JUNE 2009

The internet is incredibly useful and an everyday part of our lives, but people
need to be aware of the possible risks than can exist, such as identify theft,
and how to protect themselves against them. At Manly Warringah Credit Union,
we want to inform our members and local communities that through education and
awareness, the online world is a safe place to transact, run a business or just enjoy themselves.

There are five simple tips to ensure you access the internet securely and with confidence, are:

• Get a better, stronger password and change it at least twice a year.
• Get security software, and update and patch it regularly.
• Stop and think before you click on links or attachments from unknown sources.
• Information is valuable. Be careful about what personal information you give away about yourself and others online.
• Logo on to www.staysmartonline.gov.au for further information.

SCAMS
Manly Warringah Credit Union has received advice of a significant increase in
the number of reports of scams targeting online banking and electronic
payment sites. To date there have been no attacks specifically against our
Internet Banking Service NetTeller.

These scams are designed to fraudulently collect some or all of the following information:

• Online banking logins and passwords
• Full banking account details such as account name/id, full name of account holder and BSB number.
• Credit Card details such as cardholder name, card number and expiry date.
• Full account and password details of other forms of electronic payment or funds transfer (e.g. PayPal, EBay)

Institutions targeted include banks, credit unions, online stores, online auction
sites and alternative electronic funds transfer sites (e.g. PayPal).

DETAILS
Attackers are constructing mimic sites to lure customers of online banking and
other forms of electronic funds transfer into accessing fake sites rather than the original.

They will often attempt to:

• Contact users by e-mail and request them to either reply to the e-mail
  with their account login details and passwords, or fill in a form that will
  send the results to a site under the attacker’s control.
• Contact the user by e-mail and request them to enter account/login
  details and password into a site that is not the real banking or
  electronic payments site of the organisation that is
  supposedly requesting this information.
  
  This fake site may resemble the original very closely in both layout and
  function. The e-mail can also be in constructed as such to present links to the
  legitimate site that are in fact pointing to a fake address.
  
  
• Establish a website that resembles the original not only in just
  appearance and function but also has a very similar domain name e.g.
  where www.yourcreditunion.com.au is the real site
  and wwww.yourcreditunion-bank.com is the fake.
• Contact users in person and asking for their account login details and
  their password.

NetTeller users risk significant financial loss if their details are stolen in this manner.

MITIGATION
We urge all NetTeller users to take note of the following policies.

1. Protect your password and account details. Users should NEVER give
out passwords or account details in response to unsolicited requests via
e-mail or other forms.
2. Users should ONLY log into the appropriate financial institutions or
other electronic payment website that has been verified as the
legitimate site for that organisation.
3. Credit Unions and other electronic payment sites (online store and
auction sites) never request account or credit card details and NEVER -
under any circumstances - request passwords via email.
4. Credit Unions and other electronic payment sites take precautions to
ensure you know you are connected to their legitimate website
5. Credit Unions and other electronic payment sites usually publish their
correct website details in advertising brochures and other media
6. The majority of Credit Unions and other electronic payment sites verify
the authenticity of their sites through the use of digital certificates
7. If the Credit Union or electronic payment site uses digital certificates, a
small padlock icon will appear on the bottom of the users browser.
Users can view the certificate of the site by clicking on the padlock icon.
The details of the certificate should then appear in a browser window
that allows users to verify the identity of, and the level of encryption
being used by the site.

Manly Warringah Credit Union's NetTeller site is owned and run by
The System Works Pty Ltd (TSW). This company hosts many Credit Union
Internet Banking sites. TSW does all maintenance and all the upgrades of our
website and NetTeller. When you click on the padlock in NetTeller, you will receive
one of three certificates that TSW hold:

1. netteller.tsw.com.au
2. netteller2.tsw.com.au
3. netteller.com.au

If there are any issues or questions you would like to discuss, please contact
us on 1300 13 1964 during business hours.