A credential stuffing attack can happen when usernames and passwords are leaked in data breaches, often at online retailers. The username and passwords can be sold to fraudsters who use BOTS to try the username and password combination across hundreds, if not thousands, of websites in an attempt to gain access to online retailers and financial institutions.
How you can protect yourself
When one password is used across multiple accounts, it’s easier for fraudsters to gain access to your accounts and personal information. The best way to protect yourself from this type of fraud is to use a separate and unique password for every website. Passwords also should be updated every 60-90 days at least, if not more frequently, to keep you protected.
How to create a secure password:
- Avoid using “password”, your name, your pet’s name, or other easy to find information as your password
- Make your password as long as possible. Acronyms can help you remember them. For example, TF!iFWP3nn could mean “TruMark Financial is in Fort Washington, Pennsylvania”.
- Use numbers, punctuation, and special characters
- Keep it confidential. Do not share your password with anyone or write it down. Don’t allow your internet browser to remember your password
Creating a strong password for online banking and other accounts is key to keeping your information safe and private online.
How we protect members
TruMark Financial utilizes multifactor authentication when an attempt is made to log into your account via online banking/mobile app from a new device or location. If you suspect there may be fraud on your account you should contact TruMark Financial immediately at 1-877-TRUMARK.
For additional fraud details and ways to prevent fraud from happening to you, click here.