Your Security and Online Protection
Your protection is our first priority. Having information available to you electronically is a valuable tool. Understanding the risks of using that tool and how to use it safely are just as valuable to know. With information stored on local servers, sharing information through social networks, using mobile devices provided by wifi hotspots, and countless other accessibility options, using the internet safely is something that should be taken seriously. We would like to share some helpful information with you so that you can be equally safe in the "electronic" world we all live in today. You can reduce the threat of electronic or cyber-crime against you by following a few simply precautions. Here are some tips and suggestions:
Customer Identification Program - In an effort to prevent the use of the U.S. Banking System in terrorist and other illegal activity, AJ Smith Federal Savings Bank is complying with federal regulations to obtain, verify, and record identification from all persons establishing a new account or being added as signatories to existing accounts. Please do not be offended when asked for identification as these requirements can not be waived.
Phishing - pronounced “fishing,” and that’s exactly what online thieves are doing, “phishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up charges on your credit cards. In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s license numbers in your name. They can do damage to your financial history and personal reputation that can take years to unravel. Understanding how phishing works is your key to protect yourself.
Example: In a typical case, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” In a phishing scam, you would be requested to reply to an email and provide personal information to rectify any problems with either your account or personal information. If you provide the requested information, you may find yourself the victim of identity theft.
Pharming - pronounced "farming" is a another popular Internet threat. This refers to the redirection of an individual to an illegitimate Website through technical means. An Internet banking customer, who routinely logs in to his or her online banking web site, may be unknowingly redirected to an illegitimate Website.
Example: You normally type http://www.ajsmithbank.com to access our website and your Internet Banking. However, you receive an email that reads “There is a question about your AJ Smith Checking Account. Please click the following link to log in to your Internet Banking account – www.ajsmthbank.com . If you look closely, the link you are to follow is missing the “i” in Smith. This is when the switch to an illegitimate website occurs. If this was an actual Pharming attack or setup, clicking the link would have taken you to a website that although looks very legitimate, is not. Once you have been moved to the fake website, you would continue by typing in your user ID and Password, and now you have just provided the Pharming hacker with your log in information. There are other ways of Pharming, but the above example is probably the one used the most because it is the easiest to accomplish.
Remember.... AJ Smith Federal Savings Bank would NEVER ask you to confirm personal information through our website, text messages, an email or email link. If you receive such a request, you should always contact us by phone to verify any information.
Tips for protecting yourself online
Always type the URL (address) of our website into your browser - http://www.ajsmithbank.com. You should avoid using links from emails or saved "favorites" when browsing to our website.
Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers and pharmers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information. Always review what URL (Internet address) you have been moved to, when clicking a link inside of an email. If you believe the contact may be a "fake" , you should always contact the financial institution yourself. You can find phone numbers on our website. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
Never provide your password over the phone or in response to an unsolicited Internet request or received phone call. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your your money, personal information and ultimately, your identity.
Avoid Public Wireless Internet Access (WiFi) for Online Banking: You should be vigilant if you use internet cafes or a computer that is not your own and over which you have no control. Hackers and identity thieves often monitor these networks or install malware to capture your login credentials. If at all possible, use a secure wireless network for all confidential transactions.
Ensure that passwords (and PINs or pass-phrases) are properly protected since they provide access to large amounts of personal and financial information, and even access to conduct financial transactions. Passwords should be strong, unique for each account, and difficult to guess. A strong password should be at least 10 characters long and contain multiple characters types (lowercase, uppercase, numbers, and special characters). Disable the feature that allows programs to remember passwords and automatically enter them when required. Hacker and their malicious software can look up “remembered” passwords. Many online sites make use of self-service password recovery or challenge questions. The answers to these questions should be something that no one else would know or find from Internet searches. Consider creating your own question, if possible, or providing a false answer to a fact-based question, assuming the response is unique and memorable. Never share your passwords with anyone. You are responsible for the actions of your account. Do not use automatic login features that save passwords. You should never use public or other unsecured computers for online banking. Always remember to logoff your online banking application when you are done, especially if it is not your personal computer.
Review your account statement regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access such as Online Banking or Telephone Banking, periodically review activity online to catch suspicious transactions.
Never forward email or documents from home computers to work computers via email. Have work content sent to your workemail address. Use work provided secure remote access to get to work email and documents from home.
Ensure that you know what type of personal information is being posted online. Information which has traditionally been stored on a local computer is steadily moving to the Internet. Information stored on the Internet is difficult to remove and is governed by the different privacy policies and security that is provide by the hosting sites. Individuals who post information to these web-based services should ask themselves “Who can access this information that I am posting?” and “What control do I have over how this information is stored and shown?” Social network sites are very convenient and efficient means for sharing personal information with family and friends. This convenience also brings risks Social Network Users should be aware and understand what personal data is shared and who has access to this data. Always give some thought before posting information such as address, phone number, place of employment, date of birth, and family relationships. If you can, limit access to posted personal data to only people you know.
Make sure that you have Anti-Virus / Anti-Spam software installed on your computer and that it is up-to-date. Make sure that you have the latest security patches for all programs installed on your PC. This closes holes or gaps in your PC's security.
What to do if you fall victim:
If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.
Contact your financial institution immediately and alert it to the situation. If you have disclosed sensitive information in a phishing or pharming attack, you should also contact one of the three major credit bureaus (listed below) and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name.
Here is the contact information for each bureau’s fraud division:
800-525-6285 888-397-3742 800-680-7289
P.O. Box 740250 PO Box 1017 PO Box 6790
Atlanta, GA 30374 Allen,
Fullerton, CA 92634
Report suspicious e-mails or calls to the Federal Trade Commission through the Internet at http://www.consumer.ftc.gov/features/feature-0014-identity-theft, or by calling 1-877-IDTHEFT (438-4338).