Financial Wellness

Protect Yourself and Your Accounts from Credential Stuffing

Unique usernames and passwords are crucial to online safety.

Our security teams constantly monitor cyber fraud trends and have seen an uptick in the use of credential stuffing. To better protect your personal and financial information, ensure you are using unique usernames and passwords for all of your online accounts.

What is Credential Stuffing?

When accessing an account online, you may have received a message that your account is locked due to too many login attempts. If you did not previously attempt a login, you may be a target of an unsuccessful credential stuffing attack.

In credential stuffing attacks, cybercriminals use stolen or compromised credentials to systematically attempt to access a user’s accounts. These attacks are executed through automation, enabling hackers to significantly scale their efforts and ultimately achieve higher success rates in gaining unauthorized access to a victim’s accounts across multiple platforms. These stolen or compromised credentials are usually obtained from security breaches and individuals might not be aware of the breach or those who are aware may not immediately change their passwords.

Moreover, the prevalent habit of reusing the same username or password for multiple accounts leaves many online users vulnerable to harmful and wide-reaching attacks that result in identity theft and significant financial losses.

Increased Security for Account Access

CEFCU has implemented mandatory multi-factor authentication (MFA) for account logins from unrecognized devices and other high-risk transactions. When verification is required, a one-time security code is sent via text message or voice call to the phone number associated with your accounts.

While multi-factor authentication deters fraud, it is not impermeable to potential threats. Attackers may attempt to steal your security token, intercept SMS messages, or employ tactics to deceive you into divulging authentication credentials.

CEFCU will never ask for your verification code.
Do not share MFA codes with anyone.

Protect Yourself and All Your Accounts

Avoid using the same or similar usernames and passwords for your online accounts to prevent falling victim to credential stuffing and other account hacking.

  • Set unique usernames and passwords.
  • Ensure your username and password are unique to CEFCU.
  • Avoid using your name and initial or name and year of birth as usernames.
  • Use hard-to-guess and unpredictable passwords.

Unique usernames and passwords are crucial to online safety. Learn more about how to guard against scams, fraud, and identity theft by reading more of our Scam Awareness & Cyber Security articles.