Posts Tagged ‘online security’

Maintain a Healthy Skepticism Online

There are constant variations on how cyber thieves are trying to access and exploit the confidential information of people innocently maneuvering the web.  It makes sense to be skeptical of any e-mail, posted link, private message or inquiry.  Cyber thieves aim to gain your trust and get you to let your guard down.  This allows them to place spyware and malware onto your computer, learn important data about you that lets them access your accounts and private information, and trick you into unintentionally giving them money.  Attachments such as .zip files are notorious for acting like a Trojan horse to deliver malicious files to your computer.  Make sure you know what you are clicking on at all times.  Just because an e-mail appears to be from a well-known company, don’t assume it is.  Inspect the URL closely for variations in the name, or contact the company by typing in the correct website yourself, or calling them at the number you have on file for them.  A little diligence can go a long way. 

Be sure to “Like” our Pasadenafcu Facebook page, follow us on Twitter, check our PFCUandyou.com blog, and check the Safety and Security tab of our website for info on the latest scams.  Don’t enter personal information such as passwords, social security number, account numbers, answers to security questions and financial information into e-mails you receive.  Go to the website YOU have for the organziation or call them.  E-mails that would ask for information like that are most certainly “phishing” for ways to exploit your trust.  In this case, healthy skepticism can save you headaches and more.

Online Fraud Can Come Wrapped in Holiday Bows

Don't let cyber Grinches steal your Christmas cheer

With the success of cyber Monday, more retailers than ever are offering great deals exclusively online.  Unfortunately, many cyber thieves are set to make Santa’s “naughty” list as they prey on unwary, bargain-hunting shoppers with a variety of scams.  Here are some ways you can keep these Grinches from stealing your Christmas:

  • Purchase and install a firewall and anti-virus software before making online purchases.  If you already have protective software, be sure to keep it updated.  You should receive notices when updates are available.
  • Don’t click on links that advertise “free” items, gift cards, holiday gifts or employment.  If interested, go to the website of the company purported to be making the offer (don’t get the web address from the e-mail) and verify the legitimacy of the offer.  If you don’t see the offer, try calling them. 
  • Free cell phone app offers can be tempting, but if you are interested in one you learn about in a text, social media or e-mail, look for it in a recognized App store.
  • Be very careful of electronic greeting cards-they may contain spyware or malware, thus installing trouble on your device in a pretty package!
  • Resist the temptation to click on “Free” offers on social media sites like Facebook and Twitter.  If it sounds too good to be true, it probably is.
  • Follow the safety tips on online auctions like ebay and Craigslist to prevent paying for an item you never receive.
  • It’s wonderful to give to charities at the holidays, but be wary of phone or e-mail solicitations for donations.  You want to ensure that you are actually giving to the charity of your choice and not an imposter.  Look up their website and contact them on your own to arrange a donation. PFCU has dozens of non-profit community partners we work with that would be worthy recipients.  The Federal Trade Commission also has a Charity Checklist.
  • Watch your accounts online for fraudulent activity so you can shut it down quickly.  Our online banking is free and easy to initiate at www.pfcu.org.  You’ll find demos for both Online Banking and Bill Pay. You can even set up text and e-mail alerts so you know right away if specific types of items hit your accounts. 
  • Look for secured sites that have https in the web address.  The “s” stands for “secure” and represents additional security to give you peace of mind. 
  • Check out McAfee’s “Avoid the 12 Scams of the Holidays
  • Bookmark and check frequently the United States Computer Emergency Readiness Team (CERT) Online Security Tips

 

With these tips, your holidays should be “smooth sledding”.  The additional assurance these tips bring will make your holidays much more enjoyable.

Multi-Factor Authentication Foils Cyber-thugs

We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access.  Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:

Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts.  Together, they make up the Federal Financial Institutions Examination Council (FFIEC).  The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you. 

The First Line of Defense

If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops.  Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.  

First, there is the authentication process.  One or more of the following are used to authenticate you:

            -Something you have (ATM/Debit Card)

            -Something you know (Password, PIN, or Personal Identification Number, site key)

            -Something you are (biometric device, etc.)

The more factors are included, the stronger the defense of your accounts.  That is why PFCU combines several factors to protect you.  We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site.  If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly. 

Layers

To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another.  For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction.  The layers of security can help us identify suspicious activity.  They can also limit exposure to losses should someone gain unauthorized access to one transaction.  Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms. 

  Read the rest of this entry »

Data Breaches: The More You Know, The Safer You’ll Be

Phishing Prevention

Educate Yourself to Prevent Phishing

On April 4, 2011 online marketer Epsilon, a unit of Alliance Data Systems Corp., announced that it had experienced a data breach affecting approximately 2% of its 2,500 clients worldwide.  It is the largest data breach ever known to occur, affecting tens of millions of customers of companies from Disney, Target and Verizon to Chase and Citibank.  The information compromised consisted of the names and e-mail addresses of customers.  No account numbers were known to be involved. 

PFCU is not a customer of Epsilon, so our database and e-mail communications were not affected by the breach.

You may occasionally receive e-mails claiming to be from a store or financial institution you do not do business with asking you to verify information as though you are a customer.  The senders are “phishing”, or randomly targeting as many people as possible to find someone who actually has an account there and might fall for their scheme to gain sensitive information.  With the Epsilon breach, malicious hackers can use the names and e-mail addresses they’ve stolen to engage in a very specific type of phishing called “spear-phishing”.  By knowing the places people shop or have accounts, they can send targeted e-mails to actual customers that appear to be legitimate communication from the companies. They can thus attempt to trick people into giving them their account numbers or other important pieces of information.  This improves the effectiveness of the attempt.

Many of the companies involved have already communicated with their customers, advising them of how they intend to deal with the breach.  Companies will not send you e-mails asking you to verify personal information.  To be safe, always contact a company at the website or phone number you have on file for them.  Do not use links in an e-mail to direct you to any site which requires passwords or the inputting of personal data.  

PFCU has always taken a proactive approach in protecting the personal information of our members.  We have stringent firewalls, which we constantly monitor.  We recently unveiled our new Online Banking and Bill Pay with enhanced security features.  We asked members to select a site key, which is a custom picture that is visible when they log in to our website.  It is accompanied by a site phrase created by our member, which further personalizes the site.  Members who do not see these features when logging in should assume they are not accessing our actual site and contact us right away.  Members also had to select and answer several security questions.  While these steps can seem like an inconvenience while one is setting them up, the inconvenience of dealing with a compromised account is far worse.  Safety first, as the saying goes. 

Some of our members might remember the Heartland security breach in 2009, which affected our debit cards.  PFCU took an aggressive approach to protecting our members, closing and reissuing hundreds of cards, even though there had not yet been any fraudulent activity.  Many other financial institutions adopted a wait-and-see approach, which may have been more convenient for them, but may also have resulted in extra headaches for some of their customers when their accounts were raided.  PFCU takes your security seriously and will always take a cautious approach to protecting your money. 

Your money is safe at PFCU.