Stockholmscu Online Security Center

Protecting your personal information and ensuring your account information is secure is a top priority at Stockholmscu National Bank. We are committed to helping you recognize fraud and learn how to protect yourself.

REMEMBER: Stockholmscu National Bank will NEVER ask you to provide or verify account or login information by email, phone or text message. This includes account numbers, user IDs, passwords, and debit or credit card information.

Familiarize yourself with the following information to find out how we protect you and how you can protect yourself by identifying, preventing and reporting fraudulent activity.

How We Protect You

Your data and your online banking experience should be safe and secure. Stockholmscu National Bank uses the latest in technology to provide a secure online banking environment.

The Stockholmscu Online Banking Services uses industry-standard technology, including password-controlled entry, data encryption using 128-bit Secure Sockets Layer (SSL) protocol, and firewalls and filtering routers. Each security component acts as a layer of protection to safeguard sensitive data from unauthorized users.

Password-Controlled Access

A private user ID and password is required to log into our Online Banking Services.

  • You are required to change this password during your first online banking session.

  • You must set security questions and answers during enrollment, providing an extra layer of security.

  • You should keep your password and user ID absolutely private.

  • You are responsible for the safekeeping of your password and you agree not to disclose or otherwise make the password available to anyone who is not authorized to sign on your accounts.

  • If you log in to an online banking session and then leave your computer, our system will log you out automatically after 20 minutes of inactivity.

  • If your password is changed, an automated security alert is sent to your email address on file.

Automated Security Alerts

An automated security alert is sent to you anytime one of the following events occur on your Online Banking Services profile.

  • Changed password

  • Changed email address

  • Changed physical address

  • Created a new payee

Data Encryption

Once you have logged in correctly, you will enter a secure environment in which you can conduct your transactions safely.

  • Information you provide while logged into Online Banking is encrypted, meaning your account information is scrambled as it moves between your computer and Stockholmscu's computer systems. This makes information nearly impossible for anyone other than Stockholmscu National Bank to read it. Any information Stockholmscu National Bank provides to you is also encrypted.

  • Stockholmscu National Bank uses SSL, the leading security protocol, to encrypt data that travels between the bank and customer. Click here to see how SSL works.

Firewalls and Filtering Routers

Stockholmscu is protected by a series of firewalls and filtering routers which verify the source and destination of the requests traveling in information packets.

  • A firewall is set up to reject any unauthorized traffic. Firewalls allow legitimate data through when necessary, closing entry to Stockholmscu National Bank systems as soon as the transaction is complete.

  • A router keeps out traffic that does not come from one of the only two legitimate ends of a secured transaction: the customer or the bank.

The above security measures keep your transactions safe and secure over the Internet while using Stockholmscu Online Banking Services.

Online Security Tips

At Stockholmscu National Bank, keeping your sensitive information both private and accessible is our priority. Following are a few tips on how you can protect yourself from online fraud and keep your data safe and secure.

  • If you receive an email that warns you that an account of yours will be shut down unless you confirm your account information, DO NOT REPLY OR CLICK ON A LINK IN THE EMAIL.

    • Instead, contact the company cited in the email using a telephone number or web site address you know to be genuine.

  • Avoid sending personal and/or financial information in an email.
    • Before submitting financial information through a Web site, look for the padlock icon on the browser's status bar.

    • The padlock signals that your information is being transmitted over a secure connection. Double-click the padlock icon for verification of the Web site you are using.

  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.

    • If your statement is late by more than a week, call your credit card company or bank to confirm your billing address and account balances.

  • If using online banking services, keep your login credentials confidential.

    • User names, passwords or security questions/answers should not be given out nor written down. It is a good idea to change your password every 45 days or so.

  • If using Stockholmscu Online Banking Services, be sure to check your daily/weekly email notification.

    • This notification can alert you to suspicious activity long before your monthly statement is issued.

  • Install virus protection software on your computers and run full system scans often.

    • Be sure you have the most up-to-date version of your virus protection software installed!

REMEMBER - Stockholmscu National Bank does not send out unsolicited emails that require you to provide or divulge any account information. If you are in question about any email you receive from Stockholmscu National Bank, please contact your Personal Banker or local branch. You may also email us at: Do not send any personal information in an email (such as account numbers, etc.) as email is not a secure form of communication.

Visit one of the following sites for more information on ways to avoid email scams, and how to deal with deceptive spam.

If You are a Victim of Online Fraud

If you suspect you are a victim of an attack (phishing, vishing, text message, etc.), take the following actions immediately.

If you clicked on a link within a suspicious email:

  • Log into Online Banking
  • Change your online User ID
  • Change your online password
  • Change your security questions
  • Close accounts if any account information was communicated

Be sure to report the suspected fraud to the bank and the proper authorities immediately by following the steps found at Reporting Fraud.

Reporting Fraud

If you receive a suspicious email that says it’s from Stockholmscu, forward the entire email to Do not click any links or act on any instructions in the email.

If you suspect your personal information has been compromised, or you may have inadvertently compromised your Stockholmscu account, contact Customer Care immediately at 1-877-968-7962.

Be sure to take immediate action to protect yourself by following the steps found on If You are a Victim of Online Fraud.

In addition, contact the following three major credit bureaus to place a fraud alert on your credit file:

You can get three (3) credit reports free each year from the nationwide reporting agencies: one each from Equifax, Experian and TransUnion.

Any suspicious phishing email should be forwarded to:

Types of Fraud

The Internet gives you easy access to information, allowing you to perform many functions from the privacy of your own computer. Unfortunately it can also leave you vulnerable to online fraud. Online criminals continue to become more sophisticated in their scams to steal information from you. Learn more about the different types of online fraud in order to better protect yourself from falling victim to this type of criminal activity. Following are some of the most well-known types of online fraud. The more you know, the better you can keep your computer and your private information secure.


Phishing is the most common online fraud. Consumers are randomly targeted by criminals sending out mass emails usually containing an urgent message regarding account status, with instructions to click a link within the email directing them to a fraudulent website. Once the consumer clicks the link, he/she is exposed to the threat of having personal information stolen, including bank account information, user IDs and passwords, and social security numbers.

Remember, Stockholmscu will never send out an email requesting personal information from customers! Regardless of how legitimate an email or website may appear, NEVER respond to any email that instructs you to provide ANY personal information.


Vishing is the latest variation of the phishing scam. Vishing (a combination of the words "voice" and "phishing") often involves an automated recording made to a victim, alerting the consumer that their credit or debit card, or bank account has had fraudulent or unusual activity, followed by instructions to call a phone number immediately. When the victim calls this phone number, it is typically answered by automated instructions to enter credit or debit card information, bank account information or other private information such as PIN, date of birth, social security number, etc. Once the consumer enters this information, the criminal (visher) has the information necessary to make fraudulent use of the credit or debit card, or access to bank accounts.

Vishing is very difficult to monitor or trace. The vishing phone number can show up on caller ID as the name of the financial institution they are pretending to represent. Be highly suspicious of ANY message directing you to call and provide credit, debit or bank account information. Contact your bank or credit card company directly to verify the validity of the message.


Malware (a combination of the words "malicious" and "software") is software that criminals use to access your computer without your consent or knowledge. Malware includes computer viruses, worms, trojan horses and spyware. Once malware is on your computer, criminals can use it to steal information, send spam, and commit fraud, as well as inflict damage to your computer system and software.

For more information about malware, including how to identify it and steps to take if you suspect malware is on your computer, visit OnGuard Online Malware Quick Facts .

Foreign Country Email Scam

This email scam supposedly originated from Nigerian "officials" who needed your help getting their money which was tied up due to strife in their country. This scam is no longer limited to emails from Nigeria, but are commonly received from people in countries around the world sending you offers to transfer potentially thousands of dollars into your bank account if you will simply pay a fee to help them access their money. Typically these emails are followed by additional emails requesting you send more money to cover transactions and transfer costs, attorney's fees, blank letterhead, and most seriously, your bank account numbers.

If you receive an email from someone in a foreign country claiming to need your help getting money out of another country DO NOT RESPOND!

Cross-Border Scams

This type of criminal activity uses the Internet to steal through foreign lottery offers, money offers and check overpayment schemes. These solicitations are phony and illegal. Be aware that foreign solicitations such as these are from crooks trying to steal your money, or commit identity theft, and you should NOT respond to them.

For more information regarding cross-border scams, including how to identify them and steps to take if you suspect you have received or responded to one, visit OnGuard Online Avoiding Online Scams .

FDIC Special Alert

Suspicious Telephone Calls Claiming to Be From the FDIC

Suspicious telephone calls claiming to be from FDIC employees are being reported. These calls appear to be illegal schemes to steal money or collect sensitive personal information, such as bank account numbers.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of suspicious telephone calls where the caller claims to represent the FDIC and is calling regarding the collection of an outstanding debt.

To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number, and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to "avoid a lawsuit and possible arrest." In some instances, the caller is said to sound aggressive and threatening.

These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.

If a caller demonstrates that he or she has the recipient's sensitive personal information, such as Social Security number, date of birth, and bank account numbers, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a "fraud alert" on his or her credit reports. This can be done by contacting one of the three consumer reporting companies listed below. Only one of the three companies needs to be contacted. That company is required to contact the other two, which will place an alert on their versions of the report.

  • TransUnion: 1-800-680-7289; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, California 92834-6790
  • Equifax: 1-800-525-6285; P.O. Box 740241, Atlanta, Georgia 30374-0241
  • Experian: 1-888-EXPERIAN (397-3742); ; P.O. Box 9554, Allen, Texas 75013

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to . Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at .

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at . To learn how to automatically receive FDIC Special Alerts through e-mail, please visit .

Sandra L. Thompson
Division of Supervision and Consumer Protection

Distribution: All FDIC-Insured Institutions

Fraudulent Email Examples

The following are examples of phishing emails received by customers. Keep the following in mind while reviewing these emails:

  • Stockholmscu National Bank will NEVER ask you to provide personal account or login information by email, phone or text message. This includes account numbers, user IDs, passwords, and debit or credit card information.
  • These are fraudulent emails and should NOT be responded to.
  • NEVER click on an embedded link as requested in these emails.
  • Criminals are getting more sophisticated in creating phishing emails and fraudulent websites (spoof websites). Notice in the examples below that the logos appear to be legitimate Stockholmscu logos. Do not be fooled by what appears to be a real logo. If an email urges you to click a link to provide information, activate a profile, or verify information, DO NOT RESPOND. This is a sign that you have received a phishing email.

Your Privacy Rights

Anti-virus Software

Software that protects computers from viruses and other malicious software/code, including those that can destroy data, steal private information, and affect computer performance.


The program that serves as your front end to the World Wide Web on the Internet. Microsoft Internet Explorer, Netscape Navigator and Mozilla Firefox are three popular browsers. When a site says, "best viewed by Netscape Navigator", "best viewed by Internet Explorer," or "best viewed by Mozilla Firefox," it means that the pages were programmed for that particular browser. Using other browsers may ignore some of the page's fancy features until a subsequent release supports them.


In computing, a cookie is a small text file stored on a user's computer by a web browser. Cookies can consist of information such as user preferences, shopping cart contents, identifiers for server-based sessions, or other data used by websites.


The scrambling of data into a secret code that can be read only by software set to decode the information.


A method to prevent unauthorized Internet users from accessing private computers or networks, utilizing software and/or hardware to examine messages and blocking those that do not meet a specified set of security criteria.

It can be implemented in a single router that filters out unwanted packets, or it may use a combination of technologies in routers and hosts. Firewalls are widely used to give users access to the Internet in a secure fashion as well as to separate a company's public Web server from its internal network. They are also used to keep internal network segments secure.

Following are the types of techniques used individually or in combination to provide firewall protection:

  • Packet Filter - Blocks traffic based on IP address and/or port numbers. Also known as a "screening router."
  • Proxy Server - Serves as a relay between two networks, breaking the connection between the two. Also typically caches Web pages.
  • Network Address Translation (NAT) - Hides the IP addresses of client stations in an internal network by presenting one IP address to the outside world. Performs the translation back and forth.
  • Stateful Inspection - Tracks the transaction in order to verify that the destination of an inbound packet matches the source of a previous outbound request. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth.

Identity Theft

Fraud that involves a criminal stealing another's personal information in order to steal money, open new credit or debit cards, and commit other crimes using the stolen identity.


Keystroke logging, or Keylogging, is a special type of virus that can capture keystrokes such as login IDs, passwords and security answers. Keylogging viruses are typically downloaded via a fraudulent email containing an attachment.


A fraudulent process of attempting to acquire private information such as usernames, passwords and account numbers by impersonating a trustworthy entity and sending out mass email communications. Emails typically contain an urgent message requesting recipients to click a link within the email which directs them to a fake website to enter personal information in order to verify credentials, activate an account or respond to a possible breach in the recipient's security.


A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another. Based on routing tables and routing protocols, routers read the network address in each transmitted frame and make a decision on how to send it based on the most expedient route (traffic load, line costs, speed, bad lines, etc.).

SSL/ Secure Sockets Layer

The leading security protocol on the Internet.

When an SSL session is started, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session. Developed by Netscape, SSL has been merged with other protocols and authentication methods by the IETF into a new protocol known as Transport Layer Security (TLS).

Click here for more online security terms and definitions.

Stockholms Credit Union

Messages go here

Close This Window