What additional measures can I take to ensure security?
Maintain a clean computer.
- Having the latest in security, Web browser, and operating systems software is the best defense against viruses, malware, and other online threats.
- Many programs will automatically connect and update to fight known risks. Turn on automatic updates if that's an option.
- Protect all your devices that connect to the Internet, including computers, smartphones, gaming systems, and other Web-enabled items.
- USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
- Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
- Make passwords long and strong -- combine capital and lowercase letters with numbers and symbols.
- Create separate passwords for every account.
- Write passwords down and keep them safe on a list that's stored in a secure place away from your computer.
- Own your online presence: When available, set the privacy and security settings on sites to your comfort level for information sharing.
- When in doubt, throw it out: Links in emails, tweets, posts, and online advertising are often the way cyber criminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete it or mark it as junk email.
- Get savvy about Wi-Fi hotspots: Watch the type of business you conduct and adjust the security settings to limit who can access your machine.
- When shopping, see if the sites are security-enabled. Look for web addresses with https:// or shttp://, which means it takes extra measures to help protect your information. Http:// does not.
- Stay current. Keep pace with new ways to stay safe online and click here often: https://www.orangecountyscu.org/security-center
- Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Back up your valuable work, music, photos, and other digital information by making electronic copies and storing them safely.
- Report stolen finances or identities and other cybercrime to www.ic3.gov and your local law enforcement agency or state attorney general as appropriate.
Your Orange County's Credit Union Mobile Banking experience provides you with the same, top-of-the-line protection the credit union harnesses for all of our premier online services.
What else you can do:
- Lock your phone with a strong passcode.
- Be aware of where your device is at all times.
- When downloading and installing applications, read the permission form and determine if it makes sense for your needs.
- Watch out for fake apps. Criminals can create applications that look similar to a well-known financial institution's program. When in doubt, there are direct links to ours on our Online Banking page.
Clean is good
Mobile devices are computers with software that must be up to date, just like your PC, laptop, or tablet. Security protections are built in and updated on a regular basis and it's wise to enable all the latest. This may require syncing your device with a computer.
- Having mobile security, Web browser, and operating system software is the best defense against viruses, malware, and other threats.
Keep your information safe
Phones can contain lots of personal information. Lost or stolen devices can be used to harm you and, potentially, others. Protect it like you would your computer.
- Use a strong passcode to lock your device.
- Only give your number to people you know and trust and never provide anyone else's without their permission.
- Disable geotagging on your device's camera.
Connect with care
Use common sense when you connect. If you're online through an unsecured or unprotected network, be cautious about the sites you visit and the information you release.
- Get savvy about Wi-Fi hotspots: Watch the type of business you conduct and adjust the security settings on your device to limit access.
- Protect your financial resources: When browsing, check to be sure the sites are security-enabled.
- When in doubt, don't respond. Fraudulent texting, calling, and voicemails are on the rise. Just like email, requests for personal information or immediate action are almost always a scam.
Take time to be courteous
It is easy to say things via phone or text that you would never say face to face. Maintain the same level of courtesy on the phone as you would in the real world.
- Text to others as you would have them text to you.
- Get permission before taking pictures or videos of other people. Likewise, let them know they need your permission before taking pictures or videos of you.
- Follow this simple three-step rule: Stop. Before you use the Internet on a mobile device, take time to understand the risks and learn how to spot potential problems. Think. Be certain the path is clear ahead. Watch for warning signs and consider how your actions online could impact your safety or your family's. Connect. Enjoy the Internet with greater confidence.
Visit http://www.stopthinkconnect.org for more.
Lost and stolen devices
Smartphones and tablets offer convenience, but they're also easy to lose or steal, which can put your information at risk. Here are some ways you can protect yourself now and in the event you are a victim of loss or theft later:
- Password-protect your phone.
- Enable an automatic screen-locking mechanism when it's not actively engaged.
- Consider using a remote wipe program with the ability to delete any data.
- Keep a record of its make, model, and serial number in case it's stolen.
(Automated Teller Machine) ATM security
- If the ATM is obstructed from view or poorly lit, go to another.
- Ensure no one is loitering in the area when you approach the ATM.
- Do not accept assistance from strangers.
- If you see anyone or anything suspicious, cancel your transaction and exit the premises.
- If anyone follows you after using an ATM, go to a crowded, well-lit area and call the police.
- Never write your Personal Identification Number (PIN) on the card and don't share it with anyone.
- If you lose your card, report it to (888) 354-6228 immediately.
- Fill out your deposit slip in advance and have your card ready.
- Put cash directly into your wallet or purse.
- Once your transaction is complete, take your money, card, and receipt and leave the area. Verify your cash later when it is safe to do so.
- Check your ATM receipts against your statements to identify unauthorized transactions.
- Park as close as possible to exterior walk-up ATMs.
- Give the member ahead of you privacy by staying a few feet behind.
- Stand directly in front of the machine to make transactions.
- Protect your PIN and privacy by shielding the keypad and standing close to the machine.
- Keep your engine running, the doors locked, and the windows up while you're waiting in line at a drive-up. When possible, leave enough room between cars to allow for a quick exit, should it become necessary.
- Don't share your PIN - Remember not to provide your Personal Identification Number to anyone, even family & friends, and never write it on your cards.
Other measures you can take
Set up Direct Deposit
Have paychecks, dividends, and other recurring credits deposited directly to your account - you won't have to worry about checks getting lost or stolen in the mail and you'll receive your funds more quickly.
Make automatic payments
Automatic payments help protect you from being late or losing a check, which can cause identity theft concerns. Contact us to set up automatic payments for your Auto and Mortgage Loans, Lines of Credit, and Credit Cards.
Use enhanced checks
Orange County's Credit Union checks deter fraudulent activity with patented security features that include microprint and security-weave background designs.
Go paperless with Online Banking
Enroll in free Online Statements via Online Banking. This way, your important account information won't travel through the mail and you can store years of data safely and securely.
Safeguard your Social Security Number
- Carry only necessary identification, not your Social Security card.
- Never provide your Social Security Number unless you have initiated the contact and can confirm the business or person's identity.
- Do not use your full or partial Social Security Number as a Personal Identification Number (PIN) or password.
- If you must send your Social Security Number in an email, make sure it's encrypted.
- Do not transmit your Social Security Number over the Internet unless you know the connection is protected or you have encrypted data.
- Do not record your Social Security Number on a check, traveler's check, gift certificate, money order or other negotiable instrument unless required by law.
Tips for Business Members
- Review all of your Orange County's Credit Union statements monthly. Enroll in Online Banking to check transactions and use Business Bill Pay for added convenience and peace of mind.
- Compare your receipts to your statement to verify accuracy.
- Shred all your statements & receipts after reviewing them.
- Use caution when providing customers and vendors account numbers or other financial information.
Credit and debit card security
How we help:
- Zero-liability protection against fraudulent purchases.
- Prompt account credits.
We have an industry-leading, advanced fraud detection system called Falcon that protects your debit, point-of-purchase, and credit card transactions. The program actually learns your purchasing patterns, comparing real-time authorization data with your individual card behavior and existing trends.
When you use your debit or credit card, we'll quickly analyze the transaction, deliver an authorization decision, and determine if the account should be queued for further attention. Then, an analyst reviews the item and determines the appropriate course of action. Depending on the transaction, an analysis can result in you receiving a personal phone call to verify the activity on your account.
Of course, your transactions change over time. So the system continues to learn along with them, updating itself continually.
These security benefits are available 24 hours a day, seven days a week.
If you receive a call from the Falcon fraud analysts, they will identify themselves as calling on behalf of Orange County's Credit Union. Remember, you will never be asked to give your Debit or Credit Card number, account number, or Personal Identification Number (PIN). You will only be asked to verify specific transactions on your account. If you ever have questions regarding this fraud-protection program, please contact us immediately.
How can I enhance the already secure state of my Orange County's Credit Union Credit and Debit Cards?
Additional information is available at: http://www.staysafeonline.org/stop-think-connect/tips-and-advice.
What else can I do?
- Always contact us before traveling.
- Sign your cards immediately on the back signature panels.
- Don't keep your Online Banking credentials or Personal Identification Number (PIN) on your cards or with your cards, and never share this information with anyone.
If you do lose a card, you can block your PIN through free Online Banking:
- Log in to Online Banking.
- Choose the Other Services tab.
- Select Cancel PIN in the Account Services section.
- Read the information and choose Cancel PIN.
Check your statements
Save the receipts from your charges and keep them in a safe location. Check your statements to verify that they properly reflect the amounts you've authorized. Report any unauthorized transactions immediately. Once you have reconciled your statements, shred all receipts & statements.
Take advantage of Online Banking and Online Statements
Sign up for free Online Banking and conduct your complete financial business whenever it's convenient for you, 24 hours a day, seven days a week. Plus, you can utilize free Online Bill Pay and free Online Statements, saving you time and money, as well as enhancing your security.
Keep a list of all your card account numbers
Place the list in a safe and secure place and include the telephone numbers to call if your cards are ever lost or stolen. And remember to be cautious: never provide anyone who contacts you first with your personal or financial information.
Traveling? Let us know first.
Whether you're taking the family to Europe, hopping on a plane for business, or just going on a road trip to a neighboring state, call OCCU at (888) 354-6228 or send us a secure email from the Online Banking messaging system before you leave.
Why do you need to inform us of your plans?
- We can monitor and/or block transactions if they have a high possibility of fraud.
- We may then block your account if we think your resources might be at risk.
- We can contact you if we think there's a suspicious transaction conducted on your account.
Traditional online threats
Viruses, malware, and other programs that steal your personal information or financial details can infect mobile devices. Consider installing anti-virus software, back up your data, and keep the copy in a safe and secure location.
Malware, indicating malicious content, includes viruses, spyware, Trojan horses, or any other software designed to infiltrate or damage a computer system, steal personal information, and commit fraud.
There are several easy ways you can minimize malware risk:
• Never download a file or attachment unless you are absolutely certain what it is and who sent it.
• Never click on an advertisement asking for personal or financial information.
• Update your security and system software to protect your computer from these threats.
Viruses are harmful programs transmitted in numerous ways. Although they differ, they're designed to spread themselves from one computer to another through the Internet and cause havoc. Most commonly, they give the criminals access to infected machines.
The terms spyware and adware apply to several different technologies. Two important things to know about them are:
- They can download themselves onto your computer without your permission (typically when you visit an unsafe Web site or click on an attachment).
- They often make your machine do things you don't want it to do. This might be as simple as opening a pop-up ad or as complicated and nefarious as tracking your online movements, stealing your passwords, and compromising your accounts.
A Trojan horse is a harmful code contained inside what would otherwise be harmless programming or data. The horse takes control and does its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, the Trojan was a program that was supposed to find and destroy computer viruses.
Malware can be installed on your smartphone to steal sensitive information and data. More sophisticated types of these problems are expected to surge as cyber criminals catch up with the latest mobile technologies.
One of the ways malware can access your device is through Wi-Fi and Bluetooth. Because a smartphone can easily be connected to wireless networks, malware is easier to download. Only use secure and trusted Wi-Fi and only accept Bluetooth connections from people you know. Keep Bluetooth off when you aren't using it.
Fake mobile banking applications (apps)
Criminals may develop and publish fake mobile banking applications that look official, but are fabrications designed to steal your Online Banking credentials. Only download the Orange County's Credit Union Mobile Banking applications from trusted sources, such as the Apple App Store. To help protect your accounts and information, don't use any app if you detect these or other warning signs:
- The app's developer or author is not Orange County's Credit Union.
- The app is being promoted on a third-party site, somewhere other than the official store.
- There is a charge for downloading the app - it costs nothing to obtain this OCCU service.
SMShing - pronounced "smishing" - is fraud occurring via text message. A criminal sends you a text to trick you into replying with financial or personal information, or by clicking on links that will sneak viruses on to your mobile device. Never respond to an SMS text message that requests this crucial data. Orange County's Credit Union will never ask for your information this way.
We've all received unsolicited offers through email, better known as spam. Many fraudsters use spam to gather personal information to steal your money and/or your identity. Criminals may also send attachments and links that will lead you to spoof sites or cause you to inadvertently download harmful software.
Never email your personal information to an unknown source. You may be enticed by offers of limited-only or buy now and save, but this is always fraudulent. No legitimate business would deny you the time to check out their claims.
If you don't know the source of an email, delete it. Even if a co-worker or friend you trust sends you a link or attachment, it may be infected.
And remember to keep your computer firewall, anti-virus, and anti-spyware software up to date.
Phishing and Spoofing
Phishing and spoofing communications look like official Orange County's Credit Union emails, but force you to visit a fake site and enter your personal account information. These emails may also ask you to call a phone number and provide account details.
Ways to identify phishing and spoofing emails include:
- Links that appear to be from Orange County's Credit Union but aren't. If you place your cursor over a link in a suspicious email, your program most likely shows you the destination URL. Do not click the link, but look closely at the URL: One that is formatted OCCU.fakewebsite.com is taking you to a fraudulent address. Just because Orange County's Credit Union is part of the URL does not guarantee it is official.
- Requests for personal information. Orange County's Credit Union emails will never ask you to reply with any personal information, such as your Social Security Number or Personal Identification Number (PIN).
- Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify, or authenticate your personal information via email.
- Messages about system and security updates. We won't seek confirmation of important information via email due to system upgrades.
- Offers that sound too good to be true. Never fill out a customer service survey in exchange for money.
- Obvious typos and other errors. These are often the mark of fraudulent emails and Web sites. Also, be on the lookout for poor visual design.
Review your router settings
Take the time to review some simple settings you can change to make sure your home router is as secure as possible. Keep in mind that not all routers will have all these settings and most routers will have many more.
Change the administrator password
This is the single most important change you can make to secure your home network from intruders! If you did not change your router's default password or it is a simple password like "password," "password1," "admin" or "1234," change it immediately. When changing it, use at least 8 characters, using both letters and numbers, uppercase and lowercase, and at least one special character. Do not delay—do this as soon as possible!
Change the default Service Set Identifier (SSID or Network Name)
This is another setting that most people neglect to change on their router. Keeping the default wireless SSID almost always indicates the manufacturer of the device, which would allow the would-be hacker to focus on just the known vulnerabilities of that particular device. If you didn't change the default password and left the Remote Management setting on, they have everything they need to access your network. Change the default name, and remember to avoid using any personal information such as family name or address.
Disable Remote Management
This is a feature that most routers have, but most people will never need. It allows you to log in and manage the router from outside your network. There aren't too many situations where this is useful, so you should disable it unless absolutely necessary. If you REALLY need to access your router remotely, change the default port number (usually 8080 or 8888) to something less obvious and use an extremely complex administrator password.
Use Wi-Fi Protected Access (WPA or WPA2), not Wireless Encryption Protocal (WEP)
These are all encryption protocols, but WEP has been replaced by WPA and WPA2. It has been known for years that WEP is no longer secure and can be easily hacked, but many home users continue to use it. So check your settings and only use WPA or WPA2.
Make sure your demilitarized zone/perimeter network (DMZ) is turned off
Even though most routers have DMZ features that are usually turned off by default, it is good practice to verify this after your initial setup or after you or someone else has been troubleshooting your network. Sometimes people turn it on when troubleshooting a connection issue, and then forget to turn it off again, so it never hurts to double-check.
To be clear, changing these settings is not a guaranteed way of securing your home network, but most are fairly simple to change and cost you nothing.