MCU: New York's Credit Union Since 1916
Resource Center
Member Alert: Protect Yourself against Internet Fraud
Phishing and Spoofing may sound like the names of new computer games, but in reality they are sophisticated techniques used by identity thieves to rob you of your personal information so they can gain access to your accounts.
What is Phishing? It is a way to get you to divulge your personal account information and it can take several forms. One common technique is an "urgent" email that looks as if it is coming from your own financial institution. It will request that you respond to the email with validation of your account numbers and PINS on some pretext or other (for instance, it might say that the federal insurance on your savings accounts will be revoked unless you update your personal data, or that your VISA card will be cancelled if you don't comply).
Here's the Truth: No financial institution will ever request that you update your information by e-mail, or by calling you over the phone*-they already have that information! If you get such a request, someone is out there phishing for your personal information. Do not divulge it no matter how urgent the request seems. Instead, contact your financial institution immediately and report it.
Spoofing: The creation of a phony web site that is a copy of your financial institution's web site. Fraudsters may embed a link in a phishing email and try to entice you (or scare you) to click on the link and log on to your accounts through the pretend site. If you input your account number, pin and password it will be collected in the thieves' database and used to gain access to your accounts.
Protect Yourself! There are ways in which you can help to safeguard your personal information over the internet: Protect your system (your PC) by keeping it updated, using virus protection software, and making sure that any links in any emails open to correct web address of the institution or organization you had intended to contact.
Protect your system (your PC): It is extremely important to keep your PC updated with the latest releases and patches from your system provider. (If you use a Windows based system, you can find downloads to protect your PC by clicking on the following link: www.microsoft.com/security/protect).
Virus Protection: Install and use virus protection software on your PC; make sure that it is updated regularly. Suspicious of emails received from unknown sources, particularly those with attachments which may be virus carriers. Do not open an email attachment if you don't know the sender. It's better to be safe than sorry, and delete it without opening it.
Protect Yourself Against Spoofing: Check your browser window to insure that the URL (the web address) belongs to your financial institution-and read the address carefully to make sure it's exactly the same and not a copycat. You may wish to enter it yourself instead of using a link to see if it goes to the same place.
At MCU, our web site address is www.nymcu.org and that is what appears in the browser window when you go to our web site.
When you use home banking, legitimate financial institution sites use stringent security protocols to protect the privacy of your personal account information, The way to tell that you are in a secured site is, again, by looking at the address in the browser window. The way you can be sure that the site is secured is because the beginning of the web site address in the top browser window has changed from "http" to "https" - and the "s" at the end stands for secured.
At MCU when you log on to home banking the URL will change from http://www.nymcu.org to https://nymcu-ebranch.org/cgi-bin/mcw000.cgi, and a security icon usually appears in the bottom browser window. We protect your online accounts with the strongest internet security available. When you enter your account number, pin and password to access home banking, your personal information is not transmitted until you click the "Log In" button. Doing so establishes a secure connection using Secure Sockets Layer (SSL) protocol and a 128-bit encryption algorithm which is the strongest internet security available.
The secured connection continues for the duration of your online banking session. The reason your browser does not display a lock (Internet Explorer) or a key, (Netscape) when you first visit www.nymcu.org is because a secured connection is established only when you log in to home banking. However, if you would prefer to log on to MCU OnLine Home Banking from a location where your browser displays the lock or key, you can go directly to that address, https://nymcu-ebranch.org/cgi-bin/mcw000.cgi?MCWSTART.
What to Do if you think Your Accounts Have Been Compromised
If you think your MCU accounts have been compromised, let our Fraud Department know immediately by filling out and submitting a Fraud Investigation Form.
You can also file a fraud complaint and obtain a credit report by contacting the credit bureaus:
| Equifax: | www.equifax.com |
| Credit report and/or Fraud (800) 685-1111 | |
| Experian: | www.experian.com |
| Credit report and/or Fraud (888) EXPERIAN | |
| Trans Union: | www.tuc.com |
| Credit Report (800) 916-8800 Fraud (800) 680-7289 |
Yes, there are unscrupulous people out there. However, the internet is a wonderfully convenient way to transact business and take care of your finances; by taking a few precautions, you can continue to use it in confidence and enjoy its many benefits.
*Your financial institution will not call you and ask you to verify your personal information. However, if you call your financial institution, you may be asked to verify who you are by providing some information and possibly answering a security question that you've set up in advance. That's because they are trying to insure that it is YOU calling, and not someone else attempting to gain access to your accounts.