Tips for Banking Online Safely



Similar documents
Learn to protect yourself from Identity Theft. First National Bank can help.

Retail/Consumer Client. Internet Banking Awareness and Education Program

Advice about online security

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Remote Deposit Quick Start Guide

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Infocomm Sec rity is incomplete without U Be aware,

Safe Practices for Online Banking

Malware & Botnets. Botnets

National Cyber Security Month 2015: Daily Security Awareness Tips

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Best Practices Guide to Electronic Banking

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Cybersecurity Best Practices

Identity Theft Protection

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Why is a strong password important?

Payment Fraud and Risk Management

Deter, Detect, Defend

Protecting Yourself from Identity Theft

Business ebanking Fraud Prevention Best Practices

Spring Hill State Bank Mobile Banking FAQs

& INTERNET FRAUD

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Online Banking Customer Awareness and Education Program

When you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.

Member FAQ. General Information: Security:

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

How To Protect Yourself Online

High Speed Internet - User Guide. Welcome to. your world.

Corporate Account Take Over (CATO) Guide

Basic Security Considerations for and Web Browsing

OIG Fraud Alert Phishing

Computer Security Self-Test: Questions & Scenarios

Welcome to the Protecting Your Identity. Training Module

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Fraud Prevention Tips

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

/ 1. Online Banking User Guide SouthStateBank.com / (800)

/ 1. Online Banking User Guide SouthStateBank.com / (800)

General tips for increasing the security of using First Investment Bank's internet banking

General Security Best Practices

Protection from Fraud and Identity Theft

Protect yourself online

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Recognizing Spam. IT Computer Technical Support Newsletter

BE SAFE ONLINE: Lesson Plan

Mobile Iron User Guide

Phishing Past, Present and Future

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

What are the common online dangers?

Enhanced Security for Online Banking

Online Security Information. Tips for staying safe online

MOBILE BANKING. Why should I use Mobile Banking?

Guide to credit card security

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Country Club Bank- Mobile Banking FAQs

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

WHITEPAPER. V12 Group West Front Street, Suite 410 Red Bank, NJ

3 day Workshop on Cyber Security & Ethical Hacking

Cyber Security: Beginners Guide to Firewalls

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

Cybercrime Prevention and Awareness

Step 1. Step 2. Open your browser and go to and you will be presented a logon screen show below.

The Hidden Dangers of Public WiFi

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU

Information Security. Be Aware, Secure, and Vigilant. Be vigilant about information security and enjoy using the internet

Preventing Corporate Account Takeover Fraud

Cyber Security. Securing Your Mobile and Online Banking Transactions

SECURITY RECOMMENDATIONS INTERNET BANKING TRANSACTIONAL

Wireless Network Best Practices for General User

Cyber Security Awareness. Internet Safety Intro.

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Don t Fall Victim to Cybercrime:

Secure Your Information and Communication Technology Devices

How to Prevent It What to Do If You Are a Victim

Our website Internet Banking

10 Quick Tips to Mobile Security

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

QUICK INSTALLATION GUIDE ACTIVATE

FILTERING FAQ

Personal Online Banking & Bill Pay. Guide to Getting Started

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Mobile Banking Frequently Asked Questions

INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer. CAPTCHAS: type the letters to set up an online account

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

Your security is our priority

Transcription:

If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining safe and secure. Risks to be Aware Of The following risks are ever present on the Internet, regardless of whether it applies to banking or any other type of online activity, and the more aware you are of these dangers, the more effective you will be at not becoming subject to them. Phishing. According to the Internet Crime Complaint Center, this is the use of forged or faked electronic documents emailed in an attempt to cause an unsuspecting recipient to divulge personal, sensitive information such as passwords, credit card numbers, and bank account information. In most cases, these documents claim to come from organizations you already know and trust, which is the main key to why they are so dangerous. In many cases, the recipient is directed to a copycat website that appears to be legitimate, but is built to steal the recipient's information by prompting for sensitive and private information such as social security numbers, credit card numbers, and personal facts such as Birth Date, Mother's Maiden Name, and others. Consequences There are two possible outcomes of phishing activity once the recipient has submitted sensitive information: Identity Theft. In many cases, the perpetrator gains enough information about the individual that bank accounts can be accessed, new credit cards can be acquired, and a vast list of other fraudulent activities can be carried out under the person's identity. Electronic Vandalism. In other cases, the leaked information is used to break into the individual's PC or network, causing damage to the operation of the system, or removing files. Page 1 of 8

Decreasing the Risk The best safety measure to take is to remember that you should never open an email attachment or link that you were not already expecting to receive. Whenever possible, make notes of scheduled automated notifications, and communicate personally with people from whom or to whom you will be receiving and sending linked or attached files. Once you verify that the information is valid, you can feel confident in opening it. Secondly, the Bank will never send you a link asking you to login to your account. Although we will often send notifications, the text within the notification will ask you to go to the bank site and login, which will be done using your own methods you have personally established for reaching our site. To further decrease your chances of becoming victimized by Phishing, follow these additional guidelines. Check Sender's Email. Make sure the sender's email address is valid. Although the phishing email is often sent with a valid sender's address on the From: field, it is usually from a different domain. Check Your Email Address. In many cases, although the message has reached your Inbox, it will have been sent to a completely different variation of your own email address. For example if your email is George@MyDomain.com, you may find that the email shows it was sent to GeorgN@OtherDomain.net. Check Subject and Behavior. Make sure the message is typical of what you would normally receive from that sender. o Are you being requested to take an action the sender wouldn't request of you? o Is the message being sent to multiple people? o Does the message contain pictures and other information that are completely out of context for that sender? o Does the message have a message threatening to take action if you don't comply? Check Grammar and Spelling. Make sure every part of the message contains proper naming of the sender's company, and proper use of language. Check Links. Malicious links are just as dangerous as a attachments, and the attacker can easily mask a link so it appears to have a familiar web address, but will lead you to a counterfeit site. To check the validity of a link, hover your Page 2 of 8

mouse over the link to make sure the pop-up info box shows the same link information typed visually on the message. Consider Attachments. Make sure that any attachments are legitimate, or don't open them. The following considerations will help you decide which to do. o Did you request the information earlier, or are you otherwise expecting the information? If not, don't open it. o Is the attachment common for the type of activity in the email? Perhaps a company sends you a monthly billing statement. In this case, however, make sure the file type is PDF, or follow the tips in the next pointer regarding dangerous types. o What is the file extension (period and last three letters)? Is it.zip,.exe,.vbs,.cmd, etc? The preceding extensions are all automatically dangerous, and will not be sent by a legitimate sender. In the case of legitimate.zip (compressed) files, ask the sender to add the additional.txt extension so you can trust it. In other words, if the sender will pass MyFile.zip to you, make sure it is first named MyFile.zip.txt. This way, you will physically have to rename it before using it, but will allow you to maintain your own policy for dangerous file types. Eavesdropping. Eavesdropping is achieved when one or more other parties have access to the same network as you do, and capture your data packets for inspection. As you surf the Internet and perform various actions on the target pages, these activities are stored on the eavesdropper's PC, then later reconstructed to extract any available passwords, etc. Always remember that all public networks are un-trusted - even if you have to use a network password to get in. This is because you don't have any way of knowing or validating any of the other individuals using that network, or how that network might be protected, if at all, by its owners. In most cases, the public network exists as a convenience only, and has no protection installed. Additionally, if you have a WiFi connection at home, you may be at risk for eavesdropping if you don't use a WPA2 secure network password on the router. If summary, if you gain access to your banking accounts from a public network such as an Internet Cafe, Public WiFi, or non-secured Home WiFi, a risk for eavesdropping exists. Page 3 of 8

Consequences The consequences of the hacker receiving information about your activities are the same as described in the Phishing section above. Under the right conditions, the hacker can gain an individual's full set of sensitive personal information, and use it for extreme purposes. Decreasing the Risk If you plan to use your PC for sensitive activities on a WiFi network, make sure you always take the proper precautions. Activate your Firewall. In most cases today, your PC comes with the Firewall software pre-loaded and active. However, it is not a bad idea to make sure it is active. Use Secure WiFi Connections. Once again, most WiFi routers these days require a password for access. Using a secured connection will limit the number of possible other network users to those who have received credentials. Don't Share Network Password. Make sure you don't share your network access password with anyone else, or leave the password written down in the open. Use Secure Site. When accessing a web site with sensitive information, make sure the SSL connection for that page is active. The easiest way to tell if your page is secure is through the presence of https in the URL. Non-secure pages, by contrast, are opened with http. Use Secure Email. When sending emails containing sensitive information, make sure to use encrypted email. Several services exist that provide use of encryption in messages. Copycat Website. This risk is either induced through the Phishing technique described above, or is also rarely a result of the actual domain name being hijacked by a specialized hacker. In this scenario, the hacker builds what only superficially appears to be an exact copy of the Bank's website, and publishes it online. Page 4 of 8

Consequences The consequences of the hacker receiving information about your activities are the same as described in the Phishing section above. Under the right conditions, the hacker can gain an individual's full set of sensitive personal information, and use it for extreme purposes. Decreasing the Risk My paying attention to certain artifacts, you can make sure you are on the bank's actual website. Check the Security Question. Did the website ask you for a security question you have previously defined for yourself? If not, you should be suspicious, because you are the only one allowed to set your Security Questions. Check the Authentication Image. Did the website display the pre-configured Authentication Image, next to the name you had previously given to that image? If not, you should be suspicious, because only you and the Bank know what that image is, and only you know the name you had given to it. Check the URL. When you look at the URL of the website, is it a web address you remember seeing before? If uncertain, please call the Bank to verify. Keylogging. If you use a public PC to gain access to your banking accounts from a public computer in an Internet Cafe or other public place, you should take additional precautions. Since you have not configured this PC, it could also have false links to common site names, which could include Copycat Websites, as described in the previous section. In addition, viruses contain keylogging functions to spy on user's activities when using their own infected PCs in their own homes. If your PC is behaving strangely, you should have it inspected immediately, and get any viruses removed. Consequences Page 5 of 8

The possible consequences are generally greater for keylogging than other risks, due to the fact that in a virtual sense, the hacker is already inside the PC, and can record every detail of the activity, including mouse clicks and other motions or gestures. Decreasing the Risk If you plan to use a public PC for banking, do so with care. Check for Consistent Behavior. Is the PC behaving properly? Are windows popping up for no reason, or actions happening without your initiation? Also, if you attempt to load one website, does another website load instead? If so, you should be suspicious. If this is your own PC, you should have it inspected and cleaned for viruses. Otherwise, you should notify the manager of location you are using. Check the Security Question. Once you began logging into the Bank website, did it ask you for a security question you have previously defined for yourself? If not, you should be suspicious, because you are the only one allowed to set your Security Questions. Check the Public Computer Registration Option. When entering your Security Question, you will see an option describing whether you are using a personal or public computer. Always check the option for Public Computer. Check the Authentication Image. Did the website display the pre-configured Authentication Image, next to the name you had previously given to that image? If not, you should be suspicious, because only you and the Bank know what that image is, and only you know the name you had given to it. Check the URL. When you look at the URL of the website, is it a web address you remember seeing before? If uncertain, please call the Bank to verify. Use Secure WiFi Connections. Once again, most WiFi routers these days require a password for access. Using a secured connection will limit the number of possible other network users to those who have received credentials. Don't Share Network Password. Make sure you don't share your network access password with anyone else, or leave the password written down in the open. Use Secure Site. When accessing a web site with sensitive information, make sure the SSL connection for that page is active. The easiest way to tell if your page is secure is through Page 6 of 8

the presence of https in the URL. Non-secure pages, by contrast, are opened with http. Use Secure Email. When sending emails containing sensitive information, make sure to use encrypted email. Several services exist that provide use of encryption in messages. In Case of Infiltration If anything occurs that makes you suspicious that a compromise of your information has taken place, please contact the Bank immediately, since time is of the essence. We will help you to take quick and corrective action. Other Methods for Reducing Risk Following are some other methods you can use to protect yourself. User Access ID. The Access ID is your username, and is case-sensitive. Password Complexity. Use 8 or more characters in your password, Capital Letter, Lower Letter, more than one number, and a special sign like!,@,#,$, etc. Multifactor Authentication. o Username and password. o Three Security Questions, each selected by you from a list, and given o a private answer by you. Authentication Image, displayed to you and named by you when setting up your profile, then displayed to you each time you login - forever. AntiVirus. Make sure your AntiVirus software is always running and up to date. If you use someone else's PC, make sure to check for an AntiVirus program before handling important information. Mobile Banking Mobile Banking involves the use of a Cell Phone or other mobile device such as an ipad or Android Tablet. Following are some tips for secure Mobile Banking. Get the App. When enrolling in the Bank's online Mobile Banking program, a link is sent to you, during the enrollment process, which leads to the authentic TouchBanking app download page in the Google Play or Apple itunes stores, depending upon which type of device you have. Once you have the app installed on your phone or tablet, use that program exclusively to assure that you will Page 7 of 8

always be logging into the exact Bank website. Protect Your Password. Don't write your banking password anywhere someone can get access to it. Also, do not save your banking password in the phone or tablet upon which your Banking App is installed. Connect only Secure WiFi. When it comes to keeping your phone or tablet secure, make sure you connect only to WPA2 enabled secure WiFi networks. Configure Auto-Lock or Screen-Lock. Traditional Cell Phones, as well as Apple and Android devices all come with the ability to automatically lock your device when idle, and require a type of PIN to unlock. Using this feature decreases the chances anyone will be able to use the device if lost or stolen. Use Multiple Layered Security. As much as is practical, always employ multiple additional layers of protection, such as Anti-Theft, AntiVirus, AntiSpyware, Anti-Phishing, and App Protection. Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information