Online Banking
Home > Member Center > Tools & Education > Security Education

Security Education

Your online security is a priority to us at Empower Federal Credit Union. We take fraud prevention seriously and want to help you protect your personal information, accounts, identity and money. We constantly monitor new online threats and share this information with you in this forum.

Opening a Secure Email from Empower

A regular email is just like a postcard. You can write whatever you want, but anyone who gets access to it between you and the recipient can read the whole thing.

In contrast, a secure email is like a private and confidential envelope with an address window, only even better. Everyone can see who it is addressed to, but only the recipient can open it to see what it contains..

RECEIVING A SECURE MESSAGE

Because the message is secured, you may need to take a few easy steps to prove that you are the intended recipient. Two scenarios are possible:

SCENARIO 1
Decryption (opening the envelope) happens automatically for you because your system uses the same email encryption system that we do. Success! It was sent securely, yet you can read it just like any other email.

SCENARIO 2
You get a message that looks like this:

Screenshot: Office 365 Message Waiting

This is not the email that the sender sent. This is a message telling you that a secure message is waiting for you.

Here are the steps you need to follow:

1. Click on the blue “Read the message” button. You will be sent to a website asking you to sign in using a Microsoft account (if you have one), or a one-time password. If you have a Microsoft account associated with the email address this message went to, simply sign in and you’ll see the secure email.

Screenshot: Sign in with Microsoft

If you do not, or if you’re not sure, or if you have any difficulties, pick the one-time password option instead.

2. After you click on “Or, sign in with a one-time passcode” you will get to a page asking for a passcode. The passcode is sent to the same email account that the secure email was sent to, so check your inbox.

Screenshot: Enter your one-time passcode

It will look something like this.

Screenshot: One-time passcode example

3. Type in the code and click “Continue.

Screenshot: Passcode entered

4. That is it. The email and any attached documents that were sent to you can now be accessed. Nicely done!

FREQUENTLY ASKED QUESTIONS

  1. Isn’t there a simpler way? Actually once you try this you’ll probably find that it’s very easy. Click the button to see the mail, click for a one-time passcode, type it in and you’re done. And if you have problems you can always call Empower and we’ll help you through it.

  2. Does this work on a mobile phone? Absolutely. In fact, most of these screenshots are from a cell phone.

  3. Can I reply securely? Great question! Yes you can, from the same webpage where you opened the secure email that was sent to you.

Text Alert Scam

ALERT: If you are in any doubt about ANY Empower-related message that you receive, stop, close the message, and call us. Legitimate text alerts always come from the Short Code number 86975, so any other number means the text is definitely a scam. If you clicked on a suspicious link, call us directly at 800.462.5000 immediately for assistance.

Amazon Prime Days

It is that time again, Amazon Prime Days. If history is an indicator there will be a rise in phishing, smishing and vishing directly related to making you think you will get a great money saving deal.

Take a few moments, read below, and don’t let the excitement to save a few dollars end up costing so much more.

Phishing – Fraudulent email designed to trick you
Smishing – phishing via text message
Vishing – voice solicitation with the same ill intentions

What you can expect to see:      

  • Texts with a phenomenal deal with a personalized link. 
  • Emails with a phenomenal deal with a personalized link. 
    • That is not how Prime Days work. Always use the App or type in the address.
  • Notices about delivery problems. 
    • This info can be found when you legitimately log into Amazon. Do not follow a link from an email or text message.
  • Phone calls from “Customer Service”
    • Do not engage. You can take their name and extension and tell them you will call back at the number from the website.

Remember pressure is a key component of social engineering. Don’t react fast because the deal is running out. Take a step back and think it through. That deal that seems too good to be true most likely is too good to be true. 

These precautions are not just for the influx of Prime Day scams but are a good practice every day.

..................................................................

Beware of Coronavirus-related scams and phishing attempts

 During times of turbulence or tragedy there are always those who attempt to turn events to their advantage, such as by stockpiling critical supplies or price-gouging on desperately needed medical equipment.  Unfortunately, the online scammers and fraudsters are no different.  As the disease COVID-19 sweeps across the world we must also remain diligent about online threats that come with it.

Money-launderers are always looking for “mules” to transfer money between accounts for them, often under the guise of charitable assistance in the pandemic relief effort.

  • NEVER be pressured into taking quick action with your money.  Hang up or walk away, take a big breath, and call Empower directly if you are ever asked to do something that makes you uncomfortable.
  • NEVER accept funds to or from people or companies you do not know and trust fully.  Even totally unwitting accomplices can find themselves legally and financially liable for assisting criminals in their actions.
  • Be very suspicious of sales on hard-to-find supplies like masks or hand sanitizer.
  • If you sell something, never accept a check for greater than the amount you asked for.  It is a scam.
  • Do not wire money without being absolutely certain of who it is going to and why.
  • Donating to charities is great, but use the website or phone number of an organization you know and trust.  Don’t respond to donations requests by email or text message.
Online crooks are also using the coronavirus outbreak to great effect to get people to click on links that infect their devices with malware such as computer viruses or ransomware.  Fake COVID-19 tracking websites are popping up, false news articles with sensationalist headlines are tempting people to click and so on.
  • NEVER trust Caller ID.  An incoming call can be made to look like it is coming from any number when it is not.
  • ALWAYS think critically about what you are about to click on.  A retweet or recommendation from a friend does not necessarily make something trustworthy.
  • Remember that social media is a great way to stay in touch but also a really effective way to spread false information and malicious links.
  • Keep your device fully up to date with the latest patches in case you do accidentally navigate to something malicious.

Finally, NEVER respond to an alert or email using the contact information or instructions in the alert itself.  Always go to the company’s trusted website or phone number.  You can always call Empower directly at 315.477.2200 or 800.462.5000 or use the Message Center through the Empower mobile app.  We are always delighted to speak to you and to have the opportunity to serve you better.

Phishing

Phishing sites ask for personal information such as your credit card number and expiration date. The site appears to be a legitimate company, but thieves link to a fraudulent site interested in only stealing your information. No legitimate company will ask for your personal information online.

Pharming

More online thieves are moving from phishing to pharming because it does not require a response from the customer. Experts warn that pharming may be more sinister than phishing because it's more difficult to detect.
Unlike phishing, which uses email spam to deliver fraudulent messages, pharming operates through phony websites. The user is automatically directed from a legitimate website to a copy of that website, with no warning signs. Once the victim is transferred to the bogus site, passwords, card numbers and other private information is collected by thieves to commit identity theft.
Online users are urged to watch for uncommon log-in processes that don't look the same as the legitimate site. Some pharming sites will ask users for information such as Social Security numbers, which are not typically required.

Identity Theft

The Federal Trade Commission has launched a nationwide identity theft education campaign to encourage consumers to keep close watch on their personal information and respond quickly when they think their data has been accessed without authorization. An education kit includes a victim recovery guide "Take Charge: Fighting Back Against Identity Theft", a training booklet "Talking About Identity Theft: A How - to Guide", and a 10-minute video on ID theft. The materials are available in English and Spanish.To talk to a counselor, or if you think your personal information has been stolen, call 1-877-IDTHEFT.

Digital Defense


Empower Federal Credit Union has partnered with Digital Defense, Inc. to help educate our members about how to protect themselves while online. The Digital Defense site covers a number of security topics. Plus, there's a quiz at the end to test your security knowledge!
 

Empower Federal Credit Union’s Online Banking now requires MFA for online banking users as a security measure to further protect your account. This extra layer of security will require you to complete some extra verification steps before the transaction will process. We will ask you to verify your identity by asking security questions or by responding to a message sent via email or text.

You may select the Multi-Factor Authentication (MFA) options that best meets your needs:  

  • Sending an authentication code via email

  • Sending an authentication code via SMS/ Text (cell phone # must be confirmed for codes to be sent via text)

  • Answering Security Questions (default setting)MFA options can be found on the Security tab (under settings) in Online Banking. At least one option must be enabled.


Where do I find the MFA Settings?

MFA options can be found on the Security tab (under settings) in Online Banking. At least one option must be enabled.

Screenshot of Multi-Factor Authentication (MFA) setup in the security tab in online banking

The Settings – Security tab is currently only available in the desktop/tablet environment. This set-up is not available on the mobile app.

Everywhere you look you see people of all ages utilizing personal smart phones, tablets, laptops and other devices to thrive in an online, connected world. Utilizing these devices for work and for pleasure can be extremely convenient and entertaining, but these benefits can come at a very high price if leveraged by a cyber-criminal to gain access to your financial accounts and other sensitive data.

Many people go to great lengths to protect their device, purchasing insurance in the event of breakage and high performance cases to defend against scratches, dents and dings. While protecting the device is important, the data held within the device is worth far more but is often not protected accordingly.

There are a number of best practices that you can follow to protect the data stored on the device and to improve mobile security to defend against a cyber-attack.

Learn how to protect yourself.

 

Auto Center

What do you want out of life?

Empower Federal Credit Union welcomes employees of many companies, immediate family/household members of employees and retirees, as well as our outreach to underserved communities to enjoy personal and business banking solutions including auto loans, mortgages*, credit cards and more. Bank online, in any central NY branch, or call us at 315.477.2200.

* Home mortgages available in FL, PA, CT, NY, NC, SC and TN.

Empower Federal Credit Union rated 5-Stars by Bauer in 2023