Security Tips

• Having the latest in security, Web browser, and operating systems software is the best defense against viruses, malware, and other online threats.
• Many programs will automatically connect and update to fight known risks. Turn on automatic updates if that's an option.
• USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
• Back up your valuable work, music, photos, and other digital information by making electronic copies and storing them safely.

• Lock your phone with a strong passcode.
• Be aware of where your device is at all times.
• Think before you app: Review the privacy policy and understanding what data (location, access to your social networks) your phone can access before you download it.
• Only give your number to people you know and trust and never provide anyone else's without their permission.
• Disable geotagging on your device's camera.
• Consider using a remote wipe program with the ability to delete any data.

• Get savvy about Wi-Fi hotspots: Be aware of the type of business you conduct and adjust the security settings on your device to limit access.
• Protect your financial resources: When browsing, check to be sure the sites are security-enabled. Look for web addresses with https:// or shttp://, which means it takes extra measures to help protect your information. Http:// does not.
• When in doubt, don't respond. Fraudulent texting, calling, and voicemails are on the rise. Just like email, requests for personal information or immediate action are almost always a scam.
• Own your online presence: When available, set the privacy and security settings on sites to your comfort level for information sharing.
• Report stolen finances or identities and other cybercrime to www.ic3.gov and your local law enforcement agency or state attorney general as appropriate.

• Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
• Make passwords long and strong -- combine capital and lowercase letters with numbers and symbols.
• Create separate passwords for every account.
• Write passwords down and keep them safe on a list that's stored in a secure place away from your computer.

• If the ATM is obstructed from view or poorly lit, go to another.
• Ensure no one is loitering in the area when you approach the ATM.
• Do not accept assistance from strangers.
• If you see anyone or anything suspicious, cancel your transaction and exit the premises.
• If anyone follows you after using an ATM, go to a crowded, well-lit area and call the police.
• Never write your Personal Identification Number (PIN) on the card and don't share it with anyone.
• If you lose your card, report it to (888) 354-6228 immediately.
• Put cash directly into your wallet or purse.
• Once your transaction is complete, take your money, card, and receipt and leave the area. Verify your cash later when it is safe to do so.
• Check your ATM receipts against your statements to identify unauthorized transactions.
• Protect your PIN and privacy by shielding the keypad and standing close to the machine.

• Carry only necessary identification, not your Social Security card.
• Never provide your Social Security Number unless you have initiated the contact and can confirm the business or person's identity.
• Do not use your full or partial Social Security Number as a Personal Identification Number (PIN) or password.
• Do not transmit your Social Security Number over the Internet unless you know the connection is protected or you have encrypted data.
• Do not record your Social Security Number on a check, traveler's check, gift certificate, money order or other negotiable instrument unless required by law.

• Your card already comes with an advanced fraud detection system that learns your purchasing patterns and alerts you when it identifies potential fraudulent activity.
• Before traveling, set travel notices on your cards through Online or Mobile Banking.
• Sign your cards immediately on the back signature panels.
• Don't keep your Online Banking credentials or Personal Identification Number (PIN) on your cards or with your cards, and never share this information with anyone.
• If you lose a card, freeze it immediately through Online or Mobile Banking.
• Check your statements regularly to verify your transactions.

Traditional Online Threats

Viruses, malware, and other programs that steal your personal information or financial details can infect computers or mobile devices. Consider installing anti-virus software, back up your data, and keep the copy in a safe and secure location. Minimize risk by:

• Never downloading a file or attachment unless you’re absolutely certain what it is and who sent it.
• Never clicking on an advertisement asking for personal or financial information.
• Updating your security and system software to protect your computer from these threats.

Fake Mobile Banking Applications (Apps)

Criminals may develop and publish fake mobile banking applications that look official, but are fabrications designed to steal your Online Banking credentials. Only download the Orange County's Credit Union Mobile Banking applications from trusted sources, such as the Apple App Store or Google Play Store. To help protect your accounts and information, don't use any app if you detect these or other warning signs:

• The app's developer or author is not Orange County's Credit Union.
• The app is being promoted on a third-party site, somewhere other than the official store.
• There is a charge for downloading the app - it costs nothing to obtain this OCCU service.

Caller ID Spoofing

Caller ID spoofing is a deceptive practice where individuals or organizations manipulate the information displayed on the recipient's caller ID to make it appear as if the call is coming from a different phone number or entity. This tactic is often used to impersonate trusted sources, such as legitimate businesses, government agencies, or even acquaintances, with the intention of gaining the recipient's trust. Scammers may impersonate Credit Union representatives and attempt to trick customers into divulging sensitive information that can lead to identity theft, fraud, and financial losses. Here are some things to be cautious of:

• Requests for sensitive information such as account numbers, PINs, passwords, one-time passcodes, or other personal and financial data
• Requests for actions such as fund transfers, account changes, or payments

Orange County’s Credit Union will never ask you for:

• Your entire Social Security Number (only the last 4 digits)
• Your online banking password, or one-time password (received via txt message)
• Your PIN

Members can protect themselves from these issues by exercising caution when receiving unsolicited calls, especially if the caller requests sensitive information or actions related to their accounts or personal information. It's important to independently verify the caller's identity by contacting the Credit Union through official channels, such as using a phone number from the credit union’s website or the back of their debit or credit card.

Phishing and Spoofing

Phishing and spoofing communications look like official Orange County's Credit Union emails, but trick you into visiting a fake site and entering your personal account information. These emails may also ask you to call a phone number and provide account details. Ways to identify phishing and spoofing emails include:

• Links that appear to be from Orange County's Credit Union but aren't: If you place your cursor over a link in a suspicious email, your program most likely shows you the destination URL. Do not click the link, but look closely at the URL. One that is formatted OCCU.fakewebsite.com is taking you to a fraudulent address. Just because Orange County's Credit Union is part of the URL doesn’t guarantee that it’s official.
• Requests for personal information: Orange County's Credit Union emails will never ask you to reply with any personal information, such as your Social Security Number or Personal Identification Number (PIN).
• Urgent appeals: We will never claim your account may be closed if you fail to confirm, verify, or authenticate your personal information via email.
• Messages about system and security updates: We won't seek confirmation of important information via email due to system upgrades.
• Offers that sound too good to be true: Never fill out a customer service survey in exchange for money.
• Obvious typos and other errors: These are often the mark of fraudulent emails and Web sites. Also, be on the lookout for poor visual design.

SMShing

SMShing (SMS Phishing) is fraud that occurs via text message. A criminal sends you a text to trick you into replying with financial or personal information, or clicking on links that will sneak viruses on to your mobile device. Never respond to any text message that requests this type of data. Orange County's Credit Union will never ask for your information this way.