Password and logon Information
- Make sure you keep your logon IDs and passwords in a safe place. Never store your login and password information in clearly visible places.
- Do not share your logon information with other users.
- Choose passwords that are difficult for others to guess and use a combination of letters and numbers. Use a mix of upper and lower case characters. Do not use a complete dictionary word, your name, birth date or company name.
Review account activity and controls
- Review the Audit log and account activity daily. Report any suspicious activity to your financial institution immediately.
- Perform an annual risk assessment and control evaluation to ensure the appropriate controls are in place related to third party payments and any administrative controls surrounding user and account management.
- If you have the ability to initiate financial transactions via the Internet banking application, one of the most effective security measures is to segregate duties. Consider requiring dual control for these transactions.
- Set up Alerts for financial transactions such as ACH or Wire transfers.
- Make sure your computer has an anti-spyware protection program that detects and removes all forms of spyware or malware. Be sure to keep this software up to date.
- Scan your computer regularly for both spyware and viruses.
- Add a firewall to your network or computer system.
- Use a current web browser that has additional security features.
- Install all software fixes or updates that may address security holes.
Personal Computer Usage
- Control physical access to your computer; make sure your computer is protected with password enabled screen savers.
- If you have a laptop, do not leave it unattended while traveling or keep it locked at work to prevent theft.
- Never leave your laptop in the back seat of your car. Hide your laptop in places such as the trunk or underneath the seat to prevent thieves from seeing your laptop in your car.
- Open attachments only if you know the sender. Do not open links included in an email from unknown parties. These links may direct you to websites that contain spyware or viruses.
- Question suspicious emails. Eastern will never send you an email asking you for your customer ID and password.
- Most emails are not secured so never send anyone an email with any account numbers or password information.
Threats to Your Information
The top two fraud threats identified by the FDIC are malware and phishing attacks. In April 2011, The FBI identified twenty incidents of attempted fraud totaling $20 million wherein online banking credentials of small to medium sized US business were compromised and used to initiate wire transfers to Chinese economic and trade companies.
Corporate bank accounts are sensitive targets and are increasingly being attacked by fraudsters. One of the biggest risks is actually the computer used to bank with. Criminals use two sophisticated attacks to access online accounts using your computer.
Malicious software (or malware) - automatically and silently downloaded onto the computer when browsing the Internet, malware silently captures login information and transfers it to criminals as log-in is performed and can also silently change transactions executed.
Phishing - criminals build fake websites that look very similar to your bank’s website to lure you into visiting them and submitting your online banking log-in information which is later used to access your account.
Online Protection - Anti-Virus & Firewalls
Anti-Virus solutions take days, sometime even weeks, to detect new financial malware variants and remove them. However, fraud occurs hours after a new malware variant is released. So when your anti-virus provider eventually cleans your computer of the malware, it is already too late to prevent fraud from occurring.
Trusteer Rapport protects your computer and mitigates financial malware infections. It also communicates with your bank and allows them to take immediate action against changes in threat.