News

When Sarah received an email saying she'd failed to return a library book and would be charged a late fee unless she clicked a link to dispute it, she didn't think twice. She knew she'd returned that book weeks ago.

She clicked the link and entered her library account password—the same password she uses for her email account. And her online shopping accounts. And, unfortunately, her bank.

What Sarah didn't realize was that her library account had been compromised weeks earlier. The attackers now had access to her email, where they found bank statements. You can guess what happened next.

“Junk Account” Vulnerability

"It's how their other practices are bleeding across to create a vulnerability in their banking," explains Greg Fluckiger, VP of Information Technology at First Federal Bank. "We see our customers' personal emails get compromised quite often—it's a very regular occurrence."

The problem isn't that people don't care about their banking security, most customers wisely protect their financial accounts. But many of us don't realize how vulnerable our "junk accounts" are —the library card, the rewards program, the streaming service you barely use.

"They use it to attack you because you're gonna believe it," Greg notes. "Nobody else knows that you borrowed that book." When the email references real information—a book you actually checked out, an account you actually have—your guard drops.

How Attackers Weaponize Your Information

Cybercrime has evolved into a multi-billion dollar industry with a sophisticated supply chain. Personal information gets bought and sold on the dark web, passing through multiple hands before it's used against you.

"The sheer volume of attacks is just exponentially increased," Greg explains. "Some of them have increased tenfold."

What's changed isn't just the number of attacks—it's the efficiency. Artificial intelligence can now digest thousands of compromised accounts simultaneously, searching for anything related to banking activity.

When your email gets compromised, attackers immediately scan for bank statements, payment confirmations, or any mention of financial institutions. That information becomes ammunition for their next attack—whether it's impersonating your bank, requesting a password reset, or building enough knowledge to pass identity verification over the phone.

Breaking the Chain

"People will pull back from using technology and using the new capabilities because they're so overwhelmed or scared," Greg observes. But the solution isn't to avoid technology—it's to use it smarter.

The single most effective step: get a password manager. This creates unique, complex passwords for every account. If one account gets compromised, the breach stops there.

"We're never going to be in a situation where security is also convenient," Greg notes. "We have to be inconvenienced every time the attacks evolve." Multi-factor authentication shouldn't be optional, especially on your email and financial accounts.

Emily Cook, First Fed's Electronic Services Manager, emphasizes the importance of monitoring. "If you're not looking at your account frequently, there are time limits on reporting things," she explains. Check your accounts every few days, not just when the monthly statement arrives. Set up account alerts in online banking, and use the SecurLOCK Equip app to monitor your debit card in real time, which First Fed offers to customers for free.

Most importantly: "Never, ever, ever give out your secure access code," Emily emphasizes. "Don't share any personal information with someone if you're not 100% sure who you're talking to."

First Fed will never call you asking for passwords or verification codes. If you receive a suspicious call—even if the caller ID shows First Fed's number—hang up and call the bank directly.

"One of the competitive advantages we have as a community bank is that customers can reach us," Greg notes. "They can call us, they can get us on the phone." Use that advantage. When in doubt, call.

Your library card might seem harmless. But in the hands of sophisticated attackers, even the most innocuous account can become a gateway to your financial life. The good news? You have more control than you think, along with tools that can help.