Cybersecurity and Scam Awareness

The holiday shopping season isn't just a big season for consumer spending. It's also a peak time of year for fraud. And while fraud unfortunately happens year-round, it is particularly common around the holidays. With the significant increase in online shopping, consumers need to be extra vigilant about cybersecurity at this time of the year.

Here are some tips to avoid fraud during the holidays (and all year):

• Use unique passwords. If you do not want to create unique passwords for every website you use, at least create unique ones for your online banking profile, PayPal account, credit card account, and other accounts linked to your financial information. And in all cases, do not use the same password for multiple financial accounts.
• Use a secure network when shopping online. Do not make online purchases when using a public or unsecured WiFi.
• Only shop from sites or stores you trust. Verify that you are on a store's actual website and trust your gut if something seems suspicious. Do not go to a site by clicking on an ad you received via e-mail or social media. Look at the name of company and go directly to their site.
• Use a debit or credit card with anti-fraud features or fraud alerts like Mastercard^® or Visa^®. These features can help you catch and stop unauthorized transactions before they’re approved by your financial institution.
• Monitor your credit card and banking accounts frequently. With online account access, daily monitoring is easy to do. Report any fraudulent or questionable charges as soon as you notice them. Set up email or text alerts on your credit and debit cards so you receive notice of any purchase or transaction immediately. If you don’t recognize the transaction, contact your issuer immediately.
• Keep your devices up to date with software, browser and app updates. Fraud prevention technology is constantly improving, which means most software updates include security fixes that address new vulnerabilities.
• Never give your financial or personal information over the phone to someone that initiated the call. Only give information on a call which you placed and are sure you are speaking to the desired company.
• Be careful who you trust your login information to, even if it is a close friend or relative.

NGFCU is available 24/7/365 if you suspect any fraud on your account. Call 800.633.2848 to report any suspicious activity or if you believe your financial information has been compromised.

With the disruption caused by the pandemic, many people are accessing their employer networks and computers from a remote location. Having the ability to do this is called remote access, and it has become an invaluable tool enabling employees to work from home. However, it is very important to make sure your remote access is secure. 

There are several ways to keep your computer and data protected when using remote access. Here are a few tips to help you do just that:

Use Strong Passwords

• ​​​​​​​ Your passwords should be a combination of upper and lower case letters, numbers, and symbols. Each password should be at least 12 characters long. Using a password generator is a simple way to create random passwords. Change your passwords frequently and create a unique password for each account or login. And of course, don’t share your passwords.

Software Updates

• Many software updates contain security enhancements or patches. Install updates when they become available to protect your device from new malware or viruses.

Use Antivirus Software

• Install reliable antivirus software and enable auto-updating so it is always up to date.

Enable Your Firewall

• Firewalls monitor and filter incoming and outgoing network traffic based on established security protocols. It monitors attempts to gain access to your operating system and blocks unwanted incoming traffic and unrecognized sources. Be sure your firewall is ON.

Use a Secure VPN

• Setting up a secure Virtual Private Network (VPN) means your remote desktop won’t be connected directly to the internet. Instead, your remote desktop will only be exposed to your local network. This limits the vulnerability to outside hackers.

Multifactor Authentication

• Called 2FA or MFA, this adds another layer of protection to your device and requires more than one kind of credential to sign into or log into an account. Beyond the typical username and password, multifactor authentication requires a unique code that will be sent to you via SMS for verification.

Reports of ransomware scams have been headline news recently. Large companies are being targeted and have become victims of this security threat. Here is valuable information about this type of cyber-crime and how to avoid it.

Malware includes viruses, spyware, ransomware and other unwanted software that gets secretly installed onto your device. Once malware is on your device, criminals can use it to steal your sensitive information, demand payment to unscramble data encrypted by ransomware, and make your device vulnerable to even more malware.

How Malware Gets on Your Device

• Malware can get onto your device when you open or download attachments, or visit a fake website. Here are some common ways that your device might get infected with malware:
• Downloading free stuff like illegal downloads of popular movies, TV shows, or games
• Clicking links in fake security pop-ups sent to your computer
• Clicking on ads placed by scammers on websites you visit
• Phishing emails that trick you into clicking on a link or opening an attachment

How To Know if You Have Malware

• Look for unusual behavior from your phone, tablet, or computer. Your device might have been infected with malware if it:
• Suddenly slows down, crashes, or displays repeated error messages
• Won’t shut down or restart
• Won’t let you remove software
• Serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content
• Shows ads in places you typically wouldn’t see them, like government websites
• Shows new and unexpected toolbars or icons in your browser or on your desktop
• Uses a new default search engine, or displays new tabs or websites you didn’t open
• Keeps changing your computer’s internet home page
• Sends emails you didn’t write
• Runs out of battery life more quickly than it should

How To Avoid Malware

Scammers try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with free downloads. Here are ways to avoid malware:

• Install and update security software and use a firewall if available. Set your security software to update automatically.
• Read each screen when you install new software. If you don’t recognize a program, or are prompted to install bundled software, decline the additional program or exit the installation process.
• Get well-known software directly from the source. Sites offering popular software for free are more likely to include malware.
• Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file. Don’t modify your browser’s security warnings. It could weaken the security.
• Instead of clicking on a link in an email or text message, type the URL of a trusted site directly into your browser. Criminals send phishing emails that trick you into clicking on a link or opening an attachment that could download malware.
• Don’t click on pop-ups or ads about your computer’s performance. Scammers insert unwanted software into pop-up messages or ads that warn that your computer’s security or performance needs attention. You might see a warning that says “suspicious activity detected on your computer. Contact a technician now at 888-888-8888.” These are tech support scams. Avoid clicking on these ads if you don’t know the source.

If you believe you may have malware on any of your devices that may have compromised your NGFCU accounts, call us at 800.633.2848 or email memberservices@ngfcu.us.

Wi-Fi hotspots in public places are convenient, but often they're not secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, it could be accessed by someone else.

Here's how you can protect your information when using public Wi-Fi:

• Log in or send personal information only to websites you know are fully encrypted. You can tell if a site is encrypted by looking at the URL. It should start with https, not just http. As you navigate through a site, watch the URL for each page also. Not all pages on a site are encrypted.
• Don't stay permanently signed into accounts. When you've finished using an account, log out.
• Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to alerts many web browsers display when you attempt to visit fraudulent websites or download malicious programs, and keep your browser and security software up to date.
• Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
• Use a virtual private network (VPN) if you regularly access online accounts through Wi-Fi hotspots. VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What's more, VPN options are available for mobile devices too. They can encrypt information you send through mobile apps.
• Learn how to identify and access Wi-Fi networks that use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
• Install browser add-ons or plug-ins. They can help. For example, Force-TLS and TTPSEverywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don't protect you on all websites so watch for https in the URL address as mentioned above.
• Take steps to secure your home wireless network.

For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.

Source: Consumer.ftc.gov

Scammers, hackers and identity thieves are looking to steal your personal information and possibly your money. But there are steps you can take to protect yourself. Here are a few tips to remember:

Update Your Software. Keep your software – including your operating system, your web browsers, and your apps – up-to-date to protect against the latest threats. Many software updates include improved security. If you have outdated software that you no longer use, delete it from your devices.

Protect Your Personal Information. Every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether the request is legitimate. If someone is requesting your information without any initiation from you, always contact the company directly by going to their website or calling them yourself.

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

Use at least 10 characters; 12 is ideal for most home users.

Try to be unpredictable – don't use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.

Don't use the same password for many accounts. If it's stolen from you – or from one of the companies where you do business – thieves have access to all of your accounts with the same password.

Don't share passwords on the phone, in texts or by email.

If you write down a password, keep it secure, out of plain sight.

Consider Turning On Two-Factor Authentication. Two-factor authentication requires both your password and an additional piece of information to log into your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. If you have the option to activate two-factor authentication, use it.

Give Personal Information Over Encrypted Websites Only. If you're shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is encrypted and your data is secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you'll still have access to your files.

For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.
 

The Federal Reserve Bank of New York reports that scammers are telling people they can pay their bills using so-called "secret accounts or "social security trust accounts" and routing numbers at Federal Reserve Banks. In exchange for personal information, like social security numbers, people get what they think is a bank account number at a Federal Reserve Bank. But this really is just a way to get your personal information, which scammers can then sell or use to commit fraud, like identity theft.

It's good to keep in mind that people do not have accounts at Federal Reserve Banks. Only banks can bank at the Federal Reserve. But what happens if you try to use this "secret" account? Well, the Federal Reserve Bank will deny the payment, since you don't really have an account there. Once the payment is rejected, you'll be notified that you still owe the money – which is about when you might figure out that this was a scam. At that point, you may owe a late fee or penalty to the company you thought you were paying. You also may owe fees to your bank for returned or rejected payments.

If you see a video, text, email, phone call, flyer, or website that describes how you can pay bills using a Federal Reserve Bank routing number or account, report it to the FTC. It’s a scam. And remember: never give your credit card, bank account, or social security number to anyone who calls or emails and asks for it – no matter who they say they are.

For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.
 

Source: Consumer.ftc.gov

Our cell phones contain contact information, text messages, e-mail access, auto-filled login credentials and much more. Imagine that your cell phone suddenly stops working: no data, no text messages, no phone calls. Then imagine calling your cellular provider only to discover that your SIM card has been activated on a new device. At this point, you are possibly the victim of a SIM card swap scam.

How the SIM card swap scam works:

• With your cell phone number and personal information like name and address, a scammer can call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone – a phone they own. If your provider believes the story without additional verification procedures and activates the new SIM card, the scammer – not you – will get all your text messages, calls, and data on the new phone.
• Imagine the damage a scammer – who now has control of your number – can do with all your information. Even if you have multifactor authentication (MFA) enabled on your financial accounts, which requires two or more credentials to log in, you are not protected. The scammer will receive the text message with the verification code they need to log in.
• Armed with your login credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts. To say the least, this situation is a nightmare.

How to protect yourself from a SIM card swap scam:

• Don't reply to unsolicited calls, emails, or text messages that request personal information. These could be phishing attempts by scammers to get your personal information. If you get a request for your account or personal information, contact the company using a phone number or website you know is real. Companies you do business with, especially financial institutions, will never ask you to verify your information unless you have reached out to them first.
• Limit the personal information you share online. Avoid posting your full name, address, or phone number on public and social media sites. An identity thief can use it to answer the security questions required to verify your identity and log in to your accounts. This includes those supposedly harmless Facebook posts from friends asking you to name your favorite color, movie, etc.
• Set up a PIN or password on your cellular account. This is a very simple way to add security to your cellular account and can help protect your account from unauthorized changes. Check your provider's website for information on how to do this.

If you're the victim of a SIM card swap scam:

• If you discover that your phone has lost your data, text, etc., contact your cellular service provider immediately to determine if you have been the victim of a SIM Swap. Your cellular company should be able to reverse the SIM card swap so you can take back control of your phone number. After you re-gain access to your phone number, change your account passwords.
• Check your credit card, bank, and other financial accounts for unauthorized charges or changes regularly. If your phone stops working, use another device like a desktop computer or tablet as soon as possible. If you see anything suspicious, report them to the company or institution immediately.
• If you think a scammer has your information – like your Social Security Number, credit card, or bank account numbers – go to IdentityTheft.gov to see the specific steps to take.
• For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.

If you assume no one cares about your personal email, consider this: your personal email can provide a wealth of information to cyber criminals. Think of all the information that is included in your saved emails – receipts, password resets, links to bank statements and so much more. Not to mention, access to your address book.

Many people also use their email address as the login for financial accounts, online retailers and payment processors. If someone has your email and attempts to log into one of your accounts, they only need to click the "forgot password" and the password reset will go to your email, which has been taken over by the cybercriminal. Once the person updates your password, you are locked out and they are logged in.

You might have been hacked if:

• Your email contacts are getting emails or messages you didn't send.
• Your sent messages folder has messages you didn't send, or it has been emptied.
• Your social media accounts have posts you didn't make.
• You can't log into websites you frequently visit such as your online banking or your social media account.

Cyberattackers can also "spoof," or fake your email, but don't actually have access to your account. But you'll want to take action, just in case.

If you have been hacked:

• Update your desktop and mobile operating systems, delete any malware and make sure your security software is up-to-date.
• Change your passwords on all of your online accounts.
• Check the advice your email provider or social networking site has about restoring your account if you have lost access.
• Tell your email contacts about the hack so they don't become victims too.
• Consider closing your email account and setting up a new one.

Steps to prevent hacking:

• Use unique passwords for important sites, like your bank and email. This can be an overwhelming task, but you can use a Password Manager that provides a centralized and encrypted location that will keep a record of all these passwords safe. Password managers store login details for all the websites that you use and logs you in automatically each time you return to a site. When using a password manager you create a master password. The master password will control access to your entire password database. This password is the only one you will have to remember so it's important to make this as strong and secure as possible.
• Use two-factor authentication whenever it is available. This provides a second layer of authentication such as a text or call to verify your identity.
• NEVER click on links or open attachments in emails unless you know who sent them and what they are.
• Download free software only from sites you know and trust.
• Don't use public computers or Wi-Fi to access your most sensitive online accounts, especially accounts that have your financial information.
• If you think a cybercriminal has gained access to your information – like your Social Security, credit card, or bank account number – go to IdentityTheft.gov to see the specific steps to take.

Source: Consumer.ftc.gov

Keylogger is malware that records keystrokes on your keyboard. If you inadvertently allow this malware to be installed, it can track anything you type including passwords, user names, credit card numbers, etc.

Here is helpful information and tips on how to avoid becoming a victim of Keyloggers malware.

How Keyloggers Access your Information

Keylogger software can be installed onto your computer or device in several ways. Here are the most common:

• As an attachment to an e-mail
• As an embedded link in an e-mail
• As webpage script on a malicious website

How to Protect Yourself

• Phishing email: Never click on links or open an attachment from an unknown email address. Even if you recognize the sender, do not open an attachment or click a link if you weren't expecting it. Reach out to the sender first.
• If your browser warns you that you have landed on a webpage that is unsafe or possibly infected, take the warnings seriously and get off the site.
• Download apps and software from reliable sources only. Don't download anything that you have not requested and don't accept any 'free' software from an unrecognized source.
• Implement two factor authentication whenever possible: this is an extra layer of security designed to ensure that you're the only person who can access your account, even if someone knows your password.
• When offered, click the "Remember this computer" option on sites that you trust so your username and other information are auto-populated and do not require keystrokes.
• Install good Antivirus security software and keep the software updated.

If you are concerned that your financial information has been compromised, notify memberservices@ngfcu.us immediately. If you think you have been a victim of identity theft, visit IdentifyTheft.gov to see the specific steps to take to protect yourself.

After you have transferred your apps and data to your new device, you'll need to decide what to do with your old device. Regardless of whether you intend to recycle it or trade it in for cash, make sure the hard drive is wiped clean. This will ensure that all your personal information, including user names, passwords, login credentials, files, etc. are not accessible to anyone.

Here is a short list of recommendations to protect your information:

Secure delete all files

Simply deleting files is not enough. Even if you can't see the file name, the data is still on your hard drive and accessible. Most operating systems have a utility for secure deletion of files. Check your device's specifications and follow the instructions.

Deauthorize your applications

Many software packages such as Microsoft Office or Adobe allow installation on a limited number of devices. Be sure to deauthorize these programs so they will be available to use on your new device. Each program will have instructions on the specific procedure.

Clear your browsing history

Most browsers save information about your browsing history and have settings that allow you to store user names and passwords. Just think of how many websites you visit that have your user name and password "remembered.” Locate the procedure to erase your browsing history for all your browsers, not just the one you use most often.

Uninstall all applications

If you have software that you purchased and installed on your hard drive, uninstall the programs so they are available to use again on your new device.

Remove the hard drive

If you intend to just dispose of your device, you can remove the hard drive entirely. While not easily done with many devices, it certainly ensures that your information is not shared. Then you can choose your preferred method of destroying the hard drive.

After you've done the above steps, you are ready to dispose of your old device. Since these devices do contain toxins, the best choice is to recycle if you intend to simply trash your device. Watch for events in your community that sponsor e-waste recycling. However, you may want to consider donating it or trading it in for cash value as well.

Password Security:

• Use strong passwords that include a mixture of letters, numbers and symbols.
• Change your passwords frequently.
• Do not use the same password for your online accounts.
• Use multi-factor authentication when available.
• Consider using a password manager program to eliminate the need to manually enter user names and passwords.

Computer Security:

• Install real-time, always-on anti-virus software on your computer.
• Keep all software programs and your operating system up-to-date. Many updates are for security patches and enhancements. Enable "automatic updates" to make this easy.
• Activate the internet firewall.
• Require a password to log onto your computer.
• Quit out of, or log off all online accounts after you have completed your transaction.
• Block pop-up windows.
• Password protect your Wi-Fi.

Mobile Device Security:

• Enable screen lock that requires a password, PIN, touch ID or touch ID to open your device.
• Log off all online accounts after you have completed your transaction, then close the app.
• Keep your apps and mobile operating systems up-to-date. Enable "automatic updates" to make this simple.
• Activate the "find my phone/tablet" feature when available.
• Avoid public Wi-Fi.
• If you are concerned that your NGFCU account information has been compromised, let us know immediately at 800-633-2848.

Protecting your smartphone and tablet requires a distinct approach. Follow these steps to help keep your mobile devices secure:

• Use a PIN/keylock code. Lock your phone when it is not in use by using the passcodes, touch ID or face ID.
• Keep the software updated – many of the upgrades are for increased security enhancements.
• Back up your devices regularly.
• Utilize the apps that can help locate your phone should you misplace or lose it. Be sure these apps are installed on another device such as a tablet or computer.
• Protect sensitive data. Always log out of your financial accounts after you have accessed mobile or online banking.
• Be wary of Wi-Fi. To stay safe, avoid connecting your device to public or unsecured (not requiring a password) Wi-Fi. Never conduct financial transactions or access sensitive data while you're on public Wi-Fi.

If you upgrade or trade in your phone, do these things first:

• Back it up.
• Remove the SIM and/or SD cards.
• Erase your personal information –if you have the option to restore your phone to the original factory settings, do that.
• Delete any apps that contain personal information especially those used to access your financial accounts or online shopping.
• For more helpful information about this topic, take advantage of the free resources provided by the Federal Trade Commission at consumer.ftc.gov.