First Education Federal Credit Union


Quick Links

 

Fraud Alerts

Update 4/11/14

The Heartbleed bug--a flaw in the Open Secure Socket Layer (OpenSSL) technology used to establish secure links between servers and users--exposed millions of usernames, passwords and other information. Many organizations use OpenSSL because it's free. Facebook and Yahoo have already patched. You probably should change your passwords for these sites and any other free social media and email sites.

Undetected for more than two years, the bug affects two-thirds of encrypted websites.

Rest assured that our systems and sites do not use OpenSSL. Our third-party providers are up-to-date or have taken the appropriate measures to secure their sites.

To make your Internet use safer, we encourage you to check the security of other sites you use and to be proactive in password and virus protection.

Some Heartbleed resources: https://www.us-cert.gov/ncas/alerts/TA14-098A

http://www.forbes.com/sites/larrymagid/2014/04/09/test-for-heartbleed-vulnerability-and-advice-on-changing-passwords/

Heartbleed checker: https://lastpass.com/heartbleed/ 

Tips for changing passwords
(from ConnectSafely.org)
Never give out your password to anyone (except your parents). Never give it to friends, even if they’re really good friends. A friend can – accidentally, we hope – pass your password along to others or even become an ex-friend and abuse it.

Don’t just use one password.
It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.

Create passwords that are easy to remember but hard for others to guess. When possible, use a phrase such as “I started 7th grade at Lincoln Middle School in 2004” and use the initial of each word like this: “Is7gaLMSi2004.”

Make the password at least 8 characters long. The longer the better. Longer passwords are harder for thieves to crack.

Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$1avng (short for “My friend Sam is a very nice guy) is an excellent password.

Don’t use dictionary words: If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.

Don’t post it in plain sight: This might seem obvious but studies have found that a lot of people post their password on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.

Consider using a password manager: Programs or Web services like RoboForm (Windows only) or Lastpass (Windows and Mac) let you create a different very strong password for each of your sites. But you only have to remember the one password to access the program or secure site that stores your passwords for you.

Don’t fall for “phishing” attacks: Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to log in, change your password or provide any other personal information. It might be legit or it might be a “phishing” scam where the information you enter goes to a hacker. When in doubt, log on manually by typing what you know to be the site’s URL into your browser window.

Make sure your computer is secure: The best password in the world might not do you any good if someone is looking over your shoulder while you type or if you forget to log out on a cybercafe computer. Malicious software, including “keyboard loggers” that record all of your keystrokes, has been used to steal passwords and other information. To increase security, make sure you’re using up-to-date anti-malware software and that your operating system is up-to-date.

Consider a “password” for your phone too: Many phones can be locked so that the only way to use them is to type in a code, typically a string of numbers. Sometimes when people with bad intentions find unlocked phones, they use them to steal the owners’ information, make a lot of calls, or send texts that look like they’re coming from the owner. Someone posing as you could send texts that make it look like you’re bullying or harassing someone in your address book with inappropriate images or words.

Update 1/24/14:

We've seen recent instances of check fraud. Members have received counterfeit cashier's checks drawn on out of state banks and credit unions. These checks look authentic to the untrained eye. Know that anytime you receive unexpected checks in the mail from individuals and people you do not know, they're probably fraudulent.

 

Update on Target Breach

News reports on 1/10/14 indicate that tens of millions more cards were included in the Target stores data breach than were reported last month. Rest assured that your credit union is on top of this. We receive information daily about cards that are compromised. We have contacted members via email and telephone. If you did not receive a comminique from us but feel your card may be in jeopardy, please contact us. This is a great time to make sure we have updated contact information, including email addresses and phone numbers.

Update: 12/27/13 Today we learned that some consumers are receiving emails purporting to be from Target or their financial institution. The email promises a speedy solution to the data breach. There are links and the consumer is asked to enter in card numbers, expiration dates, etc. THIS IS A SCAM. Target cannot assist any credit or debit cardholder. Your financial institution will never ask you to click on a link and enter information we already have. Some tips:

  1. If the e-mail asks for personal or financial information, assume it is a scam. Don't reply. No legitimate business will ask for personal information through unsecure methods like e-mail.
  1. If there are links in the e-mail, don't click on them, even if they seem legitimate. Scammers can use links to install viruses that direct you to spoof sites that aim to steal information. Hovering over a link can reveal a deliberately misspelled Web address or a completely different destination.  "Your best bet is to type the URL directly into your browser," FTC said.

Update: 12/26/13 We received a list of card numbers that were included in the Target data breach. We emailed or called those members to let them know they need to contact the credit union. You can come to the branch to get a new card or we can order one to be mailed to you.

We've all heard about the Target stores hack which has left many of us worried. According to Target, card numbers, expiration dates and CVVs were compromised. Target says that Personal Identification Numbers (PIN) were not captured. Some credit unions and banks are already seeing fraudulent activity. So far, we have not at First Education. We subscribe to Falcon's Fraud Alert, which is a very high level monitoring program. We receive information daily on possible compromised cards and alert those members.

If you used your card at Target between November 27th and December 15th, your card may become compromised. If you can come in, we can make a new card while you wait. If you can't stop by, call us and we will order one for you.

What is always most important are the following tips:

1) NEVER give your card number out over the phone to ANYONE who calls you. Lately, fraudsters purport to be from Verizon or the Internal Revenue Service. These callers make it sound like you may be arrested or have your phone service disconnected if you do not pay now. These are always fraudulent calls. Folks you do business with regularly will never ask you to give your card number over the phone.

2) Keep track of your account and report unauthorized charges to your financial institution immediately.

3) Scrutinize machines before you swipe. If you see anything unusual attached to the card reader, do not swipe your card. Alert the owner of the machine. Card skimmers are being detected all over and are found on ATMs and store terminals.

4) Lastly, don't believe emails from friends or family that state the loved one is "trapped" in a foreign country and needs money. Before withdrawing funds from your account, contact that friend or family member. You'll likely discover that they are safely at home and that their email got hacked. The typical scam is where someone is visiting the Philippines, Thailand, or elsewhere in the world and has run into trouble with the law, had a wallet stolen, or is in the hospital. They need a lot of money in a hurry and you are their only hope. Don't fall for it.

 

Click here to return to Homepage Accounts | Loans | Online Services | Membership | Resources | Locations | Contact Us
©2013, First Education Federal Credit Union. Privacy Policy Equal Housing LenderEqual Housing LenderFederally Insured by the National Credit Union Association Federally Insured by NCUA First Education Federal Credit Union
HOMEPAGE SITE MAP Return to Homepage