Account Security


Phishing

"Phishing" is defined as the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail usually directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

How to Spot A Phishing Scam. At first glance, it may not be obvious to the you that what is in your inbox is not a legitimate e-mail from a company with whom you do business. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail, and the clickable link may also appear to be taking you to the company's Web site, but will in fact take you to a spoof Web site. Looks can be deceiving, but with phishing scams the e-mail is never from who is appears to be!

Common Phish Sense.

  • If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, don't cut and paste the link in the message.

  • Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

  • Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site at www.ftc.gov/bcp/edu/microsites/idtheft to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.


How would you rate this information?  


Spyware Information

What is Spyware?

Webopedia.com defines spyware as Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.


Is Spyware bad?

In general, spyware is not designed to be harmful to you - except for violating your privacy. Spyware can be as benign as cookies that simply track sites you've visited on the Web and market to you based on that information. Or, spyware can be so sophisticated as to track your keystrokes when you're logging into online banking. By the time spyware is doing things like logging keystrokes, however, it's entering the realm of being a virus. Spyware programs tend to be badly written. As a result, they may make your computer perform badly or even crash.


Is spyware illegal?

Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background.


What else can spyware do?

"Browser Helper Objects" are the holes in Internet Explorer that spyware exploits. A lot of spyware creates a BHO that can take over the browser. It might change the home page or redirect you to a page other than the one you chose in the address line. The BHO might tell your computer, "If Sam asks to go to www.creditunion.org, send him to www.bank.com."


What's the hype about?

While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement. There is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics - and this is why many people feel uncomfortable with the idea.


On the other hand...

Millions of people are using advertising supported "spyware" products and could not care less about the privacy hype..., in fact some "Spyware" programs are among the most popular downloads on the Internet.


Real spyware...

There are also many PC surveillance tools that allow a user to monitor all kinds of activity on a computer, ranging from keystroke capture, snapshots, email logging, chat logging and just about everything else. These tools are often designed for parents, businesses and similar environments, but can be easily abused if they are installed on your computer without your knowledge. These tools are perfectly legal in most places, but, just like an ordinary tape recorder, if they are abused, they can seriously violate your privacy.


So what can be done about spyware?

Software exists for detecting and eliminating spyware. These programs work like virus software, except that they are not in real time. Computer users actually need to run them to have them scan your machine. Spyware is an issue that's getting the attention of Congress because it exploits people's privacy.


How would you rate this information?  

Carelessness Can Cost You

Many Americans are concerned about someone stealing their credit card, check, or debit card numbers, but they may be ignoring one easy way thieves can access financial accounts: receipts.

Disregarding receipts that have valuable information greatly increases the risk of credit and debit card fraud. Thieves easily can find receipts with valid account numbers in trash cans. Some steps you can take to prevent thieves from stealing your financial information:

  • Shred all preapproved credit offers, credit and debit card receipts, insurance forms, financial statements, and other paperwork containing personal and fi nancial information;
  • Check credit union statements and other fi nancial statements monthly for discrepancies and order a credit report once a year to make sure no one else is using your personal information to obtain credit cards or services;
  • Don't print your Social Security number on your checks and don't carry your Social Security card in your wallet; and
  • Be hesitant about giving personal or fi nancial information over the telephone--make sure you know the caller and know how the information will be used.

How would you rate this information?  

Copyright 2008 Credit Union National Association Inc. Information subject to change without notice. For use with members of a single credit union. All other rights reserved.


Be Safe Shopping Online!

One of our values at Kitsap Credit Union is Service. We are deeply dedicated to providing our diverse membership, community, and organization with the utmost in service. This is why we would like to share a few tips to help you keep safe while you shop online.

Helpful Tip:

Is A Free Offer Really Free? If an online company is providing you a "free" offer and requests your credit card number, you will want to question whether the offer is really free. Online companies asking for credit card information for free offers may have added stipulation, such as requiring you to cancel within a specific timeframe, or return the product to avoid a charge to your account.

The Devil Is In the Details. Make a habit of reading the fine print and terms and conditions before placing your online order. There could be additional requirements, charges, and fees that are not immediately apparent.

Can I Get My Money Back? Read the merchantís return policy before placing your order and especially before returning any products. Many online companies have restocking charges and/or require a Return Merchandise Authorization before you can return the product. Be prepared: you may not be able to receive reimbursement for shipping and handling. It is also wise to request a signature and delivery tracking when returning products.

Wait! I've Changed My Mind. Be sure to keep accurate records of the details if you wish to cancel a purchase or a recurring charge, such as with a subscription. Ask for a confirmation number and the name of the person to whom you spoke when you cancelled the transaction, if possible.

Who Are You? Research online merchants before making purchases. Call the phone number provided on their website; you should be able to talk with a live person to ask questions about the company and their policies. Inquire about the merchant using an online search tool or contact the Better Business Bureau and/or the Federal Trade Commission to be sure there are not negative reports about the merchant.

Happy, safe shopping.


How would you rate this information?  

Cashline

(360) 662-CASH (2274), or toll free nationwide 1(800) 422-5852

Cashline is a Free service provided to all of our members. With Cashline you'll have access to your accounts 24 hours a day via your touch-tone telephone. It's secure - you select a personal identification number (PIN) to access information


You can:
  • Obtain balances
  • Transfer money
  • Change your PIN
  • Obtain Loan Info
  • Find out if your direct deposit has posted
  • Make a loan payment transfer
  • Obtain cash advances from Visa or Line of Credit
  • Balance your checking account
How to use Cashline:
  • Use a touch-tone phone to call the phone numbers listed above.
  • Select #1 account selection
  • Select #3 account balances
  • Select #8 more options
  • Select #9 merchant verification
  • Select #0 speak to an F.S.R.
  • If you selected option #1, enter your primary account number (without a suffix) then press the pound symbol (#)
  • Enter your PIN (Personal Identification Number), then press the pound symbol.
  • Cashline will take you step-by-step through the available options.

How would you rate this information?  

Best Practices for Passwords

Passwords are a critical part of information security and privacy. Passwords serve to protect your accounts, but a poorly chosen password, if compromised, could put your privacy and finances at risk. As a result, you are encouraged to take appropriate steps to ensure that you create strong, secure passwords and keep them safeguarded at all times

The following is some information that is helpful in creating, protecting, and changing passwords such that they are strong, secure, and protected.

General
  • Passwords should be changed every 90 days.
  • Old passwords should not be re-used for a period of 24 months.
  • Passwords should conform to the guidelines outlined below.

Password Construction Guidelines

Passwords are used to access any number of online systems, including personal computers, e-mail, financial accounts, and commerce websites. Poor, week passwords are easily cracked, and put your privacy at risk. Therefore, strong passwords are strongly encouraged. Try to create a password that is also easy to remember.

  • Passwords should not be based on well-known or easily accessible personal information.
  • Passwords should contain at least 8 characters.
  • Passwords should start with a letter.
  • Passwords should contain at least 1 uppercase letter (e.g. N) and 5 lowercase letters (e.g. t).
  • Passwords should contain at least 1 numerical character (e.g. 5).
  • Passwords should contain at least 1 special character (e.g. $).
  • Passwords should not be based on your personal information or that of your friends, family members, or pets. Personal information includes name, birthday, address, phone number, social security number, or any permutations thereof.
  • Passwords should not be words that can be found in a standard dictionary (English or foreign) or are publicly known slang or jargon.
  • Passwords should not be based on publicly known fictional characters from books, films, etc.
  • Passwords should not be based on your company's name or geographic location.

Password Protection Guidelines
  • Passwords should be treated as confidential information. You should never give your password to another person.
  • You should never transmit your password electronically over the unprotected internet, such as via e-mail or unsecure websites.
  • You should not keep an unsecured written record of your passwords, either on paper or in an electronic file. If it proves necessary to keep a record of a password, then it should be kept in a safe in hardcopy form, or in an encrypted file if in electronic form (e.g. the password-protection feature for a Microsoft Word document).
  • Do not use the "Remember Password" feature of applications.
  • Passwords should not be duplicated. Do not use the same password for all of your protected systems.
  • If you suspect that your password has been compromised, it should be changed immediately.

How would you rate this information?  

Don't Get Mugged by Your Mobile

Usually we think of a mobile phone as a tool that offers convenience and personal safety. But it also can be a weapon used against us to steal personal information.

Experts say that the same types of attacks that have plagued the online world are migrating to mobile. The National Credit Union Administration reports that members of credit unions across the country have been targets of cell phone scams, mostly phishing.

These phishing scams have been in the form of vishing or smishing attacks. Both aim to trick people into revealing sensitive private information, such as Social Security numbers, credit union account numbers, personal identification numbers (PINs), and passwords.

In vishing, the fraudster calls someone to try to extract personal information. For example, the recording informs you that your credit card has been used illegally and asks you to call a fake 800 number, where you'll be asked to confirm account details. Or you may receive an e-mail asking you to call a toll-free number. Your answers are recorded, or saved, and later used to commit identity theft.

The term "smishing" comes from SMS plus phishing (SMS stands for "short message service", used for mobile text messaging). In smishing, criminals are after the same sort of information as in vishing, but they send a text message on a mobile phone instead of calling.

A common smishing ploy goes like this: You receive a text message, seemingly from your credit union, stating that your account has been closed. To reactivate it, you're told to call a toll-free number. When you do, you're asked to enter your account number and PIN.

The best protection against either vishing or smishing comes down to a simple strategy: Don't respond.

If it's a vishing scam, refuse to answer questions and hang up. If it's a smishing attack, don't do what the text message instructs you to do. Then report the incident to us immediately.

And remember, Kitsap Credit Union would never call you for personal information over the phone or by e-mail. We already have this information on hand.


Copyright 2008 Credit Union National Association Inc. Information subject to change without notice. For use with members of a single credit union. All other rights reserved.


How would you rate this information?  

Keep Your Financial Identity Safe

By Colin Morrison, KCU Chief Information Officer

As we are in the middle of the holiday season, I thought I would provide some reminders on how to keep your financial identity safe and secure while enjoying the season. Many of us scramble to complete our shopping in town and we turn to the online world in order to save time. Here are a few tips to help keep your identity safe and secure.

Before you get online, make sure that you have the latest security software for your computer. This should also include an updated anti-virus software program. Many of these programs come with additional security applications such as anti-spyware and firewall applications. If you are using wireless network access in your home, make sure that you're protecting your wireless access point. Many wireless routers allow anyone access to your wireless network.

I find it easier to track my online purchases through a low limit credit card rather than my debit card. This can help in two ways. If your debit card is compromised, the thief has access to the total amount in your checking account. The other nice thing is if you use a dedicated credit card for all of your online purchases it is easy to track. Worried about maxing out a low limit credit card? If you use online banking, you can transfer a payment to your credit card whenever you need. Let Visa protect your purchases.

Secure your paper documents. The most common source of information for identity theft still comes from paper.

  • Don't carry your social security card if you don't need it.
  • Limit the number of cards and identification in your wallet or purse.
  • Consider electronic statements and electronic billing. A great deal of personal mail is still delivered in your mailbox.
  • Invest in a shredder and keep it close to where you review your daily mail.

Review your statements. Keep track of your online purchases and verify them with your monthly statements. You might also consider regularly reviewing your credit report. I mark my calendar to obtain a credit report every four months. You are entitled to a free credit report annually. With three different credit reporting agencies, you can receive a credit report for free every four months and make sure that there are no issues. The quicker you can spot problems the less impact it will have on your time and resources.

If you are a victim of identity theft, contact the authorities as quickly as possible. Be prepared to do most of the leg work yourself and be diligent about your record keeping. Two identity theft information sources are the United States Postal Inspection Services and the Federal Trade Commission. You can find them on the web at https://postalinspectors.uspis.gov and http://www.ftc.gov.

Stay safe. As we are in the middle of the holiday season, I thought I would provide some reminders on how to keep your financial identity safe and secure while enjoying the season. Many of us scramble to complete our shopping in town and we turn to the online world in order to save time. Here are a few tips to help keep your identity safe and secure.

Before you get online, make sure that you have the latest security software for your computer. This should also include an updated anti-virus software program. Many of these programs come with additional security applications such as anti-spyware and firewall applications. If you are using wireless network access in your home, make sure that you're protecting your wireless access point. Many wireless routers allow anyone access to your wireless network.

I find it easier to track my online purchases through a low limit credit card rather than my debit card. This can help in two ways. If your debit card is compromised, the thief has access to the total amount in your checking account. The other nice thing is if you use a dedicated credit card for all of your online purchases it is easy to track. Worried about maxing out a low limit credit card? If you use online banking, you can transfer a payment to your credit card whenever you need. Let Visa protect your purchases. Secure your paper documents. The most common source of information for identity theft still comes from paper.


How would you rate this information?  

Three-Digit Code Makes Shopping More Secure

Question: Recently, when I've made purchases over the phone, merchants have asked for the three-digit security code on the back of my credit card. Why is this?

Answer: This is to verify that the card definitely is in your possession. It generally follows the 16-digit card number on the back of the card. It's information that wouldn't be available to someone who has intercepted your card number and expiration date.

That said, make sure you know to whom you're giving this information over the phone or on Web sites.

Con artists often are able to obtain partial information about a potential victim's account, and then contact the person masquerading as a company representative to "verify" the account by requesting additional details such as the three-digit security code. But they might just as well ask for other pertinent details--for example, they may provide the last four digits of your account number (which typically show up on sales receipts) and request the other 12 digits to "confirm" it. Or they already may be in possession of your full account number and request the expiration date of the card, or your billing address.

Any of these individual bits of information may be just what the scammer needs to "fill in the blanks" and gain full access to your account, so beware.

Keep in mind, though, that legitimate businesses or financial institutions may request your three-digit security number (known as "CVC2" by MasterCard and "CVV2" by Visa) to authenticate a transaction. Just be sure you know whom you're talking to before giving it out.


How would you rate this information?  

ATM Safety Information

Be Aware
  • Always observe your surroundings before conducting an ATM transaction or using a night depository.
  • Park as close to the ATM or night depository as possible.
  • Consider having someone go with you if it is dark or if the machine is located in an unfamiliar area.
  • If you notice any suspicious activity, do not use the ATM or night depository.
  • If someone follows you after you make an ATM transaction, or you use a night depository, go to a well-lit, crowded area and call for police if necessary.

Use Caution
  • Minimize your transaction time at the ATM.
  • Have your card and forms ready before you approach the ATM.
  • Put cash and receipts out of sight as soon as your transaction is complete. You can count and verify it once you've reached the safety of your locked vehicle or safe building.
  • When approaching a drive up ATM, observe the entire surrounding. If anyone or anything appears suspicious, drive away immediately.
  • When using a drive up ATM, keep your engine running, all doors locked, and all passenger windows closed.

How would you rate this information?