Online Banking
How May We Help You
The Johns Hopkins Federal Credit Union



Data Security: How JHFCU is Looking Out for You

As data breaches at merchants continue to permeate the news, we want you to know that Johns Hopkins Federal Credit Union is ready to help if your personal or financial data is ever compromised. We take service to our members seriously and will do everything we can to ensure that action is taken – quickly – to help you avoid becoming a victim of identity or account theft.

Your credit union is subject to strong data security standards established by Congress and federal regulators. While data breaches can happen anywhere, we are ready with a plan designed to ensure the safety and confidentiality of your sensitive data.

Unfortunately, merchants and retailers aren’t subject to these federal requirements. Many of them follow their own data security standards, but, as the crush of data breaches over the last couple of years has shown, these self-imposed merchant standards are no substitute for a stronger federal standard. When it comes to protecting your personal information, every measure counts.

When your debit or credit card data is breached at a merchant, the cost of card replacement or account reimbursement to you is typically paid by your credit union and not the retailer where the breach occurred.  Unfortunately, this can become a very expensive proposition for the credit union, as we are often never reimbursed for these costs by merchants—as there is no liability requirement on them to pay for data breaches that occur on their watch.

We want you to know that in the event of any breach affecting your accounts, this credit union will always do what we can to make you whole. In the meantime, credit unions around the country are leading the effort to get Congress to pass legislation ensuring merchants and retailers meet a national standard for protecting any of your financial data they collect when you make a purchase and are held liable for breaches that occur on their end. We hope you will support us in this effort.

While we can’t control what happens at merchants and retailers, we want you to know that Johns Hopkins Federal Credit Union will do everything we can to assist you and your family if a breach does occur when you use your debit or credit card. You can always feel free to reach out to our Member Services department.



Fraud Prevention

Theft – Prevention, Protection, Detection and Action

We break down what identity theft is, what it can cost victims, and what you can do to protect your most valuable asset – your identity.


Mobile Threats

Just as computers need to be protected, mobile devices can be vulnerable as well. When accessing apps and such on your mobile device, be mindful of the source and if it can be trusted. Below, are some useful links and steps you can take to protect your devices from malware and other malicious software and users.

3 easy steps to limit malware on your mobile device:

1. Use an official app store (Ex: Google Play and Apple’s App Store)
2. Don’t jailbreak/unlock your phone – Lose built-in security
3. Update often – This will address security vulnerabilities

Mobile malware evolves: Adware now breaks and roots your phone

When Malware Goes Mobile

"Phishing" E-Mail Targets Credit Union Members

computer securityIn the past, some of our members have received fradulent e-mails claiming to be from JHFCU. The e-mails claim that you have been locked out of your account and want you to verify your identity, but they are really scams trying to steal your identity. There are some indicators you can look out for to tell whether an e-mail is from a legitimate source, like JHFCU or the National Credit Union Administration (NCUA), or people scamming for your personal information.

If you receive an e-mail from a seemingly legitimate organization, which may include an authentic-looking sender address and/or offical organization logos, look at it closely for the following tell-tale signs of phishing:

  • The e-mail asks for your personal account information and threatens negative action if you don’t provide it.
  • The e-mail is generically addressed or uses phrases that don’t make sense.
  • The e-mail includes a link that it says you must click on.

If you suspect the e-mail is fradulant, contact the purported sender to verify its authenticity. DO NOT respond to the e-mail or click on any of its links. The Credit Union keeps a running list of phishing e-mails that appeared to be from us, but did not actually come from JHFCU. To view these e-mails, click here.

Get information about the availability of the Federal Trade Commission’s online guidance regarding steps to protect against identity theft. You can also visit the FDIC to learn more about Identity Theft, Frauds, and Scams Basics and, where you can report potential fraud and find education tools to help protect yourself.



1. What is malware?
Malware – formed from the words malicious and software – is a general term used by computer professionals to refer to many different kinds of computer software designed to infiltrate or damage a computer system without the owner’s knowledge or consent. Malware includes computer viruses, worms, trojan horses, spyware and many other malicious and unwanted software types.

2. How can a malware infection occur?
Malware can infect a user’s computer through many paths, including pop-up messages that ask users to download things, links in web pages or e-mails, infected websites and many other methods that can sometimes even be invisible to the user. Malware is often used in conjunction with phishing scams.

3. What are the consequences of malware?
At a minimum, malware is a nuisance, sometimes displaying unwanted advertising or using a user’s computer to send spam. At its worst, malware has the potential to steal personal and financial information ranging from browsing habits to e-mail address lists to online banking passwords and even identity theft.

4. How can you protect yourself against mailware?
While there is no single fool-proof method, users should keep their anti-virus software up to date and running and keep their operating systems and applications updated with the latest patches from the manufacturers.

Other common suggestions include exercising extreme caution with e-mail links and attachments and using firewalls to protect information on personal computers. Also look for login windows or messages that appear strange or different, which could be signs that your computer has been affected with malware.

5. What should we do if one of our end users is affected by malware?
JHFCU cannot give specific remediation advice in connection with malware. Just remember to remain vigilant to the risks of malware, phishing and other suspicious activities by taking steps to minimize risk.


First there was “phishing,” where potential thieves would try to get your personal information by sending you a fake e-mail claiming to be from a legitimate financial institution or company, like PayPal. Now scam artists have come up with a similar ruse, known as “vishing,” which is basically phishing by phone.

Vishing scams come in two varieties. The first is conducted solely by phone. A consumer is called, usually by an automated dialer, and told that the privacy of their credit card or bank account has been compromised. They are then told to call back a certain number immediately to “verify” their information.

The second type of vishing is just like the first, except that the intended victim gets an e-mail instead of a call. The message is like that of a phishing e-mail, but instead of clicking on a link, the person is asked to call a certain number.

Either way, when the consumer calls the number, they reach an automated voice response system that asks the consumer to enter things like their account number, password, birth date, and Social Security number. As the unsuspecting consumer enters the information on their keypad, the crook records their keystrokes.

If you are unsure of any call you receive from JHFCU, simply ask for their name and say that you will call them back at the JHFCU office (410-534-4500 or 1-800-JHFCU-70).

Return to Top


Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.

In many cases, the smishing message will come from a "5000" number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

Do not respond to smishing messages.


Text Message Fraud

Be on the look out for text messages claiming to be from your financial institutions. These are most likely a scam. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers. Financial institutions will never alert you to a problem with your account through a text message (unless its an alret that you opted in for). If you receive a text message claiming to be from a financial instituion it is most likely a scam. Do not respond to it and do not go to any websites they may direct you to.

Johns Hopkins Federal Credit Union will NEVER ask you to verify your sensitive JHFCU account or personal information via an unsolicited text message.


If you log in to your account and a screen appears asking for your Card Information (card number, card security code, and PIN) do NOT enter the information. There could be a Trojan or virus on your PC—please run a virus scan and/or have your PC checked by an IT security expert. Also, please report the occurrence to JHFCU by calling 410-534-4500. JHFCU will NEVER ask you to provide a card number or PIN on our website or via an email to confirm your identity, and you should consider any request for that information to be a fraudulent phishing attempt. (If a screen appears asking your Security Challenge questions, that is an appropriate screen—you can choose to enroll your PC to avoid those questions in the future).

More Information: click here


Computer Virus

Tips for computer security and to prevent viruses

You must run quality security software on your computers to protect your work and private data from viruses, spyware, and other security threats. When it comes to security, there is no substitute for quality. See below our recommended quality solutions. If any of the following is difficult for you, get an IT Expert to do it for you. You must do the following or risk all of your work/data being compromised (think of it as locking your front door):viruses

  1. Get good anti virus software e.g. one of the below.
    Recommended anti virus software:
    - AVG
    - Norton Anti virus
    - McAffee Anti Virus
    - Sophos Anti Virus

    Be sure to regularly update your 'virus definitions' e.g. once per week
  2. Install a quality Firewall
    There are many firewalls available, some good, some bad. Some provide a paid version with extra tools (of course).
  3. Install an anti-spyware application
    There are many available, some good, some bad.
  4. Email Attachments: BEWARE OF ATTACHMENTS. Do not open email attachments you are not expecting. Viruses come with some very nasty messages to trick you into opening the attachement e.g. "Your email account has been cancelled, see attachment for details". Even worse, the virus looks like it comes from an email address you recognise e.g. from (where 'your domain' is the domain name that you use). Virus attachments can have the following 'file extension': .exe, .pif. If you receive a .zip attachment and open it - make sure it doesn't contain a file with one of those extensions. Do not open attachments you haven't requested, even if they appear to be from people you know.

Why do I receive, notices that emails from me could not be delivered - when I didn't send the email?

  • How did someone else send an email that looked like it was from me?
  • Why do such emails seem to be from someone who is not in my organisation?

This is usually caused by a virus on someone elses computer sending the emails, but making it look like the emails are from you, or to put it another way: A virus that spoofs the 'from address'. The important (and annoying) thing to note is that the virus is probably not on your computer, it is on someone elses. So even if you have quality anti-virus software that keeps your computer clean, there is someone else out there who's computer is infected and sending these emails out.

How viruses spoof the from-address in emails

  • You have effective anti-virus software, so your computer is clean,
  • You send an email to Fred,
  • Now your email address is in Freds address book in his email software,
  • Fred does not have effective anti-virus software, and his computer has a virus,
  • The virus on Freds computer scans his address book for all of the email addresses on it,
  • The virus sends email to every address on Freds address book,
  • The virus emails do not say they are from Fred!, The virus pics another addresse from Fred's address book and puts it in the 'From field' in the outgoing email. The virus may combine the name from one address and the domain from another, creating a 'from address' that does not exist.
  • These emails are received by other computers, which detect the virus (because they have good anti virus software) and reject the email,
  • When the receiving computer rejects the virused email it sends an 'Undeliverable' to the sender e.g. something like 'Subject: /Delivery Notification: Delivery has failed'.
  • But! the 'Undeliverable' note goes to the spoofed from address (not to Fred) e.g. the 'Undeliverable' note could be sent to you.
  • Often there is no trace of Freds real address in the virus email or the 'Undeliverable' note, so you can not tell who's infected computer is sending these emails.


Keep your computer up to date

Check to see if you need updates for your hardware or your devices:


Update your virus protection software regularly (Mcfee, Norton, etc.) The cost of paying for protection outweighs the cost of fraud and identity theft!


Forensic Loan Audits

May 11, 2010 – Federal Trade Commission warning against a home foreclosure rescue scam that begins with “rescue” professionals offering audit services for a fee. In the scam, as explained in a recent FTC consumer alert, the homeowner pays several hundred dollars up front to have a “forensic loan auditor,” “mortgage loan auditor” or “foreclosure prevention auditor” backed by “forensic attorneys” review the homeowner’s loan documents to see if the lender complied with state and federal mortgage lending laws. The auditors claim their reports can be used to avoid foreclosure, accelerate the loan modification process, reduce loan principal or cancel the loan. The FTC notes that there is no evidence such an audit can result in any kind of mortgage relief, even if it’s done by a licensed, trained practitioner. It says if there are errors in the loan documents, the borrower may be able to sue, but the lender won’t be required to modify the loan to make it more affordable. Cancelling the loan, it adds, will mean loss of one’s home and an obligation to return borrowed funds to the lender.

The alert was posted on the FTC’s website Friday; for the full alert go to: FTC consumer alert