The world has changed and there are many bad guys who continue to take advantage of consumers. Using tools like Artificial Intelligence (AI), online criminals now outnumber law enforcement professionals. At Civic, we strive to stay ever mindful and vigilant about these trends and emerging threats. We work hard to keep your information secure. But we cannot do it alone. Here's how you can help. 

Do any of these scenarios sound familiar? 

• A "representative" calls trying to obtain your sign-in credentials.
• You receive a cryptic or suspicious text with links, saying your account has been disabled or blocked.
• You receive an urgent email with a link to reactivate your account. 

These types of communication are fraud attempts and can give criminals access to your data by either placing malware on your device or tricking you into visiting websites that look legitimate but are not. These bad actors use these methods to gain access to your credentials (username and/or password) so they can then conduct fraudulent/unauthorized transactions. 

During our recent transformation to Civic, some members have seen fraud attempts aimed at obtaining their account login credentials. Our information security and fraud teams consistently monitor and proactively work with law enforcement to prosecute offenders and help members resolve any incidents where they may have become a victim of fraud. 

To protect your accounts here at Civic, as well as any other banking relationships you have, we must fight together, as unfortunately, the bad guys only need one "hit" to encourage them to continue taking advantage of consumers. With all the measures we take, we strongly urge you to work with us to take action to safeguard your online identity – not just with Civic, but for relationships where you share personal and confidential information. Like all businesses (financial, retail, medical, to name a few) that maintain personal information, we take safeguarding this information very seriously. 

What you should do NOW to protect yourself: 

1. Use strong, unique passwords
   If you use the same password for your Civic account as you do for other online services, or if your password is old or weak, please change it. Passwords should not be easily guessed. They should be at least 15 characters and include a combination of upper and lowercase letters and special characters. Also, consider a password manager (app on phone/online) to securely keep track of all passwords.
    
2. Enable two-factor authentication (2FA) 
   If you haven't already, enable 2FA for your Civic account and any other online accounts that offer it. This adds an extra layer of security by requiring a second form of verification (i.e., a code sent to your phone) in addition to your password.
    
3. Beware of unsolicited messages 
   Never click on links or open attachments in unexpected emails or texts claiming to be from your financial institution. Civic will never initiate a request for personal account information via text or email. Some of our trusted service providers may use these to verify your information on our behalf; contact us if you have a concern. 
    
4. Verify the website or app 
   Only use official banking websites (look for HTTPS and correct spelling in URLs) and apps downloaded from trusted app stores. 
   Our website is: https://www.civicfcu.org
   Online Banking: https://my.civicfcu.org
    
5. Monitor your accounts regularly
   Set up alerts for large transactions or logins from new devices to catch suspicious activity early. See our "Set up alerts" how-to guide for help.  
    
6. Update your devices
   Keep your phone, tablet, and computer updated with the latest security patches.
    
7. Keep your passwords private
   Don’t disclose your passwords to anyone – even someone claiming to be from Civic.
    

What to do IMMEDIATELY if you suspect fraud:

If you notice unauthorized activity or believe you’ve been targeted by fraud:

• Contact us immediately at 844-772-4842.
• Change your login credentials.
• Report phishing attempts to us. 

Be consistently diligent in how you engage with those who hold your personal information. If something seems amiss, it may be fraudulent. Always check validity if you question communication. Awareness is key. Always get in touch with us when you see suspicious activity.