Online Security

Prevent Account Takeover

Use a Password Manager

Don't use the same password for different logins. Utilize a password manager to simplify the process of storing and filling your login information. You can use the password manager included with your preferred browser, or you can use a password manager, such as Bitwarden, that syncs on all devices and browsers.

Enable Two-Factor Authentication (2FA)

Enable 2FA on every website where you log in. This process requires a temporary verification code to log in. Verification codes can be delivered by an app, text message, voice call, or email. Never share a verification code with anyone, ever.

Initiate Important Phone Calls

If you receive a call and are asked to provide personal or financial information, hang up. If the caller claimed to be from a legitimate company, call back that company directly using a publicly disclosed number. Malicious actors rely on impersonation to obtain the information they need.

Identify and Delete Phishing Email

Criminals often obtain the information needed to commit financial fraud or theft through email links. The sender's display name is easily spoofed, so you must always look at the sender's email address to see if the domain makes sense. For example, every email from Cornerstone will use the bankcfcu.org domain.

Prevent Card Fraud

Shop Safely Online

When you shop online, stay on websites of well-known retailers or places of business for which you are familiar. Be careful when you search for a product in a search engine rather than directly on a retailer website. Some links may not be legitimate. Protect all your logins with two-factor authentication. When possible, do not save your card information to your profile.

Enable Card Controls

Card controls are available in digital banking for every credit and debit card. You can lock and unlock your card instantly with a simple button. You can also limit your card by geographic locations, store types, or payment methods, and receive alerts when an attempt is blocked.

Protect Your Wallet

Minimize the number of cards you keep in your wallet. If your wallet is missing or stolen, lock your cards immediately. Add cards to the mobile wallet on your phone. When possible, use Apple Pay or Google Pay for the most secure method of payment.

Cancel Trials Promptly

If you sign up for a free trial for a service or product, set a reminder on your phone to cancel it before the subscription renewal date. Authorized subscription charges from an uncanceled trial are often confused for unauthorized charges.

Identify Phishing Email

Hackers and scammers often obtain the information needed to commit financial fraud through email. You can quickly determine if an email is legit by checking three things.

Sender's Email Address

Do not rely on the sender's display name. Identify the sender's email address in the email header. It should match the website of the company or service provider.

Grammar and Odd Phrases

Look for grammatical goofs such as misspelled words, incorrect capitalization, and odd phrases for American English – all common indicators of fraudulent email.

Links and Phone Numbers

It is best to directly navigate to a company's website to log in or look up a phone number. You can hover over links to see if the web address makes sense for that company. The goal of phishing email is to obtain your information when you click or call.

Delete Suspicious Email

Do not open any attachment or click any link. Do not forward the email to anyone else. If you want to ask someone else about the email, then send a screenshot.

Common Scams