Security Tips / Fraud Prevention
Protecting your personal and financial information at CNB is our number one priority. In addition to the security features included in our online banking products and services there are additional security measures consumers can take to protect personal and financial data. Take a few minutes to learn about additional security tips, internet and e-mail scams in the information below.
Protect Your Personal Information Online
- Do not share ID and passwords.
- Change your password frequently.
- Use strong passwords by incorporating characters and using phrases that cannot be easily guessed.
- Maintain up to date virus protection on your PC. You could possibly lose important information and incur additional repair expense without this protection.
- The Bank will NEVER contact a customer by phone or e-mail and ask for account numbers, passwords or personal information. If you receive a call or e-mail claiming to be from CNB contact us immediately and forward any e-mails to our attention.
- Sharing personal information over the phone or on the Internet should be between businesses you know and trust. Do not respond to un-solicited emails. If a company you do business with asks you to re-validate personal information, do not respond. Contact the company directly via phone or by typing in their home URL directly to determine the validity of the email.
- If you think you provided personal information to a perpetrator, change your password immediately, monitor your account activity and contact us.
- Typographical and grammatical errors contained in an e-mail or on a website are often signs of fraud attempts to compromise your personal information.
- Review account activity and billing statements to be sure there are no unauthorized transactions posted to your account. If you find unauthorized transactions posted to your account contact us immediately.
- Always use the logout button to end your browser session. Closing the page does not log you out of your current session.
- For additional information on internet, e-mail and identify theft issues, visit the Federal Reserve Deposit Insurance Corporation at http://www.fdic.gov/consumers and watch the video produced by the Federal Deposit Insurance Corporation Don’t Be An Online Victim.
A recent study by IBM warns of a cyberattack known as “Dyre Wolf” that installs malware by tricking users into clicking on a malicious email. The malware monitors activity and waits for users to log into a bank website. Dyre Wolf then produces a pop-up warning indicating the website is having technical problems and to call a help center at a number the criminals provide. Attackers answer the phone pretending to be bank representatives and attempt to get the customer’s password. Once they have the password, they transfer money out of the account.
This is yet another reminder to employ sound security practices. First, be wary of email. Email is the single most vulnerable form of communication around, and the #1 way that malware spreads and criminals obtain personal information such as passwords and account information. Second, always contact us at the number on your account statement, credit/debit card, or another number that you KNOW is ours. Never trust a phone number provided to you in a pop-up window on the internet, in an email, or in a text message. Finally, closely monitor your accounts using tools provided by your financial institution. This includes checking your account regularly via online banking, setting up text or email alerts for account activity, and promptly contacting the bank if you spot any suspicious or unfamiliar activity on your account.
Heartbleed bug, what you need to know.
How has the bank responded to this concern?
Immediately upon notification we began testing our systems and communicating with our partners and found all systems were not vulnerable. We have tested our systems and found no known vulnerabilities. Please be assured that protecting the security of our customers’ information is our highest priority.
What is the Heartbleed bug?
The Heartbleed bug is vulnerability in the OpenSSL cryptographic library that allows an attacker to steal information normally protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is open-source software that is widely used to encrypt web communications. SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs. According to CNET, an attacker can exploit Heartbleed to essentially “get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”
Protect Your Personal Information
The safety of your personal information is important to us. We therefore offer you this warning about a recent attempted scam intended to gain access to a personal computer.
Criminals often attempt to trick unsuspecting users into running malicious commands on their computers or granting the fraudster remote access to the machine. If they are successful the criminals then have access to both your personal information, including bank and other account information, as well as the computer itself.
This past week, one of these criminals called one of our employee’s direct phone numbers. The criminal did not know who they were calling. This enabled us to get a first-hand look at how they operate and the tactics that they use. It also alerted us that these groups are targeting phone numbers in our local area, and that a heightened awareness is called for. After sharing this with our employees, we received numerous reports of individuals receiving similar such calls at home in recent days.
If anyone calls you claiming to offer technical support for your computer, DO NOT follow their instructions or provide them any information of any type. No reputable company offering support, whether it is Microsoft, Dell, or any other company, will call you unsolicited. Just as we, the bank, will never call you and ask for you to provide your personal or account information, the same is true for most other reputable companies. Never provide anyone access to your computer or personal information unless you have initiated the call.
Bogus Credit Report Solicitations
It has been brought to our attention that some visitors to the Bank’s website have been presented with bogus solicitations to receive a copy of your credit report. This solicitation is caused by malware, spyware, or adware on the visitor’s computer. The solicitation is in no way sponsored by or endorsed by the Bank. It is recommended that anyone receiving this solicitation run a full scan with their antivirus and or antispyware program. It is also recommended to visit http://windowsupdate.microsoft.com to ensure that your computer has the latest security updates available.
Phishing Scams Using Phones
In addition to using e-mails to obtain personal information, perpetrators are also using phones to collect personal information like your account number, social security number, or your debit and credit card information. If you receive an automated call stating that your account or card number has been compromised and a request is made to contact a specific number to resolve the issue. When the caller contacts the phone number they are asked to verify the account that was compromised by giving the perpetrator the account information. If this occurs immediately hang up and contact us to report the details of the scam.
Please be aware: We have received reports that some mobile phone users in our area have received phone calls and text messages saying their debit cards were being deactivated. This is a very common type of fraud in which scammers text or call a large number of random mobile phone numbers in an area to get a few people to enter their card information when they reply to the message. Your bank would never contact you and ask for your debit or credit card number. If you receive a message like this simply ignore or delete it. This serves as further reinforcement that to never respond to unsolicited messages requesting account information.
Pharming scams use e-mail solicitations to lure victims to a bogus site. When the customer clicks on the link provided in the e-mail, malicious software is installed to re-direct the user to a fraudulent site where personal information can be requested by the scammer. To verify you are visiting a valid website, check for a certificate from a service like VeriSign®. You can locate this information by clicking on the padlock icon that appears in the URL address to view the sites security certificate. Be sure to verify the name on the certificate matches the name on the site.
Be sure to run anti-virus and anti-spyware software and update your computer with the latest security patches and firewalls.
Another scam often used is Key Logging. Key logging software is installed on your machine without your knowledge through an unsolicited e-mail or download of software that infects your machine. The unwanted software is often referred to as “spyware”,” adware” or “key logging software” and records everything you type on your computer, including passwords. Some symptoms that your machine may be infected by unwanted software include:
- Slowing of your computer
- Increase in unsolicited e-mails
- Strange browser behavior including increased pop-ups and unexplained changes to your home page settings and favorites
To minimize the risk of key logging, make sure you have up to date virus software installed and updated and avoid downloading information from sites or sources that are unfamiliar.