Home  |  FNCU Events  |  Privacy Policy  |  Site Map  |  Contact Us  |  Help/FAQs  |  Security         
Security

Online Banking Security | Report Suspicious Email | Spoofing

Online Forms Security

All forms on the First Northern Credit Union site are encypted with SSL. The transfer of your information to authorized Credit Union employees is also encrypted using state-of-the-art techniques. You can check that a form is secure in two ways:
  • Look for the small padlock icon. A closed, or locked, padlock indicates a secure connection.
  • Look for the letters "https://" at the beginning of the Web site address or URL in your Web browser. The "s" means secure.

The example below demonstates these indicators:




Rest assured that First Northern constantly monitors its site for any signs of abnormal occurences. We will also continue to update security technology as it becomes available.

Online Banking Security

All OnLine Service sessions are authenticated and encrypted. The authentication of an OnLine Service session is based on your account number, PIN and password as a combination – it's called Multifactor Authentication. For more information on Multifactor Authentication, click here.

The encryption is accomplished by establishing a Secure Socket Layer (SSL) connection between the browser and the OnLine Services server. You can only access First Northern OnLine Services with an SSL compliant browser.

First Northern CU takes numerous precautions to keep your accounts and personal information secure, but you also play a key role in maintaining the security of your accounts. We have provided you with the following suggestions:

  • Keep your PIN and password private. Your online PIN and password authenticate (recognize) you when you login to OnLine Services. You should memorize your PIN and password, and never write them anywhere. Never reveal your PIN and password to anyone, unless you want to allow them access to your accounts.
  • Change your PIN and password regularly. Choose a PIN and password that will be easy for you to remember, but not obvious to someone else. For example, never use birth date, or any part of your Social Security Number or phone number as your PIN. Do not use names of family members, pets, etc as your password.
  • When you have finished your OnLine session, remember to exit the program. Although your session will "time out" after a few minutes of no activity, you may not always be at your own computer, or in complete privacy, when you are online. Therefore, it is important to exit OnLine Services when you are finished.
  • If I discover an unauthorized transaction on my account, immediately change your PIN and password. Contact Member Services as soon as you discover any discrepancies. We can be reached during regular business hours.

For answers to other online banking FAQs, click here.

back to top �

Report Suspicious Email

First Northern strives to discover and implement the most up-to-date security features on all of our products and services. However, as with most online businesses and financial institutions, First Northern members can be susceptible to email scams. In most instances, these scams involve the fraudulent replication of the First Northern Credit Union website and oftentimes request personal and/or account information.

If you receive a suspicious e-mail, please discard it immediately! And please contact a First Northern representative at (888) 328-8677 ext 351.

Links within the email may take you to a Web page that will look a lot like the First Northern website. Here are examples of what fake pages may look like.

Remember: Do not fill-in or submit your information via fake forms like these.

Per our policy, FNCU will NEVER contact members directly via unsecured methods like email and ask for personal account information (such as account numbers or passwords).

Spoofing

Also known as phishing, is an attack in which a legitimate web page, such as the First Northern site, is reproduced in "look and feel" on another server under control of the attacker. The intent is to fool the users into thinking that they are connected to a trusted site, for instance to harvest user names and passwords or credit card information. This attack is often performed with the aid of URL spoofing, which exploits web browser bugs in order to display incorrect URLs in the browsers location bar; or with DNS cache poisoning in order to direct the user away from the legitimate site and to the fake one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.

back to top »

Clues that you are being spoofed

Email:
It often starts with an email sent that asks for your response – usually by clicking a provided link.
Clue #1 that this is a fake: most times the email will be addressed to "customer"
Clue #2: despite what the text link says, it opens a webpage with a different link or address (URL)
Note that often the clicked link is all the attacker is after – it will collect your email to be sold to a spammer. But in severe cases, the link will take you to false pages like those already noted.

Website:
If you've clicked the link on the email and landed on an attacker's fake page, here are some warning signs to look for.

The easiest detection – the Web site link is not from First Northern.
Also this is not a secure form (see security information above):




The navigational links don't work correctly:


Drop-down menus do not work or have different links than usual.


Fonts used are not consistent with the rest of the site:

incorrect correct



We will never ask for information like this:



The most sensitive information we'll ever ask about your account is your account number. From there we would have access to information like this. And we will never ask for that outside of a secured form. A general rule to go by, if it doesn't make sense or seems "fishy," contact us immediately!

back to top �