Two Christmas Trees with Soft Bokeh Light

Protect yourself online over the holidays

Cyberattacks are more prevalent during the holiday season.

The excitement of the holiday season coupled with the volume of ecommerce and e-banking transactions provides ample opportunities for cyber attacks.

Red flags

  • A hacker may impersonate a senior staff member and send out spoof email to internal staff, members, vendors, to have fake invoices paid.
  • Be skeptical of emails, messages or websites that contain misspelled common words or contain grammar errors. Email and web addresses should be examined for differences. For example, might be changed to
  • Scammers may send text messages impersonating a financial institution typically asking the consumers to provide usernames and passwords that can be used to commit financial crimes. For example:
    Credit union online access has temporarily been put on hold due to security verifications. Please confirm your account by signing in

  • Everybody loves a great deal. But shocking offers, unbelievable discounts and unreal rates may signal that the offer isn’t quite what it seems.


The good news is you can protect yourself from these types of cyber fraud by implementing a few basic measures in your daily online routines.

  • One of the easiest and most important things you can do is to get in the habit of using strong password practices.
  • Using two-factor authentication (also known as 2FA or multi-factor authentication) provides an added layer of security for account access.
  • You should never log into your online or mobile banking account while you are on a public computer or connected to public wi-fi. Public computers and wi-fi are regularly compromised by hackers. This easily allows them to steal your account credentials.
  • ​If you receive that random email from a reputable company, and they are asking for you to provide your sensitive information or credentials, be cautious, this may very well be a phishing email. Legitimate organizations should never ask for your information by unsolicited email.
  • ​Never trust an email display name, always review and verify the actual email address.
  • Be cautious of any link or attachment provided in an email.
  • Check for spelling and grammar errors in the body of the mail.
  • Check the salutation, you should be addressed by your name.
  • Any requests for payment should be highly scrutinized and verified via telephone call (using number on file not in email) or in-person visit.
  • Check the signature, a corporate signature should have business contact details.
  • Don’t click on any attachments.
  • Be cautious of receiving a mail offer which guarantees you have won. Prizes might range from car to trips. If you have not entered a contest, it’s probably a scam!

Finally, make sure you check your account statements at least once a month. Look for unknown or suspicious account activity. If you see a transaction you don’t recognize, immediately give us a call.

Want more information on Internet Security?

Source: CUMIS Risk Bulletin, November 2019