PROTECT YOUR ACCOUNT
The upward trend of customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime!
Due to many credit unions and banks having more sophisticated IT security systems, criminals are turning away from tightly secured bank computers and are instead looking toward the potentially weaker computer systems of credit union clients. More and more attacks are also being committed against small and medium-sized businesses. Some of the most common approaches for criminals to compromise end-user data are to take advantage of users visiting unsecured networks or compromised websites, not having up-to-date virus protection and security patches, or opening attachments with embedded malware or Trojan software.
Citymark Federal Credit Union has the expectation that each customer will take any and all reasonable precautions to reduce the likelihood of computer-related fraud. There is not one best approach for online security, but we would like to offer several recommendations:
Anti-Virus Software. Be sure to install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. You may need to have a professional scan and repair your computer for viruses, malware, and Trojans if your computer has been infected.
Computer Updates. Make sure the computer you are using has the most current updates and patches released by Microsoft, Java, and Adobe. Most of the updates are security patches for browsers such as Internet Explorer, Mozilla Firefox, and other software that could potentially expose the computer to hacking.
Secure Site. Make sure your banking site (URL) starts with https:// and not http://. The “s” indicates a secure transaction using a different method of communication than standard Internet traffic. A security icon that looks like a closed padlock or key appears when the site is authenticated.
Do Not Use Links. Never use a link to reach a financial institution’s website. Type in your bank’s website address into the Internet browser’s address bar every time.
Public Computer. Never access your financial institution’s website from a public computer at a hotel, library, airport, or public wireless access point.
Website Familiarity. Know what your financial institution’s website looks like and which questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A user can sometimes spot these attacks by noticing slight modifications to the bank’s standard page, such as extra security questions, poor grammar, misspellings, a fuzzy or older bank logo, or a change to the location of each feature. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing. Online Banking sites will not be down for maintenance during normal business hours. If the site is down for any reason, you will see that message in advance and the log in screen will not be accessible.
Suspicious E-Mails. Be extremely suspicious of e-mails purporting to be from your financial institution, a government agency, or any suspicious e-mails from unknown sources. Financial institutions should never contact you via e-mail to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the e-mail; instead, type the website address of your financial institution into your Internet browser’s address bar or contact your financial institution at a phone number you know is valid.
Online Purchase Transactions. Avoid using debit cards for online transactions, as this provides direct access to your bank account. If you use a credit card to shop online, use only one credit card with a low credit limit. Monitor the activity on the card as often as possible.
Log Off Properly. Properly log out of all financial institution websites before closing the browser window.
Shut Off Computer. Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).
Passwords. Use strong passwords (at least 10 characters combining uppercase and lowercase letters, numbers, and symbols) and change them frequently. Do not allow your computer to save your login names or passwords and keep them confidential. Do not use your login or password for your financial institution on any other website or software. Citymark Federal Credit Union will never request login user names, passwords, or answers to security questions from our clients on an unsolicited basis under any circumstances.
Use a Different Computer. Do not use the same computer for financial transactions that children or non-savvy Internet users utilize for regular internet access.
Posting Personal Information. Do not post your personal information on the internet. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information. In addition, never send confidential information, such as your account number, Social Security number, etc., in an internet e-mail or over an unsecured website.
Alerts. Check with your financial institution about enabling “Alerts” and other security measures that may be available. Citymark Federal Credit Union does have online banking alerts for such areas as minimum balance, maximum balance, transfers, deposits completed, checks completed, and CD maturity.
Report Suspicious Activity. Regularly log in to your online accounts and check your bank and credit card statements to ensure transactions are legitimate.
Immediately report any suspicious activity on your account(s). There is a limited recovery window and a rapid response may prevent additional losses.
BEST PRACTICES FOR MOBILE DEVICES
Mobile devices have the potential to store large amounts of private user information as well as sensitive data, including personal account information, website login IDs and passwords, email, and location information. Consequently, mobile device malware is on the rise.
The Federal Communications Commission (FCC) recommended the following steps to reduce your exposure to mobile threats:
Set PINs and Passwords: The first line of defense is setting a password or PIN to access your device, then configure it to lock after being idle for two minutes or less. Also, devices that support SIM cards should use the SIM password capability.
Do Not Modify Built-In Security Features: Jailbreaking, rooting or tampering with your device’s factory settings increases the risk of compromise.
Back up and Secure Data: Frequently back up your device’s stored data to enable its recovery if your device were lost, stolen or erased.
Only Install Apps from Trusted Sources: Research apps prior to installing them to ensure they are legitimate. You can do this by checking reviews and the app store, and comparing the app developer’s official website to confirm they are consistent.
Understand App Permissions Before Accepting: Think twice before granting an app access to data or functions on your device. Also, always check the privacy settings for each app prior to installation.
Install Security Apps that Enable Remote Location and Wiping: Most devices, either as an app or system function, have the ability to remotely locate and erase all settings and data. The “Find My iPhone” app for iOS and “Locate My Droid” app for
Install System Updates when Released: Doing so when prompted will reduce the risk of exposure to known malware and cyber threats.
Beware of Open Wi-Fi Networks: Data transmitted on unencrypted Wi-Fi networks can be viewed by anyone connected to the same network. If you are not asked to enter a key when attempting to connect to the network, it is not secure, so use your company’s VPN or such apps as HotSpot Shield (available for both iOS and Android).
Wipe Data Prior to Donating, Selling or Recycling Old Devices: In order to keep sensitive information private, data should be completely erased, and the device reset to its initial factory settings, prior to disposal.
Report Stolen Devices: The major wireless service providers established a stolen phone database, in coordination with the FCC. You should report your phone as stolen to your local law enforcement and inform your wireless provider. This will prevent your stolen phone from being activated on any wireless network.
Following these best practices can reduce your exposure to mobile threats and will protect private and sensitive data.