Security
Holiday Fraud Alert
During the holiday season it is especially important to keep an eye out for fraudulent actors trying to steal your money and identity. Whether using fake package delivery emails to install malware, setting up fake websites to steal your password, or by impersonating a Trailhead employee and asking for your SSN, these actors are out to do two things, steal as much of your personal information as possible and then use that information to steal your money.
To help keep you and your money safe please read the security tips listed in the, “How to Keep Yourself Safe in the online world” section below…
Remember, if you ever have questions or concerns about the security of your account, please call Trailhead directly at 503-220-2592 to speak with a Trailhead Representative.
Personal Passwords
We encourage our members to use strong passwords. Online Banking and Mobile Banking passwords must meet the following requirements:
- Must be between 12 and 20 characters in length
- Must contain at least one letter, number, and special character
- Must contain both uppercase and lowercase letters
- Cannot contain the following special characters: . @ : ~ (Period, At, Colon & Tilde)
- Cannot be one of your last 3 passwords
Passwords should never be personal names, birth dates, or words found in a dictionary. Passwords should be kept secret and they should also be changed occasionally. The same password should not be used for multiple sites.
Browser Settings
Your browser cipher strength must be set to a minimum of 40 bits in order to access our Online Banking system. We recommend using strength of 128 bits. Most modern browsers come equipped with 256 bits set as the default.
Secure Encrypted Communications Channel
Our Online Banking system uses Secure Socket Layer (SSL) as the first line of defense for providing secure financial services. SSL prevents other computers from eavesdropping on your Internet transactions by encrypting all data transmitted between your web browser and our Online Banking system.
Digital Certificate
Both our primary website (www.trailheadcu.org) and our Online Banking website contain digital certificates to help validate the authenticity of the website. When visiting any Secure Website (HTTPS) site you should be able to determine the legitimacy of the site by viewing the digital certificate used to secure the traffic. The URL on the digital certificate should match the URL of the website you are visiting, with a valid and current date range. If you are on a secure website with a certificate that shows a different URL from the one you are visiting, you are likely on an imposter’s site and you should contact the site owner.
Safeguarding Your Information
In today’s high tech world, we are able to do things more quickly and conveniently electronically whether it is to send a letter via email, pay bills, or even go shopping online. With this increase in speed and convenience also comes increased risk. Every day, dishonest individuals develop new scams targeting the unsuspecting public. Trailhead Credit Union, the security of member information is a priority. We are committed to the safety and confidentiality of your records and in order to assist you with conducting business online we are providing the following information to help you understand and recognize online threats you may encounter.
How to Keep Yourself Safe in the online world
An important part of online safety is knowledge. The more you know, the safer you’ll be. Here are some great tips on how to help you stay safe in the electronic world:
- Set good passwords. A good password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Change your password frequently. Don’t write it down or share it with others.
- Don’t reveal personal information via email or text message. Emails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe, do not send your personal information such as account numbers, social security numbers, passwords etc. via email or texting.
- Call us back. Fraudulent actors may attempt to impersonate Trailhead employees. If you receive a cold call or text message from Trailhead or the Trailhead Fraud Department requesting account or personal information please hang up, and contact Trailhead at 503-220-2592 to ensure you are speaking directly with a Trailhead representative.
- Don’t download that file! Opening files attached to emails can be dangerous especially when they are from someone you don’t know as they can allow harmful malware or viruses to be downloaded onto your computer. Make sure you have a good antivirus program on your computer that is up-to-date.
- Links aren’t always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you would expect. To avoid falling into their trap, type in the URL address directly and then log in.
- Websites aren’t always what they seem. Be aware that if you navigate to a website from a link you don’t type, you may end up at a site that looks like the correct one, when in fact it’s not. Take time to verify that the Web page you’re visiting matches exactly with the URL that you’d expect.
- Logoff from sites when you are done. When you are ready to leave a site you have logged in to, logoff rather than just closing the page.
- Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly statements and report any unauthorized transactions right away.
- Assess your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found. Some items to consider when assessing your online banking risks are:
- Who has access to your online regular or business accounts?
- How and where are user names and passwords stored?
- How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
- Do you have dual controls or other checks and balances with respect to access to online banking transactions?
What Trailhead will NEVER do:
- We will NEVER call, email or otherwise contact you and ask for your user name, password or other online banking credentials.
- We will NEVER contact you and ask for your credit or debit card number, PIN or 3-digit security code. Please see below for more information about how our card provider handles suspicious real time charges.
Visa Credit Cards and Visa Check Cards
Our card provider will identify themselves as Visa Fraud Prevention Services. They will never ask for your entire card number, expiration date or CVC (security) code. They may ask:
- Your zip code
- The last four digits of your Social Security Number
- The phone number of the primary member
- Your date of birth
- The amount of your last transaction or payment
Rights and Responsibilities
With respect to online banking and electronic fund transfers, the Federal government has put in place rights and responsibilities for both you and the credit union. These rights and responsibilities are described in the Account Information Disclosures you received when you opened your account at Trailhead. If you notice suspicious account activity or experience security-related events, please contact the credit union immediately at 503-220-2592 or 800-942-9408.