Bangor Federal Credit Union takes your security very seriously.
- You may receive a call from us, or on our behalf, to verify transaction activity on your card. Please be advised that we will never ask for your card number, pin number, or the three-digit code on the back of your card. You are covered by Visa’s Zero Liability protection against fraudulent transactions (does not apply to ATM transactions, PIN transactions not processed by Visa, and certain business card transactions).
- When traveling and you are going to be using your debit or credit card, please give us a call so we can make a note on your account. This will help decrease the likelihood that your card will get blocked as you travel.
- If your Bangor Federal debit or credit card gets lost or stolen, contact us immediately to limit your liability. See more information on how to report your lost or stolen debit or credit card after hours.
Online Banking and Mobile Banking Username and Password Security
We use multi-factor authentication (MFA) on your Online Banking to help protect your accounts from fraud. In addition to MFA, we’ve included other ways below to protect your account(s) from fraudulent activity and cyber-attacks.
- Keep your usernames and passwords private and unique to you. Store these in a secure place that is only accessible by you. Use complex, hard to guess passwords for online services such as Online Banking. Complex passwords are at least 8 characters in length, a combination of upper and lower-case letters, numbers, and special characters.
- Do not allow anyone remote access to your PC.
- Avoid using birth dates, anniversaries, family member’s or pet’s names, or words out of the dictionary as passwords.
- When selecting usernames and passwords for multiple sites, keep them unique and individual. It’s never a good idea to use the same sequence on numerous sites. Should your username/password become compromised, cyber criminals are then able to gain access to other sites you have accessed.
- Public computers are best for basic web-surfing NOT to conduct financial activity such as account inquiries or purchasing items where you would enter your debit or credit card number. Public computers can be infected with viruses and malware capable of capturing your log in information.
- Never leave your computer unattended while you are logged on to a website, always be sure to log off and not just close the browser.
- Use discretion when posting personal information on social media. This information is a treasure-trove to scammers who will use it to feign trustworthiness.
- Use extreme caution when opening emails from unknown sources, especially when opening attachments in emails as the attachment or email may contain viruses or malware.
- Run updated anti-virus and anti-spyware software on your computer and mobile devices. Be sure to keep the software updated so you have the latest protection available.
- Make sure to install any available operating system patches regularly, and do not use computers with operating systems that are no longer supported (such as Windows XP, Windows 7).
- Install and utilize third-party applications and software that you really need. Make sure it is from the vendor such as the Google Play, Apple, or Windows Store. Since the app stores allow third-parties to post and sell apps, make sure the app is from a trustworthy source.
The Federal Trade Commission is a great resource to help you deter, detect, and defend against identity theft. You can also download some helpful brochures from the FTC:
Military ID Theft - What to Know, What to Do
Identity Theft - A Recovery Plan
Medical ID Theft - What to Know, What to Do
Identity Theft - What to Know, What to Do
Child ID Theft - What to Know, What to Do
Here are some tips for how to avoid becoming a victim of Identity Theft:
- Review a copy of your credit report annually to make sure the information on it is accurate. Visit www.annualcreditreport.com to access your free report.
- Monitor account activity regularly for unauthorized activity. If you see anything suspicious, contact your financial institution immediately.
- Store personal information, passwords and sensitive records in a safe place. Shred financial statements, credit card offers, bank checks, and any other documents that contain personal information about you before throwing them away.
REMEMBER, the best line of defense is you! If at any point, you feel that your account information has been compromised or you have fallen victim to a Phishing Scam or other cyber-attack, please call us at 207-947-0374 to let us know.
Current Scams and Member Threats
As fraudsters continually try to find new ways of stealing member information, Bangor Federal is here to help keep you aware and on-top of the latest scams and viruses that may capture personal information such as a social security number, account number, etc. Learn more below on ways to protect yourself and what to watch out for.
Do you know what to look for in a phishing email or phone scam? Fraudsters that utilize this tactic, are seeking to infect computers with malware or steal personal information. “Phishing” has received a lot of attention in the press recently. It is a way that impostors try to acquire personal, sensitive information. They will attempt to convince the victim to provide information such as; login names, passwords, credit and debit card information, birth dates, and social security numbers. This information is then used to access financial resources for malicious purposes. Phishing scams often appear to come from a familiar, trusted resource, such as your email or phone call.
How Can You Protect Yourself?
Here are a few steps you can take to protect your personal information in an email scam or a phone call phishing attempt:
- When you receive an email, watch for Misspelled URLs. Appearing in the address bar, these can be off by as little as one character or may have a subdomain added to the main address that drives to the spoofed website.
- Think Before You Click a Link. Again, this can be tricky to watch for, however if you hover your mouse over a link in an email, without clicking on it, you can see the web address. If it looks suspect, do not click the link and contact customer service for the company the email appears to have originated from.
- Utilize Multi-Factor Authentication. Some companies are requiring a second security step, such as a PIN or a fingerprint. This is required in addition to your login and password to access an account. In the event your password was stolen in any type of phishing scam, having the additional step in place adds a level of security that prevents a thief from accessing any information using only the password.
REMEMBER that Bangor Federal Credit Union employees would never call or email you asking for your personal information such as your social security number, debit card number, account number, etc. If you ever receive an email or a phone call that seems to be from us, yet something about the situation doesn’t feel quite right, or you are suspicious, please do not hesitate to call us at 207-947-0374 or toll free at 800-540-0374. Our staff will be able to help you clarify whether someone from the Credit Union was truly trying to reach you.
Trojan Horses are a type of malware that misrepresent themselves to look legitimate, much like the Trojan Horse the Greek army used to enter Troy. Trojan Horses may be apps in smartphone stores, freeware and shareware, or even attachments to emails. The last is a very common spam technique and is often used with spam email campaigns that say you have a voicemail, fax, or shipping notification. When you click the attached document to hear the voicemail, or see the fax or who has shipped you a package, the file opens to show you what you expect to see or hear, but in the background, malware is downloading on to your computer.
Drive-by Downloads and Malvertising
Drive-by downloads occur when a program is downloaded onto your device without your permission. One way this happens is through malicious advertising or malvertising. You know the advertisements that appear on the edge of many webpages? When malicious actors purchase advertising space there, they can install malware in the advertisement. That means that if you see that malicious advertisement, which looks like any legitimate advertise, the malware hidden in the advertisement will automatically try to download onto your device.
Social Engineering – Malicious Links
Social engineering relies on tricking you into taking an action, such as clicking on a link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites is enough to infect your device.
Some types of social engineering use link baiting or other techniques to get you to click on the malicious link. Link baiting (which is not necessarily malicious) is when content providers try to get you to click on a link. One popular form of link baiting is providing a teaser that generates interest in the story, such as “5 Things Preventing You From Being Rich” or “When I found about this trick, it blew my mind!”
Social Engineering – Scareware
Scareware, such as ransomware and fake antivirus software, frequently use social engineering by making popup boxes look like messages from your computer. These messages try to look official and say things “System Warning!” and “Threats Found!” or “Your computer is infected. Click OK to remove the virus.” They hope you’ll click on the message, which allows the malware to be downloaded on to your computer. Often clicking anywhere on the message allows the malware to be downloaded, so instead hit the back button or on a Windows computer, use the Task Manager to close the popup window.
As if scareware wasn’t bad enough, some versions of scareware use the scary warning messages to convince you to buy the malware. Fake antivirus malware most commonly uses this technique. Fake antivirus is malware that pretends to be real antivirus software. The criminals who sell the fake antivirus have professional-looking websites, call centers where you can ask for help, and even different payment levels. After you buy and install the fake antivirus, it will infect your computer with malware instead of cleaning it, and the malicious actors have your money!
ATM Skimming and What to Watch Out For
As Skimmer Fraud is continually on the rise, it is important for Bangor Federal members to be aware what to look for at ATMs, gas pumps, and anywhere a debit or credit card is used.
Traditionally, skimmers were placed on top of the current card reader where a card is swiped. These readers are somewhat easy to identify as they are able to be shaken off or are loose fitting. Unfortunately, newer forms of skimming may be impossible for the consumer to detect. Skimmers are getting smaller and are being placed inside the card reader. Newer forms of skimming are now attempting to attach devices directly to the internal card readers of ATM.
To help you better understand what to look for, here is a PIN overlay and Anti-Skimming Device. Both are used to capture important card and PIN data:
ATM PIN pad overlay used to capture PIN numbers
Anti-Skimming devices are duplicated to capture card data
Although, the real issue cannot be solved, here are some ways members can protect their card information:
- When using an ATM, take a look around the card reader to verify that everything looks okay. Should something appear wrong, try a different ATM or notify the financial institution or authorities right away.
- When entering your PIN number, hold your hand over the key pad or screen. By doing this, you are less likely to have your PIN captured by an externally installed camera.
As types of technology and the ways criminals are attempting to capture the card data increase, the good news is that Bangor Federal takes your debit and credit card security very seriously. Our staff reviews our ATM equipment twice a day, to verify that no type of skimming device has been added to the machines.