Cyber Security Awareness Month

Take a few steps to stay safe online

Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and ensure that all Americans have the resources they need to be safer and more secure online.

NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.

One of the most effective proactive behaviors in security best practices is to create strong, unique passphrases for your online accounts and digital devices. Sometimes having unique passphrases for each account can be inconvenient, so let’s take a look at why it is so important to use this method to secure your accounts.

Hackers use different methods to steal users’ credentials. Credential Stuffing is an attack that uses passwords purchased from breached sites. The hackers’ programs use the purchased list and test for matches on other systems. By using unique passphrases for each account, you can minimize the number of accounts a hacker can gain access to.

You’ve heard it before: the longer the passphrase – the stronger. Here’s why: Hackers use brute-force attacks in which automated software runs consecutive guesses on the possible combinations of a password. A password with a length of 6 characters can be cracked in 8 seconds. More characters in your password boost its security exponentially. It would take a computer 429 billion years to crack the passphrase #I own 2 dogs!

Here are some tips when creating passphrases:
  • Don’t use sequential letters or numbers – example: 12345, abcde
  • Don’t use repeated letters/numbers or keyboard patterns – example: 111, aaa, qwerty, asdfghe
  • Don’t use the same passphrase for every site; if passwords are stolen from a site, a hacker won’t find a match on another site.
  • Consider using spaces - example: change “iown2cats” to “I own 2 cats”
  • Consider using complexity in the long passphrase by adding punctuation and capitalization – for example: Thi$ Is g00d info!
  • Consider using a password manager to create and store your passwords – it will create unique (never been used before) and longer than 12 character passwords.
The most commonly re-occurring passwords that have been accessed in global cyber breaches:
  • 123456 (23.2 million)
  • 123456789 (7.7 million)
  • Qwerty (3.8 million)
  • Password (3.6 million)
  • 1111111 (3.1 million)

Need a new password?
Test some options
Please don't test your current passwords!

Strong, unique passphrases can be fortified by enabling available authentication tools. Examples of authentication tools are biometrics, security keys or a unique one-time code through an app on your mobile device. Why should you enable these tools even if you are using strong, unique passphrases for your accounts? Hackers can hijack your password through phishing attacks. If you are asked to provide your sign in credentials through a phishing email, you just gave the hacker your password. A device can be infected with malware – the kind that logs keystrokes. The malware intercepts exactly what is typed in – this includes your password.

This is why more websites are adopting strong authentication. Strong authentication, - sometimes called 2-step verification, multi- or two-factor authentication, MFA, or login approval – provides an extra layer of security beyond your username and passphrase to protect against account hijacking. So, if someone is accessing one of your accounts by means of a stolen password, you’ll receive the notification in the next step of the authentication process.

Generally, there are 3 types of factors for authentication:
  • something you know (password)
  • something you have (hardware token or cell phone), and
  • something you inherit (fingerprint, or voice).

If a system uses two of the factors, it is referred to as 2 Factor Authentication or 2FA. According to a Microsoft study, your account is 99.9% less likely to be compromised if you use MFA. If you turn on 2FA, you’ll be asked to enter your username, your password, and another factor to prove you are really who you say you are. The third factor can be a numeric code texted to your smartphone (something you have). The services may be available on a website you use but are not required and it’s up to you to turn on the free feature.

Believe it or not, this is the popular scam happening right now.

How it works:

Imposters contact you and tell you to put money on a gift card. They impersonate the IRS collecting taxes or fines or utility companies threatening to turn off your power or water. Fraudsters claim you’ve won a prize or sweepstakes and you’ll need a gift card to pay fees and other charges. You could receive a deposit or check, and the scammer convinces you this was an over payment and you must pay the difference back in a gift card (the check will be fake). Once you’ve purchased the gift cards, the scammer will demand the gift card number and PIN on the back of the card. Now the scammer can instantly use the cards to make their own purchases with the money you loaded on the card.

If you receive any type of call requiring you to purchase any type of gift card to make a payment, please hang up and report the scam to the Federal Trade Commission or call them at 1-877-382-4357.

Fraud is no joke! However, Blue gets tagged in quite a few scam posts on Twitter, Facebook and Instagram. As goofy or obvious you might think these are, people fall for this all the time! Never willingly give over your personal or account information via social media. Even on our pages, feel free to DM us, but we'll always ask for a phone number to chat about your account.

Enjoy some of our favorite social media scams we've seen over the past few months.

Events with Blue

Joining our credit union means stepping into a financial community where everyone has something to contribute. We believe community service and education are instrumental to financial success. Join us at an upcoming event!

View Events

You're ready, let's blue it!