Before logging into any site that stores private information, make sure the website address begins with HTTPS: and not HTTP:. It’s the ‘S’ that identifies the site as having implemented additional security controls.
Use a unique, strong password: a lowercase and uppercase letter, a number and a special character. Too hard to remember? Try creating a passphrase. Perhaps lyrics to your favorite song or a phrase that you’re fond of…something easy to remember, then make a few changes to follow the site’s conventions:
Passphrase: You Ain’t Nothin’ But a Hound Dog equals password: U@’nbaHD1
Enable multi-factor authentication wherever possible. This could include a username, a strong password, and a PIN/Code that is emailed, texted or telephoned to you. It could also include registering your computer’s address with the site, prohibiting any other device from accessing your account.
Keep all of your computer’s software and anti-virus software updated.
Paper and US Mail considerations…
Destroy all of those private papers before you put them into the trash. Searching through trash to collect private information is a commonly-used method to steal identities. TBA Credit Union believes it’s important and will be giving away a shredder to one lucky member in October, all members are automatically entered to win. Cross shredders are a simple, effective and low-priced way to protect your information.
If mailing a payment, the red flag on your mail box may invite someone to steal your mail and the check that’s included. Consider using a USPS deposit box or visiting the Post Office to mail your payments. You may be targeted based on where you live.
If receiving invoices or statements in the US mail, someone could steal your mail. If you’ve not received mail you expected, immediately contact your institution.
YOUR SMART PHONE/TABLET IS MORE VALUABLE THAT CASH
Think of all of the information on it–pictures, email, contacts, mobile wallet, passwords, your location and where you live. Limit what you store, assume you’ll lose it someday.
Use a Master PIN to secure it and avoid using only a fingerprint to secure it.
Don’t use free or public Wi-Fi when logging into your banking, insurance or email accounts. You don’t know who is protecting or snooping on that network
EVERYTHING THAT YOU POST, OR IS POSTED ABOUT YOU, IS ONLINE FOREVER
There is no Delete button and there’s no taking it back. Potential and current employers use social media. Next time you’re updating your page or posting photos of last night’s party, consider if it incriminates or could be used against you.
Don’t post where you live, complete names, your pet’s name, or if you’re going on vacation. (That’s a great time for a robber to visit.)
Be ethical and be nice.
SECURE YOUR HOME’S WIRELESS NETWORK
Update the Administrator and User default passwords to strong passwords, and don’t share them with your neighbor. Default passwords can be found online.
Enable WAP2 encryption. Don’t use WEP.
Turn off Remote Access, unless you will actively use it.
Some routers allow you to register which devices can use it or can turn off access during times of day when you will not be using it.
Like your computer and phone, keep your router’s software updated.
STOP. THINK. CONNECT.
Take a moment to review the previous posts for other helpful tips to protect you and your information.
EQUIFAX DATA BREACH
Posted on September 8, 2017, at 1:40 p.m.
Updated on September 15, 2017, at 1:45 p.m.
EquiFax Credit Bureau has announced a data breach impacting about 143 million U.S. consumers. That’s nearly half of all adult citizens. While still under investigation, there are some steps that you can take immediately.
Information accessed: name, Social Security number, birth date, address and, in some instances, driver’s license numbers. In addition, credit card numbers for about 209,000 consumers were accessed.
If you check for the potential impact on your information, and are considering a credit monitoring service, such as EquiFax’s TrustedID Premiere, read all Terms of Service before enrolling. You may be waiving some of your consumer rights and protections to a class action lawsuit against EquiFax.
ATMs are a great convenience, and with TBA Credit Union’s surcharge-free network, you can access your funds at nearly 50 ATMs within 50 miles of Traverse City and over 30,000 ATMs nationwide. Common sense is your best guide when using an ATM. Trust your instincts and only use a terminal where you feel safe. While crime can happen anywhere, here are a few basic safety tips to follow.
Don’t forget your card in the ATM– With the transition to EMV/Chip cards, you may be asked to leave your card inserted in the ATM until your cash is dispensed. Please make sure you have your card and cash before leaving the ATM.
Protect Debit/Credit card like it is cash–Memorize your PIN and don’t store it with your card. Good News, The ability to change the PIN on your card will be available at our ATMs in October.
Use the same ATM when possible–You will more easily detect anything suspicious or out of the ordinary.
Observe your surroundings–Avoid using an ATM that is poorly lit or has blind spots due to fences, shrubbery or building corners. If you notice any lights burned out, covered or not bright enough at any of our ATMs, please let us know. When using an enclosed ATM that requires your card to open the door, avoid letting strangers follow you inside. If anyone follows you to or from an ATM, go immediately to a crowded, well‐lighted area and call the police.
Be Ready–Have your card and transaction ready when you approach the ATM. This will minimize the amount of time spent at the machine. When using a drive-up ATM, keep your engine running, doors locked and windows up.
Be Aware–Don’t use an ATM that appears unusual looking, broken, vandalized or offers options with which you are not familiar or comfortable. Shield the screen and keyboard so anyone waiting to use the ATM cannot see you enter your PIN or transaction amount. Don’t count cash at the machine or in public. Wait until you are in your car or another secure place. Don’t leave your ATM receipt at or near an ATM. Closely monitor your bank statements, as well as your balances, and immediately report any problems to the Credit Union.
RANSOMWARE: WHAT IS IT? HOW DO YOU PROTECT YOURSELF?
Posted on May 18, 2017, at 3:38 p.m.
Ransomware is often downloaded to a computer via an attachment, link or picture sent within an email. Once the malicious software is launched, it crawls through your computer encrypting your private files, e.g. tax records, photos, business plans, music, so that you cannot access them without paying a ransom to the perpetrator.
With the increase in reported ransomware attacks, here are a few basic email precautions to help protect your computer and files.
Backup your computer files, storing copies on to a portable, unattached drive.
Be skeptical of all email. Telephoning the sender to verify the email is a great preventive step.
Don’t open email or attachments, or click-on pictures, images or links, from senders you do not know.
Before you open email from someone you know or in your Contacts list, review the context of the message; do you normally receive messages from that person? Were you expecting a message? Do you normally receive attachments? Does that contact normally send messages at that time of day (think early morning/weekends)?
Do not interact with spam, but move it to your Junk Box and Block it. Don’t Unsubscribe, unless you want more spam.
Use two-factor, two-step authentication when using Hotmail, Gmail, Yahoo…, such as having a PIN/code text to you each time.
Practice safe-surfing. When on the web, know where you are and how you got there.
Keep your computer, phone, tablet, updated with all of the software patches.
Anti-virus software is a minimum, keep it updated.
If it Happens-
If you suspect you’ve downloaded malicious software, immediately disconnect your phone, computer, tablet, etc. from the internet. This can be done by turning off the wireless router, removing the ‘internet’ cable from your desktop computer or putting your phone into airplane mode.
8 TIPS FOR IDENTITY THEFT PROTECTION
Posted on March 21, 2017, at 4:51 p.m.
If you are looking for prevention, only you can take steps. If you’d like help identifying when your identity has been used without your authorization or an insurance to help you clean it up after it happens, then a service may be useful.
No one will protect it like you–Prevention is key to minimizing the threat of your identity being stolen, so be stingy with your information. Each time we share our SSN, name, address, telephone and email to register for a contest, newsletter, frequent shopper program or to return merchandise to a retailer, we’re entrusting its protection to someone else. We should be questioning why they need the information and how they are going to safeguard it. If you’re not comfortable, don’t share. Know what their security and privacy policies are.
Practice safe surfing and safe shopping when online–Know where you are and how you got there. Do you recognize the website? If you’re logging in or entering any private data, make sure the website address is prefixed with https: not HTTP: Also, don’t use free Wi-Fi to log into your online banking, medical or email sites.
Anti-virus/anti-malware software–installed and updated on every computer. This is a minimum control.
Update your hardware and software–only use supported OSs, applications, and apps. Keeping them updated is another minimum control to help protect your computer and information.
Shred your documents before throwing them into the trash.
Stop pre-screened credit and insurance mailings. Call toll-free 1-888-567-8688 to get off mailing lists for credit and insurance offers. While you’re at it, add all your telephone numbers to the donotcall.gov list. Every step helps.
Monitoring–You are likely to detect unauthorized use of your data by monitoring your financial and medical statements on a regular basis. As you are entitled to free credit reports throughout the year, you should also review them on a regular basis. Visit annualcreditreport.com for more information.
Still a Victim? If you’re still a fallen victim and believe your identity has been used to commit fraud, file a formal report at www.identitytheft.gov.
Taking these precautions goes a long way to preventing identity theft, but if you’re still interested in a Protection Services, research the company and service first. Make sure you know what and how they monitor if the service offers insurance or a guarantee and is it clear what is covered and who is eligible? Make sure you have this in writing before you provide your information or payment.
CREDIT REPORT CHECKUPS AND TAXES
Posted on January 16, 2017, at 3:41 p.m.
Credit Reporting and Taxes–not the most glamorous of topics, but let’s briefly look at why it’s important to periodically review your credit report, and why it’s a good idea to do your taxes now.
YOUR CREDIT REPORT
With the impact that a credit report can have on our financial lives, accuracy is important, as it helps determine if we’ll be approved for a service or loan, and at times the interest rate we’ll pay.
Request your free copy from www.annualcreditreport.com. This is the only site that you can get your report for free. Set up your account and order a report from each of the three main bureaus.
Confirm that your personal information is accurate and current. Your SSN, employment, addresses, etc. are often used to verify your identity.
Confirm that you recognize each of the accounts listed and the activity. If you don’t agree with an account or activity, contact and report it to the institution that’s listed.
Inaccuracies and misinformation can be a red flag of identity theft, so don’t take them lightly. You will need to contact the credit bureau, as well as, the company that provided the information.
If you’re not actively using an account, consider closing it. While this may impact your credit score, unnecessary accounts increase unnecessary risk. Contact one of our Financial Counselor to discuss the pros and cons.
Remember, no one can ‘clean up’ your credit report, except you, so don’t be duped by a service that claims to be able to do so.
Anticipating tax season, how can you avoid being one of the millions of people who fall victim to identity theft and tax fraud? Taking a few basic steps will help avoid strife with the IRS and keep money in the pockets of the folks who’ve earned it, and not with the fraudsters.
Confirm that your employer has your current address and contact information.
Ensure that each of your financial institutions has your current address and contact information. They need to be able to send you tax forms and contact you if there is suspicious activity on your accounts.
Be on the lookout for your W-2 and other tax-related documents. While W-2s are expected to be delivered by the beginning of February, delivery schedules differ by tax form. If you don’t receive it when you should, contact your employer, financial institutions, an investment company. You just never know if it went to the wrong address, or if someone is getting into your mailbox.
File your tax return earlier than later. Don’t let a fraudster or thief file it before you do. This has happened to millions of people. They wait until April to file their return, only to be rejected by the IRS as already having filed. It’s a mess to sort out, and while the Treasury will surely send you a refund if you’re due, the fraudsters have stolen money from our public coffers. If you file and the fraudster receives the ‘rejection’ letter, they just move on to their next target.
Be alert to Impersonation Scams. Have you heard about the scams in which a fraudster will call the taxpayer and threaten legal action or jail time if the person doesn’t pay an overdue tax bill? Some of our mature adults are targeted with this fraud, so spend a little effort alert your parents and grandparents. The IRS will NEVER call them on the phone, and does not initiate electronic communication, they only respond.
Avoid being one of the millions of people who fall victim to identity theft and tax fraud. Be stingy with your information. If you decide to share it, know what it’s going to be used for, and how it’s going to secure it. No one will protect it better than you.
Review your financial and medical statements, at least monthly. Not only will it help you detect unauthorized activity, you’re entitled to certain consumer protections if you report the activity in a timely manner. If you find activity that you don’t recognize, on any account, contact the financial institution, medical benefits provider or anther service provider to make a formal, documented report.
Periodically review your Credit Reports. Review the reports for accounts that you’ve forgotten or don’t recognize. By visiting annualcreditreport.com you receive a copy of your credit report from each of the bureaus, once a year, for free. Review the accounts and activity, and if you don’t recognize something, contact the bureau to have it investigated.
What if you suspect your computer, smartphone or tablet has been compromised with malicious software? If you lose control of your device, it starts acting strangely or you get pop-up windows/messages, you may have malicious software (malware) lurking on your device. Immediately remove the device from the internet and cellular service by turning off your modem or router, unplugging the ‘internet’ cable from the wall and/or setting it to Airplane Mode. The malware may be sending information, your financials, medical information, Address Book or email messages.
Have you heard of Ransomware? It’s a particularly troublesome malware that encrypts the data on your computer, making it inaccessible unless you pay the ransom. So all of those tax records, contacts, music, and pictures would no longer be available, unless you backed-up your data/computer. You have a back-up, don’t you? If not, you’ll want to purchase a device or service that allows you to back-up the contents of your device in the event it fails, gets lost or stolen, or succumbs to ransomware. Some would suggest you pay the ransom, but making financial deals with criminals will likely not end well, so don’t give your financial or personal information to them. Have a backup solution in place, current and stored offsite.
Getting Help. Take your device to a local, trusted computer service provider and ask them to update your anti-malware definitions and scan your device. Also, have them ensure that your device has third-party, remote access disabled. They may also have recommendations to help back-up your data.
Thank you for reading and safe surfing!
5 BACK TO SCHOOL SECURITY TIPS
Posted on September 22, 2016 at 8:45 a.m.
1) For Parents, For Children: Cyber-bullying, adult-content sites, online ‘friends?’ It can be a challenge talking with children about being online. Smartphones, tablets, and home computers are great tools for communicating with friends and family, but there are precautions to considerate of. Here are a few resources for parents and children.
2) Computer & Mobile Security: Malware. Disposing of old computers and phones. General Computer Security. Take a moment to read these basic precautions to protecting your information and assets, in a ‘non-techie,’ easy-to-read format.
3) Securing a Wireless Network: Your home’s wireless network, or Wi-Fi, may allow a hacker, neighbor or anyone nearby to “piggyback” on your network or access information on your devices. Here are a few basics to help protect it and your information.
4) Email Scams & Phishing: Phishing continues to unleash malicious software on unsuspecting consumer’s computers, and bilk them out of thousands of dollars. Avoid being a victim:
Don’t open e-mail messages or attachments from unknown individuals, that you were not expecting, or that seem ‘out of character’ for a sender. E.g. Suzy never sends pictures. Johnny never sends email during the middle of the night.
Be cautious when opening email messages from contacts, in which you were not expecting a message.
Don’t click on links within e-mails or open attachments from unknown individuals.
Be aware of small changes in an e-mail address, a misspelling that mimic legitimate e-mail addresses. E.g. Johnsmith@hotmail.com firstname.lastname@example.org
5) The Internet of Things (IoT): What are some of the security and privacy challenges of devices —thermostats, alarm systems, camera or appliance–that can be accessed or controlled over the Internet? Some of the basics include:
Confirm that you can return the device for a refund if the security or privacy options do not meet your requirements, before your purchase.
Review warranty and support policies to verify that security and software patches are provided for the life of the product, beyond that of the warranty offered by the manufacturer.
Learn the data collection and sharing policies with third parties. If you cannot opt-out of sharing data with third parties or are not provided the option of opting in, consider alternative products.
Use a unique username and password which does not identify your family or the brand/model of the device and change them frequently.
Disable or protect remote access to your connected device when not needed.
Other resources and information can be found here.
Posted on September 7, 2016 at 1:21 p.m.
We have been made aware of members receiving a text message, email, or a phone call stating that there are fraudulent charges on their TBA Credit Union Debit and/or Credit Card and are being prompted to provide the full number on their card. Please know this is a scam as we will never ask for your card numbers in a text message, email, or over the phone. If you have any questions or need further assistance please contact our Service Center by email or by calling 231.946.7090.
Posted on August 23, 2016 at 11:35 a.m.
Securing Access to Your Online Account
With the ubiquity of technology, information and online account access is at our fingertips- it is this ease and convenience that has encouraged many of us breeze by some of the basic security controls that help prevent unauthorized access to information and assets. Let’s review;
Choosing a Username
Strong Password and Passphrases
Answering Challenge/Security Questions
Is Public/Free Wi-Fi safe?
TBACU PIB Security Service
Use an Anonymous Username: Avoid using confidential information, e.g. account number, email address, personal name, as a username. To update your TBACU It’sMe247 username, just log in and visit the Info Center to change your username to something unique and anonymous, but memorable. You can also contact us and we can update it for you over the telephone.
Use a Strong Password: All online accounts that access confidential information must enforce a passphrase or strong password. Don’t use a site that doesn’t. Strong passwords have a combination of letters, numbers and special characters, are unique for each account and are changed periodically. For sites that support it, use a passphrase as your password. This can be three to four, unrelated words, supplemented with numbers and special characters, e.g. AugustHouseRedFour27!, and is often easier to remember.
Challenge/Security Questions: For sites with challenge questions, use passphrases or strong passwords as the answers. Avoid using the same answer for multiple questions. To update your TBACU It’sMe247 questions, just log in and visit the Info Center. Don’t forget to use the Hide My Typing feature when using a public computer.
PIB Security Service: Want to limit the times of day, days of weeks or geographic location your TBACU online account can be accessed from? We are happy to help set security controls that match your usage yet help thwart unauthorized access. Learn about PIB here, or give us a call today.
Safe Surfing: Knowing where you are and how you got there helps ensure that you are visiting an official site. You can hover your mouse over a suspicious link to confirm the actual destination. Does it match the text or where you are expecting it to lead? As always, avoid selecting links or attachments in email that you weren’t expecting.
Anti-virus/malware on all of your computers is a Must-Have. From there just set it to automate the updates. While AV is not 100% effective, you be surprised at the viruses it does prevent. Are Macs oblivious to malicious software? Not by design, they’ve merely been less-targeted in the past, but not any longer.
Smartphone or Tablet:Should you password- or PIN-protect your smartphone or tablet? Without a doubt, expect to lose or have it stolen someday. Think of all the email contents, names and addresses, account credentials and personal pictures on it, and take steps to protect it.
Public/Free Wi-Fi:It’s convenient, but is it safe to use the hotel, restaurant or downtown’s Wi-Fi? As a general rule, I’d avoid it. You don’t know who is administering it, if they have scruples, or if there are security controls in place. You don’t even know if it’s the restaurant’s official Wi-Fi network, or the neighboring apartment’s with the same name.
A little caution and a lot of awareness can go a long way. If you have any questions, please contact our Service Center at 231.946.7090.
PROTECTING AGAINST SOCIAL ENGINEERING
Posted on July 21, 2016, at 1:44 p.m.
Have you watched that 2002 movie Catch Me If You Can, with Leonardo DiCaprio? It’s based on a young man who conned millions of dollars while posing as a pilot, doctor, and legal prosecutor. It’s entertaining and with prime examples of social engineering.
Social engineering is old-fashioned trickery. Fraudsters convince, persuade or trick you into doing something you normally wouldn’t do, like divulge personal, medical or financial information, act upon an email message, pay for an unnecessary product or service or donate to a questionable charity.
It Can Take Many Forms
Phishing–an email message from someone posing as your financial institution, insurance company or doctor’s office. Often it will request you to open a link or attachment citing a problem with your debit or credit card, financial account, or password.
Don’t open an email, links or attachments you weren’t’ expecting.
Email is not secure, don’t ever use it to communicate private information.
Vishing–a telephone call from someone posing as someone you should trust, trying to convince you to divulge information or to make a credit/debit card purchase. Some may pose as a computer technician citing problems with your computer.
Don’t allow anyone to gain remote access to your computer.
Reputable financial institutions will not contact you then ask for your private information.
In-Person–someone visits your home to persuade you that your roof needs re-shingling, gutters need replacing or driveway can be resurfaced for cheap. They often require payment upfront, but then don’t provide the service or quality promised.
Use service providers that you know or that have been recommended by someone you know. You can also search online for reputable providers.
Things to be Aware Of
A Sense of Urgency–they tell you that something bad will happen if you don’t act right now.
Techie Talk–they use complicated or industry terminology to convince of their skills and knowledge.
Emotional Pull–Reputable, and fraudulent, charities will tug at your heartstrings.
Be alert, and be stingy with your information. When in doubt contact your financial institution, insurance company, doctor’s office, etc with a telephone number of an email address that you already have and can verify.
If you have any questions, we are happy to help. Please contact our Service Center at 231.946.7090.
11 WAYS TO PROTECT YOURSELF
Posted on April 21, 2016, at 2:53 p.m.
Avoid clicking links, downloading files or opening attachments from unknown senders, and only open attachments when you are expecting them.
Legitimate organizations will not request private information via email. Don’t fall victim to fraudsters’ tactics, e.g. “your card will be disabled if you don’t,” or “You’ve won a lottery!” etc.
Avoid replying to spam email or texts. Flag them as spam or block the sender, as replying or unsubscribing only confirms that you exit.
Limit who you share your email address and telephone number with. Create one email account to use with friends and family, and an expendable account to use for newsletters, catalogs or online purchases.
Avoid using your email address as a username, whenever possible.
Know where you are and how you got there. Know what sites your children visit, and who they are talking with.
If providing private information or making a purchase, only use websites that start with “https:” rather than “http:”
Don’t divulge private information over the telephone unless you initiated the call. Don’t use the number listed in the email or that the caller provided, but one you already had or is listed on the business’ website.
Protect Your Computer
Use a firewall, spam filters, and anti-virus/spyware software. Keep all of your software, OS and anti-virus up-to-date.
Review your accounts and statements regularly to help identify unauthorized transactions.
Have questions or need help? Please contactTBA Credit Union or click here to register for our ID Theft Workshop on May 12.
MICROSOFT “VIRUS CLEANUP” SCAM
It has come to our attention that there has been an uptick in the “Virus Cleanup” scam. A website pop-up advertises that Microsoft will clean up your PC of any viruses and speed up your computer’s performance. Microsoft has released an article about how to avoid these scams and what to do if you have already given information to a potentially fraudulent tech support person.
Microsoft will never reach out to individuals to offer a paid virus cleaning service. If you have given personal information out over the phone to pay for a virus removal service from Microsoft, please contact the TBA Credit Union Service Center at 231.946.7090 to discuss options to secure your account from potentially fraudulent activity.
HOME DEPOT BREACH
Posted on September 11, 2014, at 3:30 p.m.
TBA Credit Union takes security and safeguarding our members’ information very seriously. Even though no fraud has occurred on TBACU’s accounts through the Home Depot breach, we want to protect against future losses. Therefore, any members with compromised cards through the Home Depot breach are being notified that their current cards will be closed, and they will be receiving a new card, card number, and a new PIN. Members are being notified by either email or by letter.
If you believe fraudulent activity has taken place on your account, immediately contact the Fraud Prevention Department for lost and stolen cards at 866-333-4740 and tell them your account number was compromised/stolen. The Fraud Prevention Department will close down the card account immediately.
If you have authorized recurring transactions on your old cards, such as internet service or utility companies, contact those companies as soon as possible once the new card has arrived to provide them with the new information.
If you have any questions, please call us at (800) 678-0987, and we will be happy to assist you. We are committed to the ongoing security and protection of our members.