Security Center

Scams have reached an all time high in Kentucky, and the Office of the Attorney General is constantly working to stay ahead of con artists. 

While there are an endless number of ways thieves may try to get your information almost all scams involve some type social engineering. Social engineering is when thieves use something you are comfortable with or trust in order to get you to act without thinking your actions through. Common scams include:

Phishing - Thieves will send out bogus messages that appear to be from a company or government agency you may or may not do business with. These messages will attempt to convince you to either click on a link or call a number in order to get you to reveal information that can be used to steal your identity and/or access your accounts. Phishing messages may come through email, instant messages, and even text messages. The best thing to do if you believe a message may be legitimate is to contact the company using contact information that you know is valid such as a number from the phone book or by typing the company’s web address into your browser's address bar.

Vishing - is the use of social engineering tactics over the telephone system in an attempt to gain personal information for fraudulent uses. Vishing is successful because it is hard for law enforcement to track and because the phone system is very trusted by the general public. Features like caller ID can now be forged and faked using modern tools to make the calls more believable. Customers should be very suspicious when receiving calls asking for personal information and should call the bank directly using a number they know is good if they question the validity of a request.

Spoofing - A “spoofed” site is one that appears to belong to a legitimate company. The site may even look like the legitimate company’s site utilizing their colors and, perhaps, their logo. Typically a bogus email is received that asks you to supply, confirm or update sensitive personal information by clicking on a link in the email. The goal of the criminal is to get you to enter the requested information so that they can steal it for their purposes.

The thieves might also steal your information by:

• Skimming: Stealing credit/debit card numbers by using a special device on ATMs or when processing a purchase
• Pretexting: Pretending to be you when they call financial institutions, phone companies and other sources to get additional information
• Redirecting your mail: Filling out a change-of-address form to have your billing statements sent to an address they choose
• Old-fashioned stealing: Snatching wallets and purses, mail (including bank and credit card statements), pre-approved credit offers, new checks or tax information; they can even steal a company’s personnel records or enlist employees who have access to your information
• Dumpster diving: Rummaging through trash looking for bills or other paper with your personal information on it

ID theft results from the unauthorized use of an individual’s personal identifying information (PII) without their knowledge to commit fraud or theft. The following suggestions are provided to help clients protect their privacy and secure their identity.

Protect Your Personal Identifying Information (PII)

• Do not provide your date of birth, full social security number (SSN), credit card numbers, full bank account numbers, personal identification numbers (PIN), or passwords to anyone unless you have initiated the contact and know the person or company to whom it is being given.
• Up-to-date antivirus software, as well as software or hardware firewall, is essential to preventing the loss of data through malware attacks like Trojans and viruses.
• It is essential to keep operating system patches up to date on workstations, servers, and infrastructure appliances, as well as patches for software like Java, Flash, etc.

Credit, Debit and ATM Card Tips

• Limit the number of cards you carry and cancel cards you do not use.
• Retain all receipts from transactions and compare them to charges on statements.
• Sign any new cards immediately upon receipt and report lost or stolen cards immediately.
• Always call the bank if you will be traveling to ensure our fraud system does not block any of your legitimate transactions.
• Never share your PIN with anyone. Take care when entering your PIN at an ATM or POS machine so that others may not see it.
• Gently pull on the card reader and keyboard before using an ATM. If anything feels loose there could be a skimmer attached in which case you should use a different ATM.

To mitigate the risks associated with Business Online Banking, including ACH and wire transactions, it is recommended that you perform a yearly review of controls and risks. Items to consider include:

• information or functions available through your commercial website
• your volume of transactions
• information security policies and procedures
• security monitoring solutions
• security layers
• logical and physical access privileges.

Training should be conducted at least annually for any employees with access to corporate online bank accounts for review policies, procedures, and features.

Security Measures

We recommend that commercial clients implement a layered security program to address risks associated with online banking.

Recommendations:

• Up-to-date antivirus software, as well as software or hardware firewall, is essential to preventing the loss of data through malware attacks like Trojans and viruses.
• It is essential to keep operating system patches up to date on workstations, servers, and infrastructure appliances, as well as patches for software like Java, Flash, etc.
• Use a dedicated PC for accessing online banking, which is not used for any other purpose other than financial transactions.
• Limit the number of employees with access to sensitive account information.
• Never share password and/or IDs.

Commercial Account Takeover

To mitigate the risk of corporate account takeover, commercial clients should consider a combination of the following security measures:

• Use of a dedicated computer for conducting bank transactions. Internet browsing and e-mail should not be allowed from this workstation.
• Regular patching of operating systems and software.
• Current antivirus and host-based firewall software should be installed.
• Current browser versions should be maintained.
• Review transactions and do not batch approve transactions.
• Always send documents that contain sensitive information encrypted and securely.
• Contact us if you notice that your online banking appears suspicious.

To learn more about Commercial Account Takeover (CATO) click here.

If you suspect fraudulent activity, have been notified about malware on a computer that is used for bank transactions, or have questions regarding transactions, please contact a member of our Cash Management Team at 859.263.2801.

The following sites offer valuable information related to fraud and identity theft:

OnlineOnGuard.Gov
Practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information.

StaySafeOnline.org
Information and tools from the National Cyber Security Alliance to help home users and small businesses stay safe.

IdentityTheft.gov 
Resource to learn about identity theft with detailed information to help you deter, detect, and defend against identity theft.

Being proactive and taking a few simple steps can help you protect yourself from becoming a victim.

• Never provide your password, credit or debit card information or pin number over the phone or in response to an unsolicited Internet request unless you initiated the contact.
• Urgent appeals to act now should be resisted. Thieves often try to get you to act quickly before you have a chance to think about what you may be doing.
• Review your statements when you get them. You can also always review your accounts in real time using internet banking. If you see a transaction you cannot explain contact us immediately.
• Contact the bank and ask to receive your statements electronically. Not only are you helping the environment, but you are keeping the paper statements out of your mailbox where they could be stolen and used to steal your identity.
• Don’t agree to deposit money from someone you don’t know into your account and then wire the money back or to someone else you don’t know. Wires are like sending cash, once they have been sent you can’t get your money back.
• If something sounds too good to be true, it probably is.
• Follow our Safe Computing Tips below.
• Business customers should consider performing their own risk assessment and controls evaluation periodically to determine if additional controls are necessary to address the risks of online banking. Additional information to assist you in completing this process can be found within our Helpful Resources - above.

Remember: Traditional Bank will never contact you via unsolicited phone calls, emails, text messages, or over any other mediums to request your online banking credentials or personal information. As your bank we already have that information on file and will therefore never request such information. If you ever question the legitimacy of a request for your information you should contact the bank on your own to verify the request.

Install or Update Your Antivirus and Antispyware Software: 
Antivirus and Antispyware software are designed to prevent and detect malicious software programs on your computer. In order to keep your computer and your identity safe all computers connected to the internet for any length of time should have both of these products installed at all times.

Run a Full Scan With Both Your Antivirus and Antispyware Software:
Full scans with your Antivirus and Antispyware software can help to catch the most recent viruses and spyware that may have been installed on your computer without your knowledge. Full scans of your entire PC should be run at least daily.

Ensure Your Operating System is Up to Date: 
Computer operating systems need to be updated to stay current with any security patches released by the maker of your operating system. In most cases people are running a Microsoft operating system, which usually releases new updates once a month, but may do so more often when an update is extremely critical.

Keep Your Software Up to Date: 
In addition to keeping your operating system up to date you should also look for updates for the software installed on your PC. This includes software such as Adobe products, Java, Firefox, and Apple iTunes. Software such as this can be vulnerable to hacker attacks and may lead to the compromise of your system if it isn’t updated. A good rule of thumb is that if you don’t need a piece of software don’t install it or remove it when it is no longer needed.

Keep Your Firewall Turned On: 
A firewall helps protect your computer from hackers who may try to gain access to your computer and the information it contains. Software firewalls are available to protect single computers and are even included with many updated copies of Microsoft Windows.

Review Accounts Regularly:
Everyone should regularly monitor their accounts for suspicious transfers and withdrawals. Businesses should monitor their accounts daily for suspicious transactions. Customers should notify Traditional Bank immediately of any unexpected activity.

Change Your Passwords to Banking, Email, and Ecommerce Sites Regularly:
Passwords are the keys to your internet kingdom. Changing your passwords regularly will help ensure the security of all your online accounts as well as the information and the money they give you access to. When changing your password be sure to use strong passwords. Strong passwords use eight or more characters with random letters, numbers, and symbols. In addition, you should never use the same password on multiple sites. If one site is compromised your other accounts could possibly be accessed as well.

Be Careful What You Download:
You should never open email attachments or click on links in emails from people you don’t know. You should also be wary of forwarded attachments and links from people you do know. Email attachments and links can circumvent even the best Antivirus software. Additionally, you should be wary of downloads from trusted and un-trusted sites that seem new or suspicious. If the site has been poisoned or compromised by hackers you could unknowingly be installing a virus or spyware. If you question whether a download is necessary to access a site you can always contact the company for further information.

If Possible Have a PC Dedicated Only to Online Banking Activities:
Fraudsters and scam artists have learned that many small and medium sized businesses use online banking products due to their convenience. What they have also learned is that these same businesses often do not take the time to adequately protect their PCs as outlined in these tips, nor do they regularly review their accounts for fraudulent activity. Using this knowledge fraudsters and scam artists are now actively targeting small and medium sized businesses using phishing attacks, email attachments, and web sites designed to take advantage of OS and software flaws. One of the most effective controls is to use a second PC or “live disk” for your banking. This PC should not be used for regular web surfing, checking email, or other projects. These activities can increase a business’s risk of unknowingly coming into contact with malicious sites and software. You should never use the computer your kids use for your online banking.