AmericanWest Bank Security Center:
Customer Best Practices for Computer and Online Use
How to Protect Your Personal Information When Online
Creating User Names and Passwords
For every online service you access you probably have a User ID and Password. When creating your accounts it's best to select an original password, and then take the precautions necessary to protect it. Commit your passwords to memory, and never share or give out your information.
When creating a password, avoid choosing any of the following easily identifiable items:
To provide the best protection, consider these best-practices when selecting your password:
- Your birth date or a family member's date of birth;
- Your name, a family member's name, or a pet's name;
- Social Security number;
- Phone numbers; or
- Dates of important events.
- Create a "strong" password, which includes a combination of letters, numbers and punctuation;
- Long passwords are better; and
- Be sure it's something you can remember without writing it down.
In today's computer environment it's considered standard practice to install anti-virus software on your personal computer. If you're using reputable, up-to-date anti-virus software, you're likely protected; however, it's always a good idea to educate yourself on this important topic.
What is Anti-virus software? It's computer software used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. To find out more about these types of security threats, go to a reputable online source such as www.PCMag.com, www.PCworld.com, www.microsoft.com or www.apple.com.
Anti-virus software can help protect your computer from most threats, but it's important to stay alert. To maximize use of an anti-virus program, keep the software running and up-to-date at all times and follow email best-practices. Start by asking yourself these questions before you open any attachment:
- Is the e-mail from someone you know?
- Have you received an e-mail from this person before?
- Were you expecting an e-mail with an attachment from this sender?
- Does the subject of the e-mail correspond with who is sending the e-mail? And would you expect this type of an attachment from this sender?
More Computer Safety Etiquette
Keep Your System Updated
When purchasing software, including computer systems with software already installed, it is a good idea to find out how the vendor provides ongoing customer support. Most vendors provide free software updates, or patches, that fix problems with their products as well as offer protection from known threats like viruses. You can usually access these updates from the vendor's website. And some applications, such as Microsoft Operating systems, can be set to update automatically. For more information on this topic, refer to the manufacturer's website or their customer support site.
Back Up Your Information
It is a good security practice, as well as good computer maintenance, to back-up important files and folders. You can back-up files in a variety of ways: burning CDs, saving to an external hard drive or memory stick, or utilizing an online storage solution with a well-respected vendor.
What is Phishing and How Can You Protect Yourself?
What is Phishing?
The term "phishing"-as in fishing for confidential information-refers to an email-based scam that fraudulently obtains and uses personal or financial information (the same thing by phone is called pretexting). This is how it works:
As your bank we will never ask for your personal or confidential information in this manner. We received all the necessary information we needed from you at the time you opened your account or applied for your loan. If for some reason we do need to update your personal information, we will contact you directly using the information you provided to us—never asking you to send us confidential information by email.
- A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to be the web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the web site belongs to the fraudster/scammer.
- Once inside the fraudulent web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity, which generally turns into identity theft.
How to Spot Phishing Scams
If you suspect an e-mail or web site is fraudulent, please report this information to the real source (bank, company or government agency), using a phone number or e-mail address from a reliable source—never the phone number listed in the suspicious email. You may also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.
If you think you may be a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact us, and any other financial institutions where you have accounts, to have your accounts protected. We also recommend contacting the police and requesting a copy of any police report or case number for later reference. Finally, you may also call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
Protect Yourself from Phishing
Phishing scams can be well-executed, making it a challenge to detect; however, here are some good tips that can assist you in determining if an email is legitimate or possibly a scam.
- Language and tone—Fraudulent e-mail messages usually urge you to act quickly and make a suggestion that your account is vulnerable. You may be threatened with suspension of your account if you fail to confirm your personal or account information. In addition, the wording of the e-mail may be sloppy or contain misspellings.
- Requests for personal information—Phishing e-mails typically ask for personal or account information such as:
- Account number
- Credit and/or debit card numbers
- Social Security numbers
- Online banking user IDs and passwords
- Date of birth
- Mother's maiden name
- Other confidential information
- Instructions to download software—Some scams insist that in order to continue using online banking you must download "banking software." Our online banking, and others, is executed through a secure website, so there's no need to download software. Be suspicious if you're promoted to install software directly from an e-mail.
- Non-secure websites—Often scams will direct you to websites via a link, and while they look like an authentic site, probably even using the company's logo, they are not. It is even possible for the site to display whatever URL (web address) they desire. Watch for non-secure web sites asking for sensitive information. Remember, secure sites will typically start with "https" in the URL. In addition, they frequently display the lock icon in the corner of your screen.
When it comes to phishing it pays to be alert to these tips:
- Be suspicious of demanding messages;
- Be cautious and aware of downloading anything to your computer or opening email attachments from unknown sources;
- Always protect your password, and never share it; and
- Keep your computer, security measures, and anti-virus software current.
Security & Computer Safety Glossary
Adware: A form of spyware that collects information about a user in order to display advertisements in the web browser based on the information it collects from the user's browsing patterns.
DNS: Short for Domain Name System (or Service or Server), an Internet service that allows domain names to be translated into IP addresses and IP addresses into domain names. We use domain names (such as www.awbank.net) when referring to web addresses because they're easier to remember.
E-mail Spoofing: When an e-mail appears to have been originated from one source, yet it has actually been generated from another, this is known as e-mail spoofing or pharming. The act of forging an e-mail header ( the .....@awbank.net portion of an e-mail) allows individuals who are sending "junk mail" or "SPAM" to author e-mails that cannot (or can be difficult) be traced back to the originator.
Encryption: The process of disguising data so the contents cannot be understood by an unauthorized viewer.
Firewall: A gateway designed to limit access to or from a private network. Firewalls can be used in both hardware and software. They are frequently used to prevent unauthorized users from accessing private networks. Firewalls regulate certain levels of security and maintain them by acting as the "gatekeeper."
Identity Theft: A crime of stealing personal and/or financial information, such as name, Social Security number, or account numbers from a person, with the intent to commit fraud.
IP Address: A unique identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.
ISP: Short for Internet Service Provider, a company that provides Internet access for consumers as well as commercial industries. ISPs now provide customers with a variety of ways to connect to the Internet: dial up through a modem where they provide an access phone number, cable internet access, DSL, or even TI and T3 lines. These services allow you the capability to log on to the Internet, surf the Web, utilize e-mail or set up a small network.
Keystroke Logger: A programs that operates without a user's knowledge and records all of the keystrokes. Once the keystrokes are logged, they are hidden in the machine for later retrieval or shipped raw to the attacker over the Internet. The attacker then carefully goes through the data in hopes of either finding a password or possibly other useful information that can be used to commit fraud or identity theft.
Malware: Short for malicious software, a program or file that is designed to specifically damage or disrupt a system, such as a virus, worm, or a Trojan horse.
Man-In-The-Middle (MTM) Attack: The type of attack where hackers intrude into an existing connection to intercept the exchanged data and inject false information. It involves eavesdropping on a connection, intruding into a connection, intercepting messages, and selectively modifying data.
Patch: Otherwise known as a software update. A patch is a piece of code that is added to software in order to fix a bug or problem. It is used most frequently as a temporary correction between two version releases.
Phishing: As in fishing for confidential information, refers to an e-mail-based scam that encompasses fraudulently obtaining and using an individual's personal or financial information (the same thing by phone is called pretexting). Learn more about how you can take steps to protect yourself from phishing.
Pharming: Similar to phishing but attempts to obtain information through domain spoofing (which is basically IP spoofing). In this case, the consumer can be duped simply by opening an e-mail message because a pharming e-mail contains a virus (or Trojan horse) that installs a small software program on the user's computer. Subsequently, when the consumer tries to visit an official web site, the pharmer's software redirects the browser to the fake version of the site in an attempt to capture the personal financial information the consumer enters into the counterfeit web site.
Pretexting: A form of social engineering (see definition below). Pretexting is when someone attempts to gather personal information with the intention of using it to commit fraud or identity theft, usually by telephone or in person. It often involves some prior research or setup where the would-be thief uses gathered information about the victim with the intention of using it to gain his/her trust and in turn more information (e.g., date of birth, Social Security number, account information, etc.). Pretexting can also be used to impersonate co-workers, police, bank, or any individual who could have perceived authority or right-to-know in the mind of the victim.
SMTP: Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers.
SPAM: E-mail that is not wanted or requested and is also known as unsolicited and junk mail. SPAM is most often used for advertising products or to broadcast some social or political commentary.
Spyware: Software that secretly gathers information through users' Internet connections without their knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs; however, it should be noted that the majority of shareware and freeware do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users install the product when they install something else unknowingly.
Anti-spyware software is readily available and designed to locate and remove spyware from your computer. To find out more about these types of solutions, go to a reputable online source such as www.PCMag.com, WWW.PCworld.com or www.apple.com.
SSL: Short for Secure Sockets Layer, a protocol developed for transmitting private documents via the Internet. Both Netscape Navigator and Internet Explorer support SSL, and many web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. In addition, when SSL is in use a small lock is placed on the taskbar.
TCP/IP: Short for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet.
Trojan Horse: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves, but they can cause damage to your computer and computer files. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead spreads viruses onto your computer, so always use a reputable source to check out software before downloading it, including sources such as www.PCMag.com, WWW.PCworld.com or www.apple.com.
Virus: A program or piece of code that is loaded onto your computer without your knowledge. Once on your computer they run without your permission and can also replicate themselves. All computer viruses are man-made. Even a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. Even more dangerous viruses are capable of transmitting across networks and bypassing security systems.
There are software applications called anti-virus software that are designed to locate and remove viruses from your computer. Read more about this issue. (LP: Link to Anti-Virus above...) KM : Where above?
Worm: A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting down a system.
Web Browser: An application such as Internet Explorer or FireFox that is designed to display web pages.
Social Engineering: A non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what was once called a "con game".