Online and Mobile Security Tips

Top Cyber Security “Words to Know”

Phishing: A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.

Cloud: A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.

Software: A set of programs that tell a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software

Two-Factor Authentication: An authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

Breach: The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

Firewall:  A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.

Malware: An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.

Spoofing: A social engineering technique used to convince a consumer that the phone call or text is from a trusted source in an effort to obtain personal or confidential information. Spoofing disguises a communication (email, phone number, website etc.) from an unknown source to appear legitimate. In addition, they are friendly and engaging on the call as part of their elaborate scheme to persuade you to give them what they want.

How To Spot Scams

Best Scam Prevention and Cyber Security Practices:

  • Always use complex passwords that also meet the established password requirements – creating a phrase you will remember like “Ilovecoffeeinthemorningwithespresso!” is more secure for your accounts. You may also be asked to change your password from time to time, or should consider changing it yourself. Also, do not use the same password for Online Banking that you use for other sites, particularly commerce sites. 
  • Check your accounts regularly to confirm you recognize all transactions and report suspicious card activity immediately.
  • Always use all protection methods offered to you – Chip card, two-factor authentication, immediate transaction alerts (Visa Purchase alerts), Mobile Wallet, etc. 
  • Don’t send gift cards as payment or to make donations – scammers will ask for gift cards because they are easily untraceable and funds are available immediately.
  • Don’t cash checks for strangers or return funds for overpayment – scammers will send fraudulent checks and request that you return a portion of the check to them. Many times, you have access to the funds immediately but then the check can still be returned unpaid. 
  • Don’t respond to emails that you believe may be a phishing attempt or open any suspicious attachments. 
  • Don’t include any personal information in emails, un-secure electronic communication, or on social media.
  • Always be on the lookout for fake charity scams and make sure you verify the legitimacy of a charity first. 
  • Always be vigilant when using ATM’s or any other card swiping devices and check for skimming devices. 
  • Don’t reuse the same User ID and password for different sites. 
  • Update your device operating system, browsers and apps to the latest versions.
    • Install a firewall and antivirus software and keep them up to date. 
  • Always back up your data frequently.
  • Never give out your full Social Security number or your debit or credit card PIN to someone who calls you, particularly if they say they are calling from the credit union or on behalf of a financial institution.  JHFCU will NEVER call and ask for your Social Security number or PIN (scammers will try to do that). 
  • Use the screen lock on your mobile device for an added layer of security and set it to lock after a certain period of time.
  • Turn off Bluetooth when you are not using it. 
  • Be cautious when using public Wi-Fi – especially if you are conducting financial transactions. 
  • Use an official app store (Ex: Google Play and Apple’s App Store). 
  • Don’t jailbreak/unlock your phone – you will lose built-in security. 

Don’t be influenced

Bad guys will try to persuade you into letting your guard down and giving them what they’re looking for. Oftentimes, they don’t even need information specific to your organization to trick you.

See the examples below of common tactics used to influence victims in pre-texting scenarios:

  • Influence by Authority

For example, you receive a call at work from someone demanding immediate assistance, using an aggressive and authoritative tone. This person establishes their authority by using an executive-level or official-sounding “job title”. They may even insult you for not being familiar with “who they are”. These scare tactics alone often sway victims into giving away sensitive information or complying with a request.
Its human nature to act in a responsive manner around someone of authority, but don’t fall victim to false claims of authority!

  • Influence by Obligation

For example, you receive a call from someone posing as a member of your IT department. The bad guy tells you they’ve found malicious activity on your work computer and begin questioning your recent browsing history–implying that you’ve reached a malicious website and have put the company in danger as a result. Then, they demand you update your password with a more "secure" password which they provide.
Would you feel obligated to comply with their instructions? Many unsuspecting individuals would–but don’t fall victim to a false sense of obligation!

  • Influence by Fake Concern

For example, you receive a call from someone posing as a member of your Fraud Department. This person establishes their authority by providing expert knowledge regarding possible fraud on your account. They trick you into providing your SSN or your PIN to your card in order to proceed with their investigation. You would feel obligated to provide these secure numbers to assist in eliminating the fraud from your account. However, the bad guys have already been able to copy your debit card and you providing your PIN or SSN has just given them unlimited access to your funds and/ or identity. Don’t be a victim!

Please visit our Website Security Policy for more details.