Many cyber criminals, also referred to as fraudsters, don't want to steal your identity in the traditional sense. They don't want to get a credit card or a mortgage or a checking account in your name and live their life off of your good credit history. They simply want to take your money and move on to the next victim. While most companies that do business on the Internet, including Financial Institutions, are very diligent in providing online protection for their customers, the first line of defense is knowledge about what you, the end-user, can do to protect yourself.
First Sound Bank recommends that you change your Sound Internet Banking password frequently; it is a good practice to change all your passwords at least every six months. To make your list of passwords more manageable, consider using a general-purpose password for websites that do not contain personal or financial information, and creating a unique, secure password for each website that does, such as online banking. Make your password as long and complex as possible; make it easy to remember, but hard to guess. It's best to create passwords that combine letters, numbers and symbols.
The upward trend of more and more customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime. Cyber criminals using malware (malicious code), keystroke loggers and/or Trojan viruses have the ability to capture customer information such as login credentials and challenge questions/answers. Criminals take advantage of end-users signing on to unsecured networks, not having up to date virus protection and security patches, visiting compromised web sites and/or opening attachments with embedded malware or Trojan software. Recent research conducted by computer security experts found the following:
Every computer should use these three basic protections: a Firewall , Anti-Virus Software , and Anti-Spyware Software . Once installed, make sure they are properly configured and use the maximum security settings. Equally important is keeping the software up-to-date. New threats are discovered every day, and keeping your software updated is one of the easier ways to protect yourself from an attack. In most cases, you can set the software to retrieve the updates automatically. Additionally, run full virus and malware scans on at least a weekly basis.
Also keep your web browsers and operating systems up-to-date. Most software developers release updates of their software on a regular basis that provide fixes to known problems, improve performance, and provide new functionality. Both should be updated regularly and can usually be scheduled to run automatically. Avoid using operating systems or browsers that are no longer being updated or serviced by their maker (such as Windows XP)
Implement a Patch Management program. Ensure that critical security patches are applied to all systems within 7-10 days of release. The program should also address patches for 3rd party applications such as Adobe Acrobat Reader and Flash, and various Anti-virus providers.
Consider disabling JavaScript, Java, and ActiveX controls within your browser when not being used. Activate these features only when necessary.
If you download anything from the internet, such as music or movies, make sure you do so only from trusted sites - downloads can be infected with spyware attached to the file. Learn what to do if something goes wrong. Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. If your computer is experiencing problems (unusually slow, unwanted pop up ads, being redirected to websites you didn't request, or is running programs you didn't open or authorize), your computer may be infected. If your computer gets hacked or infected by a virus:
If criminals know your password, they can use it to steal from you or pose as you in online transactions. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you've essentially granted the fraudster access to any company with whom you conduct business. Use more than one password — not every website warrants the same level of protection as your online banking website. To make your list of passwords more manageable, consider using a general-purpose password for websites that do not contain personal or financial information, and creating a unique, secure password for each website that does, such as online banking. When creating passwords and PINs (personal identification numbers), do not use the last four digits of your Social Security number, mother's maiden name, your birth date, middle name, pet's name, consecutive numbers or anything else that could easily be discovered by thieves. It's best to create passwords that combine letters, numbers and symbols. Make your password as long and complex as possible; make it easy to remember, but hard to guess. Change your passwords often. It is a good practice to change your passwords at least every six months. An easy way to remember: change them when you change your clocks to adjust for Daylight Savings Time. Additionally, do not store your ID and Password information where others could gain access to it; and don't use an automatic log-in.
The two most prevalent types of fraud, “Phishing” and “Key logging”, occur from viruses on your computer. Phishing involves email messages that appear to be valid and originate from a financial institution, government agency or other reputable entity. They usually state an urgent reason why you must “verify” or “re-submit” personal or confidential information by clicking on a link embedded in the message - the link appears to be the website of the legitimate company but really belongs to the “phisher”. Key logging is a method by which fraudsters record your actual keystrokes and mouse clicks. Key loggers are “Trojan” software programs that target your computer's operating system (Windows, Mac OS, etc.) and are “installed” via a virus. In both cases, the end result is the fraudster capturing your login credentials. There is no security system available that will stop fraud if the perpetrator has this information, so it is imperative to take the necessary steps to prevent him/her from getting the information in the first place. The best protection from these attacks is to never click on a link in, or even open, an email from a sender you don't recognize. If you question the legitimacy of any email, open a new Internet session and manually key in the business' web address (don't cut and paste links) or contact the sender to verify its authenticity. Never respond to "phishing" email messages. Do not provide your social security number, birth date or mother's maiden name in an email or within a Web site. When an email asks for this kind of information, this is a sure sign that the sender is up to no good. Legitimate financial companies never email their customers with such requests. Visit www.antiphishing.org for more information on internet scams and fraud.
While nothing is foolproof, and new viruses and scams are being developed every day, following these guidelines as well as having a general awareness of the threats that are out there enables you to use the internet with more peace of mind and less risk of being a victim of fraud.
For more information on these security features or if you suspect fraudulent activity has occurred through your Sound Internet Banking profile, please contact us at 206.515.2004 or customerservice@firstsoundbank.com.