Your Security Matters
Bangor Federal Credit Union takes your security very seriously. Here are some things we do to watch out for you and some ways you can help protect yourself.
- We have a fraud monitoring system in place to monitor all debit and credit card activity. You may receive a call from us, or on our behalf, to verify transaction activity on your card. Please be advised that we will never ask for your card number, pin number or the 3-digit code on the back of your card. You are covered by Visa’s Zero Liability protection against fraudulent transactions (does not apply to ATM transactions, PIN transactions not processed by Visa, and certain business card transactions).
- If you plan on traveling and using your debit or credit card, please give us a call so we can make a note on your account. This will help decrease the likelihood that your card will get blocked.
- Never write your pin number on your debit or credit card and don’t keep it in your wallet or purse.
- Never give out your username and passwords.
- Never give someone else remote access to your PC.
- Use complex, hard to guess passwords for online services including Online Banking and store them in a secure place only accessible to you. Complex passwords are at least 8 characters in length, and are a combination of upper and lower case letters, numbers, and special characters. Avoid using birth dates, anniversaries, family member’s or pet’s names, or words out of the dictionary as passwords.
- Do not use the same username and password combination on multiple sites. If it gets compromised, cyber criminals can then use it to gain access to other sites you have used it on.
- Don’t use public computers for financial activity. Public computers can be infected with viruses and malware.
- If your Bangor Federal debit or credit card gets lost or stolen, contact us immediately to limit your liability. For information on how to report it after hours, click here.
- Beware of phishing attacks. Bangor Federal will never contact you by phone, email or text message to ask for personal, account, or card information.
- The best line of defense is you. We offer several means by which to monitor your account 24/7 for unauthorized activity. Sign up for one of our free account access products including Online Banking, eAlerts, Mobile Banking, iTalk Banking, and SMSGuardian. If you detect suspicious activity on your account, contact us immediately at 207-947-0374.
- Log off of websites when you are finished. Don’t just close the browser. Never leave your computer unattended while you are logged on to a website.
- We use multi-factor authentication on your Online Banking to help protect your accounts from fraud. The security image and phrase that you set up when you register is your verification that you are on the real Bangor Federal Online Banking login page.
- Use discretion when posting personal information on social media. This information is a treasure-trove to scammers who will use it to feign trustworthiness.
The Federal Trade Commission is a great resource to help you deter, detect and defend against identity theft. You can also click here to download an informative Identity Theft brochure. Here are some tips for how to avoid becoming a victim of Identity Theft:
- Review a copy of your credit report annually to make sure the information on it is accurate.
- Monitor account activity regularly for unauthorized activity. If you see anything suspicious, contact your financial institution immediately.
- Store personal information, passwords and sensitive records in a safe place. Shred financial statements, credit card offers, bank checks, and any other documents that contain personal information about you before throwing them away.
Help protect your computer and your personal information with these simple tips:
- Never click on links in unexpected or untrusted emails, particularly when they are requesting personal information.
- Don’t open emails from unknown sources, and use extreme caution when opening attachments in emails. If the email isn’t from a trusted source, don’t open the attachment. Even if it is from a trusted source, use caution, it could be that their email account was compromised. Attachments can contain viruses or malware.
- Whenever entering personal information in an online form, ensure that the site you are using is secure.
- Run updated anti-virus and anti-spyware software on your computer and mobile devices. Be sure to keep the software updated so you have the latest protection available.
- Make sure to install any available operating system patches regularly, and do not use computers with operating systems that are no longer supported (such as Windows XP).
- Only install third-party applications and software that you really need. Make sure it is from the vendor or the Android, Apple or Windows Store. Since the app stores allow third-parties to post and sell apps, make sure the app is from a trustworthy source.
Trojan Horses are a type of malware that misrepresent themselves to look legitimate, much like the Trojan Horse the Greek army used to enter Troy. Trojan Horses may be apps in smartphone stores, freeware and shareware, or even attachments to emails. The last is a very common spam technique and is often used with spam email campaigns that say you have a voicemail, fax, or shipping notification. When you click the attached document to hear the voicemail, or see the fax or who has shipped you a package, the file opens to show you what you expect to see or hear, but in the background malware is downloading on to your computer.
Drive-by Downloads and Malvertising
Drive-by downloads occur when a program is downloaded onto your device without your permission. One way this happens is through malicious advertising or malvertising. You know the advertisements that appear on the edge of many webpages? When malicious actors purchase advertising space there, they can install malware in the advertisement. That means that if you see that malicious advertisement, which looks like any legitimate advertise, the malware hidden in the advertisement will automatically try to download onto your device.
Social Engineering – Malicious Links
Social engineering relies on tricking you into taking an action, such as clicking on a link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites is enough to infect your device.
Some types of social engineering use link baiting or other techniques to get you to click on the malicious link. Link baiting (which is not necessarily malicious) is when content providers try to get you to click on a link. One popular form of link baiting is providing a teaser that generates interest in the story, such as “5 Things Preventing You From Being Rich” or “When I found about this trick, it blew my mind!”
Social Engineering - Scareware
Scareware, such as ransomware and fake antivirus software, frequently use social engineering by making popup boxes look like messages from your computer. These messages try to look official and say things “System Warning!” and “Threats Found!” or “Your computer is infected. Click OK to remove the virus.” They hope you’ll click on the message, which allows the malware to be downloaded on to your computer. Often clicking anywhere on the message allows the malware to be downloaded, so instead hit the back button or on a Windows computer, use the Task Manager to close the popup window.
As if scareware wasn’t bad enough, some versions of scareware use the scary warning messages to convince you to buy the malware. Fake antivirus malware most commonly uses this technique. Fake antivirus is malware that pretends to be real antivirus software. The criminals who sell the fake antivirus have professional-looking websites, call centers where you can ask for help, and even different payment levels. After you buy and install the fake antivirus, it will infect your computer with malware instead of cleaning it, and the malicious actors have your money!