October is National Cybersecurity Awareness Month and MMCCU is joining the annual effort to educate about cybersecurity.
“Cybersecurity is an invasion on an individual’s personal information and can lead to financial losses if the information ends up in the wrong person’s hands,” said David Murphy, VP-Finance & Risk at Marshfield Medical Center Credit Union. “In the case of the hundreds of data breaches we’ve experienced, like Experian, Target, or Wendy’s, for example, criminals were able to obtain information ranging from debit/credit card numbers to passwords to personal data, like Social Security Numbers.”
Criminals can use this information to obtain information about personal accounts or to make changes to accounts in an attempt to facilitate fraud and hide it from the rightful owners.
“Have you ever had fraudulent charges show up on your credit card or in your checking account? Many times, this is perpetrated from criminals obtaining your data through a breach,” said Murphy. “Have you ever contacted a merchant to find out they had the wrong phone number and address listed on your account, even though you never requested that information be changed? This could be a result of criminals obtaining information about you and contacting merchants to make the changes to hide any fraudulent attempts on your accounts.”
Murphy said that MMCCU makes every effort to protect its members, but it is still important for individuals to be aware of steps they can take to protect their own data.
“We feel we have a good, personal relationship with our members, and many times, our staff can recognize voices of members calling in based on previous interactions. However, we still want to make sure we are not giving out your information to the bad guys, so we may ask questions related to you or your accounts with the credit union,” said Murphy. “We don’t always rely on the cookie-cutter questions, like SSN or DOB, however. We may ask you details about your account that only you should know. Our goal is to make sure we’re giving out information to the right people.”
According to Murphy, social engineering has increased the importance of protecting personal information, like Social Security Numbers, Date of Birth, and Account Numbers.
“Think about when you call to make changes to an existing set up for cable or have questions on your bill with the local utility company- what kinds of questions are they asking you? What’s your date of birth? What’s the last 4 digits of your Social Security Number? What’s your address? These are all common items criminals can obtain through Social Engineering,” he said. “What about questions about your pet’s name or your favorite vacation spot? When you post pictures of your pet on social media or upload pictures of your last vacation spot, criminals now have a means to obtain more personalized information about you simply by the information you share online.”
Murphy encourages the use of passphrases in place of less complex passwords, which has been a recent development to encourage users to using unique and complex passwords. Technology allows criminals to hack into accounts simply by guessing passwords or from stealing passwords from one merchant and using it to access an account with another merchant.
“Do you use the same password for your online banking account and your Facebook account? If your Facebook password is compromised, the criminal now has your password to access your online banking,” he said.
“Attempts from cybercriminals to steal your information is ongoing and doesn’t appear to slow down anytime soon,” said Murphy. “Whether it’s receiving a call from a phone number you do not recognize, receiving an email from a sender you do not recognize or one you are not expecting, you must remain diligent at all times in protecting your data. If you ever have a question on the legitimacy of a request for data, we’d encourage you to reach out for assistance. We’re always happy to help members and only want to protect our members and their data”