Learn More About Protecting Yourself OnlineYour personal information is important and can be extremely valuable to those who want to take advantage and use it for criminal purposes. Losing control of your personal information can be financially challenging and emotionally draining.
To help safeguard your personal information, TotalBank has created a series of educational briefings that provide important and actionable information you can put to use immediately. Discover the many simple things you can do to help keep your information safe. Click on any of the topics below to learn more.
What You Should Know About "Social Engineering"
Fraud... What should you do if you suspect you are a victim of fraud?
What should you do if you suspect your computer has been compromised?
Why you should protect your computer
What is Malware, Spyware, Spam, Phishing, Pharming, etc...
Your Consumer Protection Under Regulation E
Password Security: What are the Best Practices to follow?
E-mail Security: What are the Best Practices to Follow
How Does Social Engineering WorkA social engineer will commonly use the phone, internet, engage in dumpster diving or psychological persuasion to trick people into revealing sensitive information or getting them to do something against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible.
Social Engineering by PhoneThe most common form of social engineering is conducted by phone. The attacker calls pretending to be someone important for the company or an outside consultant working for the company. Many times the attacker will have several scripts that he/she has rehearsed (known as pretext calling). The attacker gains customers’ trust and extracts important pieces of information from each customer. If the customer has no idea what information he/she can or cannot disperse, then the attacker can also play on the customer’s unawareness with respect to the disclosure of information.
Social Engineering by InternetOnline social engineering can take many forms. Many times the would-be attacker can send a customer an e-mail directly requesting the customer’s password or the attacker can send the customer an attachment. The attachment can be a “Trojan Horse” which records the customer’s keystrokes and sends them automatically to the attacker via e-mail. Furthermore, the attachment can install a pop-up window that looks like a legitimate network request for the customers to re-enter their username and password. When the customers re-enter this information the hacker captures the login information.
Social Engineering by Dumpster DivingAnother less glamorous form of social engineering is called dumpster diving. Here the attacker collects information about the customer or company from the trash that the customer or the company throws away. The customer or company dumpster can be a gold mine for the attacker, providing him/her with enough information to launch another form of social engineering attack, such as by phone.
Social Engineering by Psychological PersuasionPsychological persuasion can be used in any of the other categories of social engineering discussed previously. Many times, the attacker uses persuasion to gain the customer’s trust. This method is very useful in pretext calling.
Best Defense is to Protect Yourself…Always be on the alert for suspicious questions and behaviors.
The best detector of fraud and identity theft is you. Through proactive monitoring, you can look for unusual activities and act fast before damage occurs.
Banking online gives you quick access to your accounts, so fraudulent activities can be detected sooner. Additionally, by taking advantage of online bill pay and good old fashioned paper shredding, you can contribute to your own online safety.
How to detect fraud:
Monitor your accounts regularlyTotalBank recommends frequently reviewing your account online for any unusual activity.
Recognize fraud and identity theft
Fraud is an act that occurs when someone uses your account to make unauthorized purchases, usually when the account number or card has been stolen.
It’s important to learn how to recognize activities that may indicate possible fraud or identity theft.
- If you did not receive an expected bill or statement by mail
- If unexpected charges occurred on your account
- If there are charges on your account from unrecognized vendors
- If posted checks appear on your account significantly out of sequence
Identity theft happens when a thief steals information such as your name, birth date or Social Security number to open credit cards, mortgages, and other accounts without your knowledge.
Check your credit report annuallyBy monitoring your credit report, you can make sure that no one has opened bank accounts or applied and been approved for loans in your name using stolen information.
Nationwide consumer reporting companies will provide you with a free copy of your credit report once every 12 months by visiting www.annualcreditreport.com or by calling 1 877 322-8228
You can also get an explanation of your rights from the Federal Trade Commission (FTC), the nation’s consumer protection agency.
A Compromised Computer is defined as any computing resource whose confidentiality, integrity or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source. Here are a few clues that may indicate your computer has been compromised.
If your computer begins to exhibit:
- A sudden reduction or unresponsiveness in the computer’s performance
- Unusual behaviors, such as windows briefly popping up and closing down
- Application programs terminating and restarting again or programs running that you are unfamiliar with
- Sporadic failed logins, even though you are certain you entered the password accurately
- If you own a business: An e-mail bounces back, you are unable to receive e-mails or traffic to your site or employee’s password doesn't work.
- Disconnect the computer - Disconnecting the computer from the Internet or the network as soon as possible prevents a potentially untrustworthy source from taking further actions on the compromised computer
- Back-up or image the computer’s hard drive
- Perform a clean installation of Microsoft Windows - A format of the drive “should” be completed.
- Immediately update that installation with all of the latest patches.
- Use the latest anti-spyware or anti-virus detection to scan and clean any data that you want to recover from the backup
- Notify users of the computer (if any) of a temporary service interruption
- If the compromised computer provides some type of service, it is likely that users of this service will be impacted by the interruption brought on by disconnecting the computer from the network.
- Preserve any log-in information not resident on the compromised computer - All log files, pertaining to a compromised computer, that are stored on a secondary computer or on some type of external media should be preserved immediately.
- Contact your Company’s Help Desk for assistance (as applicable) - Contact your Help Desk for assistance in tracking down changes made by the hacker. They will determine the best course of action for the compromised computer.
Once they’re in your computer, they often install new programs that let them continue to use your computer – even after you plug the holes they used to get onto your computer in the first place. These backdoors are usually cleverly disguised so that they blend in with the other programs running on your computer.
Whether your computer runs Microsoft Windows, Apple’s Mac OS, LINUX, or something else, the issues are the same and will remain so as new versions of your system are released. The key is to understand the security-related problems to think about the solutions.
Here is the list of tasks you need to do to secure your home computer:
- Install and Use Anti-Virus Programs
- Keep Your System Patched
- Use Care When Reading E-mail with Attachments
- Install and Use a Firewall Program
- Make Backups of Important Files and Folders
- Use Strong Passwords
- Use Care When Downloading and Installing Programs
- Install and Use a Hardware Firewall
'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs.
Some forms of malicious software are:
While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow internet connection speeds, unauthorized changes in browser settings, or changes to software settings.
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam
Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing e-mails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details on a fake website which looks are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Pharming is a hacker's attack intended to redirect a website's traffic to another, bogus site.
The term "pharming" is a new term based on the words "farming" and "phishing". Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting e-commerce and online banking websites.
Sophisticated measures known as anti-pharming are required to protect against this serious threat. Anti-virus software and spyware removal software cannot protect against pharming
Regulation E provides rules for error resolution and unauthorized transactions for electronic fund transfers affecting your consumer deposit accounts. These electronic fund transfers include most transactions processed online. In addition, it establishes limits to your financial liability for unauthorized electronic fund transfers. These limits, however, are directly related to the timeliness of your detection and reporting of issues to TotalBank. It is for this reason that we encourage you to immediately review your periodic account statements and to regularly monitor your account activity online.
In general, the protections and deadlines included in Regulation E are extended to consumers transacting business on consumer accounts.
The "Electronic Fund Transfers" disclosure provided to you at the time of account opening provides detailed information. You may also contact us to request a free printed copy of this disclosure at (305) 448-6500
Passwords are very important for maintaining your online identity, because they ensure that no one else can access your accounts and do things you wouldn't do. As such, you should make sure that your online passwords are as strong as possible.
The following best practices for password and account security focus on variety, length and complexity:
- Avoid dictionary words or simple to guess words, phrases, names or significant dates when generating a password.
- Variety is important. Don’t use the same password for multiple sites or accounts.
- Select strong passwords with ten or more characters, randomly adding capital letters, punctuation or symbols (if permitted).
- Substitute numbers for letters that look similar.
- Think of a meaningful song or quote and turn it into a complex password using the first letter of each word.
- TotalBank will never ask you to provide confidential information such as account numbers, Social Security numbers or passwords via the internet or e-mail.
- Do not respond to e-mails with questions about your accounts and do not include any personal information. You may use secure messaging within Online Banking to ask us account-related questions.
Fraudulent E-mailCriminals may send you an e-mail or pop-up message that looks as though it comes from a trusted source. These phony messages may ask you to provide personal account information at a website that looks legitimate. They might even warn you that your account could be suspended if you don't respond.
This is the most common type of online fraud, called "phishing" or "spoofing." Criminals send you these phony e-mail messages — or direct you to a fraudulent website — for one reason only: to steal your personal and financial information.
What can you do?
- Do not open attachments or download software from sources you don’t know, they could contain viruses. If you receive an e-mail or pop-up message that looks suspicious, delete it immediately. Do not reply or click on any links it provides.
- Do not use e-mail to transmit confidential information such as your Social Security number, account numbers, passwords, PINs, etc.
- Never provide personal information in response to an unsolicited request. TotalBank will never ask you to furnish confidential information via internet or e-mail.
- If you are a TotalBank Online Banking customer, you may use secure messaging within Online Banking to ask us account-related questions.