A Message for Members Regarding Account Security Following the Target Data Breach

alert-resized-600The recent data breach announced by Target at its stores in the U.S. between November 27 and December 15 has created a high number of inquiries from First Financial members regarding the security of their credit and debit card accounts.

We want to assure members that your accounts with us are monitored 24/7 by an experienced team of security professionals for any suspicious or potentially fraudulent activity. First Financial employs the most advanced fraud detection and prevention technology to guard members’ credit and debit accounts against unauthorized access and use. Here’s a quick update for your peace of mind:

  • We are aware of the accounts that are known to have been used at Target stores on the dates noted above and we are watching the activity on these accounts closely.
  • Our member service contact centers are experiencing unusually high call volume as a result of this breach and the coverage it has received in the media. Unless you see any suspect transactions on your First Financial credit or debit accounts, there is no need to call.
  • If our security team observes any unusual activity on member accounts, we will contact members immediately to determine whether the transaction activity is legitimate and authorized.
  • It is also a good practice for members to keep a watchful eye on their accounts and transactions and look for any unauthorized activity or purchases.

We will continue to monitor all members’ accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 866.750.0100 or email us at info@firstffcu.com. Thank you for being a valued member of First Financial.

Credit Card Data Breached? Enroll in ID Theft Protection Today!

Target CC BreachBy now we’re sure you’ve heard about the credit and debit card data breach which affected those who used their cards at most Target stores nationwide, from November 27th through December 15th.

Target said the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data.

The breach, which extended to almost all Target stores in the United States, captured data stored on the magnetic stripes of the cards that customers swipe at the cash register, according to Krebs on Security, a respected data security blog.

Krebs, cited sources from two top card companies. Target said that the information compromised included customer names, card numbers, expiration dates and the short verification codes known as CVVs — everything an attacker would need to create a counterfeit card.

Target said that it had alerted authorities and banks, and that the issue was “identified and resolved.” Still, it encouraged customers to look over their account statements and obtain credit reports. Target did not say how it might have happened. “It is very clear it is a sophisticated crime,” Molly Snyder, a spokeswoman for the company, told Reuters.

At up to 40 million customers, the breach ranks among the biggest in U.S. corporate history. In 2007, the data of more than 45 million customers was stolen from stores including T.J. Maxx and Marshalls.

Last year, the Barnes & Noble bookstore chain said that someone had planted software in PIN pad devices at 63 of its stores in nine states to steal the data from magnetic card stripes. The company responded by taking PIN pad devices out of all its stores. And in 2011, a hack exposed the credit card information of 100 million user accounts on the Sony PlayStation video game network.

Target, with almost $72 billion in U.S. sales last year, is the third-largest store in America, trailing only Walmart and the Kroger grocery store chain. Target has about 1,800 stores in the United States.

Krebs on Security reported that the breach hit only customers who shopped at physical Target stores, not online. The blog cited reliable sources familiar with the matter. The data would allow criminals to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If PIN codes were also intercepted, that would allow criminals to withdraw the cash of unsuspecting customers from ATMs.

Krebs quoted an anti-fraud analyst at one of the 10 biggest bank-card issuers as saying that “we do see customers all over the U.S. that were victimized.” Target said that its investigation includes working with a third-party forensics firm. The company said that customers who made purchases at its U.S. stores during the three weeks in question should call them at 866-852-8680, or seek copies of their credit reports from the agencies Equifax, Experian and TransUnion.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” said Gregg Steinhafel, Target’s president and CEO. “We regret any inconvenience this may cause,” he said. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Don’t wait until you become a victim! Think you don’t need ID Theft Protection? Think again! With Fully Managed Identity Recovery services from First Financial, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored. Give us a call at 866.750.0100 to learn more. Get started today!*

Article Source: Alastair Jamieson and Erin McClam, NBC News. Reuters contributed to this report.

*Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Warning: Record Breaking Phishing Attack Attempts

phishing-scammerResearchers at Kaspersky Lab have documented a drastic increase in the number of web users who have been “subjected” to phishing attacks over the past year, according to a new report.

The Moscow-headquartered security firm found that 37.3 million people faced the prospect of being phished in 2012 to present day, an 87 percent increase over the same period between 2011 and 2012.

In its “The Evolution of Phishing Attacks” study, Kaspersky Lab studied threats faced by roughly 50 million customers running its security products.

For several years, Kaspersky researchers have been warning that phishing is the preferred method of online criminals to steal information and foist malware – almost always with the goal to profit – but the mechanisms to automate the process are becoming even more rapidly automated and commercialized with each passing year.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” the report said. “This situation has led to its own form of commercialization of these types of attacks, and phishing is now being almost industrialized, both by cyber criminals with professional technological skills and IT dilettantes.”

Phishing can be spread in various ways, with most attacks (89 percent) appearing in the browser, versus email (11 percent), the report states.

“Phishers use several different methods to trick their potential victims,” the report said. “In addition to the obvious need to create a detailed copy of a website that will be used to attack the victim, the criminals also prepare their cover story by using similar website URLs, replacing one or several characters in the name of the website, or using recognizable website names in the sub-domains.

“If the delivery channel for a phishing link is email or electronic documents (.doc, .odf, or others), malicious users will often resort to the hyperlink features typically available in most text editors and email clients,” the report added. “In this case, the text of the email or document will display the link to the real site, but the link will actually lead to the website created by the malicious users.”

As expected, popular brands like Google, Amazon and Facebook are common brands that are abused by phishing attacks, as well as banks and other financial institutions, according to the study. Most of the scams targeted users in Russia, the United States, India, Vietnam and the U.K.

Please be sure to monitor your personal information and be cautious of the sites you provide with your financial information. If you notice any fraudulent or suspicious activity on any of your First Financial accounts, contact us by calling 866.750.0100, e-mailing info@firstffcu.com or stopping into any one of our branches.

To protect yourself and your loved ones from identity theft, enroll in First Financial’s new ID Theft Protection products today!  Our products provide you with a professional Recovery Advocate who will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored. First Financial’s ID Theft Protection products include features such as lost document replacement, credit bureau monitoring, score tracker, and more.  For more details or to get started click here.

*Click here to view the article source.

Firefox 22 Upcoming Changes for Online Banking Users

alert-resized-600Mozilla announced recently that upcoming versions of their Firefox web browser will be changed to block third party cookies.  This will be the default action when you upgrade to the latest versions. This move is similar to the default action of the Safari browser to also block third party cookies. While Firefox has always had the ability to block third party cookies, this change will become a default setting in Firefox 22.

Many electronic financial services sites like First Financial’s online bill pay, require the use of third party cookies to function properly. Please be aware that this change by Mozilla may impact your online banking and bill pay abilities to enroll in or to access First Financial’s sites if/when you upgrade your browser to Firefox 22. The new feature should not immediately interfere with your existing browsing, as you will need to clear your browser’s cookies first for it to take effect.

If access issues arise, you should first manually change your browser privacy settings to allow third party cookies or call us at 866-750-0100 if the problem persists.

Phone Phishing Scam for Credit Card Numbers and Expiration Dates

alert-resized-600We have been informed that some members have been receiving phone calls phishing for their credit card information.

Below is an example of what has occurred:

  • The calls begin as an automated call regarding an offer for a lower credit card rate.
  • Once the individual picks up, the scammer offers them a lower rate on their VISA or Mastercard.
  • The scammer asks for the credit card number and expiration date for verification to see if the member is eligible for the offer.
  • Calls are coming from 440-617-5620.

As a reminder, please do not provide your credit or debit card information or expiration date to anyone who may call you. If you have released any information on a First Financial credit or debit card to the above mentioned caller, please report it immediately to 732-312-1500.

We also suggest that you request your free annual credit report to ensure that there are no unauthorized accounts.

Go “e” and switch to E-Statements Today!


It’s time to make the switch to E-Statements! We are encouraging all First Financial members to discontinue receiving printed paper statements and make the switch to E-Statements this spring. 

E-Statements are encouraged in order to be environmentally conscious and they save the credit union thousands of dollars each year in printing unnecessary paper waste.  E-Statements allow you to view your account balances and transactions from the month at any time and are more secure, resulting in added value to your First Financial membership and the reduction of identity theft exposure.

Fact: If every household utilized Online Banking and E-Statements, the money saved could send more than 17,000 high school graduates to a public university for a year. WireandTwine.com

How can you go “e” and protect our planet just in time for Earth Day?   

Sign up to receive E-Statements by:

  • Logging into your First Financial Online Banking account and under the “Accounts” tab on the left side of the page, selecting “Statements” and then “Enroll in E-Statements.”  Next you will need to review the Electronic Statement Consent and enter your email address in the box. Then click on the statement sample link and obtain a 4 digit PIN. Enter the PIN in the box and click “I agree.”
  • Next, back at the Online Banking main page – under the Preferences tab click Statement Delivery. You must set-up for electronic statements by clicking on the button that pertains to each account number to receive electronic statements.  Click on all related accounts, such as minor accounts if you would like to receive any minor E-Statements with your login. Enter the email address, and review the Statement Delivery Agreement. Check the “I agree to the terms of the agreement” box and click submit.
  • Then back at the Online Banking page one last time – under the Accounts tab click on Statements again, and you can set-up email notification to receive an email when your E-Statement is available for viewing in Online Banking. Click on the email notification link and click the button next to “Yes, send me an email when new statements are available.” Enter your email address and click “save.” All notifications can only go to one email address.

If you don’t have First Financial Online Banking access yet, stop into any branch, give us a call at 866.750.0100, or visit our website at firstffcu.com to enroll.  You can enroll on our homepage by clicking the “enroll in Online Banking” tab underneath the Online Banking login.

If you are the parent or guardian of a minor, you may choose to enroll the minor within Online Banking for their own E-Statements, or you can choose to link the minor’s account to your own and view their E-Statements.  For those members who do not have a computer or Internet access, they can choose to visit their local branch each month and utilize our in-branch computer kiosks – or members can ask for one paper statement copy to be printed out within the branch during the current month’s statement period. 

Fact: If all households paid bills online and received E-Statements – 18.5 million trees, 2.2 billion tons of carbon dioxide, and 1.7 billion lbs. of solid waste would be saved. WireandTwine.com

There’s so much to love about E-Statements – including the Earth, so make the switch today!