Tips on Protecting your Personal Information on Mobile Devices
Convenience is the driving factor in the rise of mobile banking. It opens the doors to consumer choice and access to banking options. But as mobile devices, like smartphones and tablets, become more popular, hackers are finding savvy ways to steal information. We urge you to be cautious when using mobile devices to do your banking.
It’s important to take a common sense approach to mobile banking. Use caution on your phone just like you would a computer. If you’re careful, you can really enjoy mobile banking’s benefits safely and securely.
Following are a few tips to protect your information:
Avoid storing sensitive information like passwords and social security numbers on your mobile device.
Password protect your mobile device and lock it when you’re not using it.
Be aware of your surroundings. Don’t type any sensitive information if others around you can see.
Log out completely when you complete a mobile banking session.
Protect your phone from viruses and malware just like you do for your computer by installing mobile security software.
Download the updates for your phone and mobile apps.
Use discretion when downloading apps.
If you change your phone number or lose you mobile device, let your financial institution know right away.
Monitor your accounts regularly and report suspicious activity to your financial institution immediately.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “firstname.lastname@example.org,” “email@example.com,” or “firstname.lastname@example.org.” They have various subject lines such as “Update for your banking account,” “ACH and Wire transfers disabled,” and “Banking security update.”
The fraudulent messages state:
These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “email@example.com,” “firstname.lastname@example.org,” or “email@example.com.” They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.” The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.” They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
Fraudulent E-mails Claiming to be from NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or companies are receiving fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Please forward fraudulent emails claiming to be form NACHA to firstname.lastname@example.org.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software application security patches are installed and current.
Fraudulent E-mails Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to email@example.com.
Phishing Alert for Internet Banking
In the past few days, there has been an increased number of reported phishing attempts targeting Internet Banking. The phishing has had these tendencies:
- The login process is modified by adding a Web page stating that computer cannot be identified, and that the user is required to enter credit or debit card information to continue.
- The page that requests the user data does appear to originate from our Internet Banking site with the correct URL and certificate information. However, this page is generated by malware installed on the local computer and not from the Internet Banking site. Internet Banking servers remain secure.
- This malware was most likely installed from an opened e-mail attachment or a compromised website viewed on the infected computer of the user that is using Internet Banking.
Community National Bank will not ask you to enter personal or account information during the login process or for any Internet Banking pages where the information requested is not relevant to the transaction. Customers should not enter sensitive data if they are prompted to do so. Also, any system accessing Internet Banking should have anti-virus and anti-malware software installed and the software definitions kept up-to-date. If you should have any questions, please feel free to contact us at (423) 570-0280 or come into any of our locations.
Security researchers warn that a ZeuS distribution campaign producing emails about failed electronic tax payments has significantly increased. The “from” field in these emails is spoofed to appear as if it is originating from “EFTPS Tax Payment,” and the email tells users that their tax payment submitted through the Electronic Federal Tax Payment System (EFTPS) has failed. The message claims the payment failed with an R21 return reason code, and provides a link to obtain additional information. The malware installed as a result of clicking on the link is commonly used by fraudsters to steal online banking credentials, credit card details, and other sensitive information.
If you receive one of these phishing emails, DO NOT CLICK ON THE LINK! The safest rule is to never follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent e-mails.
Fraudulent E-Mail Alert from Community National Bank
We have received notification of an e-mail that gives the appearance of being sent from Community National Bank. The “from” line of the email displays the name “cnb-usa.com support” and the subject line includes “cnb-usa.com account notification”. There is a link in the e-mail that should not be clicked on.
This is a fraudulent e-mail and it was not sent from Community National Bank.
10 Ways to Protect Your Money
Online banking, bill paying and shopping are conveniences that most people want to enjoy. And most of the time, high-tech transactions are completed quickly and without a glitch. However, just as with other transactions, in a small percentage of cases something goes wrong. That’s why you need to take precautions against theft and errors.In particular, even as banks and merchants tighten up security, Internet thieves devise new, sophisticated ways to trick consumers into sending money or into revealing information that can be used to commit fraud. “Today’s Internet threats wear many different disguises, from fake Web sites to fraudulent text messages on cell phones,” warned Michael Benardo, Chief of the FDIC’s Cyber-Fraud and Financial Crimes Section. “That’s why online consumers need to be aware that they may be targeted and they should always be on guard.”David Nelson, an FDIC fraud specialist, added: “Online fraud is an ongoing game of cat and mouse. Crooks continuously hunt for security holes, banks and merchants plug those holes, and then the criminals find new ones to slink through. But consumers play an important role in keeping crooks at bay by being aware of the potential risks, taking precautions and remaining vigilant.”FDIC Consumer News, which periodically issues guidance to consumers regarding online precautions they can take, offers our latest collection of top tips. Note: Not all financial institutions offer each product or service described here.
1. If you bank online, frequently check your deposit accounts and lines of credit to spot and report errors or fraudulent transactions, just as you should with traditional banking. “Your ability to monitor your accounts online has gotten easier, faster and more convenient now that banking by cell phone is starting to mature alongside banking online,” said Michael Jackson, Associate Director of the FDIC’s Technology Supervision Branch. “This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix.”Nelson suggested checking your accounts online about once or twice a week, but he also noted that “more and more banks are making it easier for their customers to keep an eye on their accounts electronically. For example, many banks offer e-mail or text message alerts when your balance falls below a certain level or when there is a transaction over a certain amount.”Federal laws generally limit your liability for unauthorized electronic funds transfers, especially if you report the problem to your financial institution within specified time periods, which will vary depending on the circumstances. A good rule of thumb is to check your statements promptly and report unauthorized transactions to your bank as soon as possible.
2. Never give your Social Security number, credit or debit card numbers, personal identification numbers (PINs) or any other confidential information in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. Chances are an “urgent” e-mail or phone call appearing to be from a government agency (such as the IRS or the FDIC), a bank, merchant or other well-known organization may be a scam attempting to trick consumers into divulging personal and account information. It’s called “phishing,” a high-tech variation of the concept of “fishing” for personal information.Also watch out for phishing scams that involve bogus text messages sent to cell phones claiming that a bank account has been “blocked” and the recipient must call a certain number to fix the problem. If you make that call, you likely will be asked to enter your account number and PIN. The criminals can use this information to make counterfeit debit cards and drain your account.”Real bankers and government officials don’t contact people asking for this kind of information,” said Benardo. “Your bank will already have your account numbers and only you should know your log-in credentials, and a government agency won’t have a need for this information.”
3. Don’t open attachments or click on links in unsolicited e-mails from anyone you don’t know or you otherwise aren’t sure about. Sometimes these attachments or links can infect your computer with “spyware” that can change your security settings and record your keystrokes. “Spyware can secretly steal your passwords, bank or credit card numbers, and your answers to security questions like your mother’s maiden name or your high school,” Benardo advised. “Online thieves can use this information to log into your account, make changes and transfer money, leaving your bank account empty.”In one recent example, criminals sent out fake IRS e-mails warning recipients that they were being investigated for unreported income and asking them to click on an attachment for more information. The file launched a program that allowed hackers to install spyware and other unwanted programs on personal computers (PCs) to access bank accounts.
4. Watch out for sudden pop-up windows asking for personal information or warning of a virus. This is called “scareware” because it frightens people into providing information, downloading malicious software or paying for removal. If you get an e-mail or pop-up window saying your computer has a virus and it offers a program to clean your PC and the warning window won’t go away, your first step is to use the computer’s “task manager” function and click “end task” or “force quit” to shut down the pop-up window. Scareware can be a nuisance to clean off your computer, so call your anti-virus software company if you need help.
5. Use a mix of security tools and procedures. “Staying safe online is like protecting your home with lighting, locks, alarms and fire extinguishers,” explained Nelson. “You can’t rely on just one layer of defense to protect you from all online threats.”
At the top of the list of security tools to use, and keep updated, are anti-virus software to detect and block spyware and other malicious attacks, and a “firewall” to stop hackers from accessing your computer. Even if your computer seems fine, Nelson said, schedule an automatic anti-virus scan to run at least once a week but preferably every day. Call or e-mail your anti-virus vendor right away if you get a warning message and you don’t know what to do next.
Also consider these extra precautions as you use the Internet:
Don’t log into your bank account while using public computers, such as at a library, or free wireless connections at coffee shops and similar places. Criminals often try to intercept Internet traffic, including passwords, from these locations.
Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers and search engines often will indicate if you are visiting a suspicious Web site.
Choose “strong” user IDs and passwords that will be easy for you to remember but hard for hackers to guess. The strongest ones have a combination of letters, numbers and other characters, and are at least 10 characters long. For your online banking, choose IDs and passwords that are not the same as those you use for e-mails or social networking sites, just in case they get into the wrong hands. Also change your online banking password about every 90 days. And if you remove a computer virus from your PC, immediately change your password.
Have each person in your household bank and shop online and send e-mail through his or her own “standard user account.” Not conducting these online activities through the computer’s “administrator account” (the one that makes changes affecting all users) reduces the likelihood that a hacker can install unwanted programs on your PC. Limit the use of the administrator account to special tasks needed for your computer, such as adding or removing software and installing updates to your operating system.
Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, e-mailing, social networking, playing games or other activities that increase the chances of downloading malicious software. You can also consider using an old PC for this limited purpose, but you should uninstall any software you no longer need and follow up with a scan of the entire PC to check for malicious software.
Only use security products from reputable companies. Nelson said one way to check out these products is by reading reviews from computer and consumer publications. “Look for a product that has high ratings for detecting problems and for providing tech support if your computer becomes infected,” he said.
Kathryn Weatherby, a fraud specialist at the FDIC, also cautioned that banks normally don’t ask their customers to download software updates. “If you get an unsolicited request to update your banking software,” she said, “independently verify it by calling your bank using a phone number from your bank statement, not the phone number that appears in the request, which could connect you to a scam operation instead of your bank.”
6. Beware of check scams. With unemployment high, con artists are preying on people who need cash. One common check scam involves attractive offers � usually originating in e-mails or online job postings � involving part-time work from home. As the new “employee,” you will be sent a check to deposit (which will be counterfeit) and told to forward cash from your own account (to the crooks). Another scam involves “mystery shopper” programs where the new hire is given fake money orders or checks and asked to wire funds to the criminals. And unlike electronic transfers that are covered by consumer protection laws, fraudulent check scams often leave consumers suffering the loss.
7. When shopping online, deal with reputable merchants and be wary of unbelievably low prices. “There is no guaranteed way to ensure that an online merchant you’re unfamiliar with is reputable, but there are ways to avoid doing business with an unreliable one,” cautioned Jeff Kopchik, an FDIC Senior Policy Analyst specializing in technology matters.First, he said, ask your friends and family if they’ve had good experiences with a merchant you’re considering using. “If people you know have used and can recommend an online merchant, that’s a strong indicator,” he added. Second, you may already know and like some online merchants from their retail outlets, mail order catalogues or other services. They are likely to be a safer bet than an unfamiliar merchant that doesn’t list a physical address or a phone number on its Web site.If you are uncertain about an online merchant, check with the Better Business Bureau Online at the following website www.bbbonline.com. You can also search online for complaints about the business. Similarly, if you have a problem with an online merchant, file a report with the Better Business Bureau. The Bureau will notify the merchant about your concern and ask you if the issue was resolved. A legitimate merchant will attempt to fix the problem, while a crooked company may have many unresolved issues.
8. Using a credit card generally offers more purchase protection than a debit card or other electronic forms of online payment. “Unlike paying with a debit card and the money being immediately transferred out of your account, with a credit card you generally have weeks to pay your bill,” Kopchik said. “So if the merchant does not deliver as promised, you have time to dispute the transaction and even enlist the help of your credit card company.” He also noted that federal law gives you certain rights, in areas such as dispute resolution, when buying with a credit card.However, watch your budget when using your credit card to shop online. Kopchik said studies have shown that people spend more when they use a credit card instead of cash, a gift card or a debit card.
9. Be on guard against scams hiding behind online coupon offers. Web sites for legitimate coupons will only ask consumers to provide an e-mail address in order to use their service to search for online specials and discounts. Beware of any coupon site that asks for personal, financial or payment information, which can be misused by criminals.
10. Be careful if you download banking software onto a cell phone. Many cell phones called “smart phones” allow consumers to add computer-like features ranging from video games to “mobile” banking. But cell phone users need to be aware of an emerging threat from criminals selling malicious software for mobile banking, some even falsely displaying bank logos. “These applications may contain spyware, and downloading them could be giving a hacker access to your bank account or payment card information,” reported Nelson.His advice? “Only download mobile banking applications from a safe site, such as your wireless provider, phone manufacturer or your bank.” When in doubt, he added, “contact your bank before downloading any banking applications to your cell phone.”