Security is our middle name.
In this digital age, your online security is very important to us. We want to provide information and resources to help you prevent identity theft and to become fully aware of measures you can take to ensure that security. Click here for recent security updates on the 1st Security Bank blog. Click here to view informational videos about the topics below.
- Protect your Social Security number, credit card numbers, account passwords and other personal information.
Never divulge this kind of information unless you initiate the contact with a person or a company you know and trust.
- Limit the information you carry.
Don't carry around more checks, credit cards or other bank items than you really expect to need. Don't carry your Social Security number in your wallet or have it preprinted on your checks. Pick passwords and Personal Identification Numbers (PINs) that will be tough for someone else to figure out — don't use your birth date or home address, for example. Don't keep this information on or near your checkbook, ATM card or debit card.
- Protect your mail.
Promptly remove mail from your mailbox after it has been delivered. If you're going to be away on vacation or some other travel, have your mail held at your local post office or ask someone you know and trust to collect your mail. Deposit sensitive outgoing mail in one of the Postal Service's blue collection boxes, hand it to a mail carrier or take it to a local post office instead of leaving it in your doorway or home mailbox.
- Keep information secure in your home.
Safely store extra checks and credit cards, documents that list your Social Security number, and similar valuable items. Be extra careful if you have housemates or if you let workers into your home. "Dumpster divers" pick through garbage looking for your financial information, so tear it into small pieces or use a paper shredder before disposal.
- Pay attention to your account statements and credit card bills.
Contact the financial institution immediately if there's a discrepancy in your records or if you notice something suspicious, such as a missing payment or an unauthorized withdrawal. Also contact the institution if a bank statement or credit card bill doesn't arrive on time. That could be a sign someone has stolen account information and changed your mailing address in order to run up big bills in your name from another location.
- Review your credit report once a year.
Your credit report (prepared by a credit bureau) will include identifying information (such as your name, address, Social Security Number and date of birth) as well as details about credit cards and loans in your name and how bills are being paid. Make sure the report is accurate; this includes monitoring it for unauthorized bank accounts, credit cards and purchases.
See below for information about terms you may have heard about in the news:
Spoofing is a type of scam where an intruder attempts to gain unauthorized access to a user's system or information by pretending to be the user. The main purpose is to trick the user into releasing sensitive information in order to gain access to one's bank account, computer system or to steal personal information, such as passwords. [Investopedia]
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. [Wikipedia]
Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called "phishing without a lure." [Whatis.com]
You can take steps to avoid a phishing attack:
- If you receive an unexpected email requesting personal or sensitive information from a known sender, call the sender with the contact information you have saved to verify they intended to send the email. In addition to calling, verify the email address in the sent email matches the email address you have saved in your contacts.
- Don't email personal or financial information without verifying the email is being sent securely (encrypted). Email is not always a secure method of transmitting personal information. If you need to send personal information to a business via email, contact the business to obtain their procedures for sending email encrypted. If there are no controls in place for encrypting email, do not send the personal or financial information via email as unencrypted emails can be intercepted in delivery and their contents can be read.
- Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances. As an added security measure, consider configuring transaction alert push notifications to your smartphone if you use mobile banking. Transaction alerts will allow you to respond in near real-time if you receive notification of unauthorized charges on your bank account. Contact 1st Security Bank if you need assistance setting up transaction alerts on your account 1-800-683-0973.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
- Use trusted security software and set it to update automatically to ensure you are running the most recent version of the software. This will ensure there are no critical vulnerabilities in the software installed on your machine. Remember that software updates are not distributed via email. If you receive an email requesting you to download a software update, open the software in question and check for updates within the software.
Report Phishing Emails
Forward phishing emails to email@example.com — and to the company, bank, or organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To find out how to include it, type the name of your email service with “full email header” into your favorite search engine.
You also can report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group — which includes ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.
If you might have been tricked by a phishing email:
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
- Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
You can get one free credit report each year by visiting: https://www.annualcreditreport.com/index.action
- To order your report, call: 800-685-1111 or write: P.O. Box 740241, Atlanta, GA 30374-0241.
- To report fraud, call: 800-525-6285 and write: P.O. Box 740241 Atlanta, GA 30374-0241.
- Hearing impaired call 1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.
- To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002 Allen, TX 75013.
- To report fraud, call 888-EXPERIAN (397-3742) and write: P.O. Box 9530 Allen, TX 75013. TDD: 1-800-972-0322.
- To order your report, call: 800-888-4213 or write: P.O. Box 1000 Chester, PA 19022.
- To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790 Fullerton, CA 92634 TDD: 1-877-553-7803.
Credit Card Fraud
If you suspect credit card fraud, i.e., someone uses one or more of your cards without your permission, contact your credit card company immediately. They will:
- Help you to verify whether fraud has occurred
- Identify and remove the fraudulent charges
- Close your account to prevent further unauthorized transactions
- Issue you a new card and account number, and transfer your existing information to the new account.
10 Tips for Keeping Your Mobile Devices Secure [PC World]
- Make sure your software is up-to-date.
The first line of defense is making sure that all your software is up-to-date. Nearly every release of software patches repair a number of security vulnerabilities that are out there..
- Employ strong passwords.
"Be sure to use some combination of letters, numbers and/or special characters of 8 characters or more," says Jeremy Miller, director of operations for Kroll Fraud Solutions. "Avoid using dictionary words. Instead, [use] acronyms for things like favorite songs, restaurants or other items known only to you. And change the password frequently--at least once every six months."
- Don't mess with the security settings.
Most of the default browser settings in Android, iPhone, and Blackberry phones are fairly secure out of the box. Experts recommend not going in to change browser security settings.
This also applies to jailbreaking/rooting your smartphone. You may be tempted to jailbreak or root your device to utilize unapproved software or services on your phone (examples: torrent sites, free movie streaming apps, etc.). Smartphone manufacturers apply security settings to smartphones to protect them from being compromised. Jailbreaking or rooting a smartphone removes these safeguards, leaving the device vulnerable to malware. If you are considering jailbreaking or rooting your device, ask yourself if the application you are tempting to download is worth compromising the security of your device.
- Avoid unencrypted public wireless networks.
Such Wi-Fi networks require no authentication or password to log into, so anyone can access them--including the bad guys. In some cases, bad guys set up an open network to snare unsuspecting people. Encrypted networks, on the other hand, are those that require an ID or password for access--you'll find such networks at many hotels and coffee shops that offer Wi-Fi services. These networks have two different types of security--WEP (wired equivalent privacy) and WPA (Wi-Fi protected access); the second is most secure. Even encrypted networks, though, have risks--it's possible for bad guys to gain access to encrypted networks at a hotel or café, for instance, so be cautious about the sorts of things you do on such networks.
Besides avoiding connecting to unencrypted networks, turn off Wi-Fi when you're not using it. This will prevent you from automatically connecting to networks (and it will extend your device's battery life).
- Paying to access a Wi-Fi network doesn't mean it's secure.
Access fees do not equal security. Just because you pay a fee to access a Wi-Fi network doesn't mean that the network is secure.
- URLs beginning with 'https:' are safer (but not foolproof).
Whenever you're accessing a site where you'll be sharing personal or confidential information--your bank's site, for example--you want to make sure that you're doing so securely. The s in https means that you're connected to the site via the Secure Socket Layer (SSL). In layman's terms, this means that all data transmitted to that particular Website over the Internet is encrypted.
SSL is not foolproof though: If you're on an unencrypted network connection, you may still be subject to man-in-the-middle (MITM) attacks, a form of eavesdropping where the bad guy makes a connection independently with two parties and then "gets in the middle," making both believe that they are talking directly to each other.
These types of attacks are rare, but to guard against them, make sure you're both connected to a secured network and that Websites use https when you're entering sensitive information.
In addition, most e-mail service providers have both a clear text option (that sends unencrypted data) and an encryption (SSL) option. Make sure you have the SSL option enabled.
- Use VPN.
If you have access to a VPN (virtual private network), use it. A VPN provides secure access to an organization's network and allows you to get online behind a secure layer that protects your information.
- Turn off cookies and autofill.
If your mobile device automatically enters passwords and login information into Websites you visit frequently, turn that feature off. It's convenient, but it can also be a privacy threat. In the end, a little inconvenience can go a long way toward added security.
- Watch your apps!
Apps are great, and many are free, so it can be tempting to download with abandon. But you should be selective about the apps you download, particularly in the Android market, because "the Android app market is a little bit more open," without the strict developer guidelines found in Apple's App Store. Do some due diligence before downloading apps. Make sure that you trust the developer and have taken the time to review some of comments. Only download apps from reputable sites, such as Google Play and the Apple Store.
How to Stay Safe Online [adapted from McAfee]
- Know the scams. Read articles and blogs, follow the news, and share this so you can learn about different kinds of scams and what you can do to avoid them and also help your friends.
- Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
- Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.
- Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
- Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to http://passwordday.org/.
- Protect your info. Keep your guard up. Back up all of your data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
- Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
- Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing a better firewall than the one that comes built into your operating system.
- Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans.
- Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from cyber-sharks.