Personal and Business Online Banking can provide you with the convenience of banking from your home or office, but there are also important security risks to be aware of. It is our goal to help you proactively identify threats and better understand and improve your information security.
KRACK WI-FI VULNERABILITY
What is this?
A Wi-Fi vulnerability which impacts WPA2, the most popular encryption standard for wireless.
Named Key Reinstallation Attacks, or KRACK , this vulnerability impacts a wide range of wireless systems. If successfully exploited, this vulnerability allows hackers to spy on data or gain access to unpatched systems on a wireless network. While the risk is broad across many manufacturer's products and operating systems, it is somewhat difficult to exploit by hackers due to:
- A potential hacker has to be in close proximity to your wireless network, as this cannot be done remotely over the Internet.
- Several steps are required by a hacker to get access to unencrypted data.
What do you need to know to be protected?
- Do not connect to public Wi-Fi hotspots with company computers or mobile devices which may access private information, unless VPN is used in conjunction with the connection.
- SSL connections over wireless are safe, as the connections to SSL hosts are encrypted prior to the wireless connection.
- Wireless passkeys and passphrases on your wireless networks are safe; this vulnerability does not reveal those to anyone.
- Keep your systems up to date
Think Before You Click!
Beware of phishing attempts.
What are the latest scams and how can you protect yourself?
- Be on the lookout for "Shipping Problem" emails that look like they are coming from FedEx, UPS or the US Mail. The email claims they tried to deliver a package from a particular company (for instance Apple Computer) but could not, due to an incomplete address. They instruct you to "Please click on the link to correct the address and you will get your package." DO NOT CLICK ON THE LINK. If you do, your computer is likely to get infected with malware, which is software or an application designed to steal data or compromise your system.
- Watch out for alerts via text message to your smartphone that appear to be from those same companies; FedEx, UPS or the US Mail. You will be asked to "confirm delivery" by providing them with personal information. Do not reply or enter any information.
- Another newer scam involves a fake refund that appears to be coming from a major retailer. DO NOT CLICK ON ANY LINKS within this type of email. The email states there was a "wrong transaction" or similar words and asks you to "click for refund" but instead, your device will be infected with malware
U.S. Marshals Service
The U.S. Marshals and the FBI are alerting the public of several nationwide impostor scams involving individuals claiming to be U.S. marshals, court officers, or other law enforcement officials. They are urging people to report the calls their local FBI office, and file a consumer complaint with the Federal Trade Commission.
IRS Phishing Scam
The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
Your phone rings. You recognize the number, but when you pick up, it’s someone else. What’s the deal?
Scammers are using fake caller ID information to trick you into thinking they are someone local, someone you trust – like a government agency or police department, or a company you do business with – like your bank or cable provider. The practice is called caller ID spoofing, and scammers don’t care whose phone number they use.
Do not rely on caller ID to verify who’s calling. It can be nearly impossible to tell whether the caller ID information is real. Here are a few tips for handling these calls:
- If you get a strange call from the government, hang up. If you want to check it out, visit the official (.gov) website for contact information. Government employees won’t call out of the blue to demand money or account information.
- Do not give out — or confirm — your personal or financial information to someone who calls.
- Do not wire money or send money using a re-loadable card. In fact, never pay someone who calls out of the blue, even if the name or number on the caller ID looks legitimate.
- Feeling pressured to act immediately? Hang up. That’s a sure sign of a scam.
If you have received a call from a scammer, with or without fake caller ID information, report it to the Federal Trade Commission (FTC).
For more information about phishing scams, visit the FTC website.
- by Andrew Johnson | Division of Consumer and Business Education, FTC.
If someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost you thousands of dollars.
Account Hijacking & Identity Theft
The fastest growing form of identity theft is Account Hijacking, and can it have devastating effects. Account hijacking occurs when a criminal obtains your personal banking information and uses it to take over your bank accounts. Fortunately, there are steps you can take to protect yourself.
Protect yourself when sending sensitive or non-public information.
Why Secure Email?
By itself, Internet email is an insecure communications channel. Messages sent via standard Internet email travel in “plain text” and cross many networks before reaching their final destination. As a result, an opportunity exists for prying eyes to eavesdrop on email messages as they traverse these various networks. Since confidentiality cannot be guaranteed, standard Internet email should not be used to exchange sensitive or private information such as social security numbers, patient information, etc.
How Secure Email Works
When CSB sends you a secure email message, the message is sent to a secure data center where it will be held for you to retrieve. At the same time, a notification message is sent to you to inform you that a CSB Secure Email message is waiting to be retrieved. The notification message will contain a link to the CSB Secure Email Message Center. Simply click on the link, log into the secure web site, and retrieve your message.
Create Your Account
The first time you use the CSB Secure Email Message Center, you will be prompted to create an account. Supply your email address and password to establish your account. You will use this password each time you log into CSB Secure Email Message Center. A confirmation message will be sent to the email address you entered. You will need to click the link in the confirmation email to complete the account set up process. You can now begin using your CSB Secure Email Message Center account.
Retrieving a Secure Email
When CSB sends you a secure email message, you will receive a notification message via standard Internet email. Click the link contained in the notification message to be taken to the login screen where you will be prompted to enter your email address and password that you established. Once logged in, you can read your CSB Secure Email, download it to your computer, or send a secure reply message.
Sending a Secure Email
Once logged in to retrieve your secure email, you can create a new CSB Secure Email message by clicking on the “Compose” tab.
Online Banking, Data Security & You
Partnering For Online Security
Online banking has grown rapidly into a major new way to bank. Some surveys show that more people prefer to bank online than in the traditional ways. This phenomenal growth has been accompanied by increases in the safety and security measures undertaken by banks and their customers. But cyber-criminals are always looking for new ways to electronically break into the bank and steal your money.
Safe online banking depends on continuing and strengthening this partnership for safe online banking:
Banks Invest Substantially in Security
Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers’ personal information.
Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented, understanding that each bank has a different menu of products and services, and therefore differing security requirements. Some of the areas they look at include:
- Access controls ensuring customer information can be accessed only by authorized persons, including use of multi-factor authentication when warranted.
- Physical restrictions at computer facilities that permit access to authorized persons only.
- Data encryption of electronically transmitted and stored customer information.
- Modification procedures to ensure that changes are consistent with the approved security program.
- Dual control procedures, segregation of duties, and employee background checks.
- Monitoring procedures to detect actual and attempted intrusions into customer information.
- Response programs specifying actions to be taken by specific individuals when the institution suspects unauthorized access.
- Environmental hazard protections against physical damage or technology failures.
Banks Partner With You
Your bank has security measures to protect your account information, but they can’t be effective without your help and cooperation. Many account hijacking attempts come as a result of hacking into individual user accounts, and from there electronically breaking into the bank using your information and security codes.
Common sense and easily implemented precautions can help you safeguard your personal information:
- Strong passwords - Advise against using easily guessed passwords such as birthdays or home addresses.
- Anti-virus protections - Make sure the anti-virus software on your computer is current and scans your email as it is received.
- Email safety - Email is generally not encrypted so be wary of sending any sensitive information such as account numbers or other personal information in this way.
- Sign off and log out - Always log off by following the bank’s secured area exit procedures.
- Don’t get phished - Crooks are always trying to get your personal information, and they employ some ingenious methods. Don’t respond to any unusual email requests for personal information. When in doubt, call your bank.
- Monitor your accounts - When you check your accounts regularly, you can let your bank know immediately if you encounter anything that does not seem right.
Helpful Hint: Studies show that those who monitor their accounts online often detect fraud earlier than those who rely solely on paper statements.
Free Credit Reports are Your Best Tool
When it comes to guarding against cyber-fraud, one of the most important tools at your disposal is your credit report. It details all of your credit transaction accounts, and will be the first place that unusual charges or entirely new accounts will appear. You can monitor your report for FREE.
Since Federal law permits consumers to obtain a free report annually from each of the three major credit reporting agencies, cyber-security experts advise that you to get a free report from a different agency every four months. Doing so will allow you to monitor your personal online security all year long.
To order your free credit report:
Online and Mobile Threats
Cyber-fraudsters want to earn their money the easy way—by stealing yours.
Understanding How Criminals Try to Trap You is Your First Line of Defense:
- Phishing - This is the criminal attempt to steal your personal information through fraudulent emails or smart-phone texts. They are often very believable, luring the victim to a site that asks them to provide (or “verify”) personal financial details such as account numbers and social security numbers. A variation is called Spear Phishing, which are targeted electronic messages that appear to come be from someone the victim knows personally. Cyber-security experts often term the mobile phone version of phishing Smishing, playing off the SMS, or Short Message Service terminology used in text messaging. Remember: Your bank will not send emails asking for your personal information—they already have it.
- Card Skimming - This is a criminal’s attempt to gain a victim’s personal information by tampering with ATM machines. Fraudsters set up a device that can capture magnetic stripe and keypad information, such as PINs and account numbers. Using ATMs you know and trust—as well as examining the machine closely—can help thwart this type of theft.
- Spyware - This is the term used for criminal software that a victim unknowingly loads on a personal computer. Once there, the spyware collects personal information and sends it to the criminal. Up-to-date security software is the best defense.
Helpful Hint: Cyber-criminals often prey on those who are most vulnerable, such as senior citizens or young adults, who may not be as aware of the technical aspects of the threats. Make sure you alert any friends or family members who might be in this category. They’ll appreciate it!
- Internet Crime Complaint Center: www.ic3.gov
- Federal Trade Commission (FTC) Consumer Response Center: www.ftc.gov
- Financial Fraud Enforcement Task Force: www.stopfraud.gov
- On Guard Online: www.onguardonline.gov
@FINANCIAL EDUCATION CORPORATION
Windows 7 End of Support
As of January 2020, Microsoft stopped providing security updates or support for PCs running Windows 7.
Now is the time to upgrade to Windows 10.
What does end of support mean?
- No technical support
- No software updates
- No security updates