What is Credential Stuffing?
Credential stuffing occurs when hackers use stolen information, such as usernames and passwords from database breaches or phishing software from one account, and attempt to gain access to another. The hackers prey on people’s habit of using the same usernames and passwords for multiple sites. Using automated tools, they run large amounts of stolen information across multiple sites looking to find the same usernames and passwords being used elsewhere. Once they find a match, they can monetize the personal and financial information they gather.
Companies of every size have been targeted. It’s estimated that credential stuffing costs companies more than $5 billion a year and creates havoc with consumers.
How can you protect yourself?
Your username is your first defense. Start by changing it up and not reusing it on multiple sites. Follow our best practices for creating a secure one. Of course, your password is important, as well. Like your username, your password should be complex and unique. Change it every few months or any time a breach is reported. Never share either with anyone. And take advantage of two-factor authentication for sites with sensitive information. Two-factor authentication requires a secure access code, as well as a password, making it harder for hackers to get into your accounts.
Tips for Creating a Secure Login ID
Avoid being an easy mark for hackers by putting as much thought into creating your Login ID as you do when selecting your password. Follow these Login ID best practices to keep your account information secure:
- Make sure your Login ID is easy for you to remember, but difficult for someone else to guess
- Create a complex string, which should consist of more than your first name initial plus last name or your first name alone
- Avoid using personal information, such as member number, social security number, birthdate or phone number
- Be sure to include uppercase and lowercase letters, numerals and special characters
- Steer clear of sequential numbers or letters
- Don’t use a Login ID you are using elsewhere
Once you create a secure Login ID, don’t store it anywhere other than an encrypted computer file. It’s never good to disclose it to others or write it down. And definitely don’t share your Login ID when requested via email. Ardent will never ever ask you to supply that information via email.
Text Message Scam
Financial institutions have seen a recent uptick in scammers pretending to be a trusted source asking cardholders via text and phone for personal identifying information, such as an account number, PIN, security code (CVV) or account password.
Please know that Ardent Credit Union will never text or call you asking for such personal identifying information.
If you have any questions or concerns about text messages or calls, please call us directly at 800.806.9465.
For more information on these scams, please visit the Federal Trade Commission website
Recent Data Breaches
From time-to-time personal data stored by retailers, banks and other institutions is compromised. In an effort to help you keep your data secure, we have some helpful tools, resources and tips for you.
For more information, please read official announcements from the sources of recent breaches:
Unless you have experienced fraud on your card or account, there is no need to change your card or account. However, if your information was compromised, criminals may try to gather additional data from you to carry out a fraud. Be extra diligent about not sharing information related to your card or account. For example, be suspicious of any attempts to ask you for your PIN or social security number via text or phone regardless of who the requestor claims to be.
We encourage members to take the appropriate steps to monitor their debit and credit cards and account information regularly. Additionally, we suggest you take the following actions:
- Download Ardent’s SecurLOCK Equip, a free application which allows you to set controls and alerts to manage your Ardent debit and credit cards.
- Sign up for account alerts through Ardent’s online and mobile banking to help you monitor your spending and account balance, as well as receive security alerts.
- Consider purchasing Identity Protection services through a trusted party. A few options are available through Ardent Insurance Agency. Take advantage of any free protection offered by the source of the breach.
- Visit the FTC’s site to learn more about how you can protect yourself.
If you have any concerns about activity you see on your account, please call us at 800.806.9465.