Security Quick Tips
The following are a few Internet Banking best practices to help keep your online account secure.
- Never reveal your password to anyone or leave your password anywhere that someone else can obtain and use it.
- Change your password on a regular basis.
- Use the Exit button to end each Internet Banking session. Do not use the Back button to exit the site.
- Change your session timeout in User Options to a time that meets your needs.
- Balance your account on a regular basis. Internet Banking makes it easy!
Types of Fraud
Phishing is a scam that involves internet pop-ups or e-mail messages that appear to be from a legitimate bank or retail merchant, possibly one that the victim has a business relationship with. The message directs the victim to a replica of an existing website in an attempt to fraudulently acquire sensitive information such as usernames, passwords, account information and credit card details. Often suspects use urgency or scare tactics such as threats to close accounts.
Spoofing is when an attacker pretends to be someone else by providing false data. Phishing has become the most common form of web page spoofing. Another form is URL spoofing. This can happen when an attacker exploits bugs in your web browser in order to display incorrect URLs in your browser location bar. Another form is called “man-in-the-middle” which occurs when the communication between you and another party on the internet is compromised by the attacker. Many firewalls can prevent this type of attack.
Vishing is a combination of “voice” and phishing. This attack usually starts via e-mail which contains a telephone number to be called. This is an attempt to fool the victim into trusting the e-mail is legitimate by advising that responding via telephone is safer than responding by e-mail. Caller ID spoofing is usually accounted for by the attacker and a complex automated voice system tricks the unsuspecting caller into relinquising their information.
Pharming is a type of fraud that happens when a valid web address is typed in but the victim is then redirected to a website that is not legitimate. These “fake” websites ask for personal information such as credit card and bank account numbers and other sensitive information.
Please remember First Bank Kansas will never solicit you for your account or personal information via phone call, text message, or e-mail.
If you feel you have been a victim of fraud or identity theft related to your First Bank Kansas account or debit card, please contact us immediately. If it is related to another financial institution, your credit card company, or any other organization, contact them directly.
Contact one of the three consumer reporting companies and have a fraud alert placed on your credit report. (You only need to contact one as they are required to notify each other when an alert is placed.)
Close any accounts that you believe may have been tampered with or opened without your consent. Report these accounts to the personnel of that relevant company. Inquire as to any other steps they require or recommend you take, which may include you sending copies of the fraudulent activity.
Sharing your identity theft complaint can help law enforcement officials identify thieves. Contact the Federal Trade Commission regarding Identity Theft at one of the following:
- Toll-free Hotline: 1-877-ID-THEFT (438-4338) or;
- on the web at: www.identitytheft.gov
File a report with your local police or law enforcement agency. Have a copy of your FTC complaint form available. Obtain a copy of the police report and case number for future reference.
How to practice ‘safe computing’
It’s not always easy to identify online fraud. The number and sophistication of phishing and spoofing scams sent out continues to increase. As a general rule, you should be careful about giving out your personal financial information over the Internet. Below is a list of recommendations you can use to avoid becoming a victim of these scams.
Protect your E-mail
Be suspicious of any e-mail with urgent requests for personal financial information and never respond to SPAM (unsolicited bulk e-mail messages). Responding only confirms your e-mail address to the spammer, which can actually intensify the problem.
If you are suspicious of an e-mail that contains a link to a web address, call the company or visit their website by typing their address directly into your browser. Do not click on the link contained within the body of the e-mail.
Phisher e-mails typically:
- Are not personalized and may contain spelling errors.
- Contain upsetting statements that attempt to get the victim to react immediately.
- Ask for information such as usernames, passwords, credit card numbers, Social Security numbers, etc.
You should not open ANY attachments from an unknown source. In addition, attachments with double file endings, like “openme.doc.pif” or any file with an extension of .exe, .pif, or .vbs are executable files and could be dangerous if opened.
Protect your identity online
Only communicate information such as credit card numbers or account information via a secure website.
- To ensure a website is secure when submitting credit card information check the beginning of the web address in your browser’s address bar – it should be https:// rather than just http://
- If you don’t know the reputation of a website, don’t assume you can trust it. Many sites may be careless with your personal information.
- When making a purchase online, sites sometimes ask if you want to keep your credit card number or other confidential information on file, also known as “remembering” for future use. The best practice is to NOT allow sites to keep this information for you.
- When using Online Banking or other transactional websites, do not have the computer “remember” your password.
- If possible, do not use public computers (library, cyber café’s, etc) or public wi-fi to check your Internet Banking or make purchases.
More Security Tips
- When creating passwords and PINs (personal identification numbers), do not use your Social Security Number, mother’s maiden name, your birth date, or other personal information about yourself. A combination of letters and numbers creates a stronger password.
- Change your passwords frequently.
- Always logout of your Internet Banking session or any other website that you’ve logged onto. In addition, when finished with the computer always sign off and shut down the computer.
- Many sites have timeout features where the session will end after a certain amount of time with no activity. Set your timeout feature at the lowest setting that is still convenient for you. This can prevent others from continuing your Internet Banking session if you left your computer unattended without logging out.
Additional information and resources with regard to consumer complaints, credit reports & financial resources are available at www.consumer.ftc.gov
Common Red Flags
Along with the convenience of technology, comes the risk of fraud. We want to share some of the common red flags you should be on the lookout for with scams today.
Due to the widespread number of data breaches occurring each year, card numbers and contact information are available on the dark web to criminals. Many fraud attempts will start through a text message or a phone call saying there has been fraudulent activity detected on your debit card. Once you’re on the phone to confirm the transaction is fraud (because it’s completely made up by them) you’re in a position to believe they have your best interest in mind and you’re ready to work with them to get things stopped.
Because First Bank Kansas has a legitimate fraud center that does call and send text messages, this action alone shouldn’t be alarming. However, if any of the following RED FLAG situations come up – hang up immediately and contact the bank using our published phone number 877.402.9019.
- The person on the phone wants to ‘help’ you get logged in to Online Banking or reset your password.
- The person requests you read them back a code sent to you via email, text or by phone call.
- You’re requested to give any of your card information. Full card number, 3-digit code on back, expiration date or PIN.
You can help keep your accounts and your money safe! To recap:
- Never share a Secure Access Code
- Never share your Online Banking User ID or Password
- Never share your PIN with anyone. A bank employee will NEVER ask for this.
- Never share the information printed on your card (number, CVV or expiration date)
First Bank Kansas places the highest priority on keeping your money and your personal information safe.