If you are using a screen reader or other auxiliary aid and are having problems using this website, please call 1-888-387-8632 for assistance.
24-Hour Member Service: (888) 387-8632
Locations & Hours

With the Holiday Season here, we just wanted to share a reminder to be vigilant when browsing or shopping this holiday season. E-cards may contain malicious links. Fake advertisements or shipping notifications may contain infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

Here are some Holiday Shopping Safety tips from the National Cyber Awareness System to help protect yourself and your money.

  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the “issued to” information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
  • Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, debit cards draw money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Also, use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
  • Check your shopping app settings – Look for apps that tell you what they do with your data and how they keep it secure. Keep in mind that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
  • Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.

And while you are out shopping and either stop at the local coffee house with free WiFi, or the mall with free WiFi, here are some tips to think about before connecting to Public WiFi to protect yourself.

(Source: “traveling Coaches” by Kenny Leckie)

  1. Adhere to your firm’s protocols for accessing firm-related data. The firm’s ethical responsibilities to protect confidential client information extend to you. If they instruct people to not access firm information from public Wi-Fi networks, it’s in the best interest of the firm and its clients.
  2. Avoid accessing sensitive data, such as your bank account. You don’t want prying eyes to see this kind of information, which could also lead to them having access to it once you’ve moved on.
  3. Stay away from networks with suspicious names like “Free Wi-Fi.” Cyberattackers are clever, and they’ll try any tactic to trick you into opening up your information to them. If something seems too good to be true or raises any questions, your best bet is to avoid it.
  4. Turn off airdrop and file-sharing to eliminate another person’s ability to take advantage of these features.
  5. Turn off your device’s Wi-Fi and Bluetooth when it’s not in use. This will give you an additional level of confidence that no one is connecting to your device without your knowledge.
  6. Use your cellular providers data connection wherever possible. Your phone’s data connection is more secure than public Wi-Fi. You can also connect to the personal hotspot on your phone for your laptop. If you have this ability, take advantage of it and avoid opening yourself up to outsiders.
  7. Change your device settings so that it doesn’t automatically connect to available Wi-Fi networks. This is one of the easiest ways cyberattackers can gain access to your device and the private information you’re viewing while in public areas.
  8. Don’t use the same password for all websites. If someone gains access to one account, you don’t want to automatically give them access to more, if not all, of your accounts. Keep passwords unique, and change them periodically.
  9. Enable multifactor authentication whenever possible. If this is enabled on online accounts and you need to verify your identify on multiple technologies, you drastically reduce the chances of a cyberattacker gaining entry.
  10. Log out of websites when you leave them. Start by always unchecking the box that says something like “keep me logged in.” Follow that up with making it a habit to log off at the end of each website session. Avoid leaving the door open for unwanted entry.
  11. Use websites that utilize “https” instead of “http.” Https sites have taken extra precautions to heighten their security with encryption. If a website still uses http, all requests and responses can be read by anyone who is monitoring the session.
  12. Use a personal VPN, which encrypts data and makes it unreadable to intruding cyberattackers.

We hope these tips help you all have a safe and happy Holiday shopping season!