According to Statista, online holiday shopping is projected to increase 15.3% in 2018. In 2017, American shoppers spent over $5 billion shopping on Cyber Monday alone. Each holiday season, Americans pull out their cards and shop online to a total of hundreds of billions of dollars in the last two months of the year. These online transactions could put you at risk for fraud. We’ve come up with a few suggestions to help give you peace of mind while shopping.

Use a small number of cards. Make your purchases on one or two cards instead of spreading them out over many. This will not only help you keep track of your purchases, but if anything does get compromised, the impact will be limited to only those cards you used.

Check your statements and keep your receipts. Compare your receipts with your statements once they are available. Fraudulent charges don’t usually show up as large purchases. If you aren’t actively keeping track and you see a small charge on your card that you don’t immediately recognize you may be more willing to think that you simply missed something you bought. Contest any charges that seem suspicious as soon as possible.

Turn on account activity alerts. Most major card issuers are now offering account alerts for their cardholders. Consumers can sign up and choose the notifications they wish to receive. The notifications can be sent for certain dollar amounts or each time a purchase is made without the card being present. During the holidays, when the number of purchases is increasing, these notifications can help you stay on top of any fraudulent transactions.

Watch the URL. Pay attention to the websites you are visiting. There are scams that use fictitious URLs that look like major retailers to gain access to your information. Verify that “https” appears in the URL. These sites offer secure, encrypted transactions. Don’t disclose your credit card information over the phone or online unless you can verify it is legitimate.

Protect your phone. Many Americans use their phones to shop or do other financial business. Password or fingerprint protect your phone and don’t allow your phone to store credit card information. Doing so will reduce the risk of losing confidential information should your phone fall into the wrong hands. You can even equip your phone with security software, similar to that on a computer.

Try mobile wallets. Make purchases using mobile wallet apps (ApplePay, SamsungPay, Google Wallet, etc) is not only convenient, but offers additional layers of security. There are added protections in place like biometrics and tokenization.

Check your credit report. Regular credit report monitoring is important all year long. Check for unauthorized credit inquiries that could signal fraud. This level of vigilance is important in protecting yourself from fraud.

Make sure to follow this tips this holiday season to avoid having credit or debit card fraud ruin your holidays.

Safe Banking Tip #2: Go Fishing, Don’t Get Phished

This summer, go fishing, don’t get phished. Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information, such as account numbers, Social Security numbers or your login IDs and passwords. The information is either then used by the scammer to steal your money, identity or both. Sometimes these scammers also sell this information to another party that then uses the information to the same end.

Scammers also use phishing emails to gain access to your computer or network and then install programs, called ransomware, that can lock you out of important files on your computer.

Scammers create a false sense of security by spoofing familiar, trusted logos of established, legitimate companies or pretending to be or know a family or friend. They utilize scare tactics and make you feel like something bad will happen if you do not provide the information to them. Commonly, they say that your account will be frozen, you will fail to get a tax refund, that a family member will be hurt, or you could be arrested. They tell whatever lies they need to, to get you to give the information.

So what steps can you take to avoid being phished?

1. Be cautious about opening email attachments or clicking unknown links. Even your friend, colleague or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
2. Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
3. Make the call if you’re not sure. Be incredibly suspicious of emails that request personal or financial information. Most of the companies you do business with, will not ask for that kind of information through an email or at all. Phishers use pressure tactics to prey on fear. If you think a company, friend or family members really does need your personal information, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
4. Utilize two-factor authentication wherever possible. For accounts that support two-factor authentication, the practice that requires your password and an additional piece of information to log into your account make sure you use it! The second piece of information required could be a code sent to your phone, or a random number generated by an app or token. This protects your account even when your password is compromised. As an extra precaution, you may want to choose more than one type of second authentication (a PIN, a secondary phone number or email address, etc.) in case your primary method (such as your cellphone) is not available.
5. Back up your files to an external hard drive or reputable cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack. Be sure to use a reputable device or cloud storage company and ensure that any personal documents are kept private with password encryption or other form of encryption.
6. Keep your security up to date. Use security software you trust and make sure you set it to update automatically. This will ensure your devices are protected with the latest level of security protection. New malware, ransomware and viruses come out every single day.
7. Verify a website’s security. Before submitting any information on a website, make sure the URL begins with “https” and there should be a closed lock icon near the address bar. Check that the site’s security certificate is valid as well. You can see this by clicking the lock or information circle in the address bar of the browser window. Always close your browser if you get a message that a site may not be secure or contains malicious files.
8. Be wary of pop-ups. Pop-up windows often masquerade as legitimate components of a website. However, they are often phishing attempts. Most browsers allow you to block pop-ups and you can allow them on a case-by-case basis where needed. If one manages to slip through the cracks, don’t click on the “cancel” button; such buttons often lead to phishing sites. Instead click on the “x” in the upper corner of the window.
9. Report phishing emails, websites and texts. It is important to contact the individual or companies that you might experience phishing attempts from to notify them of what is happening. But it is also critical that you report these incidents to the authorities. Forward phishing emails to spam@uce.gov. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with “full email header” into your preferred search engine. You should also file a report with the Federal Trade Commission at gov/complaint. You can also report phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group, a group that includes internet service providers, security vendors, financial institutions, and law enforcement agencies, uses these reports to help fight phishing.

To learn more about how you can minimize your risk, visit identitytheft.gov.

Passwords are commonly sought after by cyber criminals, making it more important than ever to protect your password and login information from being hacked.

So, what should you do?

Start by creating a secure password that makes sense to you, but not to others. There are a variety of common techniques used to crack passwords and most people don’t realize that accounts become vulnerable due to the use of simple and widely used passwords.

Cyber criminals use password cracking programs like “John the Ripper” or similar, which automatically plug common words into password fields. This is why experts recommend avoiding consecutive keyboard combinations—such as “qwerty” or “asdfgh”, dictionary words, slang terms, common misspellings, or words spelled backwards.

Simple passwords are more easily hacked as well. The latest advice is to use a “pass phrase” rather than a password. A “pass phrase” will be relatively long, approximately 20 characters or more, and consist of seemingly random words strung together along with numbers, symbols and upper and lowercase letters. It is best to think of something you can remember, but others couldn’t guess.

If a “pass phrase” isn’t your thing, make sure your password is long, the longer the better, at least 12 characters or more. Longer passwords make it more difficult for thieves to crack.

Including numbers, capital letters and symbols are always important to making a password more secure. Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$J1ravng (short for “My friend Sam Jones is really a very nice guy) is an excellent password.

Rather than posting your password where everyone can see, say on a sticky note near your computer or in a notebook labeled “Passwords”, consider using a password manager. Some help generate secure passwords for each of your sites, but you only have to remember one password, the one for the password manager.

When available, consider implementing multi-factor authentication. This protection requires the user to further authenticate themselves by entering a code that is sent via text message or voice message to a phone number on file. Typically, this is only required when you access an account from an unrecognized device.

Most importantly, don’t share your passwords with anyone. No one from AllCom Credit Union will ever reach out asking for your password either through phone, mail or email.

Remember these tips to keep your passwords safe and happy browsing.

Continue to look for our next round of banking safety tips coming soon.

With beautiful weather and tons of families present, AllCom Credit Union’s 2018 Member Appreciation Day was a huge success. The hot dog line never slowed down as members took advantage of AllCom’s annual tradition of thanking its members. Besides the hot dogs, members enjoyed ice cream, popcorn and prizes.

Learn what makes banking at AllCom Credit Union better.

AllCom Credit Union has been selected to participate in the Federal Home Loan Bank of Boston’s Equity Builder Program, which assists local homebuyers with down-payment and closing costs as well as homebuyer counseling and rehabilitation assistance.

The $3.1 million program provides grants to financial institutions to assist households at or below 80 percent of the area median income. Borrowers are eligible to receive up to $11,000 in assistance on a first come first serve basis. Buyers must also complete a homebuyer counseling program.

“We are pleased to be able to offer this assistance to help ease some of the challenges associated with a home purchase. Homeownership is key to building wealth and creating financial stability, and programs that assist homebuyers are a critical component in ensuring that our communities continue to thrive,” said Debbie Guiney, President/CEO, AllCom Credit Union.

AllCom Credit Union is eligible to receive up to $110,000 in 2018 through the Equity Builder Program, depending on availability of funds.

Since 2003, the Equity Builder Program has awarded more than $35 million in EBP funds assisting 3,150 income-eligible households to purchase a home.

To learn more about applying for assistance, please call 508-754-9980 or email loans@allcomcu.org.