Cybersecurity Awareness

October is National Cybersecurity Awareness Month

Welcome to National Cybersecurity Awareness Month! Each October, we come together to promote online safety and security, ensuring our members are equipped with the knowledge and tools to protect their personal information. This month, our credit union is dedicated to sharing valuable blogs, practical tips, and essential resources aimed at enhancing your cybersecurity awareness. Read on as we explore ways to keep your accounts and personal data safe in an increasingly digital world. Together, we can create a more secure online community for everyone!

Account Takeover Fraud - Don’t share your info with anyone posing as our institution

What is an “account takeover?”
An account takeover happens when a fraudster poses as a financial institution to get your personal or account information. Once the fraudster has access to your account, they can make unauthorized transactions.

How Does It Work?

Here's how it usually works:

• Fraudsters will email or send texts to you appearing to come from the credit union, warning you of suspicious debit card transactions.

• Fraudsters then make a follow-up phone call to those who respond to the text, spoofing the credit union’s phone number and pretend to be from the credit union’s fraud department.

• Claiming the need to "verify your identity", the fraudster asks for your online banking username and informs you that you will receive a passcode via text or email that you must provide it to the fraudster. In reality, the fraudster has initiated the forgot password feature, that generates a 2-step authentication passcode which is delivered to you.

• If you provide the passcode to the fraudster, they can then use it to log in to your account using a device not recognized by the host system.

• Upon logging into your account, the fraudsters lock you out of your account by changing the digital banking password and then use bill pay, P2P, or external transfers to transfer funds out of your account.

Fort Worth City Credit Union will NEVER ask for your personal information such as digital banking security codes, passwords or PINs by text or phone call.

Phishing - Don’t take the bait

Spoofing - Don’t trust caller ID

Passwords - The importance of strong passwords and password managers

Multi-factor Authentication - Always enable MFA

Online Romance Scams - People online aren’t always as they appear

Payment App Scams - Know who you’re sending money to

Cybersecurity: What to do if your data has been breached

Have you gotten a letter or email warning that your sensitive personal information has been part of a data breach, and is at risk of being sold in the shadowy marketplaces of the dark web? Some emails list the stolen information, like all or part of your Social Security number, date of birth, and driver’s license number. If you’ve gotten one of these data breach notices, it can seem scary and overwhelming. But you’re not powerless against it! There are all kinds of ways to keep your data protected. Here are a few steps to take to help protect yourself against financial loss from identity theft:

Don’t click a link or use a phone number in unexpected texts or emails. It could be a “phishing” attempt, designed to trick you into disclosing sensitive information to scammers. If you think the message is legit — for example, if you have a credit monitoring service or a credit card with a company that monitors the dark web — contact the company using a website or phone number that you know is real. Phishing is one of the oldest tricks in the book for cybercriminals but it is just as effective as ever. According to CISCO’s 2021 Cybersecurity Threat Trends report, 80% of security incidents and 90% data breaches stem from phishing attempts.

Change your passwords to secure your accounts. Start by changing the passwords on your email accounts. Email accounts often are the weak link in online security because password resets for other accounts go to your email. If your email account password has become known, then an identity thief can log into your account and intercept your password reset emails.

• Pro tip: When setting up new passwords, consider using a password manager. Free ones are built into most browsers and will automatically create passwords that are hard to guess. Be sure to use different passwords for each account and, if the account offers multifactor authentication, use it for added security.

Check your credit reports. After securing your accounts, make sure nobody has opened new accounts using your information. Visit AnnualCreditReport.com to get an annual free credit report from each of the three nationwide credit bureaus, Equifax, Experian, and TransUnion. If you find an account or transaction you don’t recognize, visit IdentityTheft.gov to report the identity theft and get a personal recovery plan.

Consider freezing your credit. A credit freeze, also known as a security freeze, is free to place and remove and is the best way to protect against an identity thief opening new accounts in your name. Alternatively, place a free fraud alert on your credit to make it more difficult for an identity thief to get new credit in your name.

Report the scam. If you have been a victim of fraud or a scam, you should report this to the FTC online (www.reportfraud.ftc.gov ) or by phone at 1-877-382-4357 and report it to the FBI at Internet Crime Complaint Center. Reporting these crimes can assist not only in recovery put prevention of future crimes. For additional information about popular scams, how to avoid them and what to do if you are a victim, visit https://www.usa.gov/scams-and-fraud.