Link graphic
Online Banking TCU Banking Security

about

Newsletters


Legal - TCU Security

This section of the web site is dedicated to the education of our members regarding security issues that may impact their lives. We have provided some helpful information and links to help members protect themselves from a number of security-related issues.

 

Member Security Issues

Phishing Advisory

'Phishing' is an attempt to lure you into providing personal information such as credit card numbers, banking information, social insurance numbers, passwords. Their goal is access your funds, steal your identity or commit other frauds.

There are many variants of phishing emails in circulation. The usual features of these messages:

  • the message is intended to panic you
  • the message may look like it is coming from a legitimate source because they have replicated logos or graphics of the real business
  • they provide an easy link for you to go online and fix the problem
  • there are often spelling and grammar errors

    How do you protect yourself?

  • Ensure you have installed internet security software on your computer and that it has an up-to-date subscription.
  • Ensure your Windows updates are up to date (turning the 'Automatic Update' feature on will do this for you)
  • Do not reply to these messages
  • Do not click on links in email messages!!
  • Use that DELETE key, without guilt
  • Know the people you're doing online business with
  • Learn how to use website 'certificates' (see the next section)
  • Change the options on your email program to open messages in 'plain text' format only
  • Let us know if you receive an email that appears to come from us or other credit union affiliates that you suspect is not legitimate.

    How do you recognize a legitimate secure e-commerce website?

  • The website address (usually appears in the top menu) begins with " https:// ". Note the "S" - this is one indicator for 'Secure'.
  • Look for the LOCK - when you are on a secure site, there will be a lock icon. Depending on your internet browser, it may be at the bottom right or it may be next to the website address bar.
  • You can click on that LOCK icon and see the site security certificate.
  • These certificates are only issued when businesses prove that they are legitimate.
  • The organizations that issue certificates have a very good authentication process.
  • TCU's secure website (https://) uses a shared certificate from our hosting provider, Nexx Online, which provides 256-bit encryption of sensitive information before transmission through a web browser.

    What is TCU doing?

  • It is our policy to NEVER send email requesting you to confirm anything. We will contact you by telephone or postal mail, or respond to your email request.
  • Our website has helpful information on phishing, fraud and identity theft
  • Our website blog also has a number of articles on these topics
  • Keeping our staff and members up to date with information on current trends and threats

    Symantec

    Internet Security Recommendations

    Question: What can I do to protect my identity and computer when I connect to the internet.

    Answer: A good security strategy has many 'layers'. Some of the critical components are:YOU!


     
  • If you connect to the internet, you need to be aware of the threats and how to protect yourself from them. If you know what's out there, you can take appropriate precautions. You don't have to be an expert - just understand that there are 'bad apples' out there.
  • The 'bad apples' also know that you really like to help out when you can. So they use that against you. Those puppies that are lost - those downtrodden folks trying so desperately to get their millions out of the country safely (Nigerian scams) - the 'free' vacations - are simply trying to exploit your good nature. Be suspicious, and keep your thinking hat firmly on!

    Automatic Updates

  • Windows operating systems have an 'Automatic Update' feature that will check for hotfixes and patches for your Windows software automatically. You can let the computer do all the administration for you. If you prefer not to allow software to update automatically, it is critical that you diligently check for updates and install them.

    Internet Security Software

  • These software suites have a variety of protection components built in. The typical software suite includes a year of subscription updates. Keeping this software current is critical! Often, when it's time to renew subscription, the vendor offers reduced pricing for a newer version of the software as well as continued up-to-date protection.
  • The subscriptions allow your computer to receive updates from the vendor for the life of the subscription. Many suites will update automatically every day.
  • Some internet service providers include some filtering, including spam or virus detection. This is a good feature of the service, but it is still critical that both Windows Updates and Internet Security software be installed and up to date on each computer connecting to the internet.

    Let's be careful out there!

    Advisory - 'Silent Banker' Trojan

    A Trojan 'Silent Banker' virus threat has been reported in the news recently. Unlike "phishing" and "pharming" frauds which involve e-mail communication with victims and the use of websites that mimic the appearance of genuine financial institution websites, a Trojan attack on a user's computer can go undetected. While this type of attack is not new, it is important to be aware of the potential for this type of attack.

    Members can be assured that TCU's services network and server infrastructure has had the necessary security in place to protect it against this type of threat.

    How do you protect yourself?

    The best protection against this type of security threat is to keep each personal computer used maintained with up-to-date operating system, antivirus, spyware and firewall protection. Your computers will be protected against the 'Silent Banker' virus and others like it, by following the guidelines of:

  • keep your operating system updated - turn on the Windows 'Automatic Updates' feature and allow it to download and install updates automatically, and
  • install and keep up-to-date subscriptions of a reputable security suite.

    If you are concerned about your computer already being infected with the virus, be sure to purchase antivirus and spyware protection.

    The Trojan 'Silent Banker' virus has the capability of:

    • Substituting legitimate online banking transaction details with the account details of the attacker
    • Adding HTML content (web page language) to legitimate pages to solicit additional private information
    • Logging user ID's and passwords for more than just banking sites (eg Hotmail)
    • Changing computer settings to re-direct web pages to the attacker's servers
    • Creating a web server out of the user's computer for other illegal activity.

    Notice to MasterCard® holders travelling to Cuba

    CU Electronic Transaction Services (CUETS) which issues MasterCards to credit unions in Canada, was recently acquired by a subsidiary of the Bank of America. As a result, MasterCard is forced to abide by U.S. economic sanctions that prevent the use of the cards in several countries.

    Therefore, effective October 1, 2007 CUETS MasterCards will no longer be accepted in the following countries: Iran, Myanmar, North Korea, Sudan, and Cuba.

 

 

TCU – Your Community Credit Union, You Belong With Us!

CLOSE