You may have received email notifications about failed Online Banking login attempts. If you have not attempted to access your account online, this may be due to Credential Attacks. We would like to provide information about the nature of these attacks, assure you that your accounts are safe, and let you know what you can do to reduce risk of breaches to online banking, shopping and other accounts holding personal identifying information.
Why do I keep getting notifications of failed log in attempts?
This tactic, also called Credential Stuffing, is used against consumers, financial institutions, creditors, and even email accounts. Bad guys run programs against online platforms hoping to gain access to at least one correct user id and password combination.
What has happened to my account?
Your Generations FCU account has not been hacked, and your account has not been breached. GFCU’s data has not been compromised.
Unauthorized third parties have attempted to access your online banking account in a practice called Credential Stuffing.
Credential Stuffing is an illegal practice where bad guys attempt to use User IDs, Passwords and other information, often gained from data breaches of other vendors and sold on the dark web, or software, to attempt to login to your accounts.
What is Generations doing to stop this from happening?
Our mobile and online banking system security continues to effectively protect your accounts.
This emails you have received are designed to notify you of unsuccessful login attempts.
What can I do to decrease the chances of my account being breached?
Do not use the same or similar User ID and Password for multiple accounts. Credential Stuffing bots are able to attempt millions of combinations of stolen credentials daily. Using completely separate User ID and Password combinations will decrease their chances of breaching your account.
- Monitor your account activity daily with online banking.
- Do not log into your account from shared devices. Do not log into your account from unsecured or shared wi-fi connections.
- Change your UserIDs and Passwords if you use the same combination for multiple accounts (including non-financial accounts). Create unique complex User ID and Password using the following characters: uppercase letters, lowercase letters, numbers and/or special characters.
- If you have a MyAdvantage Checking Account, enroll in the included Identify Theft Protection and Credit Monitoring and setup alerts.
When did this start?
An increase in Credential Stuffing activity has been seen across the country since the end of 2019. Attacks on financial institutions stepped up at the beginning of 2020.
Generations FCU does not have an exact reason for this, but hackers often take advantage of consumer distraction. In this case the COVID-19 pandemic, or the holiday season, may lead consumers to be less vigilant with their financial accounts.
Where does Credential Stuffing come from? Who are the fraudsters?
This activity is happening globally on a daily basis. Some originates in the US, and some in other countries.
Fraudsters use sophisticated tactics to avoid detection and are difficult to identify.