Security Center

The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it.  Users are encouraged to review the FBI article "Ransomware on the Rise" for details

Tax identity theft awareness week is January 26, 2015 - January 30, 2015, please visit the Federal Trade Commission website for more information.  See also current Imposter scams that are on the rise.

 

ONLINE BANKING UPDATE....

On December 3, 2014, our Online Banking provider will disable SSLv3 as the protocol has potential for vulnerabilities. If you have issues access Internet Banking, verify you are on the latest browser version (IE, Firefox or Chrome). For IE, if it’s a supported version of IE, check Internet Options -> Advanced Tab -> Under Security and verify they have checked all of the Use TLS 1.0, 1.1, and 1.2.

 

October is National Cyber Security Awareness Month (NCSAM).  The Department of Homeland Security (DHS) in their commitment to assist the industry in protecting the cyber networks of our Nation’s critical infrastructure, has listed the following ways consumers on an individual basis can also play a role in cyber security:

  • Read the privacy policy of a company or vendor before purchasing a product or service.
  • Beware of requests to update or confirm personal information online.  Most organizations – banks, universities, companies, etc. – do not ask for  personal information over e-mail.       
  • Make sure websites that ask for personal information (to pay a utility bill, for example) use encryption to secure their sites.
  • Learn about steps to enhance security and resilience in local businesses and communities, and how to handle certain events.
  • If you run a business, make a plan to help keep your employees and community safe during an emergency and enhance your ability to recover operations quickly.  If you are an employee, ask your management whether there are plans in place and request a copy.
  • Report suspicious activity.
  • Understand what kind of information is being shared and use any security controls available to increase privacy.
  • Make sure your devices are operating on the latest software.
  • Be aware of product recalls for devices you own.

More information regarding cyber security and the above tips can be found on the DHS website.

Password Hints

  • Five passwords you should never use

             o   Password - common password don't use it
             o   Letmein - Recommend that you use passphrases that are memorable.  Just don't use this one. It ranks high on several lists of the most-used passwords.
             o   Monkey - this is very common and it is too short.
             o   Don't use any passwords that are easily guessed, this includes your name, children's name, spouse's name, Date of Birth, address, etc.
             o   12345678 - avoid any sequence of numbers or letters this is easily guessed

  • Don't use the same password for multiple sites. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking sites.
  • Change your passwords frequently.
  • Use strong passwords - these should be no less than 8 characters and  include capitals, special characters and numbers.  The longer the password the harder it is to guess or use algorithms to guess.

REMINDER:

The same password should not be used on multiple websites and payment networks.  A security breach was recently announced by eBay and they are requesting their users to change their password.  If you are an eBay user and use the same password for your Online Banking access, we recommend that you change your Online Banking password as soon as possible.

 

Lost or stolen access device

Report a lost or stolen First National Bank of Mercersburg Debit or ATM card - call 1-800-472-3272

Report a lost or stolen First National Bank of Mercersburg Elan Visa credit card- call 1-866-234-4691

 

Beware of Fraudulent Phone Calls

Beware of fraudulent phone calls asking for personal or account information. The First National Bank of Mercersburg will never call you to ask for personal or other identifying information.  Please feel free to call any of our community office locations to verify any requests for your financial information.

Technology Safety

The Internet = A World of Opportunities

Look what's at your fingertips

  • A way to communicate with friends, family, colleagues
  • Access to information and entertainment
  • A means to learn, meet people and explore

Online Security Versus Online Safety

Security

We must secure our computers with technology in the same way that we secure the doors to our offices

Safety

We must act in ways that protect us against the risks and threats that come with Internet use

Primary Online Risks and Threats

To PC Security

To Personal Information

Viruses

Online fraud and phishing

Worms

Hoaxes

Trojan Horses

Identity theft

Spyware

Spam

Primary Threats to Computer Security

Viruses/Worms

Software programs designed to invade your computer, and copy, damage or delete your data

Trojan Horses

Viruses that pretend to be programs that help you while destroying your data and damaging your computer

Spyware

Software that secretly watches and records your online activities or sends you endless pop-up ads

Primary Threats to Personal Online Safety

Spam

Unwanted e-mail, instant messages, and other online communication

Phishing

Fraudulent e-mails, appearing to be from a trusted source such as your bank, or a government agency, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers and passwords. These sites are often designed to look exactly like the site they are imitating.

  • Never click on the e-mail link that is provided, type in the known URL.
  • Before submitting any financial information look for the "lock" icon on the browser status bar or look for "https" in the web address.
  • Your bank does not need to call you for personal information such as username, or passwords.

Identity Theft

A crime where con artists get your personal information and access your cash and/or credit

Hoaxes

E-mail sent by online criminals to trick you into giving them money

Spoofing

Web spoofing allows an attacker to create a "shadow copy" of any legitimate website. Access to the shadow website is funneled through the attacker's machine, allowing the attacker to monitor all of the victims activities, including any passwords or account numbers the victim enters. Phishing and spoofing often go hand-in-hand in Internet fraud.

  • Be aware of all unsolicited or unexpected e-mails from all sources.
  • If an unsolicited e-mail arrives, treat it as you would a phishing source.

Steps You Can Take

Your computer

  1. Turn on an Internet firewall.
  2. Keep your operating system up to date.
  3. Install and maintain antivirus software.
  4. Install and maintain antispyware software.

Yourself

  1. Practice Internet behavior that lowers your risk.
  2. Manage your personal information carefully.
  3. Use anti-phishing and anti-spam technology built into Windows 8, Windows 7, Windows Vista, Windows XP, SP2, Windows Live, Microsoft Outlook.

Four Steps to Protect Your Computer

Turn on an Internet Firewall

An Internet firewall is like a moat around a castle, creating a barrier between your computer and the Internet

Keep Your Operating System Up-to-date

Install all security updates as soon as they are available. Automatic updates provide the best protection.

Install and Maintain Antivirus Software

Antivirus software can detect and destroy computer viruses before they can cause damage. Just like flu shots, for antivirus software to be effective, you must keep it up to date, don't let it expire.

Install and Maintain Antispyware Software

Use antispyware software so unknown software cannot track your online activity and potentially steal your information.

Other Ways to Protect Your PC

Back Up Your Files

Save to external device regularly
Use a Web-based backup service

Think Before You Click

Don't open e-mail attachments unless you know what they contain and who sent them.
Only download files from websites you trust.

Read Privacy Statements

Understand what you are getting before you agree to download or share your personal information.

Close Pop-ups Using the Red "X"

Always use the red "X" in the corner of a pop-up screen. Never click "Yes," "Accept," "No," or "Cancel" because it could be a trick that installs software on your computer.

Take Steps to Help Protect Your Personal Information

Practice Internet Behaviors that Help Reduce Your Risk

Delete spam, don't open.
Be on the lookout for online scams.
Use strong passwords.

Manage Personal Information Carefully

Do not share personal information in e-mail or instant messages.
Use only secure and trusted Web sites. Make sure you are where you think you are: Web sites can be faked.
Avoid financial transactions over wireless networks.
When in public, stay private.

Use Anti-Phishing and Anti-Spam Technology

Most e-mail providers and many e-mail programs contain Spam Filters. Many browsers include Phishing Filters to help identify and block suspicious sites.

Protect Your Identity

Ways Thieves Steal Your Information:

  • Stealing your purse or wallet looking for driver's license, medical insurance card, credit cards or other items that reflect personal information.
  • Stealing personal mail looking for bank statements, credit card statements, checks and other items that reflect personal information..
  • Dumpster diving by going through your trash cans in search of personal information.
  • Tricking you into providing personal information via email, mail, or phone
  • Posing as someone else or by misusing the name of a legitimate business to obtain personal information
  • Eavesdropping and shoulder surfing by listening to private conversations or watching over your shoulder while entering your PIN number or revealing personal information.
  • Skimming by running an unsuspecting customer's credit card through a bogus reader designed to copy the card number.
  • Pretexting, phishing, scamming, and spoofing thieves pretending to be from businesses with a seemingly good reason for needing your social security number and/or mother's maiden name.
  • Family theft relatives who have access to your financial records, social security number, etc.
  • Corporate data theft thieves hacking their way into corporate and banking databases, and steal physical files.  One method to gain access to account information, thieves will often fill out a change of address form in the victim's name.

Ways To Prevent Your Information From Being Stolen

  • Review your credit report periodically. To order call 1-800-322-8228 or go to website annualcreditreport.com
  • Read your bank, credit card or other statements for mistakes. Contact the business immediately when mistakes are detected or mail has not been received.
  • Shred documents that contain account or personal information.
  • Monitor and be alert for emails, texts, mail or phone calls requesting personal information.
  • Change passwords periodically. When changing or creating a password use a combination of alpha, numerical and special characters.
  • Look for websites that begin with "https" when buying on line. Encryption is used to help protect your financial information.
  • Install anti-virus and anti-spyware software on your computer for added protection.

What To Do If Your Identity Has Been Stolen

  • Contact a nationwide credit reporting company and request a fraud alert to be placed on your credit report.
    • Equifax 1-800-525-6285
    • Experian 1-888-397-3742
    • TransUnion 1-800-680-7289
  • Order your credit report and review for signs of fraud.
  • File a complaint with the FTC at ftc.gov/complaint or call 1-877-438-4338 and contact your local police department.

 

If you have any security questions or concerns, please contact us at 717-328-3121 or 877-328-3121.