As our world continues its digital transformation, we will continue to use electronic devices for more of our every day lives. Whether it be ordering food online or accessing your credit union accounts, use of the internet and devices that give you access to it will continue to rise. With that being the case, it is important to remember that along with the convenience digital services provide comes some added risks that we should be mindful of and protect ourselves from.
Email and Text Security:
Unfortunately, there are many bad actors looking to take advantage of the ways we communicate and conduct business online to steal our information or gain access to your financial accounts. One of the main ways that these fraudsters look to trip us up is through sending phishing emails or texts. Phishing refers to an attacker sending fraudulent messages to steal personal information from the victim or infect their device with malicious software.
Email or texts with misspelling or grammar errors. Phishing email is notorious for having poor grammar or messages worded an abnormal manner.
Some red flags to be on the lookout for include:
- Email or texts which present a very urgent need to respond. Examples include warning you that you have been hacked, you have a relative or friend in urgent need of help, or that you need to act to claim some sort of prize.
- Email or texts with misspelling or grammar errors. Phishing email is notorious for having poor grammar or messages worded in abnormal manner.
Some best practices to protect yourself from these attacks:
- NEVER CLICK ON A LINK OR OPEN AN ATTACHMENT UNLESS YOU ARE CERTAIN YOU SHOULD. Links to malicious websites or attachments are the avenues fraudsters use to infect your computers with malicious software such as ransomware.
- Never disclose personal information including passwords. Most legitimate business will not ask for your personal information through an email. Instead, navigate directly to the known website of the company in question.
- Ask yourself if you have had any legitimate business from the sender of the email or text before responding. Many attacks are done by impersonating a legitimate, well-known business. You should also be aware that a friend could have had their email compromised. Contact a friend or relative directly by phone if they are asking for urgent help.
Along with attacks that come through email and texts, spoofing legitimate websites is another way bad actors attempt to steal your credentials or other personal information. Sometimes these websites are part of a phishing email or text through a link in those communications. In other cases, these websites can be created with similar or very close spelling to legitimate websites to catch those searching for the legitimate site.
Red flags for spoofed websites:
- Slight misspellings of the legitimate web address.
- In emailed website links, look for differences in the embedded link domain compared to where the email is stating you will be directed too. You can look for differences in the URL/web address you will be forwarded too by hovering your mouse cursor over the link for a preview of where it is sending you.
- Websites that are not using a secure connection. Watch for the use of HTTP instead of HTTPS, and only give information through an HTTPS site.
Compromised passwords are a common way that attackers gain access to your email, financial or other online accounts. Bad actors gain access to your passwords through phishing attacks, breaches of companies that you have used that password for, or other malicious activity.
Best practices in regards to passwords:
- When possible, use other MFA (mulit-factor authentication) methods in addition to passwords for verification. MFA can include biometrics (fingerprint or facial recognition) on your mobile device, a push notification to your phone, or a text or phone call. MFA methods that use texts are not as secure, but still better than pure passwords.
- For those passwords that you do use, ensure you use a complex password. Multiple types of characters (digits, punctuation and letters) as well as longer lengths of characters are signs of a better password.
- Do not use personal information such as family names and birthdates.
We take the security of your accounts seriously.
Some of the ways that we protect your account are:
- Two-factor authentication, including Push Authentication or Google Authenticator, to verify your device and identity.
- TouchID and FaceID options with some device types
- Easily and instantly lock/unlock your cards
- Set spending limits on your cards
- Set specific regions that your cards are only allowed to be used in
- Easily enable account & card alerts, including login, balance, transaction, etc.
- Easily Block or unblock international purchases on your cards
You may also be interested in: Fraud Awareness | Financial Wellness Center