Scammers, hackers, and identity thieves are always looking to steal your personal information... and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason. Queenstown Bank of Maryland prides itself in the confidentiality of our customers' information and encourages our customers to do the same, especially when using your computer, tablet or mobile device.
Email Alert - BUSINESS E-MAIL COMPROMISE (BEC)
The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. BEC is a global scam with subjects and victims in many countries. This is just another clear case of Social Engineering at its’ finest.
According to the FBI’s Internet Crime Compliance Center (IC3) characteristics of BEC complaints that have been reported include, but are not limited to, businesses and personnel using open source e-mail, individuals who have been identified as being responsible for handling wire transfers within a specific business, spoofed e-mails that very closely mimic a legitimate e-mail request, and hacked e-mails that often occur with a personal e-mail account.
More information about this Public Service Announcement issued by the FBI and the measures you can take to protect yourself and your business from BEC can be found here: https://www.ic3.gov/media/2015/150122.aspx.
October is National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM) – celebrated every October - was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.
Since its inception under leadership from the U.S. Department of Homeland Security and the National Cyber Security Alliance, NCSAM has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation. 2015 marks the 12th year of National Cyber Security Awareness Month.
With recent legislation and support from the White House, cybersecurity is continuously a popular topic of discussion and rightfully so. More specifically, there is even stronger focus on consumers and their cyber safety. Everyone at every age is a consumer, and thus this year each theme will focus on the consumer and his/her needs regarding cybersecurity and safety. Below is the highlighted information for the topics for each of the four weeks in October. To see the full story, click on the link beside each topic.
Corporate Account Takeover - NCSAM Week 1
Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information, a fraud referred to as “corporate account takeover.”
As part of National Cyber Security Awareness Month, Queenstown Bank offers small businesses these tips to help prevent account takeover:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Stay Safe Online - NCSAM Week 2
The internet is a powerful resource that many Americans have come to depend on for everyday activities like shopping, banking, and connecting with friends. Yet, for all the internet’s advantages, it can also make users vulnerable to fraud, identity theft and other scams.
In recognition of National Cybersecurity Awareness Month, Queenstown Bank offers the following tips to help consumers stay safe and secure online:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
- Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
- Read the site’s privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects.
Identity Theft - NCSAM Week 3
According to the Federal Trade Commission, identity theft has topped its list of consumer complaints every year, for the last 15 years. Identity theft occurs when a criminal obtains and misuses someone’s personal information without permission, typically for economic gain. For many victims, it can result in drained bank accounts, poor credit, and a damaged reputation.
In honor of National Cybersecurity Awareness Month, Queenstown Bank offers the following tips to help consumers protect themselves from becoming a victim of identity theft:
- Don’t share your secrets. Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers. Shred receipts, banks statements and unused credit card offers before throwing them away.
- Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
- Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
- Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.
- Report any suspected fraud to your bank immediately.
Protect Your Mobile Device - NCSAM Week 4
The number of attacks on mobile devices is growing, in part, as a result of the increased popularity of mobile banking. According to a report by the Federal Reserve, 51 percent of smartphone users say they have used mobile banking in the past 12 months.
In recognition of National Cybersecurity Awareness Month, Queenstown Bank recommends that consumers take extra precaution to protect the data on their mobile device by doing the following:
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.
Have you heard about Online Account Takeover fraud?
Online Acccount Takeover occurs when someone other than an authorized account holder gains access to accounts online. Fraudsters typically use phishing scams as a way to install virus or malware (malicious software) on a computer. When the user clicks on the link in a phishing email, the virus or malware is downloaded and an alert is sent to the fraudster when the user logs into a secure site, like internet banking. Internet banking user information is then logged by the virus or malware and sent to the cyber theives allowing them access without the users knowledge. For safety tips on how you can protect your home computers and mobile devices, click here.
Stop.Think.Connect.org is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. Queenstown Bank of Maryland partners with Stop.Think.Connect to be able to provide nformation to our customers about the importance of cybersecurity awareness. For more information and tips on how you can keep your home computers and mobile devices secure, click here.
OnGuardOnline.gov is the federal government's website to help you be safe, secure and responsible online. The Federal Trade Commission manages OnGuardOnline.gov in partnership with several other federal agencies. OnGuardOnline is also a partner in the Stop Think Connect campaign, led by the Department of Homeland Security and a part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.