Internet Security: Safeguarding Your Information
In today's high tech world, we are able to do things more quickly and conveniently electronically whether it is to send a letter via email, pay bills or even go shopping online. With this increase in speed and convenience also comes increased risk. Every day, unscrupulous individuals are busy developing new scams targeting the unsuspecting public.
How evergreenDIRECT is Protecting You
At evergreenDIRECT Credit Union, the security of member information is a priority. We are strongly committed to the safety and confidentiality of your records.
Transport Layer Security: Our website and online banking platform is secured using a Transport Layer Security (TLS) 1.2 level digital certificate and industry standard encryption to protect other computers from eavesdropping and interception by encrypting all data that is transmitted between our site and your computer. We only support browsers that can provide industry accepted encryption protocols. These protections ensure that you are dealing with evergreenDIRECT Credit Union and not an imposter site impersonating us.
Security Preferences: You can set your account security preferences in online banking. We use these security options to verify your identity.
Multi-Factor Authentication: Multi-factor authentication (MFA) helps prevent unauthorized access to your online account. MFA requires a second method of authentication in addition to username and passcode. We use security challenge questions. You can select three security challenge questions and provide answers that are easy for you to remember, but that only you know the answer.
You can update these security options at any time—simply log into online banking and go to Update Security Settings under User Profile.
Annual System and Security Audits: Our latest annual security review of our web site was conducted by a reputable security firm and they found no significant vulnerabilities.
How You Can Protect Yourself
Our security measures are only a part of what it takes to make sure you're protected, because no security is perfect. It's your responsibility to use up-to-date software, and to enable security features such as anti-virus, anti-malware, and only connect from trusted networks. Your computer's browser communicates with our computer, systems and websites. You will need to update your web browser periodically to ensure that your interactions with our website are safe and secure—and to ensure an optimal experience. We recommend using the most up-to-date version of your web browser.
One of the best ways to avoid fraud is to become an educated consumer and we would like to help you in this endeavor. Please take a moment to read this important information on how to keep yourself safe when conducting business online.
How to Keep Yourself Safe in Cyberspace
An important part of online safety is knowledge. The more you know, the safer you'll be. Here are some great tips on how to stay safe in cyberspace:
1. Set strong passwords. A strong password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Change your password frequently. Don't write it down or share it with others.
2. Don't reveal personal information via email. Emails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe, do not send your personal information such as account numbers, social security numbers, passwords etc. via email or texting.
3. Don't download that file! Opening files attached to emails can be dangerous especially when they are from someone you don't know as they can allow harmful malware or viruses to be downloaded onto your computer. Make sure you have a good antivirus program on your computer that is up-to-date.
4. Links aren't always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you would expect. To avoid falling into their trap, type in the URL address directly and then log in.
5. Web sites aren't always what they seem. Be aware that if you navigate to a Web site from a link you don't type, you may end up at a site that looks like the correct one, when in fact it's not. Take time to verify that the Web page you're visiting matches exactly with the URL that you'd expect.
6. Logoff from sites when you are done. When you are ready to leave a site you have logged in to, logoff rather than just closing the page.
7. Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly statements and report any unauthorized transactions right away.
8. Use secured computers. When performing financial transactions, using secured computers whenever possible, such as your home or work computer will be safer than using publicly available computers.
9. Assess your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts. Some items to consider when assessing your online banking risk are:
- Who has access to your online business accounts?
- How and where are user names and passwords stored?
- How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
- Do you have dual controls or other checks and balances with respect to access to online banking transactions?
What to Expect from evergreenDIRECT
EvergreenDIRECT will NEVER call, email or otherwise contact you and ask for your user name, password or other online banking credentials.
EvergreenDIRECT will NEVER contact you and ask for your credit or debit card number, PIN or 3-digit security code. Please see below for more information about how our card provider approaches customer service calls.
Debit and Credit Cards
Our card provider will identify themselves as Card Member Services. They will never ask for your card number, expiration date or CVC (security) code.
- Verify your street address.
- Verify the last four digits of your Social Security Number. They may:
- Ask for the last four digits of your card number.
- Ask to verify the amount of your last transaction or payment.
At any time if you are uncomfortable with the call, please hang up and call the credit union.
Rights and Responsibilities
With respect to online banking and electronic fund transfers, the Federal government has put in place rights and responsibilities for both you and the credit union. These rights and responsibilities are described in the Account Information Disclosures you received when you opened your account with EvergreenDIRECT. You can also find them online under the Terms & Conditions at evergreenDIRECT.org. Ultimately, if you notice suspicious account activity or experience security-related events, please contact the credit union immediately at 1-800-327-4286.
How to Avoid Becoming a Victim of Phishing Scams
Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed (you can't be sure it wasn't forged or 'spoofed'). Phishers typically: (1) include upsetting or exciting (but false) statements in their emails to get people to react immediately; (2) ask for confidential information such as usernames, passwords, credit card numbers, social security numbers, account numbers, etc.; and (3) do not personalize the email message (while valid messages from your credit union should be).
- Don't use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
- Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secureWeb server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just http://.
- Consider installing a Web browser tool bar to help protect you from known phishing fraud websites.
- Regularly log into your online accounts and don't wait for as long as a month before you check each account.
- Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your financial institution(s) and card issuers.
- Ensure that your browser is up to date and security patches applied.
- Always report "phishing" or “spoofed” e-mails to the following groups:
- forward the email to email@example.com;
- forward the email to the Federal Trade Commission at firstname.lastname@example.org;
- forward the email to the "abuse" email address at the company that is being spoofed
- when forwarding spoofed messages, always include the entire original email with its original header information intact; and
- notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/.
What To Do If You've Given Out Your Personal Financial Information
Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. And many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing website. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, financial institution fraud, or identity theft. Below is some advice on what to do if you are in this situation:
- Report the theft of this information to the card issuer as quickly as possible: Many companies have toll-free numbers and 24-hour service to deal with such emergencies.
- Cancel your account and open a new one.
- Review your billing statements carefully after the loss: If they show any unauthorized charges, it's best to send a letter to the card issuer describing each questionable charge.
- Credit Card Loss or Fraudulent Charges (FCBA):
- Your maximum liability under federal law for unauthorized use of your credit card is $50.
- If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.
- ATM or Debit Card Loss or Fraudulent Transfers (EFTA):
- Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.
- You risk unlimited loss if you fail to report an unauthorized transfer within 60 day after your bank statement containing unauthorized use is mailed to you.
- Report the theft of this information to the bank as quickly as possible.
Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames, passwords, Social Security Numbers, etc. In this case, you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and run a full scan.
- Confirm every connection your firewall allows.
- If your system appears to have been compromised, fix it and then change your password again, since you may well have transmitted the new one to the hacker.
- Check your other accounts! The hackers may have helped themselves to many different accounts: eBay account, PayPal, your email ISP, online bank accounts, online trading accounts, e-commerce accounts, and everything else for which you use online password. Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given out this kind of information to a phisher, you should do the following:
- Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
- Request that they place a fraud alert and a victim’s statement in your file.
- Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/conline/edcams/freereports/index.html.
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
- Major Credit Bureaus:
- Equifax - www.equifax.com:
- To order your report, call: 800-685-1111 or write: P.O. Box 740241, Atlanta, GA 30374-0241.
- To report fraud, call: 800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241.
- Hearing impaired call 1-800-255-0056 and ask the operator to call the
- Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.
- Experian - www.experian.com:
- To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002, Allen TX 75013.
- To report fraud, call: 888-EXPERIAN (397-3742) and write: P.O. Box 9530, Allen TX 75013 TDD: 1-800-972-0322.
- Trans Union - www.transunion.com:
- To order your report, call: 800-888-4213 or write: P.O. Box 1000, Chester, PA 19022.
- To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634 TDD: 1-877-553-7803.
- Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity:
- If bank accounts were set up without your consent, close them
- If your ATM card was stolen, get a new card, account number, and PIN.
- Contact your local police department to file a criminal report.
- Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.
- Notify the Department of Motor Vehicles of your identity theft:
- Check to see whether an unauthorized license number has been issued in you name.
- Notify the passport office to be watch out for anyone ordering a passport in your name.
- File a complaint with the Federal Trade Commission:
- Ask for a free copy of "ID Theft:When Bad Things Happen in Your Good Name" a guide that will help you guard against and recover from your theft.
- File a complaint with the Internet Fraud Complaint Center (IFCC)
- The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the NationalWhite Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet.
- For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.
- Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.
If You Become a Victim of Identity Theft
If you believe that someone has stolen your identity, you should contact the fraud department of each of the three major credit bureaus to report the identity theft and request that the credit bureaus place a fraud alert and a victim's statement in your file. The fraud alert puts creditors on notice that you have been the victim of fraud, and the victim's statement asks them not to open additional accounts without first contacting you.
The following are the telephone numbers for the fraud departments of the three national credit bureaus:
Trans Union: 1-800-680-7289
- You may request a free copy of your credit report. Credit bureaus must provide a free copy of your report, if you have any reason to believe the report is inaccurate because of fraud and submit a request in writing. Review your report to make sure no additional fraudulent accounts have been opened in your name, or unauthorized changes made to your existing accounts. Also, check the section of your report that lists "inquiries" and request that any inquiries from companies that opened the fraudulent accounts be removed.
- Contact any credit union or other creditor where you have an account that you think may be the subject of identity theft. Advise them of the identity theft. Request that they restrict access to your account, change your account password, or close your account, if there is evidence that you r account has been the target of criminal activity. If your credit union closes your account, ask them to issue you a new credit card, ATM card, debit card, or share drafts, as appropriate.
- File a report with your local police department.
- Contact the FTC's Identity theft Hotline toll-free at 1-877-ID-THEFT (438-4338).
The FTC puts the information into a secure consumer fraud database and shares it with local, state, and federal law enforcement agencies.
For more online security tips and resources, visit OnGuardOnline.