MIDFLORIDA, Your Community Credit Union.

View All Branches

Locate a Branch/ATM

Geolocate ZipCode

Information for You


Your security is important to us. We post scam alerts, safety tips and security notices so you can be on guard against similar activity that may lead to identity theft or fraud of your account.

Text Scams (“Smishing”)

Posted August 24, 2016

Many people are reporting receiving text messages telling them that their ATM or debit card has been suspended, or that there is an issue with the card that needs to be resolved. The text asks the recipient to call a number to get the card reactivated. However, this is a scam.

You may have heard of this type of scam called SMS/Text Message Phishing or “Smishing.” The scam artists that send smishing messages often impersonate a government agency, a bank, or a company to lend an impression of legitimacy. Smishing messages typically ask consumers to call or text to provide usernames and passwords, credit and debit card numbers, PINs, or other sensitive information that scammers can use to commit fraud.

MIDFLORIDA does not send text messages for card activations or reinstatements, and would never request that you send your personal information via text. If you would like to check to ensure that there are no issues with your card, please call our Help Desk directly, or call the number on the back of your card.

The best defense is to use similar safety and security practices on your cell phone as you do on your computer:

  • Be cautious of text messages from unknown senders, as well as unusual text messages from senders you do know
  • Keep your security software and applications up to date
  • Don’t click links texted to you from unknown sources
  • Do NOT call or send a text message to a phone number that is texted to you from an unknown number.

If you have provided your information via text or are concerned about the security of your debit or credit card, be sure to report it to MIDFLORIDA right away.

Android Malware Warning

Posted December 16, 2015

As you’re aware, MIDFLORIDA will never ask you to provide your personal information, such as your phone number, or take you to an unofficial third party site to download an app. Even so, there are scammers out there who would try to convince you that a trusted site needs your personal information.

Recently, a trojan malware concern has surfaced for Android devices. At this time, Apple devices are not affected, but this type of threat isn’t new.

Here are a few warning signs to look out for:

  • If while using an Android app, you are asked to download a RSA SecurID app, do not do so using the link that you clicked on. Any updates to your apps should be done using Google Play, the official site for Android apps. Any app that is downloaded from a site other than the Google Play store is a clear indicator that the app is not authentic.
  • If you receive a prompt to enter the phone number of your Android mobile device, do not provide your number. If you do accidentally provide your number and receive a text message with a link, do not click on it or follow the prompts.

Here’s how to minimize your chance of becoming a victim:

  • Never download a mobile app or mobile app update from any site other than the device platform’s official store (e.g., Google Play, Apple App Store, etc.).
  • Be wary of social engineering-based attacks. In this case, the malware prompts the end-user for a mobile device phone number; information that MIDFLORIDA probably already has.
  • Keep your anti-virus/anti-malware software up to date.
  • Do not access your banking or other types of secure sites using public/free wi-fi. Learn more.
  • Do not click on emails from unfamiliar people, or on links that are texted to you from an unknown source.

If you do find that the security of your account has been compromised, please be sure to report it to MIDFLORIDA right away.

Farcing (Using social media for identity theft)

Posted August 20, 2015
Scammers are taking advantage of social media to find victims for identity theft.

How it happens:

  • A person receives a friend request from someone who appears to share mutual friends, followers, or connections, but they are actually a scammer.
  • If the person accepts the friend/follower request, the scammer searches the person’s profile to get as much information as possible (ex. hometown, schools attended, employers, siblings, etc.)
  • The scammer may also contact the person directly to ask more questions about them, based on the information they’ve already posted.
  • The scammer will also send friend requests to the person’s friends, and then their friends, and so on.

Take these steps to protect your identity:

  • Use the privacy settings on social media websites to manage who can access your profile.
  • If you get a friend request from someone you don’t know, do NOT accept it. If you get repeated requests from the same unknown source, report it to the social media site.
  • Never share personal details about yourself via social media, even in the direct message feature, and especially not with someone you’re only vaguely acquainted with.
  • If you find that your social media profile has been compromised, report it to the site immediately.
  • Change your passwords regularly, and enable password-protected locking features on your mobile devices.

Learn more about avoiding Internet scams.

Beware – Website Scam

Some customers have reported receiving an email or pop-up message while on MIDFLORIDA.com notifying them of a security breach and that their personal information has been compromised by a third party vendor. The notice goes on to say that you can get a free credit report by providing your credit card information. This is false and is a phishing scam and has been reported from multiple financial institutions. If you receive this email or pop-up, do not click on any of the links and report the scam to phishing@midflorida.com.

To minimize future attempts to defraud you online, it is advised that your computer have anti-virus and anti-spyware software installed and that updates to those programs be done diligently. And remember, MIDFLORIDA would never ask you to give personal account information without having you sign into a secure site.

Sample of Website Scam – January 7, 2013

View Other Scam Alerts

If you receive a suspicious email or discover a suspicious activity, please email Risk Management.

Safety Tips

Secure your mobile devices

  1. Lock your device with a personal identification number (PIN) or password
    This is how you can prevent unauthorized access. Also, configure your device to automatically lock after a certain period of time. Even after your device is password-protected, never leave it unattended in public—lost and stolen devices continue to be the number-one threat to mobile users.
  2. Only install applications (apps) from trusted sources
    • Shop at reputable app stores—Before downloading an app, research the app and its publishers. If you are an Android user, avoid installing non-market applications by de-selecting the “unknown sources” option in your device’s Applications Settings menu.
    • Check other users’ reviews and ratings to see if an application is safe.
    • Read the app’s privacy policy—Check to see how much of your data the app accesses and if it will share your information with third parties, if there is a privacy policy. For example, if a game application requests access to your address book, you should ask yourself why it would need that access. If you are at all suspicious or uncomfortable, don’t download the app.
  3. Keep your system updated
    Download software updates for your mobile device’s operating system when prompted. This way, you’ll always have the latest security updates and ensure that your device is always performing at an optimal level.
  4. Back up your data
    It is relatively easy to do, and many smartphones and tablets have the capability to backup data wirelessly, so you can quickly restore the information on your phone if the data is lost or accidentally deleted. And, if you lose your device, you will still be able to retrieve your information.
  5. Configure Bluetooth securely
    Many cell phone Bluetooth hands-free earpieces have a default pin of 0000. A hacker with a Bluetooth antenna can connect to your earpiece and eavesdrop on everything that you are saying. In fact, they can even transmit to it.
  6. Have control of your phone if it is ever lost
    Run an application that can be used to remotely lock, wipe the data, or disable your phone if it becomes lost, stolen or compromised.
  7. Avoid keeping sensitive data on mobile devices
    Phones and tablets are much easier for a thief to acquire than desktops, and even laptops. If your device is stolen, all of the information you have saved on that device is now in someone else’s hands. Pictures and personal e-mails may be okay to save on your device, but financial records, personal information, important passwords, or sensitive e-mail messages are not.
  8. Don’t jailbreak or enable root access on your phone
    So much of a phone’s security is tied to code signing and software sandboxing that jailbreaking a phone—removing the digital-rights management that locks it to a certain carrier—means significantly weakening the security of the device.
  9. On public Wi-Fi, limit email, social networking and online shopping/banking
    Be careful what you do on public Wi-Fi networks, and in particular, use extra caution when shopping and mobile banking unless you’re confident you have a secure connection.

Back to the top

Create and use strong passwords

Creating passwords that are comprised of numerals and letters can help keep your password from being easily discovered. Choose a lengthy password that is difficult to guess by writing a sentence that you can easily remember. Then pick up the first letter of each word. For example: “Indiana Jones and the Temple of Doom released in 1984” could be IJatToDri84. This method allows you to come up with an easy-to-remember password that is hard to crack, and you avoid the need to write it down in order to remember it.

To avoid an easy-to-guess password, follow these tips:

  • Avoid using personal information such as your name, phone number, birthday, social security number, driver’s license number or similar information of family members.
  • Avoid common dictionary words in any language
  • Avoid sequential or repeated numbers or letters (12345, 888888, abcde)

Using these obvious passwords, even if you spell them backwards or add numbers to the beginning or end, will make it easy for a criminal to crack your password and steal your account information.

Your passwords are just as important as the information they protect. Don’t share your password with anyone and never provide your password over email or in response to an email request. If you must write your password down, keep it in a safe place. Use more than one password for different sites and change your password regularly.

Back to the top

Phishing – Just a pastime?

When you hear the word “phishing”, it sounds just like “fishing” but it’s anything but a relaxing pastime. Phishing has become a new way for thieves to fraud you of your account information and identity. Phishing usually entails an email that involves an account problem along with a doctored version of a legitimate business’s web site. This combination has often lured people into replying with personal information such as account numbers, passwords and user names. Once the thieves have your information they can access accounts or potentially use the information to steal your identity. Although the phisher-men are coming up with new ways to accomplish their fraud every day, the best way to protect yourself is to never give out personal information, especially debit card or credit card information or account numbers, by email or phone if you have not initiated the request. Should you receive a call or email like the ones outlined above, you should contact your local authorities immediately.

Back to the top

Vishing – a telephony problem…

Vishing mimics phishing by trying to trap you into revealing your account numbers. But instead of being asked to click on a link, you’re asked to call a telephone number. The number may appear to be local or even toll-free. Some “vishers” use random dialer programs to “cold call” victims. When the victim calls, they reach an automated system prompting them to enter their account details and credit card information for “security verification” purposes, which is then digitally transcribed onto the scammer’s computer. Once the information is gathered, it can be used to drain your account, max out your credit card or steal your identity.

New technology has enabled cheap and anonymous Internet calling making it more difficult to tell phish and vish from actual attempts to contact customers. Always be suspicious if someone contacts you and asks for your account information.

MIDFLORIDA will never contact you and ask for your account information. On occasion, if our card processor notices some transactions on your debit card or credit card that seem questionable, they will contact you to confirm the transactions are valid. In this instance, you will given a case number to refer to the incident. They will already have your card number on file and will not need to request that information from you.

If you receive a phone call asking you to enter your account number or card number, hang up and call the customer service number on the back of your credit card or account card. If there truly is a problem on your account, they will know about it. If you feel you have been a victim of vishing, contact your financial institution or credit card company immediately.

Back to the top

Keep your personal information personal…

Don’t share your driver’s license number, social security number or account numbers over the phone, by mail or e-mail unless you have made a request to a company. Destroy receipts that have personal information listed on them. Your trash can be invaluable to someone interested in stealing your identity. Keep personal information in a safe place and shred documents with personal information on them when you are ready to dispose of your files.

Back to the top

Protect Your Information…

Create unique PIN numbers and passwords that aren’t comprised of information that a would-be fraud could locate such as your mother’s maiden name, your birth date, your phone number or a part of your social security number. Never give anyone your PIN or password by email or by phone unless you have initiated the request. Carry only identifying information routinely used like a credit card, your checkbook and your driver’s license with you. Carrying social security cards, voter registrations, etc. make it easier to set up faulty accounts should your wallet or purse be lost or stolen. Guard your mail to make sure all letters and statements are picked up promptly from your mailbox and that your outgoing mail is picked up by the Post Office. If you are mailing bills and cannot be home to ensure the postman picks up the mail, consider dropping it in a collection box instead.

Back to the top

What does anti-virus/anti-spyware software do?

Anti-virus and anti-spyware software scans files and/or your computer’s memory looking for potentially harmful files. Both viruses and spyware leave behind signatures, or fingerprints, and if found, the software will either ask you how to handle them or remove them automatically. New viruses and spyware are continually being released, so it is important that you update your anti-virus and anti-spyware programs constantly.

Once you have installed an anti-virus/anti-spyware package, you should scan your entire computer periodically. Some programs will allow you to set an automatic scan to perform every so often, for example every 2-3 days. It is also a good idea to manually scan files you receive from an outside source before opening them, such as email attachments, web downloads and CDs.

Back to the top

Which anti-virus/anti-spyware software should you use?

Installing any anti-virus/anti-spyware software increases your level of protection. Most anti-virus software offers excellent performance and blocks and/or removes nearly every virus it’s supposed to protect against. However, with anti-spyware software, some people recommend installing more than one application, with the strategy being one program will catch what another program misses. Be careful of email messages claiming to include anti-virus software. The attachment could be a virus itself hoping to trick you into opening it and infecting your computer.

Back to the top

What is a Firewall?

Firewalls provide protection against outside attackers by filtering the information coming through your computer’s internet connection, therefore preventing outsiders from accessing your computer. Basically, it blocks needless or malicious data, while allowing any necessary information to come through.

Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

Hardware – Typically called network firewalls, this type of firewall is built into an external device located in between your computer and your internet connection (cable or DSL modem). For those who have multiple computers on a network, hardware-based firewalls are particularly useful.

Software – A software firewall is a program on your computer that monitors all internet traffic. Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. When loading a software firewall onto your computer, it’s best to install from a CD, DVD, or floppy disk rather than from the Internet. The risks associated with downloading software from the Internet are too dangerous.

Back to the top

Know what’s going on with your accounts…

Watch your account information, and know your billing cycles. Leaving statements unopened can mean a fraud can go undetected for several months. If you notice that you have not received a credit card bill, call your credit card company to verify the statement has been sent and the address on file. Often, a change in address is the first means of stealing someone’s identity. Review copies of your credit report to verify that there is no suspicious activity on your accounts or against your name.

  • Equifax 800-685-1111
  • Experian 888-397-3742
  • Trans Union 800-888-4213

Back to the top

Log offline when you are done…

If there isn’t a good reason to remain online, disconnect from the network so you don’t leave yourself open to hackers.

Back to the top

Beware of strangers – online.

Although you may miss a funny e-mail or perhaps a message or two, it is best when reading e-mail to be selective about the e-mails you choose to open. If a stranger came to your door, you’d probably be apprehensive about opening it. It’s the same with e-mail. If you don’t recognize who the e-mail is from, it’s probably in your best interest to delete it.

Back to the top

What is Pharming?

While you may be familiar with phishing, pharming is actually one of the newest forms of Internet fraud and identity theft. Pharming is domain spoofing which means you can be redirected without realizing it to a Web page that looks like the page you were intending to reach. In reality the site is duped and intended for fraud, and you should be wary when traveling to sites, especially for shopping. Shopping sites with the VeriSign network offer an additional layer of authentication and can be more trusted than others.

Back to the top

Take the long way home

When you receive a special online offer, remember to type in the URL instead of clicking on a provided link. While this doesn’t prevent you from being sent to a malicious site, it can minimize your risk. Some malicious sites use similar characters in their URL that you might not notice if you were just clicking on a link.

Back to the top