahil Pankhaniya, Founder and CEO of GWUCUI, contemplated starting a credit union while touring colleges. He noticed several institutions he visited had student-run credit unions but his college of choice, George Washington University (GWU), did not.

“I thought it would be really cool not only to learn about this space but to also have a real meaningful impact on college students. There were a number of deficiencies especially in financial literacy education and financial planning. When I started talking to people the first few months of school freshman year, they all kind of echoed those same sentiments and so, decided that it would be a great opportunity to get one started.”

Sahil Pankhaniya – GWUCUI CEO

GWU is a private university chartered in 1821 and is located in Washington, DC – just a few blocks from the White House. Its three campuses: Foggy Bottom Campus, the Mount Vernon Campus, and the Virginia Science & Technology Campus serve roughly 27,000 students. The list of notable alumni is a who’s who of the worlds influential and powerful including Heads of State, U.S. Cabinet positions, Governors, U.S. Senators and Congressmen, media and sports personalities, and titans of industry.

With this history, influence, and illustrious alumni, GWU started a New Venture Competition in 2009 to provide a valuable real-world entrepreneurship opportunity to its students. Pankhaniya and his team including fellow students Chris Trummer and Allen Wang entered the competition with his student credit union concept. For their effort, their submission garnered $5,000 in seed money and over $15,000 in non-cash support. Over $319,000 in total prizes were awarded in the 2018 competition.

Pankhaniya found the key to a successful initiative to charter a student-run credit union was the recruitment of talented and dedicated staff. To get the concept off the ground, Pankhaniya looked at a number of other successful student-run credit unions to find out what they are doing to ensure a steady recruiting pipeline. For instance, he found Georgetown University Alumni & Student Federal Credit Union which has been around since the ’80s and they have been able to sustain themselves because they have really became rooted in the fiber of their school, including their business and consulting programs.

“Right off the bat, we began marketing GWUCUI as an internship opportunity for business and finance majors to learn and grow. This coming year we’re looking at 40 applications in our pipeline for the Fall.

Sahil Pankhaniya – GWUCUI CEO I CEO

Through this effort, they brought on some very talented freshmen last year. They expect that as students learn about GWUCUI’s mission and impact on the GWU community, they will be able to charter a credit union by May 1st, 2020 that will continue well into the future.

A major focus for GWUCUI in the coming year will be to create an effective hiring system so that they will have staff ready to provide phone support at their office space any given time. In addition to dedicated office staff, they will provide a backup level of customer support. Dubbed “Mobile Support Technicians”, these on-call customer support staff will aid members via phone whenever they have free time.

One thing that is unique about this project is the incredibly low overhead. Because the credit union will be completely digital, Pankhaniya states there won’t be any fixed costs. All staffing at GWUCUI will be on a volunteer basis so their only potential costs are persistent. Plus, working with ESP and other vendors, they are going to come out having very little cost of operation at all for the first three to five years.

In June 2019 ESP, Inc. was chosen to be an integral part of the start and growth of GWUCUI. FORZA, ESP’s core platform, is a perfect fit for a staff that needs an easy-to-use interface. It provides the necessary vendor integration, database access, and security to facilitate a truly digital credit union. “After a good, open conversation about each other’s futures, both parties were able to come to an agreement”, stated ESP’s President Shaun Murray.

“Matt Lefler (ESP Vice President) and I flew to George Washington University in June, to meet with Sahil Pankhaniya and Christian Trummer;; we were blown away by their understanding and commitment to the credit union movement and financial literacy. I decided at that moment, at that dinner, that we would do everything in our power to be a part of The Initiative.

Shaun Murray – ESP President

Mr. Pankhaniya and his Team took a new approach to choose a core processor – they looked to the digital banking provider first. ESP was lucky to be a part of the conversation because of its close partnership with Tyfone, the chosen digital banking provider for GWUCUI.

“We earned the nod because of our commitment to offering solutions in-house and our drive to ensure credit unions can partner with the vendors that will take them into the future. This is very exciting for us,”

Shaun Murray – ESP President

In all, college-aged young adults are going to bring a new approach to the way ESP looks at projects, makes some decisions, and is pushed to change to adapt to the next generation. Everyone at ESP is elated to work with such a great group of future financial leaders.  

Traditionally, credit unions generate income primarily by servicing home and car loans. For GWUCUI, those two means of income won’t occur – at least until after graduation. Still, they have identified a couple of very unique products that are specially tailored to GWU students: a credit building program, textbook loans, and internship loans.

The credit building program GWUCUI seeks to create will essentially be small personal loans provided to students to help build their credit score. Textbook and internship loans will perform like cash advances against on-campus jobs and paid internships, further building students’ credit. They will also offer savings and checking accounts with credit/debit cards.

The key to their digital experience will be their mobile banking platform, Tyfone. All of their products and services will be offered through their app. GWUCUI want to make it very easy for members to go online and apply for a loan. The application will come into the credit committee digitally where they will review the risk analysis, approve it, then send it off to underwriting.

“The mobile platform we have chosen, Tyfone, is state-of-the-art. It offers top-level security features and has a very lightweight interface for students to work with. We think it’s really going to be that well-rounded, greatest-degree experience for students. They’ll get all of their tailored and targeted products right on a clean 21st-century platform.”

Sahil Pankhaniya – GWUCUI CEO

True to the credit union philosophy of “people helping people”, GWUCUI seeks to help its student members by providing financial literacy. They are working hard to fill the gap students face in their personal monetary education. A significant metric of their success will be credit scores. With a target on financial literacy, GWUCUI will look at members who are part of their credit building program and observe how their credit scores are developed over the long term and compare them to the rest of the market. Their goal is to help GWU students develop their credit in a safe and secure manner.

As they build their deposit base, GWUCUI will then be able to offer home loans and auto loans to their alumni. But now their core focus is the undergraduate population and their unique needs.

We’re starting out by focusing on undergraduate students. As those undergraduate students graduate, we hope they’ll continue their membership with the credit union. By building up a strong, consistent base of alumni members, we will be able to maintain our credit union, moving forward.

Christian Trummer – GWUCUI CTO

Being a truly digital credit union will empower GWUCUI members to continue to connect with the university culture virtually anywhere. With a strong ATM network and shared branching, it will have the products and services to retain membership.

That’s one of the cool things about our model. A GWU student could move halfway across the world and could still access our services. They can still access to every single service wherever they are on the globe just like they could when they were just 10 minutes away from us living on campus.

Sahil Pankhaniya – GWUCUI CEO

A vital piece to the success of this initiative is the acceptance and support they have received from its vendors including ESP.

We salute all those who are trying to make a difference in the credit union industry, founded to be safe havens for people to save, to build credit, and to responsibly spend.

Sahil Pankhaniya – GWUCUI CEO

In all, GWUCUI believes the more student-run credit unions there are the better it is for the students and the better it is for the industry.  To get involved with or donate to the initiative, please visit

Many Happy Returns Concludes


Spokane Valley, WA – 02/06/2019 –  ESP’s program for End-Of-Year tax documentation has concluded for the year. All in all, it was our most successful year ever.

Over the course of about three weeks, ESP Printing Services produced 45,000 tax mailings all while performing other regular print jobs such as Notice Printing and monthly statements.

In order to provide more timely completion of Many Happy Returns, ESP Print Services implemented a new program. By creating a sign-off calendar, ESP guaranteed a specific delivery date if the credit union completed their part of the process by a given date. It was incredibly successful with 100% of all deadlines met by ESP.

Brandon Frisch, Print Services Manager, stated his goal this year was to sew up a few previous issues, improve quality and to manage expectations on the part of clients and ESP.

“If you signed off by a certain date we guaranteed that the tax documents would be delivered by a specific date.”

– Brandon Frisch

Next year, Print Services will implement a few small changes to further improve the process and ensure guaranteed delivery dates.

Success: Audio Banking Migration


Spokane Valley, WA – 02/04/2019 – ESP, Inc. has now successfully ported all of the Tropo-based audio banking clients to the new Twilio-based solution. When CISCO announced at the end of 2018 that they were sunsetting the Tropo product line, we knew many of your credit union members depend upon phone banking; we had to find a solution. Our talented development team got to work immediately to find a solution that could continue the audio response solution without interuption.

When this project started, our team knew it would need to be successful on the first try with building a solution, whilst having no previous exposure to the new platform. After conducting extensive research on several possible platforms, we settled on a vendor that was technologically advanced and offered us a high degree of responsiveness.

Twyla Morales, Product Deployment Specialist at ESP, was the project manager of the hosted audio migration. In order to ensure a smooth transition with all 27 credit unions, she decided to conduct the migration in three phases in order to provide focused customer service to each client. Part of her job consisted of porting phone numbers from the existing vendor to the new vendor in a very specific time period.

This new vendor allows ESP an unprecedented level and access and control over the application. This gives us the ability to quick respond to and address issues as they arise, without relying on a third-party for implementation.

“We’re more educated into how the process works. Our previous vendor was more of a hands-off situation. They did all the work, while we awaited their changes on their timetable. With our new vendor, we are much more in control of the process which equates to enabling us to be more responsive to our credit unions.”

– Twyla Morales

Another key member of the migration team was George Saprito, a developer here at ESP. George was tasked with providing a seamless user experience for our Audio Banking users. Using the existing solution as a template, he coded the new solution to be totally familiar to those members that rely on phone banking. Start to finish the project took four months.

From the discovery phase and primary development through four rounds of exhaustive internal testing, our team did it all in-house. At the start of this project, ESP Development had zero experience coding on the new platform, but George was quickly up to speed. He noted the soundness of this new system.

“This new platform offers us a new level of stability. Plus, there’s a new set of features that we can tap into the future. It will easily allow us to program new features including multi-lingual capability.

– George Saprito

Another key part of this process will include a feedback survey. We want to know how well we did and how we can improve on this process in the future.

“We understand that third-party service changes are part of life in the modern era of acquisitions and mergers. There is always a chance that a company like Tropo, in this example, will get bought by a big company like CISCO. Tropo had a great product and was an upstart in the industry, so it wasn’t really a surprise when we got the notification. I am thrilled with our team, how they came together with a solid replacement for the Tropo service, created a plan that ensured no member impact, and delivered the seamless replacement on-time to our Client base.

– Matt Lefler

In all, the process, planning, coding, testing and porting a new solution in such a short span of time is remarkable. We are looking to this process as a standard for our development in the future.


Szabo New Conversion Coordinator


Spokane Valley, WA – 02/04/2019 – ESP taps Lexi Szabo as new Conversion Coordinator.

She started as a receptionist in the Summer of 2015. After being promoted to Client Services Representative, her ethic of high-level customer service garnered her three ESP Employee of the Year recognition awards.

Lexi Szabo, Conversion Coordinator

Lexi will be managing core conversions from beginning to end. A big part of her new position will be the coordination of communication between the client, their vendors and ESP. This ensures that all parties are on the same page and are in agreement for the portions of conversion they are responsible for.

“My intention is to continue refining what we’ve done in the past and make the process seamless for our new clients – making every step of the way clearly defined for everybody involved.”

– Lexi Szabo

True to form, Lexi immediately began the process of a core conversion upon her promotion. She’s currently working on a conversion that will develop her skills in project management, communication, and team building.

According to her manager, Shelly Rogers, her attention to detail, extensive client knowledge, her grasp of FORZA, and her tenacity are some of the qualities that garnered this promotion.

“She will undoubtedly provide outstanding customer service to our current clients and converting clients.”

– Shelly Rogers


Nordstrom FCU Chooses ESP


Nordstrom FCU Chooses ESP

Spokane Valley, WA – 11/26/2018 – Nordstrom Federal Credit Union (FCU) located in Seattle, WA has chosen Enhanced Software Products, Inc. to be their core processing service provider.

Nordstrom FCU is member-owned and has been serving Nordstrom store employees since 1936. They are dedicated to providing superior service and financial products. Their members enjoy perks such as custom-tailored loan terms, competitive dividend rates, and convenient online banking services.

Shelli Millhuff, President and CEO of Nordstrom FCU, began her search for a core processor that would bring her credit union into the 21st Century. She required a system that was relevant and could help meet member needs with better technology and increased customer service.

Among Millhuff’s goals were: ease of use for both employees and members; quality service delivered in a timely manner; and the ability to integrate third-party vendors including MeridianLink and Kasasa. ESP’s FORZA3™ core processing platform fit the bill.

On the week of conversion, the team from ESP was onsite and had all of the necessary documents and processes needed to validate prior to flipping the conversion switch.

“The Conversion Team was fantastic! They were very organized and walked us through exactly what was going to happen. Once we flipped the switch, they were there holding our hands, communicating with our previous core. The next morning they were there bright and early validating that all the data had came over and had us up and running within 24 hours.” – S. Millhuff

Developing a strong business relationship with their core vendor became the tipping point in Nordstrom FCU’s decision to convert. With their previous core, Nordstrom FCU felt like they were being overlooked because of their size. They felt support became increasingly more difficult to obtain.

“ESP is exactly what this credit union needed – from the beginning of the conversation through conversion and then after going fully online.  The service you get from ESP is phenomenal. It absolutely proved we made the right decision. – S. Millhuff

Lacking IT staff was no longer an issue as Nordstrom found value in the immediate answers provided by ESP’s staff. 24/7/365 access to trained support gave them the flexibility and confidence to convert with their current staffing levels. 


About ESP, Inc.

ESP, Inc. is a provider of customer-centered core processing and technology solutions strictly for credit unions. Our solutions are designed to accomplish three main goals – to grow your credit union, to make your staff more efficient, and to empower your members. We accomplish this through our powerful FORZA3™ core processing software. Learn more at

Press Contact

John Demke
Marketing Guru

Third-Gen Service Bureau Goes Live

We have raised the bar on Business Continuity for Credit Unions

ESP has gone through two infrastructure iterations: starting with a service bureau model based on IBM mainframes, then we created a new FORZA3™ platform designed on standard Microsoft software, such as Microsoft SQL Server and .NET. FORZA3™ gave a modern and intuitive interface to our clients, in contrast to older mainframe-based core processors, and improved our ability to quickly deliver new third-party integrations and expand our core capacity.


Legacy IBM Mainframe


Modern FORZA3™


Distributed & Redundant FORZA3™

In 2017, we began planning work on a new iteration of this service bureau environment. Taking advantage of new developments in Microsoft SQL Server, new concepts in network architecture, and expanding regulatory and client expectations, we implemented new technology at the core of the FORZA3™ ecosystem.

New Architecture

The new generation of Service Bureau required several changes to the architecture by which we deliver core processing services, which we have implemented with our first client – Selfreliance Ukrainian American FCU – according to the following requirements:

High Availability

Core components, such as FORZA3™ access for tellers or online banking for members, should not have to go down just because one server is inoperable.

Geographic Distribution

Flexibility in service-offering requires us to be able to offer services in one location, with components residing in another.

Real-Time Replication

Data is the life-blood of any credit union, and this data should be protected from regional disasters.

Point-in-time Recovery

Beyond catastrophic failures, the state of a credit union’s data should be recoverable to any point in time.

Architecting the Service Bureau

High Availability

We established a primary data presence in the same region as the credit union, with the following components:

  1. Two synchronously replicated, highly-available database servers in a fail-over cluster
  2. Two real-time replicated, highly-available online banking servers in a fail-over cluster

Teller connections to the core FORZA3™ platform can fail transparently between servers; in the event that one fails, the other can instantly takeover the workload, without any necessary changes on the client or member’s end.

Member connections to online banking, in the event of a failure of one online banking server, can restart their session within several seconds on the other.

Geographic Replication

Meanwhile, we configured the following in a different geographic region, to which the CU simultaneously has access:

  • A third synchronously replicated database server
  • A third online banking server, preconfigured for disaster recovery
  • A second report retrieval and generation server
  • A long-term tape archival system for daily server backups

The state of the data in the client’s primary datacenter is identical to that in the secondary datacenter; that is to say, in the event of a disaster at the primary processing location, there is no data loss when failing over to the alternate region.

Moreover, this failover is on the order of minutes, and only requires changing one piece of configuration in the teller software. Online Banking only needs to be failed-over by altering a DNS record, and we are currently working on a method to automate this process as well.

Daily backups are sent to the alternate location to be written to an encrypted tape archive, stored in a secure offsite facility that specializes in the long-term retention of critical data.

Point-in-time Recovery

In addition to the real-time off-site replication of production data, we established a supplemental backup scheme:

  • Bi-weekly full database backups
  • Differential backups every 4 hours
  • Transaction log backups every 15 minutes

Together, these allow us to recover the state of the database to any point-in-time. These backups are also replicated off-site and retained for a period of one week, while FORZA3™ daily backups are stored for seven years.

Minimal Migration Time

Through a carefully staged migration, we were able to keep total downtime for member-facing services to less than 90 minutes, scheduled at-night and after-hours when members were less likely to be impacted. This migration involved:

  1. Moving online banking ahead of time, with no downtime
  2. Establishment of client connectivity to primary and secondary data processing locations ahead of time
  3. Several weeks of regular replication of backups of all client databases
  4. Using SQL Server functionality to minimize the final backup/transfer size and restore time
  5. Triaged database restore operations and service recovery according to member impact

Improved Disaster Recovery and Business Continuity

In a disaster scenario, during which the primary data processing environment is instantly compromised with no warning, we are able to offer resumption of FORZA3™ processing in the new environment within only several minutes of an outage; services such as Online Banking can be resumed as soon as DNS propagates with new records.

Flexible reporting

By utilizing Microsoft SQL Server’s native replication functionality, we are able to allow the credit union the ability to create and run their own Crystal Reports against their own live data – and to do so against their replica server, which does not impact performance for members or for credit union personnel currently using it.

We also developed a “self service” reporting system, by which the CU can use FTP to

  • Add and schedule their own custom reports for execution
  • Specify reports to execute daily, weekly, or monthly
  • Specify reports to output to their FORZA3™ Report Archive, or a separate private HTTPS/FTPS site
  • Specify reports to output to PDF and/or Excel format
  • Specify custom parameters to their Crystal Reports

ESP to Deploy Redgate Software

Spokane Valley, WA – 03/28/2018 – Enhanced Software Products, Inc. (ESP) will deploy Redgate database management software to increase development efficiency.

Red Gate Software Ltd touts itself as “the leading provider of software for professionals working on the Microsoft data platform.”

ESP is currently implementing two Redgate modules: SQL Compare and SQL Doc.

SQL Compare allows developers to push database differences between separate databases and update them. This permits ESP programmers to quickly compare existing and future updates and find and correct errors that may occur, saving valuable time and prevent the repetition of tasks.

SQL Doc is software that enables programmers to add documentation at the field and object levels. In the future, new members of ESP’s Development team will be able to quickly get up to speed on the functionality of database entries and start coding. As this tool is more fully utilized in creating a “data dictionary“, the steep learning curve that exists will become non-existent.

Sean Hibbler, the Senior FORZA Developer at ESP, states that these software modules will “simply let us do our jobs better and with greater efficiency.”

ESP clients will be seeing the effects of this software in subsequent updates of FORZA.

About ESP, Inc.

ESP, Inc. is a provider of customer-centered core processing and technology solutions strictly for credit unions. Our solutions are designed to accomplish three main goals – to grow your credit union, to make your staff more efficient, and to empower your members. We accomplish this through our powerful FORZA3™ core processing software. Learn more at


If you would like more information on this topic please call John Demke at 800-456-5750, or email at

ADA Compliance Unicorn

Do you feel like you need an ADA Compliant site?

I have received a lot of calls lately on making public websites ADA Compliant. I am sure that number will shoot up after this email I received this morning – ADA Lawsuits Against CUs Spike in December. No matter how frustrated and (to be frank) ticked off this makes me, it is here. There are currently no guidelines to follow, so I feel your pain. But good news, I believe I have found the unicorn of credit union web developers!

As I have discussed in a previous email, ADA Compliance, there are options but are often too expensive of an investment right now for many of you. One option that was not included in the email is OMNICOMMANDER. I believe it is the best solution and it is a fraction of the investment of competing developers.

I’m excited to introduce OMNICOMMANDER, “the credit union industry’s first website platform that is exclusively focused on design and ensures every touch-point will have the exact same user interface”. They will rebuild your site in full ADA Compliance. Not only that, they will continually test your site to make sure it is in compliance into the future.

OMNICOMMANDER’s 4-Step Process:

Step 1. Our developers have gone through extensive ADA training and are experts in building sites to be accessible to those with vision, hearing, cognitive impairments.

Step 2. We have a full time ADA Compliance Officer. James Harrington is a Member of the IAAP (International Associating of Accessibility Professionals.) He has “Advanced Web Accessibility Training ” classes and attends ADA Compliance Meetings in specific regard to Credit Unions.

Step 3. SSG (Retired) Aaron Hale is a 14 year veteran of both the Navy and Army. He deployed once to Iraq and it was on his second mission to Afghanistan where his career as as Explosive Ordinance Disposal (EOD) Team Leader ended. An Improvised Explosive Device (IED) exploded in front of Aaron, severely wounding him and taking his eyesight.

Before going live with a new website, Aaron goes through every page utilizing assistive technologies to ensure that it is accessible for those individuals with vision impairments. The ONLY way that you can ensure that you website is accessible is by going through it manually. Scanners can produce false positives and false negatives. This is the reason the latest standards in accessibility (WCAG2.1) include manual reviews.

Step 4. We have partnered with an independent 3rd party to provide a certificate of accessibility. Through this partnership, we have secured a discounted certification process that at the end of the engagement will result in a letter of accessibility that can be posted on the credit union’s website.


Getting Started:

You want to know more, please contact ESP Sales at and we will have an OMNICOMMANDER representative contact you with more details.

  • We simply did the legwork to find you another solution. We are not involved in the process and no billing goes through us.
  • You will work out the build cost with OMNICOMMANDER.
  • OMNICOMMANDER will host your new site, extremely reasonably. (This allows them greater flexibility when comes time to address your ADA Compliance.)

As you can tell, I am overly excited about this solution. I have been fielding as many calls on this as I did with MFA (which oddly enough, did not have an initial guideline either). We will always hunt down solutions for you, even when we are not primarily involved. I think that is important for our partnership. You can rely on us to have an “ear to the ground” on emergent technology issues and I intend to live up to that expectation.

Don’t hesitate to contact me with any questions.

Three CUs Renew With ESP


Three CUs Renew With ESP

Spokane Valley, WA – 07/24/2017 – ESP is proud to announce that three credit unions have agreed to renew their core processing contracts already this year. Rockford Bell Credit Union, Toledo Postal Employees Credit Union, and Cottonwood Community Federal Credit Union have chosen to continue serving their members on the FORZA3™ platform.

Rockford Bell Credit Union of Loves Park, IL was organized in 1935 by employees of Illinois Bell Telephone Company. They prospered for many years with their commitment to community support. In the 1980s, after the breakup of Bell Telephone, Rockford Bell Credit Union began to accept other employee groups.

With assets of $30,000,000 and over 4,300 members, Rockford Bell CU serves eight counties in northwestern Illinois and over thirty-five different employee groups. They operate two full-time locations at Loves Park and Mt. Morris. ESP, Inc. has been providing core processing services since 2004.

Toledo Postal Employees Credit Union was formed in 1932, strictly for postal employees living in Toledo, OH. In subsequent years, the credit union was opened to all classified postal employees in zip codes surrounding Toledo and later to include family members.

1,100 members currently access their single branch inside the Toledo Post Office. They have been a client of ESP since 1996.

Cottonwood Community Federal Credit Union Cottonwood, ID was organized in 1942 so that the community could save together and provide low-cost loans to credit union members. They now serve all of Idaho and Lewis Counties providing service to low-income areas and people without adequate access to credit union services.

The credit union consists of 4,600 members with $78,000,000 in assets. Members receive service at three branch locations in the West Central portion of the state. They have been a client of ESP since 2012.

ESP is honored by these credit union’s continued partnership and will serve them long into the future.

About ESP, Inc.

ESP, Inc. is a provider of customer-centered core processing and technology solutions strictly for credit unions. Our solutions are designed to accomplish three main goals – to grow your credit union, to make your staff more efficient, and to empower your members. We accomplish this through our powerful FORZA3™ core processing software. Learn more at

Press Contact

John Demke
Marketing Guru

How to detect a phishing attack

Forward – Phishing attack against American Lake CU

We have recently become aware of a phishing attack against members of American Lake CU.  This attack is a variant of one which has existed since 2008, and has also targeted Chase and Bank of America customers.  It is our hope that this article will provide information both to mitigate the danger posed by this attack and by future attacks, for both members and non-members of American Lake CU.

The phishing attack has shown two variants so far:

From: American Lake <>
Date: July 11, 2017 at 9:52:42 AM EDT
To: <>
Subject: Online Verification
Dear Customer,
We’re sorry – we suspended your access to your American Lake account because of recent activity on your account.
Click Here To Activate Your Account.
Copyright © 2017 American Lake CU.
All Rights Reserved.

From: American Lake <>
Sent: Tuesday, July 11, 2017 5:02 PM
Subject: Systems Maintenance Services.

Security Alert

Dear Customer,
We are letting you know that due to an ongoing General system maintenance in our Online Banking Database its mandatory for you to Verify Your American Lake Account in order to enjoy our online banking service. We request that you complete this quick Verification process. If this is not done as urgent as possible your account might be deactivated at once.
Online Verification

This morning (7/12/2017), a second variant with a different phishing page and different email appeared. We have already gotten two phishing pages, that the emails linked to, taken down – however, variants may continue to spread. With that in mind, please read the following information closely:

What is phishing?

One of the most popular “hacking” techniques, phishing relies on vulnerabilities in people rather than in code.  Phishing campaigns take advantage of human fallibility to convince targets to voluntarily give up their sensitive information to attackers for financial gain.  The infamous “Nigerian Prince” phishing scam presents an example of this: with a sometimes convincing story, individuals are convinced to hand over personal information (bank account information, passport scans, etc) in exchange for the promise of money.  More common today are phishing attacks targeting financial institutions such as credit unions.

How does phishing work?

Phishing attacks work much like marketing campaigns, in that they operate a “funnel” – enormous numbers of phishing emails are sent out to equally enormous numbers of recipients, in hopes that some of them don’t immediately skip over it, some of the remainder open the email, some of that remainder take it seriously enough to click the link, some of those go on to enter their information, etc.

Note that while email-based phishing campaigns are most common, they can also operate through unsolicited phone calls and even traditional “snail-mail”!

How do I protect myself from phishing?

To prevent yourself from becoming a victim of phishing, it’s important to keep yourself from ‘falling down’ the funnel mentioned earlier, and to stop yourself as soon as possible in the process of becoming a victim.

Limit exposure to phishing email

While there is no fool-proof method to keep yourself from receiving phishing email, there are some tips you can use to limit the number you receive:

  1. Use an email account with spam filtering
    1. Even most free email providers offer this.
  2. Be careful where you post your email address
    1. Don’t post your email address in public comments, on public websites, etc.
    2. Try to use a different email address (or alias) for your “important” accounts, such as Online Banking, from accounts you use for online games, for example.

Recognize phishing email

When you receive an email, especially relating to your credit union account, ask the following questions to try to reduce the risk of taking a phishing email seriously:

  1. Does this pertain to me?
    1. If you are not a member of American Lake CU, and you receive an email asking for you to do something for your account there, you should ignore it.  After all, you have no account, so it couldn’t possibly be applicable to you.
  2. Does it sound professional?
    1. If the email contains strange variations in grammar, spelling, punctuation, or case, this can be an indication that it is illegitimate.  Attackers often do this to try to evade spam filters, or simply as a result of not speaking English as a first language.
  3. Is this email from who it says it is?
    1. Note that while it is trivial to spoof email addresses, these are typically more obvious to spam filters.  Many attackers will send from email addresses completely unrelated to the institution they’re phishing.  Look at the “from” address and see if it even claims to be coming from the institution.
  4. Are they asking me to give them something?
    1. Legitimate institutions will virtually never send you unsolicited email requesting that you enter personal information.  Always check with the institution to make sure such unusual requests are legitimate.

Check the address bar

While you should always try to avoid interacting with phishing emails, if you do find yourself on a website and about to enter your personal information, you should always double check the address bar to verify the “domain” of the website.  Phishing websites almost always have a different (but sometimes similar!) address to the legitimate site.

The address bar is located at the top of the window:

American Lake CU uses a technology called “EV-SSL” to provide both encryption of traffic to its website and verification of the website’s identity.  Members of the CU should check the address bar to ensure that the CU name is indicated, as well as the domain “”:

Online banking for American Lake CU looks very similar:

Note the similarities for the above two images, are compared to this phishing page:

  • The address isn’t similar
  • No “https”, no green padlock, no CU name in address bar

Some phishing scams may be look closer, such as registering “” as opposed to “”, for example.

If in doubt, call your institution!

If you think there’s a chance the email could be illegitimate, call the institution (such as your credit union) using a number you know is legitimate, and ask them about the email you received.  If it is illegitimate, they can use this as a warning for others!

When in doubt, especially if you are being asked for more or different information than normal, and especially if you were solicited to give this information via email, contact your credit union!