Three Programs That Protect Your Passwords

Password managers are programs that store and encrypt your passwords. With a password manager, you have to remember only one password to log in to all of the websites you use.

Here are three of the most reliable, user-friendly options:

1. LastPass. This cloud-based password manager syncs with your browser and imports saved passwords. Or simply navigate to the websites you use, and LastPass will prompt you to manually enter and save your logins. LastPass offers multifactor authentication, which adds a second login step for additional security. The free version allows you to sync your account to multiple computers. LastPass Premium costs $12 a year and adds mobile and tablet access.

2. Dashlane. Like LastPass, Dashlane imports passwords from your browser and saves them in a secure “password vault.” Dashlane can rate the strength of your existing passwords and automatically generate stronger ones. Dashlane gives you a choice between storing data locally or in the cloud. The free version covers use on one device, while the premium version is $19.99 and syncs across all devices.

3. Roboform. Roboform mimics a browser bookmark: You select your desired website from a dropdown list, and Roboform fills in your login information. It also saves form data, such as name, address, and online payment information. Like Dashlane, Roboform allows you to choose between local or cloud storage. Roboform Everywhere, which offers one license across multiple devices, costs $9.95 for the first year and $19.95 each year after that. Roboform Desktop, which offers local storage on one computer, costs a one-time $29.95. Finally, Roboform2Go costs a one-time $39.95 and allows you to store passwords on a USB drive and use with any computer.

Whichever password manager you choose, make sure your master password is as strong as possible. Your trusty password manager will take care of the rest.

Three-Digit Code Makes Shopping More Secure

Q: Recently, when I’ve made purchases over the phone, merchants have asked for the three-digit security code on the back of my credit card. Why is this?

A: This is to verify that the card definitely is in your possession. It generally follows the 16-digit card number on the back of the card. It’s information that wouldn’t be available to someone who has intercepted your card number and expiration date.

That said, make sure you know to whom you’re giving this information over the phone or on Web sites.

Con artists often are able to obtain partial information about a potential victim’s account, and then contact the person masquerading as a company representative to “verify” the account by requesting additional details such as the three-digit security code. But they might just as well ask for other pertinent details–for example, they may provide the last four digits of your account number (which typically show up on sales receipts) and request the other 12 digits to “confirm” it. Or they already may be in possession of your full account number and request the expiration date of the card, or your billing address. Any of these individual bits of information may be just what the scammer needs to “fill in the blanks” and gain full access to your account, so beware.

Keep in mind, though, that legitimate businesses or financial institutions may request your three-digit security number (known as “CVC2” by MasterCard and “CVV2” by Visa) to authenticate a transaction. Just be sure you know whom you’re talking to before giving it out.

Simple Steps Enhance Computer Privacy, Security

The significant consequences that can arise from connecting an unprotected computer to the Internet vary depending on whether a computer invader takes something, such as information that enables a thief to create a false identity, or whether the invader leaves something behind, such as a virus or program that allows the invader to return to take control of your computer for dubious purposes.

The first step to take in protecting your identity is developing an awareness of the type of information that identity thieves need to pretend to be you. Regard account numbers of any type as sensitive information. That goes beyond credit union/bank accounts to utility accounts and cell phone accounts. Hackers who sneak into your computer to “steal” your identity also are interested in any type of relationship that offers significant personal information, which can then be used to stage an impersonation.

Computer users with high-speed or broadband Internet connections carry additional risk, since hackers are drawn to their enhanced online capabilities. Fortunately, you can take simple steps to protect your home computer.

* Use antivirus software. Antivirus software identifies infected e-mail attachments and other virus carriers before they have a chance to damage your computer. Bundled software packages combine antivirus software and personal firewalls for $60 to $80.
* Regularly update antivirus software. Since new viruses emerge every day, the companies that make antivirus programs allow computer owners to subscribe to updates to catch the latest versions.
* Create strong passwords. Hackers easily can steal the information used to create common passwords such as your birthday or a pet’s name. They also have access to programs that will plug in every known word from the dictionary in an attempt to crack your passwords. Strong passwords avoid personal information, login names, or adjacent keyboard symbols. Instead, they combine numbers and letters in passwords that contain at least eight characters.
* If you have a high-speed connection, install a personal firewall. This hardware blocks hackers who attempt to locate your computer or access your files.
* Be wary of unsolicited e-mail. Viruses often are sent as attachments, and identity thieves may attempt to use e-mail to get personal information by masquerading as an Internet Service Provider (ISP) or another vendor. Always confirm the identity of the e-mail’s author before opening attachments, never send sensitive personal information to anyone using e-mail, and always verify that an e-mail request for sensitive material is genuine before sharing personal information.

Thwart ATM Skimmers

Every year sophisticated thieves steal millions of dollars from consumers by “skimming” their personal account information. Skimming, sometimes called “card cloning,” involves a thief installing a magnetic card reader, or skimmer, over the actual card reader at an ATM or gas pump.

When you swipe your card, the skimming device steals the information and transmits it to a remote computer. At the same time, a tiny, concealed camera reads your PIN as you key it in.

The camera often is in a bar the thief has affixed to the machine that looks the ATM’s trim. Criminals usually ensure their counterfeit equipment matches the machine’s color scheme. Their methods are growing more sophisticated, including keypads that fit over the machine’s real keypad, eliminating the need for the camera.

Luckily, you can take steps to avoid becoming a victim:

• Use the same ATM as often as possible. Memorize how it looks, so you will know if anything about it looks fishy.
• Inspect the ATM. If anything looks unusual—cracked, loose, scratched, or taped—don’t use it.
• Avoid ATMs in popular tourist locations, as they’re common targets. When possible, use indoor ATMs, which are harder for thieves to tamper with.
• When entering your PIN on the keypad, cover the keypad with your free hand to block the view of a spying camera.

Check your account often. If you notice unusual activity, contact us at Hopewell Federal Credit Union immediately.

Don’t Get Hooked by a Phishing Attack

If you have Internet access, you may be under attack–a phishing attack, that is. This high-tech scam involves three components:

Spoofing is creating a replica of an existing Web site.

Spamming is unsolicited, or “junk” e-mail.

Phishing is the act of using spoofing and spamming to lure unsuspecting victims, hoping to deceive you into disclosing your Social Security number, credit card and checking account numbers, passwords, or other sensitive information.

The Federal Trade Commission recommends the following tips to help you avoid getting hooked:
1. If you get a pop-up or e-mail message requesting personal or financial information, don’t reply or click on the link in the message. Legitimate companies won’t ask for this information.
2. Be cautious about opening attachments or downloading files from e-mail messages.
3. Never send personal information via e-mail. Look for a closed padlock at the bottom of your browser window, or a URL that begins with “https”–the “s” stands for secure. However, some phishers forge these security icons.
4. Review statements for accuracy as you receive them. If they’re late, call the company to confirm billing address and balance.
5. Use antivirus software and keep it up-to-date. Run a firewall, particularly if you have a broadband connection. Take advantage of free software “patches.”
6. Report suspicious activity to the FTC at, and forward suspicious messages to


Please be advised, if you recently received the text below, Hopewell Federal Credit Union DID NOT send:

HOPEWELL F.C.U. ALERT:  Your CARD starting with 5510 has been DEACTIVATED.  Please call 614-XXX-XXXX. 

Remember, DO NOT provide any information.  This is a SCAM. Hopewell Federal will NEVER request your account information via text, phone or email. 

Guidelines for Paperwork Storage

Many people struggle with knowing what paperwork to hang on to, how long to keep it, and what to shred. Follow these guidelines to help keep your files lean and organized.

Keep for less than one month
• Receipts for small purchases and ATM transactions—Keep until you reconcile against your checking account or credit card statements.

Keep short term (less than one year)
• Credit card, utility, cell phone, and other monthly statements until you’ve reviewed for accuracy.
• If you’ll need any of these bills for tax purposes (i.e., you write off part of your cell phone bill for a small business), keep them for tax documentation.
• Loan and mortgage statements—Get rid of monthly or quarterly statements when your end of year statements arrive.
• Copy of your driver’s license
• Comprehensive list of credit union and other financial institution account numbers; credit card account numbers (in case your wallet is stolen or for another emergency)
• Old insurance claims—If the claim has been paid.
• Social security statements—Shred last year’s when you receive a new one and have reviewed for accuracy.
• Pay stubs—Purge individual pay stubs once your annual W-2 form arrives and you’ve reviewed for accuracy.
• Vehicle paperwork—Keep for one year after you sell the vehicle.
• Receipts for major purchases (to use the warranty or prove value in the case of loss or damage or for items you may want to return).

Keep one year
• Hopewell Federal Credit Union checking or savings account statements. If you use Hopewell online, you might choose to not receive paper statements—account information is available 24/7 and statements are available monthly.
• Retirement plan statements: Keep quarterly statements of contributions and withdrawals for one year. Toss after matching figures with annual statement. Keep annual summaries until you retire.

Keep long term
• Tax documents to include proof of charitable contributions and tax-deductible medical expenses.
• Loan and mortgage annual statements
• Receipts and information relating to major home improvement
• If you buy or sell property, keep records of legal fees and your real estate agent’s commission for six years after you sell your house.
• Bills for major purchases

Keep indefinitely
• Birth, death, and marriage certificates
• Divorce, adoption, citizenship, military discharge, and veterans papers
• Social Security cards
• Wills and living wills
• Passports
• Diplomas
• Insurance beneficiaries
• Education records
• Immunization records
• Tax returns (1040)
• Tax forms related to retirement accounts
• Documents related to trusts or giving stock to beneficiaries
• Power of attorney
• Inheritance records
• Updated household inventory
• Proof of major debt repayment
• Legal correspondence
• Bankruptcy paperwork
• Retirement account documentation that shows contributions and withdrawals

Keep electronic data on an encrypted USB flash drive or encrypted external hard drive. You can cut down on a lot of paperwork by signing up for online statements and payments from Hopewell Federal. If you don’t have a safe deposit box, stop at Hopewell Federal Credit Union for details about this safe, affordable way to store your valuable documents.

Pitfalls for the Online Job Hunter

Today’s economy, so unrewarding for job hunters, is a boon to con artists. They have a larger and more desperate pool of potential victims than they have had in 20 years.

The Internet, awash with electronic résumés, is prime hunting ground for many job cons. Most employment services are reputable, and the Web can be a useful job search tool. But it pays to know the good guys from the bad guys and how to protect yourself from job scams, especially those online.

The worst crime employment or personnel agencies might commit is to entice you to their office with an ad for a promising but nonexistent job. Other businesses make grand promises–access to “unadvertised job opportunities” and jobs with six-figure salaries. But watch out! The bigger the bait, the higher the cost of the deception.

These firms mine the Internet for résumés and send out e-mails promising you a job-winning résumé, five qualified interviews within a week, and the job of your dreams–before the month is out. All yours for a small fee, paid up front. That can cost you from $2,000 to more than $3,000, plus additional fees for “elite” services. Unfortunately, no matter how much you pay, you might get nothing but flimsy grounds for a lawsuit.

How do you protect yourself? Say no when you hear unbelievable promises or the words, “upfront fee.” Or, make sure all verbal promises appear in the contract. Ask for references from satisfied clients. Check them out on the Internet with a search engine or at a consumer advocacy site.

Your online résumé can come in handy for other cons. A common come-on, which you also may see in your local classifieds, is the opportunity to “make thousands working from your home!” Again, to get started, you have to pay that up-front fee, for which you get either nothing or a money-losing spot in a pyramid scheme.

The most dangerous con of all is the ID attack. This time, the e-mail appears to come from an employer who has gotten your résumé off the Web and wants to interview you for a job. You may even get a detailed, and credible, description of the job; and no request for upfront money. Just complete a simple online pre-employment background check. By completing that form you give them personal information, such as your Social Security number and maybe even a credit union/bank account number. That’s all they need to take your identity and create fake credit cards, borrow money, and leave you broke–and still without a job.

How do you protect yourself? Once again, listen for extravagant promises and requests for money. When you post your résumé online, don’t include personal information such as your birth date or Social Security number, phone number, or address. Even better, use a Web site that provides you with an e-mail address, so you can make your résumé totally anonymous. Don’t agree to an online background check.