Stay Safe Online: Tips from Our Chief Information Security Officer

October is Cybersecurity Awareness Month, a time when government agencies, businesses, and financial institutions come together to raise awareness of the importance of protecting your personal and financial information online.

We interviewed our Chief Information Security Officer to learn what his team does at the credit union and what members can do to keep themselves safe online.

What is your role at PSECU?

As the Chief Information Security Officer, I lead our information security program. This includes making sure both PSECU and our vendors protect our company and member data. We work actively to stay ahead of emerging threats while educating our members about how to protect themselves. I also serve as the Privacy Officer, which means that I ensure that we meet privacy obligations and are using data in compliance with privacy laws. Lastly, I oversee our disaster recovery planning to make sure we can recover our systems if an unexpected issue occurs.

What are the most common cybersecurity scams that your team sees?

Scammers are continuously evolving their tactics. While scams can be presented in many different ways, they’re often structured similarly. These are three scams that we’re currently seeing:

• Verification code scams. A scammer gets ahold of your online account credentials, tries to log in, and when prompted to enter a verification code contacts you and coerces you into giving them that code. Once you do, they gain access to your account.
• Account takeovers. A fraudster gains access to your account and changes the contact information. They can then divert account statements and/or notifications, so they can make unauthorized transactions without you knowing.
• Money mule scams. These scams occur when someone (knowingly or unknowingly) follows the instructions of a scammer to receive and then move money that the scammer received fraudulently.

What can consumers do to protect their information?

Stay informed and be alert. If you get a call, text, or email that just doesn’t seem right, pause and determine its legitimacy before providing any information or taking any action.

For example, if you get a call claiming to be from PSECU, but the caller asks you for sensitive information like your account PIN (which we will never do in a call that we initiate), hang up. Even if the call appears to be coming from our 800 number, hang up. Unfortunately, it’s easy for scammers to spoof phone numbers, making it appear that a call is legitimate when it’s not. Call us directly, and we’ll help you determine if it was a legitimate contact and what to do if it wasn’t.

If the call you received was legitimate, and you hung up on us, don’t worry. We’ll still help you. We’d rather you hang up on us than be tricked into giving a fraudster your account information.

How else can individuals protect their data?

As part of Cybersecurity Awareness Month, the Cybersecurity & Infrastructure Security Agency is encouraging everyone to follow four simple steps to keep their information safe:

1. Use strong, unique passphrases/passwords. The more complex, random, and unique your passphrase or password is, the harder it is for criminals to crack. Always use a different password for each site. A tip when creating stronger passwords is to include all four character types - uppercase, lowercase, numbers, and symbols.
2. Turn on multifactor authentication (MFA). Enabling MFA where you can on your online accounts, especially social media, email, and financial accounts, makes it harder for scammers to gain access to your account.
3. Recognize and report phishing. Know how to spot a scam, including communications with a sense of urgency, legal threats, and typos or other mistakes. Forward any phishing emails representing PSECU to abuse@psecu.com and delete the message.
4. Update software. Keeping your software current ensures you have the latest security patches on your devices. If you don’t have automatic updates available, be sure to regularly check for updates.

What advice can you give to those who suspect fraud?

If you think your account has been compromised, don’t wait. Take immediate action:

1. Lock your cards. Use the PSECU mobile app or online banking to lock your PSECU debit or credit cards to prevent unauthorized transactions.
2. Change your credentials. Update your account password, PIN, and security questions.
3. Contact us. Report any fraudulent activity to PSECU immediately so we can assist you in securing your account. For example, if you receive a fraudulent email pretending to be from PSECU, you can contact us at abuse@psecu.com so that we can investigate and potentially take action to protect other members.

Any final thoughts?

We work hard at PSECU to protect member information through diligent and proactive monitoring, employee education, and member education. It’s a team effort, though, so we need members to be alert, monitor their account(s), review statements, and contact us when they see issues. If you have any concerns about the security of your PSECU account, don’t hesitate to reach out to us - we’re here to help.

Stay Updated on Latest Fraud Prevention Tips

To protect yourself from fraud, knowledge is key. PSECU is committed to keeping you informed and safe. Visit our Fraud Prevention page for essential tips and resources that can help you recognize and prevent fraud.