We are keeping a close eye on the "Heartbleed" bug you may have heard about. The vendor we use for Online Banking has completed a preliminary assessment and has not discovered any vulnerability. We will be sure to keep you updated should anything to the contrary be discovered. Rest assured that we are doing everything we can to help ensure that your information is safe.

It is always a good practice to use unique passwords for all of the online services you access. If your GCF Online Banking password has also been used with a different service, we do recommend that you change your Online Banking password at this time.

If you currently utilize GCF’s online banking EXPRESS TRANSFER function to make your loan payments, this service will be temporarily unavailable from April 25, 2014 through June 9, 2014. As an alternative to this temporary inconvenience, you can do one of the following:

  • Contact 1-877-589-6600 ext. 320 or 368 between the hours of 9:00 a.m. and 5:00 p.m., Monday through Friday, to manually complete the transaction.
  • Mail a check to Investors Bank, 101 Wood Avenue South, Iselin, NJ 08830.
  • Sign up for GCF’s online bill payment system and set up a monthly payment to be sent to Investors Bank.

Fast Access

GCF Bank is now part of the Investors Bank family!
GCFlash - March 22, 2011!

Tuesday, March 22, 2011

Edition #603

Today's Highlights:

Past issues of GCFlash:

March 15, 2011 Edition #602

March 8, 2011 Edition #601

March 1, 2011 Edition #600

February 22, 2011 Edition #599

Looking for articles from a past issue of GCFlash not listed above? Find them in our Knowledge Base!

Weekly Spotlight:

Your security is important to us. We created our online Security Center to provide you with the latest threat information, scam alerts, prevention tools, victim resources and articles for your online safety. Visit us often.

Our Current Rates:

For a listing of our current deposit and loan rates, click here.

Today's National Market Rates
March 22, 2011 6 Mo Ago
1 Yr Ago
5 Yrs Ago
Dow Jones Industrial Average 12,018.63 (-0.15%)
(Up 441.12 or 3.81% since 12/31/10)
10,739.31 10,785.89 11,317.43
S&P 500 1,293.77 (-0.36%)
(Up 36.133 or 2.87% since 12/31/09)
1,134.28 1,165.81 1,305.04
NASDAQ 2,683.87 (-0.31%)
(Up 31.00 or 1.17% since 12/31/08)
2,334.55 2,395.40 2,303.35
10 Year Treasury Bond Yield 3.33% 2.55% 3.66% 4.70%
British Sterling 1.6378 1.5660 1.5024 1.7474
Euro 1.4202 1.3358 1.3525 1.2088

Back to top

1st Flash

The Tide is Still Rising

No, not the massive tsunami that devastated parts of Japan. While the chaos an event of this magnitude wrought on this country, we're going to talk about a bigger threat yet. This one threatens chaos on a global scale.

You may want to refer to the August 17, 2010 issue of this newsletter for background on the ZeuS Trojan before continuing here. The article was so important that we've made it readily available on our Security Articles web page as well.

The article describes a sophisticated Trojan in use by global organized crime rings. The toolkit to deploy the Trojan is readily through underground Internet sites. At the article's end, I offered this prediction:

"While no incidences have yet been reported, it's only a matter of time before SpyEye dethrones ZeuS as King of Crimeware."

That time has come.

SpyEye gained rapid momentum throughout 2010. Not only had it dethroned ZeuS, but it marked a turning point in the history of cybercrime. Both codes were merged to create "one super Trojan" according to the creator.

Its coder uses two aliases; "Harderman" and "Gribodemon." And he boasted of what was to come to his partners in crime.

According to the RSA Anti-Fraud Command Center, it wasn't just idle chatter. They've analyzed one of the most recent variants of SpyEye and confirmed it is already active in the wild. Their engineers were able to reverse engineer the code and found it does contain an exact code piece that was earlier found in ZeuS.

Typical Internet browsers speed up page delivery time by delivering it from the web server the first time it's accessed. It saves the page on your computer as a "cache" to retrieve more quickly the next time you visit. When you request a web page, you may not always be getting the most current version if it's a site you visit often.

That was a problem for Trojans previous to ZeuS. They relied on their malware to inject code into the web page you were trying to access in order to capture your personal information. Only ZeuS had the ability to inject code into your cached copy. Previous to their merger, SpyEye worked by deleting all cached content before injecting the code into the web page you had requested. It now uses the ZeuS method.

SpyEye is hard to detect. It injects the executable file into a completely different process than previous types of malware, with the Trojan itself residing in a different location using different binary. Even if the code is detected during a virus scan, the executable will not appear related to the Trojan and continue undetected.

January 2011 was the fifth consecutive month where the U.S., UK, Canada, South Korea and Germany were the countries hosting the most phishing attacks. Those originating in the U.S. increased seven percent over the previous month.

Likewise, the U.S. is also the top target, being victim to 56 percent of worldwide mass phishing attacks. The UK comes in a distant second with 23 percent.

Attacks targeting U.S. credit unions increased from eight to 11 percent in January. Nationwide banks remained the same with regional banks showing a three percent decrease.

Attacks of this type are extremely difficult to detect. This makes it all the more important to diligently monitor your accounts and credit history.

Don't wait for your monthly statement to arrive if you can access accounts online. Prompt detection of fraud stops it in its tracks. It's impossible to completely prevent crime but we can limit our risk when exposed. Keep a close eye on your valuables.

Source: RSA Anti-Fraud Command Center

On The World Wide Web

The federal government and the technology industry team up to help you be on guard against Internet fraud, secure your computer and protect your personal information. Get their tips.

FBI Special Agent Bobby Bureau needs the help of some kids on his undercover assignment. They can learn about the agency through stories and interactives and pick up safety tips along the way. Point your browser here.

View the heart wrenching before and after satellite pictures of earthquake devastated Japan.

Back to top

2nd Flash

Effective Even Without the Glitter

While Trojans like ZeuS and SpyEye use sophisticated tools for mass phishing attacks, others rely on low tech methods to lure their victims.

Most people know by now that they did not win a lottery they never entered. They recognize pleas from the Nigerian prince who will pay you to convert money from your American account as a scam. They know whether or not their good friends got robbed while traveling Europe, needing money to get home.

Yet enough people still fall victim that the scams continue.

This year alone, on two separate occasions an alert GCF Customer Service Rep (CSR) noticed a bank customer presenting a check for deposit that didn't appear right. Upon questioning their customer further, each learned their customer had been notified they were lottery winners.

The CSRs were both recognized for their attention to detail in detecting and preventing fraud.

The customers weren't quite as happy when they left the bank as when they arrived thinking they hit the jackpot. But they really were winners that day. They avoided a scam that would have cost them every penny in their account.

Another instance saw a woman trying to cash a check drawn on a GCF account. The CSR noticed that the signature on the check did not match the one we had on file. She contacted the account holder to learn her daughter had stolen her check and was trying to do the same with her money.

In all three cases, the training GCF provides to its employees prevented customers from becoming fraud victims.

But what about those times when the transaction isn't conducted in a branch office? What happens with electronic fraud?

One business owner I know found himself in this situation. He designs and installs kitchens rather than working in an office setting. Without easy access to a computer, he conducts business in the traditional fashion rather than electronically.

You may think this would lessen his risk for online fraud. You would be wrong.

This man wrote a check to one of his suppliers for goods received. The supplier was careless about where he left his records. They were discovered by a thief, who now had his account number, routing number and business name.

He had enough information to move $3,000.00 into an account at Capital One. He paid a phone bill, a cellular company and another credit card firm.

At one point, the thief made a small deposit into this man's account to confirm it was still open before drawing out more funds into his Capital One account.

He bilked this man's business account out of nearly $5,000.00 before being detected when his next statement arrived. Without monitoring his account online, it was almost a full month before he knew what was happening.

A large volume of credit card theft still occurs at restaurants. Waiters and waitresses are not large wage earners. Some will supplement their income by stealing credit card numbers.

It's a fairly easy crime to execute. Some will swipe your card on a handheld skimmer while ringing up your tab. Others may use a small camera to capture the numbers. They're paid anywhere from $5 to $10 for each credit card number they capture.

To be clear, a far greater percentage of waiters and waitresses are honest people who earn a living through quality service. Yet it only takes one bad egg to make you a victim.

Online scams and fraud won't disappear anytime soon. Quite the opposite as the web provides a new frontier for villains to ply their trade.

But it also offers the opportunity to catch theft more quickly, reducing whatever risk you may incur.

Tip of the Week

An unsophisticated phishing attack has been targeting users of PayPal, Bank of America, Lloyds and TSB. The victim gets an email, opens the attachment and is directed to a legitimate web site. En route, they're routed to a malicious site seeking account information. FedEx has been a past target of this scam. Never respond to this type of request through an email. If a company you conduct business with requests such information, call them directly. Legitimate companies will not request this type of information via email.

Back to top

Financial News

Sales of existing homes in the U.S. dropped 9.6 percent in February and prices fell to their lowest level since 2002, according to the National Association of Realtors. Economists had expected a drop of only 4 percent to a 5.15 million-unit pace. However, the month over month annual rate in February dropped to 4.88 million units after increasing for three straight months. This was the largest drop since July. The Realtors' group blamed tight credit conditions and home appraisals that were below agreed-upon selling prices.

The Federal Housing Finance Agency (FHFA) purchase only House Price Index (HPI) also showed continued decline in the housing prices. The HPI slipped 0.3 percent in January, following a revised decline of 1.0 percent in December (originally down 0.3 percent). On a year-on-year basis, the FHFA HPI is down 3.9 percent, compared to down 4.1 percent in December. According to the FHFA, home prices continue to be pressured by excess supply and distressed home sales. This index only covers single-family houses with Fannie Mae and Freddie Mac loan information.

It would be nice if we could say that the home sales drop was weather related, but we will have to wait to see what direction those sales, and prices, will head.


"There are three things in the world that deserve no mercy: hypocrisy, fraud, and tyranny." - Frederick Robertson

Today in History

1903 - Niagara Falls runs out of water because of a drought.

Flash Fact

The Internet Complaint Center (IC3) received 303,809 complaints in 2010, an average of 25,317 per month. Non-delivery of payment or merchandise was the top complaint, with scams using the FBI's name and identity theft rounding out the top three. IC3 is a partnership between the FBI and the National White Collar Crime Center.

Have a comment about something you read in GCFlash? Suggestions for future articles? Drop us an email!

Back to top


GCFlash is a weekly e-mail sent only to its listed customers and associates free of charge. GCFlash informs customers of special product offerings which may be of interest, current interest rates on both deposit and loan products, selected financial news and other financial tidbits. GCFlash is intended to supplement the more comprehensive information listed on the GCF Web site at

For more comprehensive information, visit our Web site at or call (856) 589-6600 Ext: 337 (Timothy P. Hand)


For a copy of our Privacy Policy, visit

GCF maintains your e-mail address in a confidential and secure database along with much of your other account information, such as mailing address and telephone number, etc. Before aggregating our e-mailing list each week, we filter out any duplicates. In most cases, this inhibits the unintended e-mailing of multiple copies of GCFlash to a single e-mail address. However, because these account records are kept by both individual and account, there is a chance members of the same household could each receive a copy of GCFlash or any other transmission at the same e- mail address - resulting in multiple copies. For example, a husband and wife that both have accounts with GCF may both receive a copy because the names are different but listed at the same e-mail address. This is similar to the manner in which each individual may share a common telephone number. To handle this situation, GCF recommends you simply delete any extra copies of GCFlash as this will ensure that ALL individuals receive any future promotional mailings, which might only be targeted or offered to specific accountholders meeting certain criteria. GCF has the capability to suppress customer e-mail addresses so they are omitted from our transmission list. If you would rather have a specific household member’s e-mail address suppressed in our electronic database, simply send us a reply, as stated below, and indicate the accountholder for which you would like to have e-mail suppressed. Please keep in mind that this suppression will mean that NO future e-mails are sent, including special promotional offers. If you have any questions about this process or need additional information, please contact us at

If you would like to be removed from this electronic mailing list, please hit reply and place the word REMOVE in the subject line. Please note, removing your name from our electronic mailing list means GCF will send NO FUTURE NEWS or SPECIAL OFFERS.

GCF Bank
381 Egg Harbor Road
Sewell, NJ 08080
(856) 589-6600