HTML Generator Sample Page
 
 

Customer Awareness



Please Be Aware

A new malware has been identified that targets mobile banking applications. It is a highly dangerous and complex Trojan dubbed “Marcher". Marcher is an Android banking Trojan, first detected in 2013. This malware was designed to steal mobile application credentials from end users, becoming one of the most prevalent Android password-compromising pieces of malware on the threat landscape today. The malware is usually spread via malicious Android Application Packages that impersonate Adobe Flash Player. It has also been seen embedded in several banking applications and video games, such as Super Mario Run and others. For example:

 It is important to note that in addition to the credentials, this malware allows the criminal to access SMS messages, which despite its vulnerabilities, it is still a popular form of authenticating users. If and when the bank sends the SMS One-Time-Password, the criminal is able to use it to bypass the second factor authentication feature the bank may have in place. More background information on Marcher can be found in a recent blog post from Easy Solutions, here. Customers should deploy multi-layered protection against electronic fraud and only download applications from the Google app store or the Apple Store. Do not use third party stores for downloads.

COMING SOON! Detect Safe Browsing, a complementary software download that adds an additional layer of protection while clients access accounts.


Protect your company from BEC

Business email compromise (BEC)—also called “wire transfer phishing,” “impostor phishing,” and “CEO phishing”—is a type of cyber attack comprising low-volume campaigns of highly targeted phishing emails. These campaigns focus on one or two people within an organization, asking the recipient to transfer funds or private information of value such as W2 forms directly to attackers.

Please CLICK HERE to review a diagram on how BEC works.

Tips to Prevent BEC

From a technical perspective, you need a secure email gateway that supports advanced options for flagging suspicious messages based on attributes (such as direction and Subject line) and email authentication techniques. At a minimum, configure your email gateway to block messages that spoof your domain(s); this function is built into most secure email gateways. Another best practice is automatically adding the [EXTERNAL] tag or a similar designation to the subject line of emails sent from outside your organization.

From a human resources perspective, train your staff and put the effective processes in place. Here are a few basic guidelines:

  • Be suspicious
  • If something doesn't feel right, it probably isn't
  • Slow down
  • Check the Reply-To field
  • Check the domain
  • Watch for the use of personal accounts
  • Follow a process

Adding safeguards that include out-of-band contact (personal interactions outside the back and forth of email conversations) can save organizations hundreds of thousands or even millions of dollars. Vigilant employees are the last line of defense against these threats. You should create a culture in which employees ask questions, think carefully, and understand their important role in security.


Guide to Cybersecurity

Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?

Please CLICK HERE to review a guide with great information on what you can do to help prevent online fraud and theft.


Avoid ID Theft

Identity theft is a growing problem in the world, but there are certain things you can do to avoid ID theft. Below are different ways to deter, detect, and defend yourself against ID theft.

  • Central Bank will never initiate a request for sensitive information such as social security number, account number(s), PIN numbers or login information (id and/or passwords), nor will we ever request you to verify your account information via email.
  • Help us protect you by keeping your sensitive information such as social security number, account number(s), PIN number(s), ATM card(s) and checkbook(s) in a secure location and we strongly suggest that you do not share this information with anyone.
  • Email Disclosure: Information sent via email is not encrypted. Confidential information such as account and tax ID numbers should not be sent via email. The Central Bank is not responsible for the content or security measures provided by third party websites linked to this page.

The Federal Trade Commission wants you to help fight back against identity theft so for more information about ID theft, please visit their website at www.ftc.gov/idtheft.


DETER

Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.

Deter identity thieves by safeguarding your information.

  • Shred financial documents and paperwork with personal information before you discard them.
  • Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
  • Don’t give out personal information on the phone, through the mail, or over the Internet unless you know who you are dealing with.
  • Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect
    your home computer; keep them up-to-date. Visit www.OnGuardOnline.gov for more information.
  • Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done to your house.

DETECT

Detect suspicious activity by routinely monitoring your financial accounts and billing statements.

Be alert to signs that require immediate attention:

  • Bills that do not arrive as expected
  • Unexpected credit cards or account statements
  • Denials of credit for no apparent reason
  • Calls or letters about purchases you did not make

Inspect:

  • Your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.
    • The law requires the major nationwide consumer reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report each year if you ask for it.
    • Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
  • Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.

DEFEND

Defend against ID theft as soon as you suspect it.

  • Place a “Fraud Alert” on your credit reports, and review and reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
    • Equifax: 1-800-525-6285
    • Experian: 1-800-EXPERIAN (397-3742)
    • TransUnion: 1-800-680-7289
    • Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain.
  • Close accounts. Close any accounts that have been tampered with or established fraudulently.
    • Call the security or fraud departments of each company where an account was opened or charged without your okay. Follow up in writing, with copies of supporting documents.
    • Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
    • Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
    • Keep copies of documents and records of your conversations about the theft.
  • File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.
  • Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
    • Online: ftc.gov/idtheft
    • By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
    • By mail: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave., NW, Washington, DC 20580

Common Ways ID Theft Happens:

Skilled identity thieves use a variety of methods to steal your personal information, including:

  • Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
  • Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
  • Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
  • Changing Your Address. They divert your billing statements to another location by completing a “change of address” form.
  • “Old-Fashioned” Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records from their employers, or bribe employees who have access.

For More Information

To learn more about ID theft and how to deter, detect, and defend against it, visit www.ftc.gov/idtheft. Or request copies of ID theft resources by writing to:

Consumer Response Center
Federal Trade Commission
600 Pennsylvania Ave., NW, H-130
Washington, DC 20580