Online Security Understanding

Phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company or entity.

Types of phishing

• Appeal to greed: An attacker will offer you a method to make some easy money.
• Appeal to fear: A hacker will tell you your bank account has been hacked. They may tell you that your computer has been filled with malware and must be cleaned immediately.
• Appeal to authority: A hacker will attempt to mimic someone in charge and ask you to do something because of their position.
• Appeal to human kindness: An attacker may send an email stating they really need your help to do something. The email may even appear to be from someone you know.

How to "avoid" phishing

• Take your time. Don't interact if you're suspicious.
• Verify the contact's identity. Confirm through an outside channel.
• Be very careful with email and text message attachments. If suspicious, don't open or download the attachment.
• Do not immediately click on email and text message links. First, hover over the link and verify the address.

Follow these online security best practices to protect your accounts and online activities.

• Avoid interacting with suspicious numbers. Add trusted numbers to your contacts.
• Protect your funds. Never send money or information to anyone you personally do not know.
• Verify your transactions. Review your account activity regularly.
• Know your vendors. Familiarize yourself with how common vendors display in your account history.
• Utilize security alerts. Set up and receive account alerts in our secured online portal or mobile app.
• Use only secure apps. For electronic payments, always use trusted applications like FirstLight's mobile application or Apple Pay and Samsung Pay.
• Protect your card information at the point of sale. Use contactless payment methods, when available.

• Beware of skimmers.
• Skimmers are small devices that are designed to fit over card slots and keypads to collect card data and card PINs.
• Common places for these are ATMs and gas pumps.
• Some are virtually impossible to spot. If the card reader is loose or you see exposed wires, do not use it.
• Protect your card information online. Do not provide your information online unless you are making a purchase from a website you trust. Secure sites typically will direct you to a secure page with a URL starting with "https://." Also, ensure the email address/link is from a reputable and known sender and always double-check for misspellings (example: Amazon vs. Annazon).
• Update your software. Make sure your device has the latest security updates installed.
• Know that browsers are not safe for storing user credentials. Decline any offers when a browser asks you if you want to store your credentials for later. To avoid future storage offers, turn off these offers in your browser settings.

Know how FirstLight communicates with you. At times, FirstLight may reach out to you with offers or important information regarding your account. Knowing how we communicate with you will help you better tell legitimate FirstLight communications apart from those of scammers.

• Email: Email from FirstLight will have a sent from email address ending in @firstlightfcu.org. Always review sending email addresses, as scammers like to spoof or impersonate organizations like FirstLight.
• One-time passcodes: For security during high-risk transactions or for members attempting to unlock their FirstLight Online access, FirstLight may use a two-factor authentication system to provide a one-time passcode.

Follow these password security best practices when you log into any accounts or use your PIN.

• Always secure your device with a password to protect it if it should ever be stolen.
• Memorize PINs or keep them in a secure password manager.
• Change your password regularly, every 60-90 days.
• Do not store credit card numbers, PINs, or passwords where others may find them.
• Shield your PIN.
• Do not reuse passwords.
• Do not give your passwords to anyone.
• Turn off or decline browser offers to save passwords.

Online security procedures also apply to your mobile device. When using your mobile device to access your accounts or engage in transactions, follow all general online security procedures, as well as the following mobile-specific practices.

• Avoid connecting your smartphone to an untrusted wireless network. Only download apps from official stores such as iTunes or Google Play.
• Never "root" or "jailbreak" your mobile device to get around limitations set by your carrier or device manufacturer. Rooting involves adding, editing, or deleting system files, and jailbreaking allows you to bypass system restrictions. These activities remove protections that are built into your device to defend against mobile threats.

FirstLight is federally insured by the National Credit Union Administration (NCUA) through the National Credit Union Share Insurance Fund (NCUSIF).

That means your deposits are insured up to at least $250,000 per individual member for the total in your regular share (savings) accounts, share draft (checking) accounts, money market accounts, and share certificates.

If you have more than $250,000 at FirstLight, any single federal credit union of which you are a member, there are options available for additional share insurance coverage.

Just as with FDIC insurance for banks, NCUSIF coverage does not cover losses on money invested in mutual funds, stocks, bonds, life insurance policies, and annuities offered by affiliated entities. It protects members at all federally insured credit unions from losses on a broad spectrum of savings and share draft products.