Online Security
Terms & Definitions
The first step in conducting safer online browsing is to identify the many different threats that exist online. Below is a list of some common terms and their corresponding definitions. Once you have an understanding of these threats you will be more likely to identify them and respond accordingly.
- Social Engineering - the use of human interaction (social skills) to obtain confidential information. In general the fraudster is able to manipulate the victim by exploiting the natural human tendency to trust someone at his or her word. See phishing below.
- Phishing - a way to acquire personal information by impersonating a trustworthy entity. It is typically carried out by email or instant message and often directs the user to enter their personal information into a fake website whose look and feel are identical to the legitimate one.
- Smishing - phishing via SMS text messaging.
- Malvertising (Malicious Advertising) - the use of online advertising to spread malware. In some cases advertisements on legitimate sites are used to serve malware or redirect users to sites they did not intend to visit.
- Keylogger - a software program that records the keystrokes on the device on which it is installed and transmits those keystrokes to the person controlling the malware. They are used to steal User IDs, passwords, challenge question answers, etc.
- Man-in-the-Middle(MIM)/Man-in-the-Browser(MIB) - a type of attack in which the fraudster inserts himself between the customer and the bank and hijacks the online session. Once in place, the fraudster can intercept authentication credentials, modify transactions, and insert unauthorized transactions. In most cases funds are transferred to accounts controlled by the fraudster.
Best Practices
Below is a list of some steps you can take in order to better protect yourself online.
- Install an anti-malware software suite on your computer. Many of these products include a personal firewall in addition to virus and spyware protection. Since anti-malware software is generally signature based, verify your signatures are automatically updated. Malware signatures continuously change, so keeping your software up to date is imperative.
- Keep your operating system up to date. Your operating system vendor (e.g. Microsoft, Apple, etc) will periodically issue updates to fix known vulnerabilities in their software. These vulnerabilities may allow an attacker to take control of your computer. You can set your computer to automatically install these updates when they become available.
- Keep other software up to date. Maybe the most popular target for attackers is other software that is installed on most computers like Microsoft Office, Java, and Adobe Flash Player. These products will also be periodically updated to fix known vulnerabilities.
- Never open email attachments or links sent to you from unknown senders. Emails can be made to look like they came from a legitimate business, but in fact are sent from fraudsters. If the email is asking you to reveal your personal information, it is probably a scam. When in doubt error on the side of caution and delete the email.
- Create unique and strong passwords. Safeguard your user ID and password and periodically change your password. There are password management programs that allow you to securely store all of your login credentials in one place. You can then access any of your passwords with one master password.
- Review your account activity frequently. Notify us immediately if you notice any unauthorized activity. If you have a consumer account federal regulations provide some protections for electronic fund transfers. However, in order to limit your liability you must notify us immediately if you believe your access information has been compromised. See the Electronic Fund Transfer disclosures that were provided at account opening for more information. These disclosures are also available upon request.
- Assess your risk. Take a look at your online banking activities and determine your level of risk. Particularly useful for business customers who have access to make external ACH transfers.
- Who has access to your accounts online?
- Can you transfer funds outside this bank?
- Where is your User ID and password stored?
- How strong is your password?
- Who else has access to your computer?
- Does your computer have anti-malware software installed? Is it up to date?
- Is the computer used to access online banking also used for checking email and general web browsing?
What to Expect from Us
- We will NEVER call, email, or otherwise contact you and ask for your online banking credentials.
- We will NEVER contact you asking for your debit card number, PIN, or 3 digit security code.
- Our debit card provider, Shazam, may contact you on our behalf in the event they suspect possible fraudulent activity on your card. They will NEVER ask for your card number, PIN, or security code. They may however ask for your address for verification purposes. If you are uncomfortable with the call you can always hang up and call 866-508-2693 to reach the fraud department. You can also use the 800 number on the back of your card and follow the prompts to reach the fraud department.
Tools & Resources
The following is a list of websites that contain various tools and resources to assist you in mitigating your online risk.
- Windows Update - update your Microsoft software.
- Corporate Account Takeover Resource Center - NACHA's resource center for ACH fraud.
- Identity Theft - Federal Trade Commission website for identity theft.
- OnGuard Online - a government site that promotes online security.
- Stay Safe Online - the National Cyber Security Alliance homepage.
- National Cyber Awareness System - tips and information provided by the United States Computer Emergency Readiness Team (US-CERT).
- Virus Total - scan a file or website for viruses.
The State Bank does not endorse the use of any of the preceding vendors, websites, or tools.