Simple steps to secure your computers and mobile devices for Internet banking and shopping

Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?

“Think about all of the access points to and from your computer — such as Internet connections, email accounts and wireless networks,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “These always need to be protected. Otherwise, it’s like leaving your front door wide open while you are away so that anyone could come in and take what they please.”

Here are some Cybersecurity basics:

Click the tabs below to view

User ID and Password Guidelines

  • Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
  • Change your password frequently.
  • Never share username and password information with third-party providers.
  • Avoid using an automatic login feature that saves usernames and passwords.

General Guidelines

  • Do not use public or other unsecured computers for logging into Online Banking.
  • Check your last login date/time every time you log in.
  • Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.
  • View transfer history available through viewing account activity information.
  • Whenever possible, use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
  • Take advantage of and regularly view system alerts; examples include:
    • Balance alerts
    • Transfer alerts
    • Password change alerts
    • ACH Alerts (for cash management users)
    • Wire Alerts (for cash management users)
  • Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
  • Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
  • Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
  • Never leave a computer unattended while using Online Banking.
  • Never conduct banking transactions while multiple browsers are open on your computer.

Tips to Avoid Phishing, Spyware and Malware

  • Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
  • If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.

Tips to Protect Online Payments & Account Data

  • Take advantage of transaction limits. Establish limits for monetary transactions at multiple levels: per transaction, daily, weekly, or monthly limits.
  • When you have completed a transaction, ensure you log off to close the connection with the financial organization’s computer.
  • Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
  • Reconcile by carefully monitoring account activity and reviewing all transactions initiated by you or your company on a daily basis.

Account Transfer

  • Utilize available alerts for funds transfer activity.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable.  A firewall limits the potential for unauthorized access to your network and computers.
  • Check your settings and select, at least, a medium level of security for your browsers.
  • Clear the browser cache before starting an online banking session in order to eliminate copies of Web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences menu.

Tips for Wireless Network Management

Wireless networks can provide an unintended open door to your network. Unless a valid reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate purposes, it is recommended that wireless networks be secured as follows:

  • Change the wireless network hardware (router / access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
  • Disable remote administration of the wireless network hardware (router / access point).
  • If possible, disable broadcasting the network SSID.
  • If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.

If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.

Here’s More Detailed Cybersecurity Guidance

Click the tabs below to view

Using Social Networking Sites

A lot of people use social media sites —such as Facebook, LinkedIn, Twitter, Google+ and Instagram — to stay in touch with family and friends, meet new people and interact with businesses like their bank. However, identity thieves can use social media sites in hopes of learning enough information about individuals to be able to figure out passwords, access financial accounts or commit identity theft.

Identity thieves create fake profiles on social networks pretending to be financial institutions and other businesses, and then lure unsuspecting visitors into providing Social Security numbers, bank account numbers and other valuable personal information. Identity thieves also have created fraudulent profiles and then sent elaborate communications to persuade “friends” to send money or divulge personal information. “They might claim to work at the same organization, to have attended the same school, or share similar interests and hobbies,” said Susan Boenau, manager of the FDIC’s Consumer Affairs Section. “They know that communicating a false sense of trust can be easy on social media.”

“Valuable pieces of information to someone seeking to steal your identity include, for example, a mother’s maiden name, date or place of birth, high school mascot or pet’s name,” explained Amber Holmes, a financial crimes information specialist with the FDIC. “Fraud artists use social networking sites to gather this kind of information because it can help them guess passwords to online accounts or answers to ‘challenge questions’ that banks and other businesses frequently use for a second level of authentication beyond a password. Someone who has your password and can successfully answer challenge questions may be able to access your accounts, transfer money or even reset passwords to something they know and you don’t.”

What safety measures can you take with your social media account?

Check your security settings on social network sites.

Make sure they block out people who you don’t want seeing your page. If you have doubts about your security settings, avoid including information such as your birthday or the year you graduated college. Otherwise, though, experts say it is OK to provide that kind of information on your social media pages.

Take precautions when communicating with your bank.

If you want to communicate with your bank on social media, keep in mind that your posts could become public, even though you can protect your posts to some extent through your account settings. You should not include any personal, confidential or account information in your posts. “Also, reputable social media sites will not ask you for your Social Security, credit card or debit card numbers, or your bank account passwords,” said FDIC Counsel Richard Schwartz.

Before posting information such as photos and comments, you should look for a link that says “privacy” or “policies” to find out what can be shared by the bank or the bank’s social media site with other parties, including companies that want to send you marketing emails. Read what the policies say about whether and how the bank will keep personal information secure. Find out what options you may have to limit the sharing of your information.

It is a good rule of thumb to avoid posting personal information on any part of a bank’s social media site. “That type of information is often requested by banks for their security ‘challenge questions’ that are used to control access to accounts,” advised Schwartz. “A criminal could use that information to log in to your account.”

Be cautious about giving third-party programs or apps, such as sites for games or quizzes, the ability to use information from your social networking pages.

“Some of these third parties may use information from your page to help you connect with others or build your network — for example, to pair you with strangers wanting to play the same game,” Boenau said. “But they could also be selling your information to marketing sites and others, possibly even to people who might use your information to commit a fraud.”

Periodically search to see if someone has created a fake account using your name or personal information on social networking sites.

Checking common search engines for your name and key words or phrases (such as your address and job title) may turn up evidence that someone is using your information in a dishonest way.

Courtesy of FDIC Consumer News – Winter 2016

Beware of Malware

Malicious software — or “malware” for short — is a broad class of software built with malicious intent. “You may have heard of malware being referred to as a “computer bug” or “virus” because most malware is designed to spread like a contagious illness, infecting other computers it comes into contact with,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “And if you don’t protect your computer, it could become infected by malware that steals your personal financial information, spies on you by capturing your keystrokes, or even destroys data.”

Law enforcement agencies and security experts have seen an increase in a certain kind of malware known as “ransomware,” which restricts someone’s access to a computer or a smartphone — literally holding the device hostage — until a ransom is paid. While businesses have been targeted more than consumers to date, many home computer users have been victims of ransomware.

The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file. Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or Web page on the Internet. The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!” Malware also can spread across a network of linked computers, be downloaded from an infected website or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive.

Here are reminders plus additional tips on how to generally keep malware off your computer:

Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails.

Think before you click! Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number). “Even if the attachment is from someone you know, consider if you really need to open the attachment, especially if the email looks suspicious,” added Benardo.

Install good anti-virus software that periodically runs to search for and remove malware. Make sure to set the software to update automatically and scan for the latest malware.

Be diligent about using spam (junk mail) filters provided by your email provider. These services help block mass emails that might contain malware from reaching your email inbox.

Don’t visit untrusted websites and don’t believe everything you read. Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more. If something sounds too good to be true, then most likely it’s fraudulent or harmful.”

Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer. It could have hidden malware on it. “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes. “If you are still unsure, don’t take a chance.”

Courtesy of FDIC Consumer News – Winter 2016

Going Mobile

Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. “Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes,” said Michael Benardo, manager of the FDIC's Cyber-Fraud and Financial Crimes Section. “That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer.”

Here are some basic steps you can take to secure your mobile devices:

Avoid apps that may contain malware.

Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.

Keep your device’s operating system and apps updated.

Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. “Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play,” said Robert Brown, a senior ombudsman specialist at the FDIC.

Consider using mobile security software and apps to protect your device.

For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.

Use a password or other security feature to restrict access in case your device is lost or stolen.

Activate the “time out” or “auto lock” feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.

Back up data on your smartphone or tablet.

This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.

Have the ability to remotely remove data from your device if it is lost or stolen.

A “remote wipe” protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.

Courtesy of FDIC Consumer News – Winter 2016

Watch for more Cybersecurity consumer education from RiverHills Bank in the coming months.

The Bad Guys Are Out There. Fight Back!
Bad Guy at Computer

More Consumer Protection:

Identity Theft Protection >

Fraud Alert Management Service >