Welcome to First Federal's Security Page where you can find information about protecting your privacy, preventing fraud and learn about recent scams.


First Federal’s Commitment to You, Our Customer:

  • First Federal will notify customers of fraud or company breaches.
  • Please be assured that our Customers are protected from any loss related to debit card fraud by Regulation E.  This Regulation provides 100% protection and zero liability to customers for any unauthorized transactions in events such as these. 
  • We continue to monitor accounts for unusual activity and will alert you of any suspicious activity. 
  • There has been some discussion in the media regarding the safety of using your card as “credit” versus “debit”. However, when card data is breached, there is no difference.
  • We will periodically update this site as additional information becomes available. Your safety and peace of mind is important to us.
  • We encourage you to review the recommendations below. We have also provided a link to our security tips for good advice on how to keep your information safe and secure.

FIRST FEDERAL recommends the following to help keep your information safe:

1)     Watch your account closely for any suspicious activity. If you see any transactions that are fraudulent, please call us at 360/417-3204. If you have online banking, you have the ability to check your account when you are able to and as often as you would like.
2)     You can set up balance alerts to receive notification of any unexpected changes in your account.
3)     If you are one of our customers affected by the Target breach, we encourage you to enroll in the free year of credit monitoring and identity theft protection that Target is offering.
4)     We know that customer education is the first line of defense against these scams and have compiled the following tips and resources to help in this education process. Below are some of the valuable resources available to you via our First Federal website.


Important Tip – “Phishing” Education:

There has been a worldwide increase in phishing scams. Phishing refers to criminal activity that attempts to fraudulently obtain sensitive information, such as your social security number, driver’s license, credit card and/or bank account information. We know that customer education is the first line of defense against these scams and have compiled the following tips and resources to help in this education process. 
  • Please do NOT respond to any email that directs you to update your personal information by dialing a telephone number. Only use the customer service number that is listed on the back of your credit/debit card.
  • Phishing scam artists try to replicate the look and feel of the company they are scamming. Be sure to check the website address and the “look and feel” of the information being sent. Does the email ask you to do something that seems unusual or ask you to provide personal information? When in doubt, please contact the sender to confirm. Our Contact Center is available to take your phone call (360) 417-3204 Monday-Thursday 8:00 am to 5:30 pm, Friday 8:00 am to 6:00 pm, and Saturday 9:00 am to 1:00 pm.
  • Below are additional resources available to you via our First Federal website.

How can you tell if you are a victim?

Monitor the balances of your financial accounts. Look for unexplained charges or withdrawals. Pay attention to your mail; if you fail to receive bills or other mail your address may have been changed. You may be denied credit for no apparent reason, or you are receiving calls from debt collectors or companies about merchandise or services you didn't buy.

The key to protecting your identity and minimizing your exposure to potential damage is to exercise caution!

  • Make sure all of your credit card, bank, and phone accounts have strong passwords. Do not use easily available information like your mother's maiden name, your birth date, the last four digits of your social security number or a series of consecutive numbers. When asked for your mother's maiden name, use a password instead.
  • Secure your personal information in your home, especially if you have roommates, employee outside help, or are having service work done in your home.
  • Don't give out personal information on the phone, through the mail, or over the Internet unless you've initiated the contact and you are sure you know who you are dealing with. Identity thieves can be skilled liars and may even pose as representatives of banks, service providers, or government agencies to get you to reveal identifying information. You may even receive an e-mail message that looks legitimate, but is really part of a "Phishing" scam.
  • Guard your mail from theft. Deposit outgoing mail in post office collection boxes or at your local post office and not unsecured mail boxes. If you are planning to be away from home, stop by your local post office and place a hold on your mail. Or call the US Postal Service at 1-800-275-8777 to ask for a vacation hold.
  • Don't leave your trash out in the open. To thwart a thief who may pick through your trash or recycling bins, tear or shred your charge receipts, copies of credit applications or offers, insurance forms, medical statements, checks and bank statements, and expired charge cards.
  • Limit the identification information and the number of credit and debit cards that you carry to what you will actually need. Keep your purse or wallet in a safe place!
  • Your computer may be a gold mine of personal information. Be sure to update your virus protection software regularly. Look for security repairs and patches you can download from your operating system's Web site. Don't download files from strangers or click on hyperlinks from people you don't know. Opening a file could expose your system to a virus or program that could hijack your modem. Use a firewall, especially if you have a high-speed or "always on" connection to the internet.
  • Be sure you are dealing with a legitimate Web site when providing credit card information online. Look for a logo of a padlock or other indication that card numbers are protected during Internet transmissions. In addition, only provide your credit card information when you originate a transaction, not in response to an unsolicited call or e-mail, which may be fraudulent.
  • Check your credit report at least annually. Under the Fair and Accurate Credit Transactions Act (FACT Act) consumers have access to one free credit report each year. You can request a copy through, the only service authorized by Equifax, Experian, and TransUnion - the three major credit bureaus. Additionally, you may request a copy by phone or e-mail.

Contact Information

Toll Free 1-877-322-8228
Mail Annual Credit Report Request Service
PO Box 105281
Atlanta, GA 30348-5281

Web sites with more information:

Federal Trade Commission
FDIC Consumer News


How do thieves get your information?

They use a variety of methods such as:

  • Stealing wallets and purses containing identification and credit and bank cards.
  • Stealing mail, including bank and credit card statements, pre-approved credit offers, new checks, or tax information.
  • Rummaging through your trash, or the trash of businesses or dumps in a practice known as "dumpster diving."
  • Stealing credit and debit card numbers as your card is processed by using a special information storage device in a practice known as "skimming."
  • Completing a "change of address form" to divert your mail to another location.

Once they have your personal information they may:

  • Go on a spending spree using your credit and debit card numbers to buy "big-ticket" items like computers that can easily be resold.
  • Open a new credit card account, using your name, date of birth, and Social Security Number. When they don't pay the bills, the delinquent account is reported on your credit report.
  • Take out auto loans in your name.
  • Establish phone or wireless service in your name.
  • Create counterfeit checks or debit cards, and drain your bank account.
  • Give your name to the police during an arrest. If they are released and don't show up for their court date, an arrest warrant could be issued in your name.

Who do you call if you suspect you are a victim?

Call the fraud department at any one of the three major credit bureaus. Ask for a fraud alert to be placed in your file at all three companies. The alert tells lenders and other users of credit reports to be careful before opening or changing accounts in your name. The toll free numbers for the fraud departments are:

  • Equifax   800-525-6285
  • Experian   888-397-3742
  • TransUnion   800-680-7289

Call your bank, credit card company or any other financial institution that may need to know. Ask to speak with someone in the security or fraud department and follow up with a letter if necessary, close old accounts and open new ones, and select new passwords and "PINs".

Call your local police or the police where the identity theft occurred. Fill out a police report that will detail what happened and get a copy for future reference.

Call the Federal Trade Commission. Call toll-free 877-IDTHEFT (877-438-4338). Also, an "ID Theft Affidavit" available on the FTC Web site can be used to help you prove you are an innocent victim and help you keep debts you did not incur from appearing on your credit report.


Recent Fraud and/or Scams

Revised June 2, 2015

Card Cracking
“Card Cracking” Scams are on the rise. To avoid becoming a victim, do not respond to online solicitations for easy money, never share account numbers or PINs, and never file a false fraud claim with a bank. Report suspicious social media posts connected to scams to


Shipping Problems

Scammers are preying on people that have just made a lot of online purchases on Black Friday and Cyber Monday. There are several scam campaigns being sent right now.

1. Be on the lookout for "Shipping Problem" emails from FedEx, UPS or the US Mail, where the email claims they tried to deliver a package but could not deliver due to an incomplete address. "Please click on the link to correct the address and you will get your package." If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.
2. Watch out for alerts via a TEXT to your smartphone that "confirm delivery" from FedEx, UPS or the US Mail, and then asks you for some personal information. Don't enter anything.
3. Also, there is a fake refund scam going on that could come from a big retailer. It claims there was a "wrong transaction" and wants you to "click for refund" but instead, your device will be infected with malware. Especially in these times, Think Before You Click!" 

Posted September 29, 2014

"ShellShock" or "Bash" Vulnerability

 You may have heard the news about the "ShellShock" or "Bash" vulnerability affecting many internet-connected devices, including web servers. You may be wondering about the safety of our online banking platform at First Federal’s online banking provider, Digital Insight, has performed an investigation and determined that their web servers are not vulnerable to the ShellShock or Bash vulnerability. It is safe to continue to use online banking with First Federal at


Posted September 26, 2014

Jimmy John's Breach

First Federal has become aware of a confirmed breach involving debit and credit card information at retailer Jimmy John’s, involving 216 stores, including three in Washington State.

At this time, we are unaware of any confirmed fraud on any of our customer’s debit cards due to this breach.

First Federal is committed to helping you protect your financial assets. We have advanced fraud monitoring controls on all First Federal debit cards. We are monitoring the situation and will notify any affected customers whose card data is confirmed to be compromised.

Customer Actions:

Review and monitor your debit card transactions if you used your card at any of the Washington Jimmy John’s locations between June 16, 2014 and August 7, 2014.  Please notify us immediately if you find any unauthorized debit transactions. Call the Customer Contact Center 360.417.3204 / 800.800.1577

 For more information, visit the frequently asked questions on the retailer’s website at


Posted September 9, 2014

Home Depot Breach

ATLANTASeptember 8, 2014 -- The Home Depot®, the world's largest home improvement retailer, today confirmed that its payment data systems have been breached, which could potentially impact customers using payment cards at its U.S. and Canadian stores. There is no evidence that the breach has impacted stores in Mexico or customers who shopped online at

While the company continues to determine the full scope, scale and impact of the breach, there is no evidence that debit PIN numbers were compromised.

Home Depot’s investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data. The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on. Customers who wish to take advantage of these services can learn more at and or by calling 1-800-HOMEDEPOT (800-466-3337). 

Posted June 16, 2014

Hackers Exploit CryptoLocker Fears

Cyber gangs have launched a massive phishing campaign to exploit the fear generated by the recent CryptoLocker news announcements. The scam offers "decryption keys for CryptoLocker". The utility can be downloaded, and claims it will unlock any files encrypted by CryptoLocker. However, as you might have guessed, it's a scam. 

If an unsuspecting user downloads it, a fake registry cleaner is installed which falsely claims that there are lots of registry problems. And of course, it claims the only way these can be solved is by buying the product.

This is clearly an attempt to exploit the news coverage of both CryptoLocker and GameOver Zeus. This type of scam will escalate for sure, and more dangerous viruses will be marketed as CryptoLocker file decrypters. Don't fall for this scam! 


Posted April 18, 2014

Heartbleed Update

Do I need to change any passwords due to Heartbleed?

Here is a link to a list of popular websites and their Heartbleed status. Mashable's Heartbleed List Use this link to check whether you need to change passwords on any vulnerable sites you may use. If the site is in the process of being patched, do not visit it until after it is patched, and then change your password. If you change your password for a vulnerable site now, it could still be compromised and you will have to change it again after the site has been patched.

Rest assured that First Federal’s online banking sites never used OpenSSL and are not vulnerable.


Posted April 15, 2014

Credit Card Text Message Alert

Some of our customers have reported receiving a text message stating that “Your Visa has been temporarily deactivated – Please call our Card Service 24 hr. line at 206-212-0255”

This is a scam designed to get you to divulge account information. It is not a legitimate Visa notification, and was not sent by First Federal.  If you should receive such a text message, do not reply to the text or call the number in the message. Ignore the text message.

With the increase in fraud, it is always good practice to monitor your accounts regularly for any abnormal activity.


Posted April 11, 2014

Heartbleed Bug Update 

No doubt by now you have heard about the widespread web server vulnerability called “Heartbleed” that has been in the news. We have verification from our online banking providers that First Federal’s online banking websites for both consumer and business banking are not vulnerable to this bug.

First Federal is continuing to research the possible impact of the Heartbleed bug and taking appropriate action to ensure that there is no impact to our customers.

What can you do? Because this vulnerability is so widespread, one or more of your passwords at various websites may have been compromised. Make sure you are not using the same password across multiple websites on the internet. Use strong passwords and always use a unique password for online banking and e-commerce sites.

Last Updated April 10, 2014

Microsoft XP

I'm sure you know that next week April 8th, Microsoft will stop supporting Windows XP which means they will stop distributing security updates for XP for free. You can still get them but have to pay through the nose. For the vast majority of us, when after April 8th another security bug is found in XP, (a certainty) that bug cannot be patched anymore, and the workstation that runs XP will be very easy for the bad guys to get into. Microsoft on their website states: "PCs running Windows XP after April 8, 2014, should not be considered to be protected." 

What most of you may -not- know, is that the bad guys have been hoarding XP zero-day vulnerabilities, patiently waiting for next week, so that they can either use them or sell them. There are estimates that there are now hundreds of known holes that are waiting to be exploited. This IS something to be worried about. The least you can do is give end-users that still run XP some effective security awareness training, and I have 9 other things you can do to secure XP, see the link below. 

Despite Microsoft's continuous warnings, Redmond does not see a stampede toward Win7 or 8. David Rodger, commercial lead for the Windows Business Group at Microsoft, said there was no sense of "panic" from firms about moving off XP. He stated: "We’re not seeing a stampede. Many organizations will have looked at this from a ‘T-minus’ perspective and are probably now seeing their plans come together." 

So now, if you are stuck with XP, here are 10 things you should do to make sure it's not going to be cake-walk for the bad guys to penetrate your network. It's already easy enough. My business partner Kevin Mitnick is always happy to hear that a penetration-test customer has XP running in their network, as that makes his job that much faster. Here is the link to the KnowBe4 blog:


You Owe Taxes

This scam uses a combination of phishing emails and spoofed Caller ID scam calls. The scammers intimidate the victim, threaten with arrest, deportation or loss of a business or driver's license. 

The Treasury Inspector General for Taxpayer Administration this week issued a warning about it. "This is the largest scam of its kind that we have ever seen," said J. Russell George, the Treasury Inspector General for Tax Administration. Over 20,000 victims have collectively paid more than $1 million as a result of the scam. 

Scammers claiming to be from the IRS tell people they owe taxes and must pay using a pre-paid debit card or wire transfer. The truth is that the IRS usually first contacts people by mail - not by phone - about unpaid taxes. Here are some Red Flags you need to watch out for: 

> The callers use common names and fake IRS badge numbers.

> The perpetrators know the last four digits of your Social Security Number.

> Caller ID looks like it is the IRS calling.

> The criminals send bogus IRS e-mails to support their scam.

>Many fraudsters call a second time claiming to be the police or Department of Motor Vehicles, and the caller ID again supports their claim.

The IRS recently warned consumers of this and other ongoing scams that tend to peak during tax season when many taxpayers could be on edge. The scams come in many variations, from scams where callers say the victims owe money or are entitled to a huge refund. More at


"You may have cancer" phishing email

If you recently had a blood test (and many of us have)... beware!

"Cybercriminals have hit a new low. They’re telling users they might have cancer just to trick them into installing a piece of malware on their computers." The email is being send as part of a phishing campaign that uses the excellent reputation of the United Kingdom’s National Institute for Health and Care Excellence (NICE). The malicious notifications carry the subject line "IMPORTANT: blood analysis results" and come from a spoofed email address. 

Now, you might think the UK is far away so this does not concern you. Think again. The UK is often used as a test bed by the Russian cyber mafia, and you will see this in the U.S in the near future, if it hasn't already arrived. The phishing emails over here will likely come from a spoofed email at, or providers like Blue Cross Blue Shield or Aetna and read something like this: 

"We have been sent a sample of your blood analysis for further research. During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer. We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible." 

The PDF file that’s attached to the emails is not a CBC test result, but a double extension file (it ends with dot pdf dot exe) and will install malware on your workstation. At the time of writing, only 14 of the 50 antivirus products detect the file as being malicious. STOP LOOK and THINK before you click!

Posted March 5, 2014

National Consumer Protection Week 2014

Five Key Tips From the FDIC for National Consumer Protection Week

No matter your age or stage in life, it’s important to have as much information as possible to effectively manage your money and avoid financial frauds and scams. That’s why, in observance of National Consumer Protection Week 2014 (March 2-8), the FDIC will post information about a specific topic each day on the agency’s web site, along with links to helpful FDIC Consumer News articles, to encourage discussion and provide tips about what you need to know to save and protect your money. 

Click here to view the 5 key tips posted daily.

The goal of FDIC Consumer News is to deliver timely, reliable and innovative tips and information about financial matters, free of charge. To find current and past issues of FDIC Consumer News, visit


Posted March 4, 2014

Hotmail Email Account Scam

Cybercriminals are trying to trick Hotmail users into handing over their credentials with fake emails that claim to come from "The Microsoft account team." The emails, analyzed by researchers from Malwarebytes, inform recipients that their Hotmail account is upgraded to Outlook. 

The scam claims their Hotmail Account has expired and that due to a new system upgrade to Outlook they need to follow the link, sign in and re-activate their account. 

The email address is spoofed and the link points to a website whose owners are probably not aware of the fact that they’ve been hacked.


Posted February 27, 2014

Important Security Announcement for Computers Running Windows XP

Microsoft will no longer provide support for computers running Windows XP after April 8, 2014.

Microsoft provides current operating systems with regular security updates. After April 8, 2014, they will stop providing these updates for computers running the Windows XP operation system. If your computer is running on Windows XP, and you use it to access the internet, it is highly recommended that you consider upgrading your computer before the April 8th deadline. Upgrading your computer will insure that you are provided with access to the latest updates from Microsoft necessary to protect it from malware and other vulnerabilities that can potentially compromise the information stored or accessed on that computer.

You can click here to see what version of Windows you are using:

Using Windows XP after April 8, 2014 puts your computer and your personal information at risk. Your personal computer security is your responsibility. First Federal encourages all users of Windows XP to consult with a computer professional for upgrade options as soon as possible, or alternatively, replace the computer with a new one. 


Online Banking


Business Online Banking


Contact Us

Our Contact Center representatives are available:
Mon-Fri 7:00 am - 7:00 pm
Sat 9:00 am - 1:00 pm
Toll Free
1 (800) 800-1577
(360) 417-3204

Chat with us!

  • PO Box 351
    105 West Eighth Street
    Port Angeles, WA 98362
    Routing #: 325170848
    Phone #: (360) 457-0461

  • FDIC
  • Equal Housing Lender