If you are reusing the same username and password for multiple apps and websites—you may be at risk of a potential cyber threat called credential stuffing.
What is credential stuffing?
Credential stuffing occurs when hackers use stolen information, such as usernames and passwords from database breaches or phishing software from one account, and attempt to gain access to another. The hackers prey on people’s habit of using the same usernames and passwords for multiple sites. Using automated tools, they run large amounts of stolen information across multiple sites looking to find the same usernames and passwords being used elsewhere. Once they find a match, they can monetize the personal and financial information they gather.
Credential stuffing attacks are on the rise and it’s important for you to know how to protect your information online.
Choose a unique username and password for your Centris accounts.
Do not be tempted to reuse a login and password from another account. Because data breaches are so common, it makes it easy for fraudsters to run automated scripts with this information to try to crack other sites. If you’re currently using a username and password you use elsewhere, consider changing it now. And even if you’re not and you notice your login and password aren’t that creative, think about making a change to something more complex. Log into Centris online or mobile banking and select Security Preferences from the Settings menu to do so.
**While no breaches have happened at Centris, attackers may try to use data from other breaches to gain access to your online banking. If you received a security alert regarding an invalid login attempt to your Centris account and it was not you, please change your username and password as soon as possible. This may indicate that a fraudster is trying to access your account.
Centris has set up secure access codes that get emailed or texted to you to help prevent against fraudsters that may have your username and/or password. Please NEVER give this code to anyone. Fraudsters will sometimes spoof Centris’ phone number so it may appear like it is a Centris representative asking for this code. We will NEVER ask you for this code.
Use complex usernames.
Members who have easy-to-guess usernames may be vulnerable with this scam. Using an email address or just your first and last names is easy for someone to guess. Let your creativity shine and make your login name a phrase only you would know, but easy enough for you to remember.
Change passwords frequently.
Even if you have complicated, hard-to-guess passwords, it is a best practice to change them regularly. This is especially important for sites where the loss would be personally and/or financially devastating.
Consider using a password manager.
We get it. With so many sites out there, how can anyone remember a fresh login and password every time? A password manager can make it easier. Just remember one login and one password and let the manager be your brain. It’s important, however, that if you use a password manager you use a complex username and password, a duo you’ve not used elsewhere.
As a reminder, Centris will NEVER contact you asking for your account number, credit or debit card number, Personal Identification Number (PIN), or online banking username or password. If someone emails or calls you asking for this information, hang up and contact the credit union immediately at 402-697-6665.