Education Center | Online Safety Guidelines
Federal financial regulators are reporting that Internet threats have changed significantly over the past several years. Sophisticated hacking techniques and growing organized cyber-criminal groups are increasingly targeting financial institutions, compromising security controls and engaging in online account takeovers and fraudulent electronic funds transfers.
In order to help ensure the security of your online transactions, we want you to know that:
- We will never email, call, or otherwise ask you for your user name, password or other electronic banking credentials
- You can help protect yourself by implementing alternative risk control processes like:
- Making sure you choose an adequate user name and password that, at a minimum, mixes in small case letters, upper case letters and numbers
- Periodically changing your passowrd (e.g., at least every 90 days)
- Safeguarding your user name and password information
- Making sure you have up to date anti-malware in place when conducting your financial transactions
- Logging off the system when your're done conducting business ( don't just close the page or "X" out of the system)
- Monitor your account activity on a regular basis
In addition, we suggest that commercial accounts owners perform their own risk assessments and controls to evaluate their risk in relation to Corporate Account Takeover (CATO). Corporate Account Takeover (CATO) is a type of business identity theft where cyber thieves gain control of a business' bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by the thieves.
- Do an evaluation by making a list of the risks related to online transactions that your business faces including:
- Passwords being written down and left out in the open
- The use of old or inadequate passwords
- The possibility of internal fraud or theft
- Delays in terminating the rights of former employees
- The lack of dual control or other checks and balances over individual access to online transaction capabilities
- An evaluation of controls your business uses may include:
- Using password protected software to house passwords
- Conducting employee background checks
- Initiating a policy and process to terminate access for former employees
- Segregating duties among two or more people so no one person has too much access or control
- Conducting internal or third party audits of controls
- Using firewalls to protect from outside intrusion or hackers
Cyber Terms you should Know
Phishing – This is when cyber thieves send emails that try to lure you into providing or confirming personal information. These emails look legitimate, often containing company names you are familiar with. Most times these emails will contain several spelling and grammatical mistakes. The fraudsters use threats, warnings, or enticements to create a sense of urgency. You are asked to click on a link within the email that would take you to a fake website. The site looks real enough to trick you into entering personal information.
Spear Phishing – This form of phishing targets individuals or companies. The emails appear to be from an entity you know because spear phishers use information they already have about you to create more personalized, real-looking emails.
Smishing & Vishing – Very similar to phishing, this is when criminals use automated dialing systems to call or text you with messages intended to trick you into sharing personal information. The message will direct you to a phone number or website that asks you for the information.
Clicking on links, opening attachments, or going to Web addresses provided through phishing, smishing, and vishing, frequently causing identity-stealing malware downloads.
Federal regulations provide consumers with some protections for electronic fund transfers. These regulations generally apply to accounts with Internet access. For example, these federal laws establish limits on a consumer's liability for unauthorized electronic funds transfers. They also provide specific steps you need to take to help resolve an error with your account. Note, however, that in order to take advantage of theses protections, you must act in a timely manner. Make sure you notify us immediately if you believe your access information has been stolen or compromised. Also, review your account activity and periodic statement and promptly report any errors or unauthorized transactions. Refer to the Electronic Fund disclosure that was provided at account opening for more information on these types of protections. We will gladly provide you a copy of the disclosure if needed.