October was Cybersecurity Awareness Month, a time when government agencies, businesses, and financial institutions come together to raise awareness of the importance of protecting your personal and financial information online.
We interviewed our Chief Information Security Officer – we’ll call him John Doe in an effort to protect his identity – to learn what his team does at the credit union and what members can do to keep themselves safe online.
What is your role at the credit union?
As the Chief Information Security Officer, I lead our information security program. This includes making sure both PSECU and our vendors protect our company and member data. I also serve as the Privacy Officer, which means that I ensure that we meet privacy obligations and are using data in compliance with privacy laws. Lastly, I oversee our disaster recovery planning to make sure we can recover our systems if an unexpected issue occurs.
What are the most common cybersecurity scams that your team sees?
While scams can be presented in many different ways, they’re often structured similarly. These are three scams that we’re currently seeing:
- Verification code scams. A scammer gets ahold of your online account credentials, tries to log in, and when prompted to enter a verification code contacts you and coerces you into giving them that code. Once you do, they gain access to your account.
- Account takeovers. A fraudster gains access to your account and changes the contact information. They can then divert account statements and/or notifications, so they can make unauthorized transactions without you knowing.
- Money mule scams. These scams occur when someone (knowingly or unknowingly) follows the instructions of a scammer to receive and then move money that the scammer received fraudulently.
What can consumers do to protect their information?
Stay informed and be alert. If you get a call, text, or email that just doesn’t seem right, pause and determine its legitimacy before providing any information or taking any action.
For example, if you get a call claiming to be from PSECU, but the caller asks for your account PIN (which we will never do in a call that we initiate), hang up. Even if the call appears to be coming from our 800 number, hang up. Unfortunately, it’s easy for scammers to spoof phone numbers, making it appear that a call is legitimate when it’s not. Call us directly and we’ll help you determine if it was a legitimate contact and what to do if it wasn’t.
If the call you received was legitimate, and you hung up on us, don’t worry. We will still help you. We’d rather you hang up on us accidentally than be tricked into giving a fraudster your account information.
How else can individuals protect their data?
As part of Cybersecurity Awareness Month, the Cybersecurity & Infrastructure Security Agency is encouraging everyone to follow four simple steps to keep their information safe:
- Use strong passwords. The more complex and unique your password is, the harder it is for criminals to crack.
- Turn on multifactor authentication (MFA). Enabling MFA where you can make it harder for scammers to gain access to your account.
- Recognize and report phishing. Know how to spot a scam, including communications with a sense of urgency, legal threats, and typos or other mistakes.
- Update software. Keeping your software current ensures you have the latest security patches on your devices.
Any final thoughts?
We work hard at PSECU to protect member information through diligent and proactive monitoring, employee education, and member education. It’s a team effort, though, so we need members to be alert, monitor their account(s), review statements, and contact us when they see issues. For example, if you receive a fraudulent email pretending to be from PSECU, you can contact us at email@example.com so that we can investigate and potentially take action to protect other members.
The content provided in this publication is for informational purposes only. Nothing stated is to be construed as financial or legal advice. Some products not offered by PSECU. PSECU does not endorse any third parties, including, but not limited to, referenced individuals, companies, organizations, products, blogs, or websites. PSECU does not warrant any advice provided by third parties. PSECU does not guarantee the accuracy or completeness of the information provided by third parties. PSECU recommends that you seek the advice of a qualified financial, tax, legal, or other professional if you have questions.