Online and Mobile Security Tips

Best Scam Prevention and Cyber Security Practices:

  • Always use complex passwords that also meet the established password requirements – creating a phrase you will remember like “Ilovecoffeeinthemorningwithespresso!” is more secure for your accounts. You may also be asked to change your password from time to time, or should consider changing it yourself. Also, do not use the same password for Online Banking that you use for other sites, particularly commerce sites. 
  • Check your accounts regularly to confirm you recognize all transactions and report suspicious card activity immediately.
  • Always use all protection methods offered to you – Chip card, two-factor authentication, immediate transaction alerts (Visa Purchase alerts), Mobile Wallet, etc. 
  • Don’t send gift cards as payment or to make donations – scammers will ask for gift cards because they are easily untraceable and funds are available immediately.
  • Don’t cash checks for strangers or return funds for overpayment – scammers will send fraudulent checks and request that you return a portion of the check to them. Many times, you have access to the funds immediately but then the check can still be returned unpaid. 
  • Don’t respond to emails that you believe may be a phishing attempt or open any suspicious attachments. 
  • Don’t include any personal information in emails, un-secure electronic communication, or on social media.
  • Always be on the lookout for fake charity scams and make sure you verify the legitimacy of a charity first. 
  • Always be vigilant when using ATM’s or any other card swiping devices and check for skimming devices. 
  • Don’t reuse the same User ID and password for different sites. 
  • Update your device operating system, browsers and apps to the latest versions.
    • Install a firewall and antivirus software and keep them up to date. 
  • Always back up your data frequently.
  • Never give out your full Social Security number or your debit or credit card PIN to someone who calls you, particularly if they say they are calling from the credit union or on behalf of a financial institution.  JHFCU will NEVER call and ask for your Social Security number or PIN (scammers will try to do that). 
  • Use the screen lock on your mobile device for an added layer of security and set it to lock after a certain period of time.
  • Turn off Bluetooth when you are not using it. 
  • Be cautious when using public Wi-Fi – especially if you are conducting financial transactions. 
  • Use an official app store (Ex: Google Play and Apple’s App Store). 
  • Don’t jailbreak/unlock your phone – you will lose built-in security. 

Don’t be influenced

Bad guys will try to persuade you into letting your guard down and giving them what they’re looking for. Oftentimes, they don’t even need information specific to your organization to trick you.

See the examples below of common tactics used to influence victims in pre-texting scenarios:

  • Influence by Authority

For example, you receive a call at work from someone demanding immediate assistance, using an aggressive and authoritative tone. This person establishes their authority by using an executive-level or official-sounding “job title”. They may even insult you for not being familiar with “who they are”. These scare tactics alone often sway victims into giving away sensitive information or complying with a request.
Its human nature to act in a responsive manner around someone of authority, but don’t fall victim to false claims of authority!

  • Influence by Obligation

For example, you receive a call from someone posing as a member of your IT department. The bad guy tells you they’ve found malicious activity on your work computer and begin questioning your recent browsing history–implying that you’ve reached a malicious website and have put the company in danger as a result. Then, they demand you update your password with a more "secure" password which they provide.
Would you feel obligated to comply with their instructions? Many unsuspecting individuals would–but don’t fall victim to a false sense of obligation!

  • Influence by Fake Concern

For example, you receive a call from someone posing as a member of your Fraud Department. This person establishes their authority by providing expert knowledge regarding possible fraud on your account. They trick you into providing your SSN or your PIN to your card in order to proceed with their investigation. You would feel obligated to provide these secure numbers to assist in eliminating the fraud from your account. However, the bad guys have already been able to copy your debit card and you providing your PIN or SSN has just given them unlimited access to your funds and/ or identity. Don’t be a victim!

We support TLS (Transport Layer Security) 1.2.

TLS is a set of rules that provides security between computer applications. If the browser or device trying to access Online Banking/Mobile Banking does not support TLS 1.2 access will be denied. 

Browser Impact
  • Internet Explorer running on systems with operating systems older than Windows 7 will be impacted.   
  • Windows 7 devices running older versions of IE (8, 9, 10) and Windows 8 devices running IE 10 can support TLS 1.2, but don’t by default – users will be required to change browser settings.   
    • Instructions on how to do this can be found here.
  • Windows 10 devices running IE 11 or Edge support TLS 1.2 with no required changes.

Android Devices OS Impact

  • Android OS versions prior to 4.4.2 do not support TLS 1.2.  – Users will not be able to use their device for Mobile Banking. 

Test browser capability and TLS FAQs:

Please visit our Website Security Policy for more details.