Online security is important for all RBFCU members
The security of your online information is one of our top priorities. The RBFCU Information Security Team constantly monitors potential threats to our online and mobile platforms. Here are some simple procedures you can perform to help keep you and your family secure while using the internet.
Protect your usernames and passwords
Keeping your credentials safe is easy and takes less time than you might think. Here are some recommendations to help make your usernames and passwords more secure:
- Use complex passwords for all your accounts:
- Use 12 or more characters. The longer your password is, the harder it is to compromise.
- Combine uppercase and lowercase letters, numbers and special characters like @, ! and $.
- Get creative by swapping similar letters and numbers, like “7” instead of “L” or “n” instead of “u.”
- Substitute letters for words to create passphrases. For example, “RBFCU is the best credit union ever!” turns into “R1t8Cn3!”
- Change your passwords on a regular basis, at least every few months.
- Don’t reuse your usernames and passwords. Create separate credentials for Online Banking and other personal accounts, such as your email or a favorite website.
- Use a password manager. Password managers securely store your passwords in one place using one password, so you don't have to remember all your passwords or write them down. Most password managers will also suggest a unique, complex password when you’re creating a new account or updating an existing one.
- For more information and training, review our RBFCU Member Training, Education and Awareness module.
Enable Multifactor Authentication (MFA)
Whenever possible, use some form of two-factor or multifactor authentication so a cracked password won't compromise your account. Also known as 2FA or MFA, this is usually a numeric code — known as a one-time password (OTP) — sent to your phone or device that you must enter before a site allows you access. Experts contend that combining MFA with machine-generated passwords renders most user accounts practically “uncrackable.”
Additional steps to help protect your computer from intrusion
Install and update your anti-virus software
Anti-virus software is designed to prevent malicious software programs from installing on your computer. If it detects malicious programs, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without user knowledge. Most types of anti-virus software can be set up to update automatically.
Keep your firewall on
A firewall helps protect your computer from hackers who might try to gain access to delete information, or steal passwords or other sensitive information. Software firewalls are widely recommended for individual computers.
Be careful what you download
Carelessly downloading email attachments can circumvent even the most vigilant anti-virus software. Never open an email attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
Install and update your anti-spyware technology
Spyware is software that is secretly installed on your computer to let others see your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads. Be wary of ads on the internet offering downloadable anti-spyware.
Keep your operating system up to date
Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security concerns. Be sure to install the updates to ensure your computer has the latest protection.
Turn off your computer
With the growth of high-speed internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible to attack. Beyond firewall protection, which is designed to fend off attacks, turning the computer off effectively severs an attacker’s connection.
Source: FBI.gov, https://www.fbi.gov/scams-and-safety/on-the-internet
How to keep your mobile devices secure
The RBFCU Mobile app and mobile-friendly site are designed to keep members connected to the credit union no matter where they are. Please take a moment to review our mobile security tips to help keep your devices safe and connected.
Smartphones and tablets are very useful devices. App stores make them even more useful by providing a convenient method to install apps of all kinds to do many useful things. Sometimes, unfortunately, apps are made available that spy on you as you use your device. It is important to read the reviews for the app — more reviews (with good ratings) are better and some app stores are more trustworthy than others.
Also, be aware of what you’re allowing an app you’ve downloaded to access on your device. For example, a flashlight app shouldn’t need access to all of your contacts to work. When in doubt, removing a questionable app — or not downloading it in the first place — is always the safest option.
Jailbreaking (iOS) and/or rooting (Android) a device is a process by which a flaw in your smartphone or tablet’s basic software is exploited, permitting the user to change the behavior of the device. Jailbreaking and rooting can void your warranty, nullify support with the device manufacturer and sometimes introduce security issues that put you at risk. We do not recommend installing an RBFCU Mobile app or accessing an RBFCU mobile-friendly site from a device modified in this manner unless you are certain the device is safe to use for banking purposes.
Most smartphones and tablets sold today provide encryption and password-locking capabilities. We recommend you use them, especially when you have chosen to store your login credentials on any mobile apps including online banking, social media and shopping. Without this protection, your device may provide a thief with the access necessary to make fraudulent transfers and purchases.
Wi-Fi and VPN
Wi-Fi has become more common and available in public areas such as restaurants. Anyone can set up a free and open Wi-Fi network allowing them to access unsecured data that travels on it. Although your RBFCU Mobile app is communicating securely, there are other apps that do not. If you have reused your Online Banking password on those unsecured sites, that information might be compromised. Avoid open networks and never reuse your Online Banking password anywhere. If you must use open networks, install a virtual private network, or VPN, app on your device.
The use of the internet, or software with internet access, to defraud victims or to otherwise take advantage of them is known as internet fraud. Internet criminals steal millions of dollars each year from victims and continue to plague the internet through various methods. Several high-profile methods include the following:
Also referred to as vishing, smishing or pharming, phishing is often used in conjunction with a spoofed email. It is the act of sending an email falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as bitcoin, at which time the attacker will purportedly provide an avenue to the victim to regain access to their data.
A leak or spill of data that is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected or confidential information that is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Malware or Scareware
Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
Business Email Compromise (BEC)
A sophisticated scam targeting businesses working with foreign suppliers or companies that regularly perform wire transfers or other electronic payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Email Account Compromise (EAC)
Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.
Denial of Service
An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.
Can I use multifactor authentication (MFA) for my Online Banking account? How do I set it up?
RBFCU offers MFA (also known as two-factor authentication, or 2FA) to add an extra layer of protection when signing in to your Online Banking account on rbfcu.org or the RBFCU Mobile app. After you enter your account password, we’ll provide you with a one-time passcode (OTP) by call or text. Enter the OTP code to access your account.
To enable MFA for your account:
- Sign in to your Online Banking account at rbfcu.org or the RBFCU Mobile app.
- Select the “My Profile” icon in the upper-right corner.
- Select “Profile Settings.”
- Select “Security Center.”
- Select “One-Time Passcode.”
- Turn the toggle switch next to “Enabled” to the “on” position.
Note: You must add a valid phone number or mobile number to your Online Banking account to use MFA.
How do I update the RBFCU Mobile app to the latest version?
To update the RBFCU Mobile app to the latest version:
- Go to the RBFCU Mobile app listing on the Apple App Store or Google Play on your phone.
- If you see an “Update” button, your app needs to be updated to the latest version.
- Tap the button to update.
For full app functionality, please ensure your device is running the latest software. The RBFCU Mobile app requires the latest operating systems (OS) for security updates:
- iPadOS 13 or later
- iPhone iOS 13 or later
- Android OS 8.0 or later
How can I manage permission settings for the RBFCU Mobile app on my device?
You can change permissions to allow or deny apps to use various features on your phone, such as your camera or contacts list in your phone’s Settings.
Please note: Settings can vary by phone. For more information, contact your device’s manufacturer.
For Apple users:
- Open the Settings app on your device.
- Scroll down to the list of apps at the bottom, and choose the RBFCU Mobile app (listed as “RBFCU”).
- Here, you can choose to enable or disable permissions for specific app features.
For Android users:
- From the Home screen, swipe up to access “All Apps.”
- Find and open the Settings app.
- Tap “Apps & Notifications.”
- Tap the RBFCU Mobile app (listed as “RBFCU”). If you can't find it, first tap “See all apps” or “App info.”
- Tap “Permissions.” Here, you can enable or disable permissions for specific app features by tapping a feature, then choosing “Allow” or “Deny.”
Are older devices supported by the RBFCU Mobile app?
Older devices that are unable to run the latest operating system (OS) versions may not receive the OS security updates needed to run the RBFCU Mobile app. If you have an older device or you choose to use an older OS version on your device, you may not be able to access or use all the features available in the RBFCU Mobile app.
Additionally, only certified devices are supported by the RBFCU Mobile app. If you need assistance with your device, please contact your mobile carrier or device’s manufacturer.