Fraud & Security News

Phishing Precautions

Something Phish-y's Going On Here...

So, you’re checking your e-mail and find a message from a financial institution. This message asks you to click on a link that will take you to a Web site where you can “confirm your account information” as part of their system update. Or it hints at “unauthorized activity” on your credit card or ATM card and directs you to a Web page where you can “verify your identity” in order protect your account.

The e-mail seems genuine — it looks just like the institution's other Web pages, right down to the logo. And the address on the link even includes the institution's name.

But don’t take the bait. Because the reality is that you're being “phished” by criminals who hope to gain personal information from you. Their goal is to use your information in order to commit identity theft or credit fraud.

The fact is, Green Country Federal Credit Union will never ask you to confirm personal information on line or direct you to our Web site via an e-mail link. If you receive such an e-mail that says it's from us, contact us by phone immediately at 918.245.1301 and we'll take steps to shut down the phony Web site and find the person that posted it.

Recognizing a Phish

Look for the “tells.” A sophisticated scam can look pretty convincing, but there are usually clues that will tell you an e-mail is a phish:

  • You're asked to provide personal information — a bank account or credit card number, PIN number or password, your social security number or your mother's maiden name;
  • The e-mail doesn't use your name, indicating that is a mass mailing;
  • The message includes scare tactics, warning that you might have been a victim of fraud, or that your account is being shut down until you provide “verifying” information;
  • The text contains spelling or grammatical errors; these are especially common in phishing schemes that originate in other countries.

Commonsense Precautions

Criminals can be clever. But so can ordinary, law-abiding citizens. With a healthy dose of skepticism and a few relatively simple measures, you can successfully foil online criminals:

  • Don't give out personal information unless you're sure you know with whom you're dealing. Check an organization's Web site by typing its URL in the address line, rather than copying and pasting it. Or call customer service using the number listed on your account statement or in the telephone book.
  • Be cautious when responding to promotions. Identity thieves may create phony offers to get your personal information, or to obtain your e-mail address, which they can then use to send a phish.
  • Avoid using information such as your mother's maiden name, your birth date, and the last four digits of your SSN, your phone number, or your address as an online password. If a Web site asks for your mother’s maiden name, ask to use another password instead.
  • To create a strong password, use a combination of letters (upper and lower case), numbers and symbols. Think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "I love Felix; he's a good cat," would become 1LFHA6c.
  • Set your computer to automatically update virus protection software each week.
  • Do not open files, click on links or download programs from people you don't know.
  • Use a firewall program, especially if you have a high-speed Internet connection that leaves your computer constantly connected to the Internet. Without it, hackers can access information stored on your computer.
  • Use the most up-to-date version of a secure browser for online transactions. When submitting information, look for the lock icon on the browser's status bar to be sure your information is secure during transmission.
  • After you've completed a secure online transaction, sign off the site right away.
  • Don't store financial information on a laptop computer unless absolutely necessary. If you must use a laptop, don't use an automatic login feature that saves your user name and password, and always log off when you're finished.
  • Before you dispose of a computer, delete all personal information stored on it. Be aware that deleting files or reformatting your hard drive may not be enough; use a "wipe" utility program to overwrite the entire hard drive.