PC Banking Fraud Prevention Best Practices

User ID and Password Guidelines
Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
Change your password frequently.  
Never share username and password information.
Do not use an automatic login feature that save usernames and passwords.
Do not use the same password on all the websites you visit.
Do not use the same passwords at home that you use at work.

General Guidelines
Register each computer used to access PC Banking.
Do not use public or other unsecured computers for logging into PC Banking.
Do not conduct online banking over wireless that you don’t own.
Check the last login date/time every time you log in.
Review account balances and transactions regularly (daily) to confirm payment and other transaction data.
Immediately report any suspicious transactions to Clinton National Bank.
View transfer history available through viewing account activity information. 
Take advantage of and regularly view system alerts; examples including Email change alerts and password change alerts.
Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
Never leave a computer unattended while using PC Banking.

Tips to Protect Online Payments & Account Data
Take advantage of transaction limits.
When you have completed a transaction, ensure you log off to close the connection with the financial organization's computer.

Required Security Procedures for PC Banking
Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.  Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.

  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
  • If an e-mail claiming to be from Clinton National Bank seems suspicious, please contact Clinton National Bank. 

    Clinton National Bank will never ask you to verify username or passwords via an email request.

Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.

  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.


Ensure computers are patched regularly, particularly operating system and key application with security patches.

  • Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable.  A firewall limits the potential for unauthorized access to your network and computers.

  • Check your settings and select, at least, a medium level of security for your browsers.
  • Be advised that you will never be presented with a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching the URL and before entering login credentials.


PC Banking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.

  • If you receive a pop-up window, close it with the X in the corner. Never use any buttons within the window.


PC Banking never displays pop-up messages indicating that you cannot use your current browser.

  • PC Banking error messages never include an amount of time to wait before trying to login again.

Being asked repeatedly to enter your password/token code are signs of potentially harmful activity.

  • Being asked if your computer was previously registered is a sign of potentially harmful activity.

 

September 2011 - Fraudulent Emails Appearing to Come From NACHA

NACHA – The Electronic Payments Association emails have become the victim of phishing attacks.

Please do not click on any links from an email address @nacha.org

These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary — with more recent examples purporting to come from actual NACHA employees and/or departments — and often including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

 

August 2011 - Fraudulent “FDIC Notification” E-Mails with Attachment

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment. The fraudulent e-mails have addresses such as “no.reply@fdic.gov” or “notify84zma@fdic.gov” on the “From” line. The message appears, with spelling and grammatical errors, as follows:

Subject line: “FDIC notification”
Message body:
“Dear customer, Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below. As soon as it is setup, you transaction abilities will be fully restored. Best Regards, Online Security department, Federal Deposit Insurance Corporation.”

The e-mails contain an attachment “FDIC_document.zip” that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT open the attachment.

Consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.

Attachment: Fraudulent E-mail Sample
From: no reply [mailto:no.reply@fdic.gov]
Sent: Wednesday, August 03, 2011 12:45 AM
To: John.Doe@ABC.com
Subject: FDIC notification

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html

 

Protecting Your Security

You are encouraged to monitor your account closely and let us know if you see any unauthorized purchases. If you have not already registered for PC Banking, our free online banking service, which allows you to monitor your account anytime, we recommend you do so. Visit our homepage and click on "Online Banking" to register for this convenient, free service.

In a continuing effort to provide you, our customer, with up-to-date information regarding the safety of your identity and privacy, we have outlined the following best practices.

  • Never give out your bank or credit card account number over the telephone to someone who called you.

  • Never take money out of the bank and give it to someone you don't know.

  • Destroy credit card solicitations you receive in the mail, especially if they have checks attached.

  • Never disclose your Social Security number.

  • Always review your bank statements for discrepancies.

  • Never give out your ATM, debit card, credit card or disclose the PIN number.

  • Do not keep your PIN number in the same place you keep your ATM or debit card.

  • If you ever feel uncomfortable about any situation involving your money, call the bank or your local police department.

  • Remember that banks, insurance companies, investment managers and government agencies will never call you or email you and ask for your account number, PIN number or other non-public information.

 

 

 

Read More Security Tips               Read More About Credit Card Security