Cybersecurity Awareness Basics
Consumers increasingly rely on computers and the Internet — the “cyber” world — for everything from shopping and communicating to banking and bill-paying. But while the benefits of faster and more convenient cyber services for bank customers are clear, the risks posed by these services as well as the strategies for preventing or recovering from cyber-related crimes may not be as well-known by the average consumer and small business owner.
Common cyber-related crimes include identity theft, frauds, and scams. Identity theft involves a crime in which someone wrongfully obtains and uses another person's personal data to open fraudulent credit card accounts, charge existing credit card accounts, withdraw funds from deposit accounts, or obtain new loans. A victim's losses may include not only out-of-pocket financial losses but also substantial costs to restore credit history and to correct erroneous information in their credit reports.
In addition to identity theft, every year millions of people are victims of frauds and scams, which often start with an e-mail, text message, or phone message that appears to be from a legitimate, trusted organization. The message typically asks consumers to verify or update personal information. Similarly, criminals create bogus websites for such things as credit repair services in the hopes that consumers will enter personal information.
If you think you are a victim of a fraud or scam, contact your state, local, or federal consumer protection agency. Also, a local law enforcement officer may be able to provide advice and assistance. By promptly reporting fraud, you improve your chances of recovering what you have lost and you help law enforcement. The agency you contact first may take action directly or refer you to another agency better positioned to protect you.
Violations of federal laws should be reported to the federal agency responsible for enforcement. Consumer complaints are used to document patterns of abuse, allowing the agency to take action against a company.
People who have no intention of delivering what is sold, who misrepresent items, send counterfeit goods or otherwise try to trick you out of your money are committing fraud. If you suspect fraud, there are some additional steps to take.
- Contact the Federal Trade Commission. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
- If the fraud involved mail or an interstate delivery service, contact the U.S. Postal Inspection Service (https://postalinspectors.uspis.gov/). It is illegal to use the mail to misrepresent or steal money.
For more information, please read the Cybersecurity guides below or watch the FDIC’s Video “Don’t Be an Online Victim”.
FDIC’s Video Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams
Visitors to this bank Website remain anonymous. We do not collect identifying information about visitors to our site. We may use standard software to collect non-identifying information about our visitors, such as:
- Date and time our site was accessed
- IP address (A numeric address given to servers connected to the Internet)
- Web browser used
- City, state, and country
The bank uses this information to create summary statistics and to determine the level of interest in information available on our site. Visitors may elect to provide us with personal information via E-mail, online registration forms, or our guest book. This information is used internally, as appropriate, to handle the sender's request. It is not disseminated or sold to other organizations.
Some areas of our Website may use a "cookie" temporarily stored in the visitor's computer memory (RAM) to allow the web server to log the pages you use within the site and to know if you have visited the site before.
Online Banking Security Statement
This Internet Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features password-controlled system entry, a VeriSign-issued Digital ID for the bank's server, Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.
Secure Access and Verifying User Authenticity
To begin a session with the bank's server the user must key in a Log-in ID and a password. Our system, the Internet Banking System, uses a "3 strikes and you're out" lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to verify the password before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user's identity and establishes a secure session with that visitor.
Secure Data Transfer
Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.
Router and Firewall
Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.
Using the above technologies, your Internet banking transactions are secure.
Identity theft is one of today’s fastest growing crimes. It occurs when someone steals your personal information and identification. They may open credit card accounts, apply for loans, rent apartments and purchase phone services – all in your name. In many cases, they request address changes so you never see the bills for their activity. These impersonators spend your money as quickly as possible. Most victims never know it until they apply for a loan or receive a call from a collection agency. Clearing your name and erasing the effects of identity theft can be a nightmare and take a great deal of time. You can spend months or even years re-establishing your creditworthiness.
Here are some helpful tips to avoid becoming a victim of identity theft:
- Store personal information in a safe place. Shred financial statements, bank checks, credit card offers, charge receipts and credit applications before discarding them.
- Don't release personal information. Never disclose account numbers, Social Security numbers and credit card numbers over the phone or e-mail unless you know the person or organization you're dealing with.
- Guard against mail theft. Deposit outgoing mail into a secure, official U.S. Postal Service collection box. Promptly remove incoming mail after it has been delivered.
- Monitor account information and billing statements. Know your billing cycles and review monthly statements for authorized charges or withdrawals. Missing statements could indicate that someone has filed a change of address notice to divert your mail to his or her address. Consider switching to electronic statements that are delivered directly to an e-mail address that only you have access to.
- Obtain and review copies of your credit report. Order copies of your credit report yearly to review your file and make certain the information is accurate. The three major credit bureaus are:
Steps to take if you become a victim of identity theft:
- File a police report and call the Federal Trade Commission's toll-free "Identity Theft Hotline" at 1-877-438-4338.
- Notify the three credit bureau's fraud departments. Request that a "fraud alert" be placed in your file, as well as a victim's statement asking that creditors call you before opening any new accounts.
- Request a copy of your credit report. Credit reports are free to fraud victims.
- Contact your creditors for any accounts that have been opened fraudulently. Close your accounts and obtain new credit, debit and ATM cards.
- Report any suspected stolen mail to your local postal inspector and check the post office for unauthorized change of address requests.
Business Identity Theft
Corporate Account Takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats.
- Use a dedicated computer for financial transactional activity. DO NOT use this computer for general web browsing and email.
- Apply operating system and application updates (patches) regularly.
- Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version.
- Have host-based firewall software installed on computers.
- Use latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with “pop-up” blockers and keep patches up to date.
- Turn off your computer when not in use.
- Do not batch approve transactions; be sure to review and approve each one individually.
- Review your banking transactions and your credit report regularly.
- Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks.
Protect Your Privacy
One of the fastest growing white-collar crimes is identity theft, which occurs when an identity thief gains access to and uses an individual’s personal identifying information without his or her knowledge in order to commit fraud or theft. You can protect your privacy and minimize your risk of becoming a victim of identity theft by taking the following steps:
Personal Identifying Information
- Always protect personal identifying information, such as your date of birth, Social Security number, credit card numbers, bank account numbers, Personal Identification Numbers (PINs) and passwords.
- Do not give any of your personal identifying information to any person who is not permitted to have access to your accounts.
- Do not give any of your personal identifying information over the telephone, through the mail or online unless you have initiated the contact or know and trust the person or company to whom it is given.
Credit, Debit and ATM Cards
- Limit the number of credit, debit and ATM cards that you carry.
- Cancel all cards that you do not use.
- Retain all receipts from card transactions.
- Sign new cards as soon as you receive them.
- Report lost or stolen cards immediately.
- Promptly remove mail from your mailbox.
- Deposit outgoing mail in a post office collection box, hand it to a postal carrier, or take it to a post office instead of leaving it in your doorway or home mailbox, where it can be stolen.
- Order a copy of your credit report annually and review it for accuracy.
- Check your credit report for unauthorized bank accounts, credit cards and purchases.
- Look for anything suspicious in the section of your credit report that lists who has received a copy of your credit history.
Bank Account and Credit Card Statements
- Contact your financial institution immediately if a bank account or credit card statement does not arrive on time.
- Review your bank account and credit card statements promptly and immediately report any discrepancy or unauthorized transaction.
Telephone and Internet Solicitations
- Be suspicious of any offer made by telephone, on a Web site or in an e-mail that seems too good to be true.
- Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
- Do not respond to an unsolicited e-mail that promises some benefit but requests personal identifying information.
- Grand Savings Bank never requests a customer’s bank card number, account number, Social Security number, Personal Identification Number (PIN) or password through e-mail. If you should receive an e-mail requesting such information that appears to be from Grand Savings Bank, do not respond to the e-mail and contact Grand Savings Bank immediately at 800-460-2070.
- Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place.
- Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, and other financial documents before you throw them away.
PINs and Passwords
- Memorize your PINs and passwords and keep them confidential.
- Change your passwords periodically.
- Avoid selecting PINs and passwords that will be easy for an identity thief to figure out.
- Do not carry PINs and passwords in your wallet or purse or keep them near your checkbook, credit cards, debit cards or ATM cards.
Wallets and Purses
- Do not carry more checks, credit cards, debit cards, ATM cards and other bank items in your wallet or purse than you really expect to need.
- Do not carry your Social Security number in your wallet or purse.
- Use common sense and be suspicious when things do not seem right.
- Be suspicious of any proposed transaction that requires you to send an advance payment or deposit by wire transfer.
Check Your Credit Report
Under a federal law enacted by Congress, every consumer in the United States can now obtain one free credit report every 12 months from each of the three major credit bureaus. Previously, consumers who wanted to obtain their credit report from any of the three major credit bureaus (Equifax, Experian or TransUnion) had to pay for each report. Only those consumers whose loan applications were rejected or who were victims of identity theft could obtain their credit reports for free.
You can obtain your free credit reports by mail, by phone or online from a service that is run jointly by the three credit bureaus. If you order your credit report online, you must print it or save it to your computer, or it will be unavailable once you leave the screen. The free program applies only to the credit report itself. Credit scores are not included in the free credit report but they can be purchased from the credit bureaus for a fee.
Experts strongly recommend that consumers obtain their free credit reports each year and review them for completeness and accuracy in order to learn about their credit, check for errors in their credit information, and detect identity theft. If something is wrong on a credit report, you can dispute it directly with the credit bureau. When a dispute is filed, the credit bureau has 45 days to respond to the consumer.
You can obtain your free credit reports as follows: