Data Breaches: The More You Know, The Safer You’ll Be

Phishing Prevention

Educate Yourself to Prevent Phishing

On April 4, 2011 online marketer Epsilon, a unit of Alliance Data Systems Corp., announced that it had experienced a data breach affecting approximately 2% of its 2,500 clients worldwide.  It is the largest data breach ever known to occur, affecting tens of millions of customers of companies from Disney, Target and Verizon to Chase and Citibank.  The information compromised consisted of the names and e-mail addresses of customers.  No account numbers were known to be involved. 

PFCU is not a customer of Epsilon, so our database and e-mail communications were not affected by the breach.

You may occasionally receive e-mails claiming to be from a store or financial institution you do not do business with asking you to verify information as though you are a customer.  The senders are “phishing”, or randomly targeting as many people as possible to find someone who actually has an account there and might fall for their scheme to gain sensitive information.  With the Epsilon breach, malicious hackers can use the names and e-mail addresses they’ve stolen to engage in a very specific type of phishing called “spear-phishing”.  By knowing the places people shop or have accounts, they can send targeted e-mails to actual customers that appear to be legitimate communication from the companies. They can thus attempt to trick people into giving them their account numbers or other important pieces of information.  This improves the effectiveness of the attempt.

Many of the companies involved have already communicated with their customers, advising them of how they intend to deal with the breach.  Companies will not send you e-mails asking you to verify personal information.  To be safe, always contact a company at the website or phone number you have on file for them.  Do not use links in an e-mail to direct you to any site which requires passwords or the inputting of personal data.  

PFCU has always taken a proactive approach in protecting the personal information of our members.  We have stringent firewalls, which we constantly monitor.  We recently unveiled our new Online Banking and Bill Pay with enhanced security features.  We asked members to select a site key, which is a custom picture that is visible when they log in to our website.  It is accompanied by a site phrase created by our member, which further personalizes the site.  Members who do not see these features when logging in should assume they are not accessing our actual site and contact us right away.  Members also had to select and answer several security questions.  While these steps can seem like an inconvenience while one is setting them up, the inconvenience of dealing with a compromised account is far worse.  Safety first, as the saying goes. 

Some of our members might remember the Heartland security breach in 2009, which affected our debit cards.  PFCU took an aggressive approach to protecting our members, closing and reissuing hundreds of cards, even though there had not yet been any fraudulent activity.  Many other financial institutions adopted a wait-and-see approach, which may have been more convenient for them, but may also have resulted in extra headaches for some of their customers when their accounts were raided.  PFCU takes your security seriously and will always take a cautious approach to protecting your money. 

Your money is safe at PFCU.

Leave a Reply

You must be logged in to post a comment.