Internet Security
What to Expect From MembersFirst Credit Union
- MembersFirst will NEVER call, email or otherwise contact you and ask for your user name, password or other online banking credentials.
- MembersFirst will NEVER contact you and ask for your credit or debit card number, PIN or 3-digit security code.
- Visit membersfirstga.com/blog to stay up-to-date on how to safeguard your finances and personal information.
Internet Security Safeguarding
Your Information
The internet makes it very easy and convenient for us to conduct business quickly, from anywhere. With increased convenience comes increased risk. It seems that every day we hear news reports about fraudsters and scams and learn of new victims of identity theft or fraud. Our priority at MembersFirst is to protect your information and your money. We are strongly committed to the safety and confidentiality of your records. We want to keep you informed about scams, fraudsters and information breaches and to educate you about ways to protect yourself when conducting business online. Visit this page often for updates.
How to Keep Yourself Safe in Cyberspace
An important part of online safety is knowledge. The more you know, the safer you’ll be. Here are some great tips on how to stay safe in cyberspace:
- Set good passwords. A good password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Change your password frequently. Don’t write it down or share it with others.
- Protect your mobile phone and tablets with passwords and automatic locks. If your mobile phone or tablet is stolen, criminals can have access to your mobile banking information and all your contacts.
- Don’t reveal personal information via email. Emails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe, do not send your personal information such as account numbers, social security numbers, passwords etc. via email or texting.
- Don’t download that file! Opening files attached to emails can be dangerous especially when they are from someone you don’t know as they can allow harmful malware or viruses to be downloaded onto your computer. Make sure you have a good antivirus program on your computer that is up-to-date.
- Links aren’t always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you would expect. To avoid falling into their trap, type in the URL address directly and then log in. You can also scroll your mouse over the link and ensure that the URL matches your intended destination.
- Websites aren’t always what they seem. Be aware that if you navigate to a website from a link you don’t type, you may end up at a site that looks like the correct one, when in fact it’s not. Take time to verify that the web page you’re visiting matches exactly with the URL that you’d expect.
- Log off from sites when you are done. When you are ready to leave a site you have logged in to, log off rather than just closing the page.
- Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly statements and report any unauthorized transactions right away.
- Assess your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts.
Some items to consider when assessing your online banking risk are:
- Who has access to your online business accounts?
- How and where are user names and passwords stored?
- How strong are your passwords and how often are they changed?
- Are they changed before or immediately after terminating an employee who had access to them?
- Do you have dual controls or other checks and balances with respect to access to online banking transactions?
A List of Don’ts
- Don’t reveal a password over the phone or in person to anyone. Not your boss. Not your family. Not your co-workers.
- Don’t reveal a password in an email message.
- Don’t talk about a password in front of others
- Don’t hint at the format of a password (e.g., “my family name”)
- Don’t reveal a password on questionnaires or security forms
- Passwords should never be stored unencrypted online
- Do not use the “Remember Password” feature of applications (e.g., Eudora, Outlook, Netscape Messenger)
Online Shopping:
When shopping online, be wary of fake websites designed to steal your information and, ultimately, your identity.
- Be careful about sites that store your online information.
- Do not shop from a public computer since other users may be able to access your stored usernames and passwords.
- Shop only from websites that use encryption, or scrambling, to protect your information.
- Make sure the website address begins with “https:” instead of “http:”. This indicates that encryption is being used.
“Phishing” or “pharming” attacks are growing more sophisticated and difficult to detect. Some phishing attacks use viruses and/or trojans to install programs called “key loggers” on your computer. These programs capture and send out information that you type in directly to the phisher, including credit card numbers, user names and passwords. Some may create a pop-up alert asking for your private information to authenticate you or your computer to a financial institution. If you feel that you have been tricked into giving out any of your confidential personal information, you run a high risk of becoming the next victim of identity theft or other financial fraud.
Take the following steps to protect yourself and your finances:
- Install and/or update anti-virus and personal firewall software. Run full virus scans every time you log on to your computer.
- Confirm every connection that your firewall allows. Ensure that your browser is up to date and security patches are applied.
- Log in to your accounts regularly.
- Consider installing a web browser tool bar to help protect you and to detect known phishing web sites.
- Be suspicious of any unsolicited emails with urgent requests or demands for personal financial information. If the email threatens to “suspend” or “freeze” your account access, you can be assured that this is some type of scam.
- Don’t use the links in any email that you suspect might not be authentic. Call the company directly or log onto their website by typing in the web address in your browser.
- Avoid filling out forms in email messages that ask for personal financial information. Communicate information of this type via a secure website only.
- Ensure that you are using a secure website when submitting credit card or other sensitive information via your web browser. Check the beginning of the web address bar – it should be https:// rather than just http://. Look for the closed lock at the bottom of the site.
- Regularly check all of your accounts: eBay, PayPal, or online trading accounts that hackers may have accessed without your knowledge or permission.
- Report phishing or “spoofed” emails to the following groups:
- Forward the email to reportphishing@antiphishing.com.
- Forward the email to phishing@membersfirstga.com.
- Forward the email to the FTC at spam@uce.gov.
- Notify the Internet Fraud Complaint Center of the FBI at www.ic3.gov
- Forward the email to the “abuse” customer complaint site at the company that is being spoofed.
- Always forward the entire body of the email, including the header so the investigators have a better chance of identifying the spoofers.
Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Crime Complaint Center (IC3) at www.ic3.gov. The IC3 is a partnership between the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.
Setting Passwords
TIPS for Setting STRONG Passwords:
- Passwords must be at least 8 characters in length
- Combine uppercase and lowercase letters with numbers and symbols
- Include at least three of the following four categories: upper case characters (e.g., A-Z) lower case characters (e.g., a-z) Digits (e.g., 0-9) Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:”;’<>?,./)
- Establish separate passwords for each account.
Passwords should NOT contain:
- Proper names
- Login ID
- Email address
- Date of birth of account holders
- Dictionary words
- First middle or last name
- Any information available on social networking sites
Passwords should be kept private. They should be memorized or, if written down, kept in a locked file cabinet or other secure location.
Social Networking
Social networking is a great way to keep in touch with friends and family and even long lost classmates. It’s also great for making new business contacts. It’s fun to keep updated on all the happenings but consumers must be even more vigilant and should be careful not to share too much personal information. With the increased use of social networking sites for personal and business communication, individuals need to be careful to keep certain information private.
Here are some tips:
- Keep your page private and request that all your “friends” and “connections” be approved.
- Don’t post your personal information like the year of your birth or phone number.
- Have a separate email address for your social networking accounts.
- Don’t post holiday pictures online while you are on vacation.
- Watch for phony sites and pages .
- Don’t reply to all “events” you plan to attend