Internet Security Information
Cornerstone Community Bank will never ask you to provide personal information via our website or by email request.
A tip to avoid identity theft:
Be alert for false emails purporting to be from banks, credit card companies, or federal agencies requesting personal information. Never provide your identification information, including your social security number, any PIN number or checking or savings account number in response to these requests.
Your Online Banking Security
What is Online Banking Fraud?
- Social Engineering- Exploiting human vulnerabilities is the heart of social engineering. Fraudsters play off the emotions of the victim to take action, gain information or gain access. Social engineering or “human hacking”, as some have called it, presents a “problem” to the victim in email, over the phone or text, in person or advertising. The “problem” has been structured with an urgency for action to exploit the natural helpfulness of people. Social engineering can persuade people to download malware, send large sums of money or provide user names and passwords.
- Email- Unsolicited emails or SPAM containing bogus offers or dangerous links have resulted in some email users losing money. The fraudster is cunning and knows just how to make the offer too good to be true. SPAM should be reported to email@example.com
- Phishing- When internet fraudsters impersonate a business to trick you into giving out your personal information. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses including Cornerstone Community Bank don’t ask you to send sensitive information through insecure channels. Phishing should be reported to firstname.lastname@example.org and to the business being impersonated in the email.
- Smishing- Similar to phishing, smishing uses cell phone text messages to deliver the “bait” to get you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a website URL, however it has become more common to see a phone number that connects to an automated voice response system. An example of a smishing message is “Notice-this is an automated message from (Name of Financial Institution), your debit card has been suspended. To reactivate call urgent at 866-###-####”. When the call is returned, the fraudsters will request card information. This information can then be used to duplicate your card.
- Malware- Short for “malicious software." It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent. These programs can cause device performance issues, but your online activity and habits can be monitored and watched including keylogging software. Criminals use malware to steal personal information, send spam, and commit fraud. If you think your computer has malware, file a complaint with the FTC at https://ftccomplaintassistant.gov
- Keylogging or Keylogger- Keylogging software truly holds the key to all your personal information. Key logging software installed on your computer without your knowledge will gather user names, passwords, credit card and account numbers, social security numbers and other confidential information shared with trusted businesses and websites. The keystrokes are captured and delivered back to the fraudster. Keylogging malware should be reported to the FTC at https://ftccomplaintassistant.gov
Cornerstone’s Commitment to Online Security
- Username and Password- Cornerstone does not know your password and will never ask for your password. If you ever receive an email, phone call or text message asking for your online password, contact your local branch directly with the phone number appearing on your statement. The bank never has and never will ask for your password!
- Device Profiling- Cornerstone uses Device Profiling to review a wide range of details about the login transaction including the device, the connection, and the customer’s past use of these device attributions. Based on this review, if a device is not recognized, an additional layer of authentication will be required to login. This additional layer is called Out-of-Band Authentication.
- Out-of-Band Authentication– Cornerstone currently utilized Out-of-Band Authentication for your security online. Out-of-Band allows users to authenticate using a Username and two additional methods; a password and a one-time security code.
- Transaction Review- We know you and how you bank. If a transaction looks suspicious we will contact you to verify the account activity.
- Security Risk Assessments- The bank is continually performing internal risk assessments to ensure the risks related to online banking have been properly identified and mitigated with security controls. These risk assessments are reviewed in detail by management, federal and state regulators and internal auditors.
- Regulation E- This is your federal protection against online account fraud under the Electronic Funds Transfer Act. The details of the regulation were provided to you at the time you opened your checking account and are referenced on the reverse of your monthly bank statement. We must hear from you no later than sixty (60) days after we sent the FIRST statement on which the problem or error appeared. Timely reporting is key to limit loss.
Your Commitment to Online Security
Use Security Software That Updates Automatically
If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware.
Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.
Treat Your Personal Information Like Cash
Check Out Companies to Find out Who You’re Really Dealing With
Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
Give Personal Information Over Encrypted Websites Only
Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.
Protect Your Passwords
- The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users.
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Do not save passwords on your website or leave written notes with your password near or on your computer.
Back Up Your Files
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don't use adequate security software. To reduce your risk of downloading unwanted malware and spyware:
- Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.
- Don't click on any links or open any attachments in emails unless you know who sent it and what it is. Clicking on links and opening attachments – even in emails that seem to be from friends or family – can install malware on your computer.
- Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
- Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the "medium" setting at a minimum.
- Use a pop-up blocker and don't click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the "X" in the title bar.
- Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers use to spread malware.
- Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
- Back up your data regularly. Whether it's text files or photos that are important to you, back up any data that you'd want to keep in case your computer crashes.
Monitor your computer for unusual behavior. Your computer may be infected with malware if it:
- Slows down, crashes, or displays repeated error messages
- Won't shut down or restart
- Serves up a barrage of pop-ups
- Displays web pages you didn't intend to visit, or sends emails you didn't write
- New and unexpected toolbars
- New and unexpected icons in your shortcuts or on your desktop
- A sudden or repeated change in your computer's internet home page
- A laptop battery that drains more quickly than it should
Get Rid of Malware
If you suspect there is malware is on your computer, take these steps:
- Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
- Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
- If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
- Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
If you think your computer has malware, the Federal Trade Commission wants to know. File a complaint at https://ftccomplaintassistant.gov
Contributed by http://onguardonline.gov/
- Secure your phone- Always lock your phone when it is not in use. Set your phone to automatically lock after being idle for a set amount of time. If the option is available on your phone, set a longer and stronger password than the default 4-digit unlock code.
- Clear data from your smartphone frequently– Delete text messages from financial institutions, especially before sharing, discarding, or selling your phone. Delete cookies and cache regularly on your mobile device, as they may contain confidential information.
- Download apps from reputable sources– Criminals try to lure people into signing up for mobile banking using fake apps and/or websites. Visit bankcornerstone.com to verify the sources of your online banking application. If you are considering adding an app to your mobile device, review the app’s permissions so you understand what the app is capable of doing before you decide to download it.
- Protect your phone– Keep your mobile device software up-to-date. Don’t download any files or email attachments that you’re not sure about. Don’t follow any website link unless you know they are genuine. Delete junk emails and text messages. Install anti-spyware software specifically designed for your mobile device.
- SMS messages– Delete SMS/Text Banking messages when no longer needed. Do not respond to SMS messages claiming to be from your Financial Institution that have not been initiated by you.
- Avoid sharing your phone– If you must share your mobile device or send it off for repairs, clear your history and cache. Log out of all secure sites, including Mobile Banking. Make sure all Apps are logged out of and not set-up to login upon being launched. Delete all SMS/Text Banking messages.
- Alerts– Enroll in Mobile Banking and Online Banking security alerts.