There are constant variations on how cyber thieves are trying to access and exploit the confidential information of people innocently maneuvering the web. It makes sense to be skeptical of any e-mail, posted link, private message or inquiry. Cyber thieves aim to gain your trust and get you to let your guard down. This allows them to place spyware and malware onto your computer, learn important data about you that lets them access your accounts and private information, and trick you into unintentionally giving them money. Attachments such as .zip files are notorious for acting like a Trojan horse to deliver malicious files to your computer. Make sure you know what you are clicking on at all times. Just because an e-mail appears to be from a well-known company, don’t assume it is. Inspect the URL closely for variations in the name, or contact the company by typing in the correct website yourself, or calling them at the number you have on file for them. A little diligence can go a long way.
Be sure to “Like” our Pasadenafcu Facebook page, follow us on Twitter, check our PFCUandyou.com blog, and check the Safety and Security tab of our website for info on the latest scams. Don’t enter personal information such as passwords, social security number, account numbers, answers to security questions and financial information into e-mails you receive. Go to the website YOU have for the organziation or call them. E-mails that would ask for information like that are most certainly “phishing” for ways to exploit your trust. In this case, healthy skepticism can save you headaches and more.
DDoS attacks are mentioned more frequently in the news these days, but what are they? The initials stand for “Distributed Denial of Service” and refer to cyber attacks which are performed by harnessing thousands of personal computers through spyware and malware and instructing them to navigate to a specific website, overloading the server and resulting in the website being inaccessible to legitimate users.
While there may be any number of motives for such attacks, the goal is to render the targeted website useless for as long as possible. When there are hints of a pending attack, it is best to be proactive. Internet rumors have indicated that a possible large-scale DDoS attack on American financial institutions might occur on Tuesday, May 7, 2013. As a precaution, anyone who transacts business on financial institution websites is encouraged to refrain from doing so on that day. Plan ahead and schedule online transactions in advance if possible. If you need to transact on that day, consider physically going to a branch or calling the institution.
Generally, it is not a good idea to wait until the last minute to schedule an online payment or transfer. Always look ahead and schedule transactions well in advance to give yourself a cushion in the event of unforeseen roadblocks. You’ll also have peace of mind, which is a great benefit of thoughtful planning. PFCU’s Online Banking and Bill Pay, for example, allow you to schedule one-time or recurring future payments and transfers and have options for all sorts of convenient reminder texts or e-mails. The internet is a valuable tool in communication, organization, and information-gathering. Just be careful not to rely on it to the extent that you can be affected by temporary interruptions in service. Always have a backup plan.
There are more Safety and Security blog articles here. To get fraud alerts as soon as we communicate them, “Like” our PasadenaFCU Facebook Page and/or follow us on Twitter @Pasadenafcu. The Safety and Security tab of our website is a great place to read up on internet safety, too.
With the success of cyber Monday, more retailers than ever are offering great deals exclusively online. Unfortunately, many cyber thieves are set to make Santa’s “naughty” list as they prey on unwary, bargain-hunting shoppers with a variety of scams. Here are some ways you can keep these Grinches from stealing your Christmas:
- Purchase and install a firewall and anti-virus software before making online purchases. If you already have protective software, be sure to keep it updated. You should receive notices when updates are available.
- Don’t click on links that advertise “free” items, gift cards, holiday gifts or employment. If interested, go to the website of the company purported to be making the offer (don’t get the web address from the e-mail) and verify the legitimacy of the offer. If you don’t see the offer, try calling them.
- Free cell phone app offers can be tempting, but if you are interested in one you learn about in a text, social media or e-mail, look for it in a recognized App store.
- Be very careful of electronic greeting cards-they may contain spyware or malware, thus installing trouble on your device in a pretty package!
- Resist the temptation to click on “Free” offers on social media sites like Facebook and Twitter. If it sounds too good to be true, it probably is.
- Follow the safety tips on online auctions like ebay and Craigslist to prevent paying for an item you never receive.
- It’s wonderful to give to charities at the holidays, but be wary of phone or e-mail solicitations for donations. You want to ensure that you are actually giving to the charity of your choice and not an imposter. Look up their website and contact them on your own to arrange a donation. PFCU has dozens of non-profit community partners we work with that would be worthy recipients. The Federal Trade Commission also has a Charity Checklist.
- Watch your accounts online for fraudulent activity so you can shut it down quickly. Our online banking is free and easy to initiate at www.pfcu.org. You’ll find demos for both Online Banking and Bill Pay. You can even set up text and e-mail alerts so you know right away if specific types of items hit your accounts.
- Look for secured sites that have https in the web address. The “s” stands for “secure” and represents additional security to give you peace of mind.
- Check out McAfee’s “Avoid the 12 Scams of the Holidays”
- Bookmark and check frequently the United States Computer Emergency Readiness Team (CERT) Online Security Tips
With these tips, your holidays should be “smooth sledding”. The additional assurance these tips bring will make your holidays much more enjoyable.
Sooner or later, Southern California will experience a major earthquake. Disaster Preparedness is the best way to gain more peace of mind. Just as with your finances, the more you know, the more you can protect yourself and your loved ones in the face of such an event. To help Californians prepare, The 2012 Great California Shake Out is occurring statewide on October 18, at 10:18 a.m. There are many ways for individuals, businesses, schools, faith-based organizations, and community groups to participate and get prepared for earthquakes as well as sharing what you are doing with others to help them prepare. In fact, the Shake Out is now an international event with millions of participants worldwide. Pasadena and the greater San Gabriel Valley region reside in “earthquake country.” Should we experience a significant quake, most experts indicate that you and your family will likely be without governmental assistance for more than three days. Will you be prepared?
For more information on the Great California Shake Out, safety tips and advanced preparation please visit their web page at www.shakeout.org. San Gabriel residents, please click here for an update regarding the event. You can also find preparedness information through the Pasadena City Hall at www.cityofpasadena.net/disaster.
Rest assured, Pasadena Federal Credit Union has a detailed Recovery Plan in place to ensure that our members have access to their money in the aftermath of an earthquake or other event. (If there’s a disaster recovery page on your site you can link to it).
Now is also a great time to put a PFCU Home Equity Line of Credit, VISA Credit Card, or Overdraft Line of Credit in place to give you quick accesss to emergency funds when you need them. Apply Now.
Whether it’s a natural disaster or a financial one, disciplined planning and communication can minimize the impact of such events on you and the lives of your loved ones. We’re doing our best to help keep you safe and secure. The Great California Shakeout is a powerful way to start!
With summer in full swing, I have been working on a new song called Ice Cream Day. I love ice cream, especially in the summer when it is hot. Here is a rough draft of lyrics to one of the verses:
Ice cream day…ice cream day…you used to be my favorite day … chocolate chip, cookie dough, even love me some rocky road…I should have had a hunch… if I ate too much and spent too much it would hurt a bunch… ice cream day…ice cream day…you used to be my favorite day…until I got carried away!
Sometimes it is easy for me to get carried away, especially when I am having fun and enjoy something. Does that ever happen to you? Spending smart and not over doing things, just like saving money, are great habits. Here a few things smart spenders do and so can you:
1. Smart spenders have a budget. They make a list of what they are going to spend on and how much.
2. Smart spenders compare prices and do research before spending.
3. Smart spenders, when they need to spend, use coupons and buy things on sale.
4. Smart spenders talk to other smart spenders about how to get the most for their money and make their money last as long as possible.
I hope you have a great summer and continue to work toward making your dreams and goals come true. You can do it! Now, go get to it!
Learn more about Sammy and his mission to help kids get in the habit of saving money and make dreams come true at www.itsahabit.com
© 2009 The It’s a Habit Company, Inc.
Facebook, Twitter, Linked-In and other social media sites have profoundly impacted society in many ways. They have facilitated reunions of old friends, helped people with similar interests find one another, allowed groups to organize more effectively and have helped businesses like PFCU grow. Many of our new members found us online. There has been a lot of talk about what to share and not to share online. Have you thought about that question in terms of answers to your security questions for our free Online Banking and Bill Pay services, as well as those of your other online accounts? You should.
Multi-factor authentication, as we have discussed elsewhere, is an important way of staying a step ahead of identity thieves. In an effort to share information with your friends on social media sites, however, you may be giving the answers to some of your security questions away. In school, teachers punish students who get caught cheating but online if you unwittingly give the answers away you could get punished by financial loss or headaches with cleaning up the very real mess of fraudulent use of your accounts.
Often people want to share their hometown on Facebook or other sites so that individuals they knew in childhood can find them. That seems innocent enough, but often one of your security questions will be “What city were you born in?” One way around that is to determine alternative answers to those questions to use when setting up multi-factor authentication. The trick here is not to forget those answers. As it is, we often get phone calls from frustrated members who have forgotten the way they input the answers and find themselves locked out of their accounts. Try to use the same combination of capital and lower case letters all the time in case-sensitive data fields, and don’t make that combination obvious. For example, Pasadena might become pa$aDena. Notice that we used a dollar sign instead of a letter ‘s’ and put the capital in an unusual place. Someone born in New York might, instead, list the city that is home to their favorite sports team or the city their parent was born in. As long as you remember, you will not tip off a criminal. One woman who wanted to make sure her recently-divorced spouse could not access her accounts listed her mother’s maiden name as “freedom”. A humorous answer like that may make it easier for you to remember how you answered the question.
Often people will post their favorite foods, movies, performers or songs on social media sites because they enjoy those things. Since many of those items may show up as security questions in the account set up process online, make sure you give different answers to ensure that you won’t hand your account over to thieves.
While taking a few moments to review the answers to your account authentication questions may seem inconvenient, it is nothing compared to the hassle of cleaning up identity theft. Since you’re already online, why not go through your accounts and make sure you haven’t revealed information thieves can use to steal from you? That way you can enjoy the benefits of social media and rest easy about your online security.
We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access. Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:
Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts. Together, they make up the Federal Financial Institutions Examination Council (FFIEC). The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you.
The First Line of Defense
If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops. Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.
First, there is the authentication process. One or more of the following are used to authenticate you:
-Something you have (ATM/Debit Card)
-Something you know (Password, PIN, or Personal Identification Number, site key)
-Something you are (biometric device, etc.)
The more factors are included, the stronger the defense of your accounts. That is why PFCU combines several factors to protect you. We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site. If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly.
To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another. For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction. The layers of security can help us identify suspicious activity. They can also limit exposure to losses should someone gain unauthorized access to one transaction. Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms.
An old scam to trick people into making costly long distance phone calls has resurfaced and can cost you time and even money. Typically, a message is left in your voice mail system for you to call someone regarding an urgent matter, such as information about a family member or, perhaps, a contest you’ve “won”. The number ends up routing you to a foreign country where you are then charged huge amounts of money for every minute you stay on the line.
“809,” “284,” “876,” are a few of the area codes you need to look out for. If you receive a message from an unfamiliar area code, do not automatically call back. Look up the area code and verify that it is in the US. An easy way is to go to areacode.org
You can also ask your phone company to block foreign calls if you aren’t in the habit of making them.
You can read more on the Federal Communications Commission website.
The Safety and Security tab of our website also has some great information about scams of all kinds to avoid, and there are other fraud prevention articles here at PFCUandyou.com.
Enjoy using your phone and/or mobile phone for communication with known friends and family, but exercise caution when using it for other purposes.
Every day there are thousands of organizations across the country putting enormous time and effort into fundraising. From bake sales to candy bars, from cookies to popcorn, people are always coming up with creative ways to raise money for a good cause. Now, imagine that an unscrupulous leader in the organization who steals hard-earned money raised by the group destroys all of that effort. It has happened to church groups, schools, scouting organizations and sporting clubs. A few clear, simple rules can keep it from happening to your group.
One of the reasons we all participate in such organizations is that we want to have fun and build community. There is a general feeling of good will generated and it’s easy to let our guard down. Unfortunately, many otherwise honest people may succumb to temptation if they fall on hard times. One way to look at it is for all members of the group to be mindful not to put one another in a position where they could become suspect if money went missing. Care of the organization’s funds should be a constant collaborative effort.
• Elect trustworthy individuals as officers, but don’t put anyone in a situation where they are easily tempted to defraud the group
• Keep a system of checks and balances that the group agrees upon
• No one should be offended if anyone in the group wants to look at bank statements, ledgers or other records-books should be open at all times
• Frequent, transparent reporting should be made to the group and verified independently by different group members
• We encourage groups to sign up for online banking and e-Statements so that different members can easily go online any time to review accounts
• Rotating officers frequently can prevent any one individual from getting too comfortable
• When large sums of money are brought in, the group should determine specific actions for use of the funds and initiate procedures for follow-up
• Officers should take care to avoid even the appearance of impropriety
• Use mobile apps like our new Sprig Mobile Banking as a way of quickly checking account activity
Young or old, the members of an organization work hard to raise money for specific purposes. Use the administration of those funds as a way to teach kids about cooperation, money and planning and keep the experience pleasant for everyone. In conjunction with our Free Girl Scout Troop Accounts, for example, PFCU offers extensive financial literacy training with the help of children’s author Sam Renick. After he and his Sammy Rabbit character delight and educate the kids, their parents often tell us they learned a lot, too! Don’t let money ruin friendships, familial relationships and the integrity of your group or organization. Encourage one another to be vigilant in a collaborative way and applaud each other for being cautious.
Staying ahead of malicious computer programmers is a challenge and requires an ever more complicated combination of precautions to ensure that your financial data is not getting into the wrong hands.
In a recent article, we warned you about “spiders” on the worldwide web. Another particularly dangerous threat is known as a “worm”. A worm is able to spread to other computers without being transmitted through e-mails or malicious websites. One such worm is the “Ramnit” which has surfaced in Europe but is quickly spreading throughout the world. The Ramnit takes advantage of the viral aspect of sites like Facebook. Programmers realize that many people use the same password for social networking sites that they use for their bank accounts. This makes it very easy for a worm to capture data and provide access to the funds of unsuspecting victims. In addition, it sends messages to a user’s friends disguised as an article or other link and then prompts them to click. As many as a million people a day click on erroneous links that then infect their computers, and the results can be a real headache. If it seems unlikely that a friend would send you particular message, they probably didn’t. Beware.
Pasadena Federal Credit Union constantly monitors fraud alerts and works with online services that invest millions of dollars annually in security. Our web hosting company has received numerous awards for their attention to security and we regularly review their efforts.
Unfortunately, even a well-constructed password by itself is not very effective these days in protecting accounts. Our new Online Banking and Bill Pay upgrade includes some new multi-factor authentication steps.
-A site phrase selected by the user
-A site key, which is a picture unique to each individual that helps verify they are on the actual site they intend to log into and not an imposter site
Never use the same password for multiple accounts and do not use a password a stranger could guess, such as your birthdate, social security number, address, nickname or other information. These can open the door to identity theft. Keep a log of hints that would help you recall a password but which would be meaningless to anyone else.
When answering security questions that are things others might easily discover about you, such as names of relatives, your favorite color, etc. consider purposefully choosing an alternative answer (one that you will remember). For example, if your niece is named Susie but she has blond hair, you might consider saying her name is “Blondie”. Remember that someone who gains access to your social network also gains access to a potentially rich mine of information about you. They can often determine things such as the names of family members, so those answers may not be the best ones to protect you.
We have a very helpful demo on our website that walks members through some the exciting and helpful changes effective on our Per$onal Branch Online Banking and Bill Pay beginning February 9, 2012. Watch it to familiarize yourself with these changes.