ONLINE ACCOUNT SECURITY

Your online security is important to us. We take several precautions to ensure your information is secure. To access our secure area, you must enter your Logon ID and Security Code. As a security precaution, we store your Security Code in our database in an encrypted format that even we cannot decode. If you don't share your Logon ID and Security Code with anyone, no one will be able to access your information. When you are logged in, we use:

• Secure Sockets Layer (SSL) protocol to ensure that your connection and any information transmitted is protected.
• 128-bit encryption to make your information unreadable as it passes over the Internet.
• Automatic time out that occurs if you are inactive in the secure area of our site for more than 10 minutes.

If your browser doesn't support SSL or 128-bit encryption, you will need to upgrade your browser. While we continue to evaluate and implement the latest improvements in Internet security technology, users of the system also have responsibility for the security of their information and should always follow the recommendations listed below:

• Site best viewed with recent versions of Internet Explorer, Firefox and Safari.
• Your Security Code must be kept confidential. For maximum security, use the full available length of your alphanumeric Security Code (always use at least 8 digits) and change it frequently to ensure that the information cannot be guessed or used by others.
• Be sure others are not watching you enter information on the keyboard when using the system.
• Never leave your computer unattended while logged on to the system. Others may approach your computer and gain access to your account information if you walk away.
• Exit the system when you are finished to properly end your session. Once a session has ended, no further transactions can be processed until you log on to the system again.
• Close your browser when you are finished, so that others cannot view any account information displayed on your computer.
• Keep your computer free of viruses. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing the system.

When you follow these simple security measures, your financial activities will be completely secure. We look forward to serving your needs both today and into the future - securely!

KEEP YOUR INFORMATION SAFE

Computer viruses can expose security holes in your computer's operating system and even allow outside sources to access information that you have stored on your computer, including settings and personal information. Updates are regularly created to protect your computer from the new viruses that are created every day. It is important that these updates are installed regularly to keep your computer protected. Consider the following tips to help protect your computer from viruses and spyware:

• Install anti-virus, anti-spyware, and firewall protection software. Some operating systems, such as Windows XP, provide built-in firewall support.
• Check for updates for your software frequently. Enable automatic updates for your operating system and protection software whenever possible to ensure that your software is updated as the updates are released.
• Don't open email attachments if you don't know what they are. Viruses can send an email that appears to be from a trusted contact when it actually contains a virus meant to compromise your computer.
• Password-protect documents that contain sensitive information, such as account numbers, passwords, and card numbers.

Some computer virus scanning software won't detect some types of malware that can infiltrate your system. Be sure to use malware scanning software in addition to virus software to further protect your computer and personal information.

PHISHING

Fraudulent emails or phone calls known as phishing scams pose as your financial institution or other trusted businesses (such as the National Credit Union Administration – NCUA, for example) in order to obtain your personal and financial information. Phishing is a particularly devious scam because it attempts to exploit the relationship of trust that you have with those businesses.

HOW DID THE “PHISHER” GET MY EMAIL ADDRESS?

The email addresses used could have been gathered from publicly available places such as work or school directories. However, many individuals who receive phishing emails may not be associated with the financial institution indicated. The individuals behind the Phishing incident are just hoping to find a match of our members in the email database that they have created.

The best way to fight phishing is to stay informed. Help protect yourself from online fraud. Learn how to spot and report fraudulent emails, how to recognize a secure website, and what to do if you are a victim of fraud. The National Credit Union Administration (NCUA) provides information on various frauds and scams at www.mycreditunion.gov under the “Protect Your Finances” section.

WHAT TO DO IF YOU ARE A VICTIM

If you have provided information via a website or phone number, it is important to contact your financial institution or trusted business immediately to minimize possible damage to your finances and credit history.

Contact GraCo Federal Credit Union at 989-463-1247 or toll free at 866-463-1247.

Often fraud does not directly affect your personal financial institution records but may appear on your credit report. Thieves can use your information to open new accounts in your name. Order a free copy of your credit report annually at www.annualcreditreport.com to determine if any fraudulent activity appears.

REPORT PHISHING EMAILS

If you have received a fraudulent email, report it immediately to the financial institution or business that it appears to originate from to verify that the email you received is fraudulent. Do not use any contact information from the email to report the email to your financial institution or business.

• Do not provide any of your personal or financial information. Thieves will not be able to compromise your account if you do not provide the requested information.
• Contact the financial institution or business that the email appears to be from using a phone number or secure email that you know is valid.
• Please forward any suspicious emails that appear to be from GraCo Federal Credit Union to us at memberservice@gracofcu.com. GraCo FCU will contact you about the validity of the email.

SPOTTING A FRAUDULENT EMAIL

Look for the following signs to detect a fraudulent email:

• An urgent or threatening tone in the language of the email. There may be threats to close or freeze your account if you do not comply with the email’s request.
• Unusual wordings or misspellings.
• Requests for personal information such as account numbers, card numbers, user names, social security number, or passwords. GraCo FCU will never request personal or financial information from you in an email.
• False links to non-secure websites.