Mid Carolina Credit Union Facebook
Online Banking and Bill Pay
MCCU News

"Heartbleed" internet security risk

You may have heard recent news reports regarding the "Heartbleed" internet security risk. Mid Carolina Credit Union members can rest assured that neither our website, midcarolinacu.com, or our online banking systems were affected. The security of your financial information is our highest priority.

Although the Credit Union does not seem to be affected by this bug, you always need to be weary and vigilant and NEVER give out any personal information until you verify who you are communicating with. Following is some information to help educate you about this new threat and general good practices to help protect your information.
 
Heartbleed
 Heartbleed
 What is Heartbleed and why is it a big deal?
Heartbleed (http://heartbleed.com/) affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google Inc. researcher who was working separately. Heartbleed is not a computer virus, and unlike many cyber security scares it is not limited to a single company or website. Heartbleed is a basic flaw in the security programming that protects roughly half a million different websites, according to one estimate. It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.
 
 How does it work?
The flaw is in a piece of open source code (called OpenSSL) that is available for anyone and widely used as a way of saving time when programming. The code was written by the open source community, so its precise authorship is unclear. What happens is that when your computer is communicating with a secure website (sites that are https and have the padlock icon), it’s asked to send a “heartbeat” of data to confirm the connection. When that heartbeat is sent, a small amount of the server’s short-term memory, about 64 kilobytes, can leak. While that’s not very much data at one time, and its data chosen at random, the action can be repeated over time to gain many fragments of information without being detected. The information that’s typically in a server’s short-term memory is often quite valuable, things such as user names and passwords, according to Eric Skinner, vice-president at Canadian web security firm Trend Micro.
The site might leak what are known as “session cookies,” Mr. Skinner said, which would allow someone to impersonate an unsuspecting victim on a particular site for a short time. It might also leak a site’s SSL private keys, which would allow a sophisticated user to pretend to be that website and fool other computers into believing they had landed in the right place. The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
 
 So if the problem has been identified, it’s been fixed and I have nothing to worry about. Right?
NO.   A fixed version of OpenSSL has been released, but it’s up to the individual website administrators to put it into place.
 
 What can I do to protect myself?
Change your passwords, but that won’t do any good until the sites you use adopt the fix. It’s also up to the Internet services affected by the bug to let users know of the potential risks and encourage them to change their passwords.  There are several links on the internet providing updates as to which sites are affected and/or have applied the patch.  Here is one example of roughly the top 100 US Internet sites.  http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
 
Here are some other tactics identity thieves and hackers use. Watch for and avoid:
 
1.       Any emails from companies imploring you to “click here” to change your password or update your account information. Companies are learning not to do this precisely because it’s such a common phishing and spear-phishing tactic.  You should try to pre-empt any such email  by going straight to the affected websites once they’ve implemented the Heartbleed fix. But if you don’t, or didn’t, and get worried by the email, take the extra few seconds to open up a new tab and (correctly) type the website’s name into your browser.
2.       Any phone call that promises to fix your problem but only if you give them passwords, account access or a credit card right now. Phone phishing (or vishing) scammers rely on two things to succeed: your fear that you did something wrong or are in some sort of trouble; and their ability to project authority and the ability to fix it. If someone calls you and wants any information and won’t allow you to get off the phone to call back the customer service number you find on your own, they aren’t legit.
3.       Any text message from an unknown number. Don’t open links and pictures or call any numbers you just don’t recognize. Text-message phishers (known as smishers) use our own Fear Of Missing Out (FOMO) to draw us in and take advantage of us.
4.        Any calls from weird numbers, especially if your cellphone isn’t widely known. I assume that there are (mostly young) people who often get calls or texts from numbers they don’t know after a night -- or several nights -- out. But for the rest of us, we probably hoard our cellphone numbers closer than most of the rest of our personal information, if only to avoid overage charges. So if you suddenly start getting calls from numbers you don’t know, don’t let the FOMO lead you down the wrong path. Let them leave a voice mail: just because you can pick up doesn’t mean you have to.
 
We have provided additional resources regarding affected websites on our Facebook page.

Spring Newsletter

Our Spring newsletter is now available for viewing, click here, for the latest info, promotions and articles.


SPRING SHRED DAY & FOOD DRIVE

Protect your identity. Come to our shred event with your unwanted personal documents. This event is open to the public and all we ask, is a donation of at least 2 canned goods for our community food drive.

 Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The Federal Trade Commission estimates that as many as 10 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. Identity theft is serious. People whose identities have been stolen can spend hundreds of dollars and dozens of hours cleaning up the mess thieves have made of their good name and credit record. Consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing, or cars because of negative information on their credit reports. They may even be arrested for crimes they did not commit. The potential for damage, loss, and stress is considerable.

Identity theft can happen to anyone at anytime. Reduce the chance of your personal ID theft by joining Mid Carolina at one of our Shred Events where you can destroy all personal documents and files.

In keeping with the credit union philosophy of people helping people, we'd like your help with our community food drive. As you bring your items to be shredded, we ask that you bring a donation of canned goods; all donations will go to the Christian Community Ministries of Kershaw County.

Bring up to four boxes of items to be shredded.

Suggested items to shred: 

  • financial statements
  • cancelled checks
  • credit card statements and credit card pre-approval letters
  • payroll stubs
  • insurance forms
  • old tax returns
  • forms from doctor's offices
  • etc.

Shred Events are for Mid Carolina CU members and Kershaw County community residents. Shredding will be provided by Cintas Ducument Management.

On behalf of the Christian Community Ministries of Kershaw County, Mid Carolina will accept monetary and non-perishable food items at each Shred Event.

Upcoming dates and locations:

April 25, 2014
Camden Branch
1015 Mill Street - Camden
9:00 am - 11:00 am

April 25, 2014
Elgin Branch
2480 Main Street - Elgin
12:00 pm - 2:00 pm

 




Access Visa
Go Mobile
Latest News & Events
"Heartbleed" internet security risk
You may have heard recent news reports regarding the Heartbleed internet secur ...(more)

Spring Newsletter
Our Spring newsletter is now available for viewing, click here, for the latest ...(more)

SPRING SHRED DAY & FOOD DRIVE
Protect your identity. Come to our shred event with your unwanted personal doc ...(more)


Report Lost/Stolen Card
Quick Links & Applications
Apply For Loan
Online Banking
Home & Family Finance
Copyright © 2013 by Mid Carolina Credit Union | Site Design by JSS Enterprises, Inc.
719 Highway 1 South, Lugoff, SC 29078
803-432-8521 or 1-800-433-5226