Security Information

Cyber Security Awareness Tips

Tip 1: Security is everyone's responsibility become part of the human firewall on your personal computer and at work.

Tip 2: Avoiding scams. Be suspicious of unsolicited phone calls, visits, or email messages and do not provide personal information or information about your organization. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

Tip 3: Make sure to have security software installed and up to date with a current subscription. Remember there are thousands of new malware variants every day.

Tip 4: Back up data and scan systems regularly. It's important to back-up your information so that you can retrieve it in a worst case scenario.

Tip 5: Limit the amount of personal information you post. Do not post information that would make you vulnerable, such as your address or information about your daily routine.

Tip 6: Be smart about using your devices. Don't use your mobile device to store important and sensitive personal information or other information that personally identifies you.

Equifax Information Breach

An estimated 143 million U.S. consumers could be affected by a cybersecurity attack carried out against Equifax, one of the nation's three largest credit-reporting companies.

In the wake of this breach, experts counsel several immediate actions:

Equifax will send paper mail to consumers whose credit card numbers or dispute documents with personally identifying information were impacted.

It has also created a dedicated website for consumers to see if they were affected at www.equifaxsecurity2017.com. They can also call the Equifax call center at 866-447-7559. (Weise, 2017)

Go to www.equifaxsecurity2017.com and click on the Check Potential Impact tab. You must submit your last name and last six digits of your Social Security number there.

At that point, you'll be given a date when you can return to the site and sign up for the TrustedID Premier Monitoring service.

Equifax Info

The site says once you've submitted your information you will receive a message indicating whether you've been affected. But it's unclear when or how you will receive that message. The company also recommends that you review account statements and credit reports yourself to check for incidents of fraud.

You can request a copy of your credit report online at www.annualcreditreport.com. You are allowed a free copy once a year from each of the three credit reporting agencies: Equifax, Experian, and TransUnion. (Lobosco, 2017)

 

 

What to do if you’re impacted by the Equifax Breach

BE EXTRA CAREFUL ABOUT EMAILS AND LINKS

Users should avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Equifax or connected to the breach.

Hackers often use news of big breaches to conduct "phishing" campaigns, sending official-looking emails that make it seem as if the affected company or other legitimate services are asking them to supply information or click through to a link to repair any damage.

When in doubt, call or email the company that appears to be sending the message separately, don't go through the email you've been sent.

CHANGE PASSWORDS

Especially if you typically use similar passwords and security questions on multiple accounts, do this. Once hackers have access to ID and password information for one system, they routinely try the same combination against multiple other platforms to see which one work, an easily automated process.

ENABLE TWO-FACTOR AUTHENTICATION

For the vast majority of victims who didn’t have credit information compromised, the biggest risk here is that a criminal uses this information to answer your “security questions” and reset your password.

That usually sends a password reset to your email account, so making sure that email account is secure should be your primary concern, said Nathaniel Gleicher, head of cybersecurity strategy for Illumio, and former director of cybersecurity policy for the White House under President Obama.

Two-factor authentication keeps them from doing that by sending a text message or call to the user's phone with a code as a second verification step. The code which must be typed in before the account can be opened.

CHECK YOUR CREDIT CARD AND OTHER ACCOUNTS

Review your online accounts for suspicious activity. That includes banks, credit card companies and hotel and airline loyalty programs. Hackers frequently slice and dice information from large data breaches, selling groups of user information for specific companies on the dark web. Even the smallest accounts can be bundled together into a large group to be sold. (Weise, 2017)

Lobosco, K. (2017, September 7). Article on Money.CNN.com

Weise, E. (2017, September 7). Article on USA Today

 

 

Stop making these silly mistakes when it comes to cyber security

MAY 29, 2017 10AM / ALEX CROSSAN

Cybercrime has quickly become a major problem for businesses, governments and citizens internationally. While awareness around cybercrime is increasing, we're still making the same mistakes when it comes to cyber security, as a recent study by the Pew Research Center found.

Here are some of the most basic mistakes people make when it comes to security.

Email

People are still falling for the oldest trick in the book. Social engineering phishing scams are still a major cybercrime threat. While cyber criminals are improving on these kinds of emails, and making them more and more authentic-looking, most are blatantly fake. Telltale signs include poor spelling, random email addresses and far-fetched claims that you've won millions of dollars, for example.

It’s important to carefully check the recipient, the request, and perhaps most importantly: use some common sense. Be cautious of attachments, as they may carry malware. It's important to check file extensions and to only open files deemed safe and from legitimate sources.

Social media

Social media has quickly become the new favorite of cyber criminals eager to compromise people. This should come as no surprise, after a 2016 survey revealed that 58% of social media users did not know how to change their privacy settings.

Like with email, check the authenticity of the sender, the message and the link (which will likely be shortened). Beware of trending hashtags as many are now using them to trap unsuspecting Twitter and Facebook users trying to catch-up with the latest breaking news.

Attitude

Ignoring technology, culture is arguably the biggest issue with security right now, and has been for a long time. CEOs and consumers alike share the belief of, “it won’t happen to me!”

This complacency is misguided, because no one is truly safe. This attitude can often result in poor security habits, and all it takes is a lazily-constructed password for everything to go pear-shaped.

Passwords

Generic, guessable passwords can be easily cracked, if you used the same password across multiple platforms you could be in deep trouble. It is becoming faster and easier for criminals to brute-force passwords as criminals increase their computing power or enlist the help of skilled hackers on the dark web.

Weak passwords, such as 123456, password, admin qwerty remain surprisingly common. 80% of all attacks involve a weak or stolen password.

It is important to create stronger, more cryptic passwords and utilize the help of a password manager to stay on top of them all.

Software updates

Across all of our devices, we’re constantly being notified of yet another software update - whether it’s for apps, operating systems or antivirus. As annoying as the constant reminders are, they’re there for a reason and people overlook their importance out of irritation. Failure to update leaves you vulnerable to attack, as cybercriminals seek to exploit out of-date systems.

 

 

NCUA Warns of Fake Check Scam

Consumers should be on the lookout for fake check scams, the National Credit Union Administration (NCUA) warned yesterday after receiving numerous inquiries from consumers.

There are many versions of a fake check scam. However, the result is the same. Scammers lure consumers into depositing a cashier's check, money order, or other checking instrument from someone that they don't know and wiring or sending money to the scammers. A check may take considerably longer to clear the financial institution that issued it before the funds can be collected. It could take days or even weeks to discover that the deposited check was fraudulent.

Click here for complete article.

 

Online Shopping Cyber Tips

Online shopping can be a great solution to save time, but it can also end with identity theft, malware, and other cyber unpleasantness. Rather than letting it ruin your shopping experience, you can take a few simple security precautions to help reduce the chances of being a cyber victim.

 

 

When purchasing online; keep these tips in mid to help minimize your risk:

  1. Do not use public computers or public wireless Internet access for your online shopping.
  2. Secure your computer and mobile devices.
  3. Use strong passwords.
  4. Know your online shopping merchants.
  5. Do not respond to pop-ups.
  6. Do not auto-save your personal information.
  7. Use common sense to avoid scams.
  8. Review privacy policies.

What to do if you encounter problems with an online shopping site:

Contact the seller or the site operator directly to resolve any issues. You may also contact the following:

Excerpt from Bank Security Information Education  

 

 

Security Information Videos

Phishing: Don't take the bait!

Identity Theft: Protect Yourself!

Internet Fraud: If it sounds too good to be true, it probably is

Social Media: Be Careful Who You Trust

Play it Safe with Portable Devices

 

Security is a hot topic in the news and it's critically important. QCU places the highest value on respecting and protecting the security of our Member's data and transactions. To help keep our Members educated, we are pleased to provide five short videos on our website for our Members to review and keep current with the latest security practices.

Remember – A QCU employee will never ask you to provide debit or credit card numbers, or private personal information like Social Security number and account numbers. If there is ever a question regarding this type of phone call always contact your financial institution first.

 

 

Notice for your information.

 

VISA Credit Card Restricted Use Statement

For our Members protection against identity theft and fraud, QCU credit card use is restricted in select countries outside the U.S. Please contact the credit union at (617) 479-5558 prior to travel to ensure card access while away, or if you require assistance. Please note, it is illegal to use  your QCU credit card for the purposes of internet gambling.

Lost or Stolen Card Toll Free Number: 1-800-472-3272

 

VISA Debit Card/ATM Restricted Use Statement

For our Members protection against identity theft and fraud, QCU debit card use is restricted in several countries and U.S. states. Please contact the credit union at (617) 479-5558 prior to travel to ensure card access while away, or if you require assistance. Please note, it is illegal to use  your QCU debit card for the purposes of internet gambling.

 

Lost or Stolen Debit Card/Credit Card  Toll Free Number: 1-800-472-3272

 

Wire Transfer Restrictions

Wire transfer fraud is prevalent in today’s financial environment. To protect Member assets, QCU has instituted some controls in order to assist in identifying fraudulent requests. Additional information or requests may be required during the wire transfer process.

 

Phishing Scams

If you receive an e-mail claiming to be from QCU or any financial institution, do not give out any personal information or click on any links. These are Phishing Scams. Delete the e-mail immediately. Contact your financial institution if you have any questions or concerns. Remember-QCU will never ask you for your personal information via e-mail, phone or any other communication channel.

 

CATO

Corporate Account Takeover is a growing form of electronic crime where thieves typically use some form of malware, or malicious software, to obtain login credentials to corporate online banking accounts and fraudulently transfer funds from the accounts.  Another means fraudsters commonly employ is phishing, masquerading as a trustworthy entity in an electronic communication or through social engineering to gain access to your sensitive information. Learn more

 

 

 
Quincy Credit Union 100 Quincy Avenue Quincy, MA 02169 Email Phone: (617) 479-5558 Fax: (617) 479-1209
519 Columbian Street Weymouth, MA 02190 Email Phone: (781) 340-7117 Fax: (781) 340-7199 Toll Free: (866) 479-5558

QCU offers financial products and services to individuals who live or work in Norfolk and Plymouth Counties and Dorchester, as well as their families. A $5.00 Primary Share Account is required for Membership. Quincy Credit Union NMLS ID # 407326.
NCUA
MESSAGE OF THE DAY

Close