website security
Protecting our members’ data is one of our highest priorities.


We work with you. Please report anything out of the ordinary concerning your PenFed accounts immediately.

Artificial Intelligence (AI) is Being Used to Scam You

Issues With Using Browser Password Management

Change your password regularly.
PenFed recommends this be done every 60-90 days.

Never give your passwords to anyone.
PenFed will NEVER ask for your password in an email, over the phone, in a text or any other communication method.

Do not reuse passwords.
Do not use the same password you have set for PenFed Online for any other account.




Mobile Threats Are On The Rise (PDF)

Home and Device Safety (PDF)


Do not root or jailbreak your mobile device 
to get around limitations set by your carrier or device manufacturer. It removes protections built into the device to defend against mobile threats.

  • Only download Apps from official stores such as iTunes or Google Play.
  • Avoid connecting your smart phone to an untrusted wireless network.




The activity of defrauding an online account holder of financial information by posing as a legitimate company.

The first thought that generally comes to mind when someone mentions hacking is the common media image of a dark room, a glowing computer monitor, and stacks of soda cans leaning precariously over a keyboard. Would it surprise you to find out that far more hacks are accomplished with words than technical knowledge? This is called Social Engineering, and the goal is to convince you to help the attacker do all the work for them!




How does the attacker trick you into doing this? 
They rely on four general strategies… appealing to greed, appealing to fear, appealing to authority or relying on human kindness.

Appeal to greed:
    an attacker will offer you some method to make some easy money.

Appeal to fear:
    the hacker will tell you your bank account has been hacked, or tell you your computer has been filled with malware and must be cleaned immediately.

Appeal to authority:
    a hacker will attempt to mimic someone in charge and ask you to do something because of their position.

Appeal to human kindness:
    they may send an email stating they really need your help to do “X.” It may even appear to be from someone you know.

Every one of these scenarios can occur over email, chat, text, the phone or even in person.

In all of these situations, you can avoid being a victim with a few strategies.

Take your time.
    Don’t let them force you to make a decision. Spend a few minutes asking yourself if this is a good idea.

Verify their identity.
    Verify they are who they say they are through an outside channel.

Be very careful with email attachments.
    If you were not expecting it, verify that the sender intended to send it to you.

Do not click on a link in an email.
    until you’ve hovered your mouse over it to reveal where it truly leads and it is where you expected it to go.



Memorize PINs and do not write them down.
    If you do write them down, keep them in a password manager or on paper nowhere near your credit or debit cards.

Protect your card information.
    Do not provide your information online unless you are making a purchase from a website you trust. Secure sites typically will direct you to a secure page with a URL starting with “https://.” Also, ensure the email address/link is from a reputable and known sender and always double-check for misspellings (example; Amazon vs. Annazon).

    Always secure your device with a password to protect it if it should ever be stolen. Change your passwords regularly and follow good password creation rules for all new passwords. The longer and more complex, the better!

    Update your software! Make sure your device has the latest security updates installed. Ensure that your web browser is up to date, with all the latest security patches.


Do not store credit card numbers, PINS, or passwords where others may find it.
    For electronic payments, always use trusted applications like PenFed’s mobile application or Apple Pay and Samsung Pay.

Shield your PIN.
    Whether at the ATM, the grocery store, or a gas station, remember to cover or shield the Pin pad as you key in your PIN so no wandering eyes or possible cameras can catch your personal information. When available, use contactless payment methods, such as Tap to Pay.

Beware of skimmers.
    Skimmers are small devices that are designed to fit over card slots and keypads to collect card data and card PINs. Common places for these are ATMs and gas pumps. Some are virtually impossible to spot. If the card reader is loose or you see exposed wires, do not use it. When available, use contactless payment methods, such as Tap to Pay.



Identity theft can happen even if you’ve been very careful with your personal information. Below are some potential indicators of identity theft.


  • Failing to receive bills or other mail.

  • Receiving cards or billing statements on accounts for which you did not apply.

  • Receiving calls from debt collectors or companies about merchandise or services you didn’t buy.

  • You see withdrawals from your bank account that you can’t explain.

  • Merchants refuse your checks.

  • You find unfamiliar accounts on your credit report.

  • The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.

  • You get notice that your information was compromised by a data breach at a company where you do business or have an account.