Information security and online safety is important for all RBFCU members
The security of your online information is one of our top priorities. The RBFCU Information Security Team constantly monitors potential threats to our online and mobile platforms. Here are some simple procedures you can perform to keep you and your family secure while using the internet.
- Use complex passwords for all accounts. The following are guidelines for complex passwords:
- Use a minimum of 8-12 characters.
- Use a combination of uppercase and lowercase characters.
- Use special characters, like @, !, $ and #.
- Use passphrases and substitute characters. For example, using the first letters of every word and substituting letters to make your password, “RBFCU is the best credit union ever!” turns into R1t8Cn3!
- Change your passwords on a regular basis.
- Create separate passwords for online banking and other personal accounts. For example, passwords used for your personal email should not be the same as your password for online banking.
- For additional information and training please see our RBFCU Member Training, Education and Awareness module
Additional steps to protect your computer
Here are some key steps you can follow to help protect your computer from intrusion.
Install and update your anti-virus software
Anti-virus software is designed to prevent malicious software programs from installing on your computer. If it detects malicious programs, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without user knowledge. Most types of anti-virus software can be set up to update automatically.
Keep your firewall on
A firewall helps protect your computer from hackers who might try to gain access to delete information, or steal passwords or other sensitive information. Software firewalls are widely recommended for individual computers.
Be careful what you download
Carelessly downloading email attachments can circumvent even the most vigilant anti-virus software. Never open an email attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
Install and update your anti-spyware technology
Spyware is software that is secretly installed on your computer to let others see your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads. Be wary of ads on the internet offering downloadable anti-spyware.
Keep your operating system up to date
Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
Turn off your computer
With the growth of high-speed internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible to attack. Beyond firewall protection, which is designed to fend off attacks, turning the computer off effectively severs an attacker’s connection.
Source: FBI.gov, https://www.fbi.gov/scams-and-safety/on-the-internet
How to keep your mobile devices secure
RBFCU's mobile app and mobile-friendly site are designed to keep members connected to the credit union no matter where they are. Please take a moment to review our mobile security tips to help keep your devices safe and connected.
Smartphones and tablets are very useful devices. App stores make them even more useful by providing a convenient method to install apps of all kinds to do many useful things. Sometimes, unfortunately, apps are made available that spy on you as you use your device. It is important to read the reviews for the app — more reviews (with good ratings) are better and some app stores are more trustworthy than others.
Jailbreaking (iOS) and/or rooting (Android) a device is a process by which a flaw in your smartphone or tablet’s basic software is exploited, permitting the user to change the behavior of the device. Jailbreaking and rooting can void your warranty, nullify support with the device manufacturer and sometimes introduce security issues that put you at risk. We do not recommend installing an RBFCU mobile app or accessing an RBFCU mobile-friendly site from a device modified in this manner unless you are certain the device is safe to use for banking purposes.
Most smartphones and tablets sold today provide encryption and password-locking capabilities. We recommend you use them, especially when you have chosen to store your login credentials on any mobile apps including online banking, social media and shopping. Without this protection, your device may provide a thief with the access necessary to make fraudulent transfers and purchases.
Wi-Fi has become more common and available in public areas such as restaurants. There is always a risk with “free” and “open” wireless for these devices, just like for laptops. Anyone can set up an open Wi-Fi network allowing anyone to access unsecured data that travels on it. Although your RBFCU Mobile app is communicating securely, there are other apps that do not. If you have reused your online banking password on those unsecured sites, that information might be compromised. Avoid open networks and never reuse your online banking password anywhere.
The use of the internet, or software with internet access, to defraud victims or to otherwise take advantage of them is known as internet fraud. Internet crimes steal millions of dollars each year from victims and continue to plague the internet through various methods. Several high-profile methods include the following:
Phishing: Also referred to as vishing, smishing or pharming, phishing is often used in conjunction with a spoofed email. It is the act of sending an email falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
Business Email Compromise (BEC): A sophisticated scam targeting businesses working with foreign suppliers or companies that regularly perform wire transfers or other electronic payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Email Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.
Ransomware: A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as bitcoin, at which time the attacker will purportedly provide an avenue to the victim to regain access to their data.
Data Breach: A leak or spill of data that is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected or confidential information that is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Malware/Scareware: Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
Denial of Service: An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.