- Select passwords that are not obvious. Avoid using personal information as passwords, such as your last name or birthday. Also, avoid using the same user ID and password for multiple web sites.
- Do not write or post user IDs, passwords or other sensitive information where they could be seen by others.
- Frequently change your passwords and do not share user IDs or passwords with anyone else, even family members.
- Prevent unauthorized persons from using your computer by logging off or locking your workstation when you leave the area.
Anti-Virus Software and Download Tips
- Scan any software downloaded from the internet for viruses before installation.
- Ensure your computer's operating system and software is updated on a regular basis. Consult with your local IT professional for assistance.
- Use anti-virus and anti-malware software, and keep the software up-to-date.
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them personal information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.
NEVER give away your personal information including your online banking usernames/passwords, your social security number, account numbers, etc.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website Spoofing
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
- Avoid using websites when your browser displays certificate errors or warnings.
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS).
- Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages.
- Beware of visiting website addresses sent to you in an unsolicited message.
- Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
Browsers and Encryption
City Bank's standards are among the highest on the Internet. For accessing our secure applications, such as City Bank Online Banking, City Bank requires that your browser supports industry standard SSL encryption. It is important that you regularly update your browser, typically by keeping your Windows or Apple/Mac systems up-to-date, in order to ensure that you are protected from the latest security vulnerabilities.
Clearing Your Internet Browser's Cache and History
To ensure your privacy, we recommend that you clear the Internet browser's cache and history after visiting any City Bank web site. Internet browsing software, such as Microsoft Internet Explorer and Netscape, stores or "caches" content of web sites visited during online sessions to display pages previously viewed more quickly. Additionally, the Internet browser's history list tracks web site addresses you visit. Clearing your browser's cache and history ensures that other people using the computer (particularly public computers) do not have access to your session information.
Additional Online Business Security Tips
- Regularly review your transactions and statements to detect unauthorized activity. Details of your transactions are promptly posted and available on City Bank online. It can be very useful to monitor and control transactions--including those originating online and through other channels, such as checks you've written or withdrawals you've made.
- City Bank's Online Cash Management offers an online Positive Pay Service to help you monitor and control checks clearing against your accounts.
- There are also several internal controls you can have set up within Cash Management that add layers of security. These include:
- Automatic E-mail Notifications for initiated ACH Batches.
- IP Address Restrictions
- Access time Restrictions