SECURITY

ONLINE SECURITY

PHISHING

Phishing attacks use fraudulent email messages and web sites designed to fool recipients into divulging personal financial data, such as social security numbers, credit card numbers, account user names, and passwords.

Phishing attacks happen frequently. Once phishers gain access to personal information, they can use your credit cards, steal your identity, and ruin your credit rating. In a typical case, you'll receive an email that appears to come from a reputable company that you recognize and do business with, such as your credit union or insurance company. In some cases, the email may appear to come from a government agency.

Many phishing emails will warn you of a serious problem that requires your immediate attention. Email phrases such as "immediate attention required" or "please contact us immediately about your account" will then encourage you to click on a link to go to the institution's website.

In Phishing scams you could be redirected to a phony website that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual web site. In these cases, a pop-up window will quickly appear for the purpose of harvesting your financial information. In either case, you may be asked to update your account information or to provide information for verification purposes: your social security number: your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of identity theft.

CCCU will never solicit personal/private information via email.

How to protect yourself:

• Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
• If you believe the contact may be legitimate, contact the legitimate company or financial institution yourself. You can find phone numbers and web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
• Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
• Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

WHAT TO DO IF YOU FALL VICTIM:

Contact us immediately and alert us to the situation. If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau's fraud division.

Click here to report all suspicious contacts to the Federal Trade Commission or call 1-877-IDTHEFT.

TIPS FOR BEING A SECURE USER:

Each user has a responsibility to keep their system protected. We highly recommend the following steps to protect yourself and your system.

• Keep your computer up-to-date with the latest patches for known vulnerabilities for the operating system and browser that you are using.
• Make sure your computer has a current version of anti-virus software and that the virus definition files or signatures are frequently updated.
• Run anti-spyware software to remove any spyware or adware that may be resident on your computer. Frequent pop-ups are often an indication that spyware/adware is on your computer.
• Install a personal firewall to help prevent unauthorized access to your computer. This is especially important if you have a cable or DSL modem connection to the internet.
• Check with your ISP or computer manufacturer for suggested personal firewall applications.
• Choose strong passwords and change them often. Passwords should be a minimum of 8 digits in length with a combination of upper and lower case letters and numbers.
• Passwords should be changed every 3 months.
• Don't reply to any email that requests your personal information. Be suspicious of any email that requests information such as social security numbers, account numbers, password, personal identification numbers, etc.
• Only open email when you know the sender. Be cautious of opening attachments unless you trust the source.
• Be aware of the many email scams circulating that look like a trusted business or friend but are designed to gain personal information or lead you to download a virus or worm.
• Do not send sensitive personal information unless it is through a secure encrypted site. General email is not encrypted and should not contain personal information.
• When your computer is not in use, shut it down.
• Act quickly if you suspect fraudulent activity on your account. Call CCCU immediately to get assistance blocking your account. Continue monitoring your account activity closely. Change all passwords that may have been breached.

CCCU recommends using the most recent version of your preferred browser to ensure the highest level of security.

Internet Explorer 10 or greater
Firefox