Consumer Awareness Program
Virus -a malicious computer program that can infect other computers, sometimes referred to as malware, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious software.
Spyware - a type of malware that can be installed on computers and collects little bits of information at a time about users without their knowledge.
Phishing - the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.
Here’s a list of 10 ways for you to remain secure online at work and at home.
- Watch Out for Social Engineering Attacks
- Thieves will try to extract information from and gain access to sensitive information either in person, via a phishing email or over the phone. Guard your information!
- Set a PIN/Password on your phone
- Keep your mobile devices secure by setting a PIN/Password on the screen in case it’s lost or stolen. You should also enable the “Find my Phone” option your device so you can find your phone online or remotely erase your phone.
- Backup your data
- We backup your data at work but it’s a good idea for you to back-up your home computer and phones (think pictures and contacts) in case your device gets lost, stolen or infected with malware.
- Install Antivirus/Anti-Malware/Firewall
- There are several good free options out there and Microsoft even offers one.
- Never send sensitive information over email unless it’s encrypted
- Treat email as a postcard. When your email is sent across the Internet, it can be intercepted by anyone and read. Encrypt it when possible.
- Don’t use Public Wi-Fi to conduct sensitive transactions
- Use a VPN service or only connect to known networks.
- Use two-factor authentication
- Two-Factor Authentication is a secure way to protect your online accounts. It works by requiring you to identify yourself using two different things when you log-in to a site. The second factor is tied to something 'you have' (like a cellphone). So you can think of two-factor as something you know (your password) + something you have (your cellphone). Several major online services offer this like Google, Microsoft, Amazon, Facebook, etc.
- Create strong/complex passwords and change your passwords often.
- Use a combination of letters, numbers and special characters.
- Update your phone/workstation Operating Systems
- This helps to patch security vulnerabilities on those devices.
- Update your Applications often to address security vulnerabilities
- This helps to patch security vulnerabilities on those applications.
Social Engineering/Phishing Attacks
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a Phishing Attack?
Phishing is an email fraud method in which the perpetrator sends out legitimate-looking emails in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites like popular social sites, auction sites, banks, online payment processors or IT administrators. Be suspicious of unknown emails and attachments. They could contain a virus, a link to a malicious site or could be a phishing scam trying to obtain information. If you are unsure of the origins of an email, you should delete it. Security Federal Bank will NEVER ask you for confidential information( i.e. passwords, account numbers) via e-mail. Phishing emails may contain links to websites that are infected with malware or viruses.
How to Avoid Phishing Scams
Be suspicious of any email message that asks you to enter personal information through a website or by replying to the message itself. Never reply to or click the links in a message. If you think the message may be legitimate, go directly to the company's website (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.
Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account or to the person’s account to whom you are emailing.
Periodically check your accounts. It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.
Enhance the security on your computer. Install a reputable antivirus or web-blocking software package.
When you recognize a phishing message, delete the email message from your inbox, and then empty it from the deleted items folder to avoid accidentally accessing the website it points to.
How to Protect Yourself from Online Fraud
Online fraud continues to grow in sophistication and frequency. These scams appear in many forms but they are especially prevalent in emails and websites. Here are a few tips on protecting yourself online.
- Connect to websites using a secure connection (HTTPS). This helps secure a connection to your favorite site and prevents eavesdropping into your connection with that site. You can type in HTTPS into your address bar to see if that service is available for your favorite service. i.e. HTTPS://google.com.
- Change your password frequently.
- Do NOT use the same ID and Password for every online account you have.
- Do NOT store your ID and password information where others could gain access to it. It is best not to write the information down at all.
- Secure your PC with Antivirus, Firewall and Anti-Malware software.
- Be aware of Phishing attempts (websites or emails) that try to obtain personal information from you.
- Be careful of Pop-up advertisements. They might attempt to obtain sensitive information from you or harbor malicious links.
- Make sure your software and Operating system is up-to-date with the latest security patches.
- Use web blocking and filtering applications or services. Many of them contain software that will help you determine if a website is safe or not.
- Use layered system security measures: Create layers of Firewalls, Anti-Malware software and encryption. One layer of security might not be enough to protect you.
- Beware of public Wi-Fi connections and public computers because they could have malicious software installed on them that can collect your data.
- Remember to log off properly - You may not always be at your own computer when banking online. Therefore, it’s important to log off using the “log off” link at the top of each Internet banking page.
What is ID Theft - Identity theft involves the unlawful acquisition and use of someone's identifying information, such as:
- Date of Birth
- Social Security Number
- Mother's Maiden Name
- Driver’s License
- Bank or Credit Card Account Number
Thieves then use the information to repeatedly commit fraud in an attempt to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, and social security number.
How to protect yourself
- Report lost or stolen checks or credit cards immediately.
- Never give out any personal information including birth date, SSN or passwords.
- Shred all documents containing personal information, like bank statements, unused checks, deposit slips, credit card statements, pay stubs, medical billings, and invoices.
- Don't give any of your personal information to any web sites that do not use encryption or other secure methods to protect it.
Clues That Someone Has Stolen Your Information
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account.
What if my information is lost or stolen?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
- Contact the credit reporting companies and place a fraud alert on your credit file.
- Check your bank and other account statements for unusual activity.
- Order a free copy of your credit report periodically to monitor your accounts (see below for contact info from the credit agencies)
P O Box 105069
Atlanta, GA 30349-5069
To order a report: (800) 685-1111
To report fraud: (800) 525-6285
P O Box 1000
Chester, PA 19022
To order a report: (800) 916-8800
To report fraud: (800) 680-7289
P O Box 2002
Allen, TX 75013-0949
To order a report: (888) 397-3742
To report fraud: (888) 397-3742
For more information about identity theft and other tips on how to protect yourself, please visit the websites below.
FDIC Consumer Alerts:
Federal Trade Commission:
FTC’s website to help you be safe, secure and responsible online.