Security

 

 

 

 

 

Trusteer Advanced Fraud Protection 

 

Identity Theft Protection Services      

WannaCry Ransomware Cybersecurity Attack

The recently reported WannaCry Ransomware attack was extremely successful and provided an updated means for spreading malicious code very quickly.  Ransomware is a malware that will prevent end users from using their computer by encrypting files, and will ask or demand a ransom of virtual currency known as "Bit Coin" to decrypt the files.
                      
Steps to take to protect yourself:

  • Ensure your personal computer is updated with the latest software and patches. 
  • In you are using older operating system, such as Window XP or Windows 8, you should upgrade as soon as possible.  These versions have been sunset by Microsoft and will not receive updated software and security patches.  Due to the scope of this attack, Microsoft has provided a fix but it will be limited to addressing this event only.  You will be vulnerable to past and future cyberattacks.   
  • You can set your computer to automatically receive software patches as they are released.    Instructions can be found at: 

    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

  • Perform a detailed vulnerability scan of all systems on your network and apply missing patches ASAP.
  • Microsoft has a free tool that is designed to detect this recent threat as well as many others. 
  • Ensure anti-virus and anti-malware solutions have been update with the most recent definition files. 
  • Set anti-virus and anti-malware solutions to automatically conduct regular scans.
  • Use vigilance when using email and clicking on attachments.  This includes PDF, Word, Excel and Powerpoint files.  If you are not expecting to receive a file, do not open it.  Scrutinize links that are embedded in email.  Click on links at your own risk. 
  • Ensure secured backups of all key data.
  • Download software from trusted sources only. 
  • Keep in mind hackers are constantly looking for ways to get to your information.   The WannaCry attack was extremely successful and provided an updated means for spreading malicious code very quickly.   Within 48 hours there were two other versions of the attack. 

  • Ransomware worries?  Keep up to date.

    You’ve probably heard about the ransomware attack affecting organizations’ computer systems around the world. It seems to affect server software on organizations’ networked computers. But ransomware can attack anybody’s computer, so now is a good time to update your own operating system and other software. And then keep them up-to-date.

    The ransomware in the news now is known as WannaCry or WannaCrypt. It locks users out of their systems until they pay the crooks who installed it. This ransomware takes advantage of a security hole in Windows server software that can be closed by an update from Microsoft. Many of the organizations affected by the ransomware had not installed the software update.

    Read the full alert here


    IRS Issues Warning On New Tax Phishing Attack

    Tax season scams are also starting early this year and the cybercriminals are getting smarter by the month. This current scam works in two steps so watch out for possibly bogus emails attempting to obtain your tax information.

    Read the full alert here


    Best Practices for Consumers

  • Protect your computer, install anti-virus software that scans your computer frequently
  • Keep a clean machine - Keeping security software up to date and patching your computers regularly will help to protect against online threats
  • Be suspicious of unsolicited e-mails and text messages asking you to click on a link or download an attachment
  • Use "strong" IDs and passwords and keep them secret, having a different one for every online account helps thwart cyber criminals
  • A password is like the key to your house - it keeps all of your things safe, from your streaming movies to your banking information
  • For online banking access avoid connecting your computer, tablet or smartphone to a wireless network at a public "hotspot"
  • Keep your home computer in a central and open location: If your computer is in the open, you can physically monitor your children while they are online.
  • Protect Your Children from Cyberbullying: Limit where your children post personal information.
  • Best Practices for Businesses

  • Set up email alerts to actively monitor critical actions such as external transfers (ACH & Wire)
  • Use dual controls and separation of duties for all external fund transfers
  • Protect your computers, install anti-virus software that scans your computer
  • Use "strong" IDs and passwords and keep them secret, having a different one for every online account helps thwart cyber criminals
  • A password is like the key to your house - it keeps all of your things safe, from your streaming movies to your banking information
  • Protect against phishing attacks – scam that use email or malicious websites to collect personal and financial information or infect your machine with malware and viruses.
  • Protect against malware by keeping security software up to date and patching your computers regularly. Key-logging malware records keystrokes made on computer, allowing bad guys to see passwords, credit card numbers and other confidential data.
  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, it’s best to delete or mark it as junk email.
  • Internet Banking Best Practices

  • Always confirm the last login date on your internet banking Welcome page.
  • Never use account numbers when providing nicknames for accounts.
  • Register your PC to avoid answering challenge questions on each login.
  • Limit where you log in, and never at a public or unsecure computer.
  • If you experience login difficulties (error page, site down message, etc.), notify the bank immediately.
  • Always review Consumer Alerts and transaction history and notify the bank immediately if you notice unusual or questionable activity.
  • Make sure your virus protection and operating system updates are always updated.
  • Avoid identity theft by receiving statements online instead of in the mail.
  • What information FCB asks for and how it will be used

  • When you register for online banking, FCB will ask you for basic registration information, such as your name, social security number, email address, and information to verify your relationship with us (e.g. ATM, Debit Card, Checking or Savings Account information).  The bank uses this basic registration information for providing the services and/or accessing the sites customers select on their behalf, monitoring and improving our existing products and services, or for purposes of offering new product and service information of interest to customers.
  • Social Engineering and Your Security

  • Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. It uses vulnerabilities in human behavior to gather personal and financial information from unwitting victims. Thieves who employ social engineering are highly-skilled in psychological persuasion, and use it to their advantage in order to gain your trust–and to get you to let down your guard.
  • Identity thieves use the phone, the Internet, and will even go through your trash (or “dumpster dive”) in order to obtain your sensitive information:
  • Personal & Small Business Bill Payment

  • Always review bill payment history to verify recent payments.
  • Set up bill pay alerts to actively monitor payments.
  • Business eBanking Bill Payment

  • Role-based access should be used to limit the users who have approval authority to process bill payments.
  • Bill pay history should be reviewed on a regular basis and all bill pay alerts should be activated and acknowledged.
  • Business eBanking (BeB) Additional Considerations

  • Retain ADMIN users for administrative purposes only. Log in with restricted users for operational or transactional functions.
  • If using ACH, verify that all ACH-related alerts are activated and are being acknowledged as they are received.
  • ADMIN users should implement multi-approval requirements for BeB functions, beyond the default bank-established requirements.
  • ADMIN users can establish the requirement for multiple approvals to process account-to-account transfers.
  • Funds transfer activity should be reviewed on a regular basis in internet banking.
  • Securing Your PC

  • Use updated anti-spyware and anti-virus protection to detect and removes viruses, spyware, and other malware - which can steal vital personal information.
  • Use a firewall to prevent unauthorized access to your computer, and to monitor transfers of information to and from your PC.
  • Always install the most current operating system and software updates , also called "patches" or "service packs" - as soon as they are available.
  • Keep your web browser version current, as updates are made available with your security in mind.
  • Securing Mobile Devices

  • Use a unique PIN code to lock your device that only you know and always maintain your phone in a safe location.
  • Only download applications or data from a trusted source.
  • Only use wireless networks that require a password. Open networks are often unsecure and vulnerable to security breaches.
  • Keep your device updated with the latest version of the Operating System, both phones and tablets.
  • Do not tap (click) on text messages that you did not expect or are suspicious. True for iPhones too!
  • Delete text messages or emails from your bank on your mobile device.
  • Never send confidential information such as account numbers via a text message.
  • Do not hack, jailbreak, or otherwise modify your device, as this will leave it susceptible to infection from malware, viruses, or trojans.
  • Additional Resources Online

  • Strong Passwords: Review Microsoft's Online Security guide to creating strong passwords in order to more effectively protect your online transactions.
  • Prohibit Your Browser From Saving Your Password: Most recent versions of web browsers prompt you to save login credentials for sites on the Internet. This feature can put your money and personal information at risk if you are not careful.

  • Your Security is Important to us.

    Tips to avoid becoming a victim of cyber fraud

  • Check your credit card statement routinely.
  • Protect your credit card numbers from “wandering eyes”.
  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the link you are actually directed to and determine if they actually match and lead you to a legitimate site.
  • Log on directly to the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
  • Verify any requests for personal information from any business or financial institution by contacting them using the main contact information on their official website.
  • Remember if it looks too good to be true, it probably is.
  • Counterfeit Check Scam Complaints

    Consumers who receive counterfeit or fictitious items should file complaints with the following agencies, as appropriate:

  • Federal Trade Commission (FTC): by telephone at (877) FTC-HELP or, for filing a complaint electronically, via the FTC’s web site.
  • Better Business Bureau (BBB): The BBB system serves markets throughout Canada, Puerto Rico, and the United States and is the marketplace leader in advancing trust between businesses and consumers. The BBB web site offers contact information for local BBBs, objective reports on more than 2 million businesses, consumer scam alerts, and tips on a wide variety of topics that help consumers find trustworthy businesses and make wise purchasing decisions.
  • Federal Bureau of Investigation Internet Crime Complaint Center: (to report scams that may have originated via the Internet, visit the their web site).
  • If correspondence is received via the U.S. Postal Service: contact the U.S. Postal Inspection Service by telephone at (888) 877-7644; by mail at U.S. Postal Inspection Service, Office of Inspector General, Operations Support Group, 222 S. Riverside Plaza, Suite 1250, Chicago, IL 60606-6100; or via the online complaint form.
  • Identity Theft and Fraud

    Learning to Recognize Unusual Activity

    Identity theft happens when a thief steals information such as your name, birth date or Social Security number to open credit cards, mortgages, and other accounts without your knowledge.

  • IdentityTheft.gov - a one-stop resource to help you report and recover from identity theft. Information provided there includes checklists, sample letters, and links to other resources.
  • Fraud is an act that occurs when someone uses your account to make unauthorized purchases, usually when the account number or card has been stolen.

    While it’s virtually impossible to prevent identity theft and fraud, it’s important to learn how to minimize your risk and recognize activities that may indicate possible fraud or identity theft.

    The following occurrences may indicate signs of fraud:

  • If expected bills or mailed statements were not received
  • If unexpected charges occurred on your account
  • If there are charges on your account from unrecognized vendors
  • If posted checks appear on your account significantly out of sequence
  • Check your credit report for all three credit reporting agencies (Equifax, Experian, and TransUnion) at least once a year, to make sure that no one has opened any accounts or applied for and /or been approved for loans in your name. It’s free, and you can get yours by visiting annualcreditreport.com.

    You can also choose to use a credit monitoring service, which provides additional peace of mind by issuing immediate alerts should suspicious activity arise (i.e, if someone opens or attempts to open a new line of credit in your name). There is usually a minimal monthly fee involved.

    What Happens if it Happens to You?

    Identity theft and fraud are serious crimes that can wreak havoc with your finances, credit history, and reputation — and can take time, money, and patience to resolve. The best detector of fraud and identity theft is you. Through proactive monitoring and best practices–including shredding of all important documents before tossing them–you can become more vigilant for unusual activities and act fast before real damage to your identity and your good name occurs.

    Banking online gives you quick access to your accounts, so fraudulent activities can be detected sooner. Additionally, by taking advantage of Online Banking & Bill Pay, e-statements and good old-fashioned paper shredding, you can reduce the chances of identity theft via dumpster diving. 

    Customer Notice

    On September 22, 2016, we learned that the security of an FCB employee’s email account was compromised when an unknown party gained account access without authorization earlier that month. The email account in question contained email messages that included customer information.

    As soon as we learned of the incident, we took immediate steps and implemented several security actions, including terminating all external access to the affected email account. An investigation was also launched with only one instance discovered in which data contained in the email account had been accessed.  Importantly, no evidence of misuse of data was found and the contents of the affected email account did not contain any PIN codes, passwords or other information necessary to authorize account transactions.  We have concluded that no other internal email account, bank system, or bank network was breached as a result of this incident.

    Exposed Information
    The email messages contained in the affected email account included name, address, or telephone number of certain individuals together with one or more of the following types of information connected to such individual: social security number, driver’s license number, or similar government-issued number, bank account number or loan number, credit or debit card number, health insurance policy number, subscriber identification number or another identifier used by a health insurer to identify the individual.

    Identity Protection Services
    We have arranged for all individuals potentially affected by this incident to have access to a complete suite of identity theft detection and recovery services, through the NXG Strategies’ evado│PROTECTSM program for one year at no cost to the affected individual.  This program includes fully managed identity theft research, remediation and recovery, lost document replacement, identity theft expense reimbursement insurance, and continuous credit monitoring

    We issued written notices directly to all individuals potentially affected by this incident for whom we had contact information. 

    If you believe you may be affected by this incident, please contact FCB at 1.866.740.2265 between the hours of 8:00 am and 5:00 pm (eastern time), Monday through Friday.   FCB appreciates the seriousness of this matter and apologizes for any inconvenience caused by this incident.

     

      Criminals are more organized and sophisticated than ever before.

    Attacks on ATM machines range from simplistic to highly-organized efforts involving multiple ATMs across the country, hundreds of fraudulent cards and criminal gangs across the globe.

    Learn how to avoid skimming fraud

     

        I BELIEVE I MAY HAVE ENCOUNTERED FRAUD

    Contact us immediately or call your local branch if you suspect that your FCB account may have been compromised in any way by fraud. The sooner we are made aware, the sooner we can help you.

        I RECEIVED A SUSPICIOUS EMAIL

    If you've received a suspicious or fraudulent email regarding your account or Florida Community Bank, do not act on it.  Please forward it to ebanking@fcb1923.com so we can investigate it for you.