We work together to protect your accounts
Cyber threats are ever-changing, affecting people and businesses throughout the world. At ConnectOne, our goal is to provide helpful tips and information so you know how to spot potential dangers.
Popular Fraud Schemes and Common Threats
Phishing and Spoofing
Phishing is an act of deception through which hackers attempt to acquire sensitive information such as usernames, passwords and credit card details for malicious reasons. Phishing attacks often use spoofed emails and fraudulent websites designed to fool recipients into voluntarily disclosing personal information such as credit card numbers, account usernames, passwords, and social security numbers.
Phishers are able to convince others to respond to them by mimicking the branding of well-trusted companies. Emails can look like they came from a financial institution, e-commerce site, government agency, or even family member. These emails or websites often urge you to act quickly.
Phishing scams are also prevalent on social networking sites.
If you are unsure whether an email request or web form is legitimate, do not reply or click on the links in the message.
Email and Systems hacking are the two most common types of hacking. Email hacking occurs when cyber criminals gain unauthorized access to your email accounts and applications connected to your email domain. Systems Hacking is when hackers access your company's systems and/or servers and gain the ability to view, export or manipulate information.
Occurs when someone uses personal information such as your name, Social Security Number, date of birth or other identifying information without your permission to commit fraud or other crimes.
In a social engineering incident, an attacker uses social interaction – either in person or through digital platforms – to gain information about a system or organization. An attacker may seem unassuming and respectable, and potentially claim to be someone you trust – a fellow employee, repair person, friend of a friend. By asking questions, this attacker can piece together enough information to infiltrate your systems and potentially an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact multiple sources within the same organization or social network.
Malware – short for malicious software – is software that is created by hackers that can be sent to your device or online platforms in order to gain access to your sensitive information. Malware includes viruses, spyware and trojans that are designed to damage your computer system or steal information.
This often happens when users click on unauthorized links or do not keep software up to date.
Damage from malware varies from causing minor irritation (such as browser popup ads), to stealing confidential information or money, destroying data, and compromising and/or entirely disabling systems and networks.
Malware cannot damage the physical hardware of systems and network equipment, but it can damage the data and software residing on the equipment. Malware should also not be confused with defective software, which is intended for legitimate purposes but has errors or bugs.
Key logging is a software that tracks every single keystroke you type. It can also take screenshots and e-mail them to your address. Some Key loggers run in the background without the users knowledge. Sometimes an anti-virus may not catch this as threats.
- Protect Your Digital Identity – “Lock Your Digital Door”
- Do not use unprotected Internet connection
- Encrypt Sensitive data by using a program to password protect your files
- Always keep updated virus protection on your computer
- Stay Two Steps Ahead with two step verification
- Protective Password Practices –
- Complex passwords - combination of letters, numbers and symbols
- Change passwords regularly
- If you suspect a breach, change your password immediately
- Beware of Phishing Scams - Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password-reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over the public network, as they are more prone to being hacked.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
- Do not assume a company is legitimate based on the look of its website. Always check the URL.
- Don’t click on links or open attachments in emails unless you can verify the sender or legitimacy of the email.
- Do not click links on pop up ads
- Monitor your accounts regularly – Catching unauthorized transactions immediately can help minimize a loss
- Never share confidential documentation, such as driver license, social security, etc. via email. If you do, your identity is at risk to hackers.
Protect Your Mobile Devices
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Enable remote wipe features. If your phone is lost or stolen, this feature will enable you to wipe your data from it remotely.
- Log out completely when you finish an online or mobile banking session
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download software updates for your phone and mobile apps
- Avoid storing sensitive information like passwords or a social security number on your mobile device
- Notify your financial institution immediately if you change your phone number or lose your mobile device
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know.
Educate Your Employees
Your employees are the gatekeepers of your company’s information and therefore the first line of defense against corporate account takeover. A strong security program along with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Promote a “Clean Desk Environment” in the Workplace
Cyber attacks can stem from information that is collected in person. Promoting a “clean desk environment” in your workplace can keep your information secure.
Partner With Your ConnectOne Banker
Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay, Wire Tokens, ACH and other services offer call backs, device authentication, multi-person approval processes and batch limits to help protect you from fraud.
Review Your Internal Controls
Are your processes set up to maintain security? An annual audit to review your processes may help you identify any weaknesses in your systems and processes.
Verify Financial Requests and Confirm Details By Phone
- Do not depend on email to initiate or complete any financial transactions –whether you are dealing with your bank, vendors, clients, or employees
- A two step verification process to approve any outgoing funds can help protect you from a loss
Protect Your Hardware & Software – Is Your Infrastructure Secure?
Run anti-virus scans on a regular basis to protect your hardware. Keep software systems up to date as the latest programs can better guard against the latest threats.
Stay up to date with the latest news on you’re the software and hardware that your company uses.
Promote Protective Password Practices on All Company Systems
- Encourage complex passwords
- Passwords should be unique. One password to access all systems can make your employees and company more vulnerable.
- Change passwords regularly – Changing your password frequently keep you from becoming a victim of a cyber crime. The longer a password is kept the same, the more vulnerable the account is.
- Password protect devices – Password protection should be placed on company devices from computers to mobile phones and tablets
- Password protect wireless networks. If you offer free Wi-Fi at your company, you should secure the network your employees will utilize an keep it separate from the Wi-Fi network for public use.
Here’s a Tip Card You Can Share with Employees
Call your bank and credit card issuers immediately so they can close your accounts.
Contact the fraud unit of the three credit reporting agencies. Place a fraud alert on your credit report and consider placing a credit freeze so the criminal can’t open new accounts. The fraud unit numbers are:
Equifax: (800) 525-6285
Experian: (888) 397-3742
TransUnion: (800) 680-7289
- Report the fraud to the Federal Trade Commission at consumer.gov/idtheft or call 1-877-IDTHEFT (1-877-438-4338)
- File a police report
- Make sure to maintain a log of all the contacts you make with authorities regarding the matter. Write down names, titles and phone numbers in case you need to re-contact them or refer to them in future correspondence.
- For more advice, visit the FTC’s website at consumer.gov/idtheft