It was a beautiful day as neighbors, friends and family gathered for Natick Days, a “festival of entertainment that celebrates our community.” During the event visitors to our booth picked up gifts and goodies, as well as met Mo, the MutualOne Bank mascot!
With its recent Charitable Foundation award of $5,000, MutualOne Bank will be the sole sponsor of the 2016 World Music Series at Amazing Things Arts Center in Framingham. Announcement of the award was made today by
Steven M. Sousa, executive vice president and COO of MutualOne Bank and a MutualOne Charitable Foundation trustee,
According to Amazing Things Executive Director Ellen Sturgis, the funding will increase the frequency of, and attendance at, shows featuring high quality music from around the globe. Plans for the six-session World Music Series will expand past cultural offerings with the addition of performances featuring Indian, Celtic, and Klezmer music, and more, all reflecting the diversity of the MetroWest area.
“We live in a truly diverse cultural area,” said Sousa. “The MutualOne Charitable Foundation is pleased to help Amazing Things reach out to a broader audience with its World Music Series in 2016.”
Mark R. Haranas, president and CEO of MutualOne Bank and a MutualOne Charitable Foundation trustee, announced today that the Foundation has granted a $4,626 request from Programs For People in Framingham for the purchase of equipment and supplies to enhance the organization’s ability to provide the best possible services to adults who are recovering from serious mental illness.
The majority of the items are needed for the organization’s employment services, according to Iris Carroll, MPH, Programs For People director. Additional purchases will be made for “The Lunch Box,” the program’s onsite pre-vocational food service program clients preparing to eventually work in the community.
“As a self-supporting organization, Programs For People relies on the community as a whole in order to continue its work,” said Haranas. “The MutualOne Charitable Foundation is pleased to help by providing for the purchase of items that will bring added value to the program.”
Robert P. Lamprey, chairman of the MutualOne Charitable Foundation, announced today that the Foundation has awarded $3,000 to Danforth Art Museum\School in Framingham to support the Drop Into Art program offering free admission for children and their accompanying adults to exhibitions, gallery experiences, and hands-on art-making on the first Sunday of each month, from 2-4 pm, October – May.
“We are always pleased to support educational and cultural opportunities in our community,” said Lamprey. “Drop Into Art is a prime example of opening the door to new and enlightening experiences for many of our residents.”
Mark R. Haranas, president and CEO of MutualOne Bank and a MutualOne Charitable Foundation trustee, announced today that the Foundation has awarded $5,000 to help advance the “iPads on a Cart” program introduced last year at Marian High School in Framingham.
The Foundation’s gift will help purchase up to 10 additional classroom Apple iPads to be used by faculty and students for specifically designed lessons and projects as the program enters phase two this year.
“We’re happy to support Marian High School’s efforts to enhance its technology capabilities,” said Haranas. “There’s no question that it is a definite plus for today’s students.”
Robert P. Lamprey, chairman of the MutualOne Charitable Foundation, has announced a $5,000 grant from the Foundation to Homeowners Options for Massachusetts Elders (HOME).
The grant will support the organization’s outreach work and prevention initiatives designed to help low-income elders in our area who are experiencing difficulties and dire threats to their ability to maintain themselves long-term in their homes and communities.
“Helping elders successfully age-in-place and maintain their independence and self-reliance is an important part of building community,” said Lamprey. “The MutualOne Charitable Foundation is pleased to support HOME’s efforts.”
Steven M. Sousa, executive vice president and COO of MutualOne Bank and a MutualOne Charitable Foundation trustee, announced today that the Foundation has awarded $1,000 to American Veterans (AMVETS) Post 79 in Natick for its new 9-11 Memorial. The funds will provide for the addition of seven lights in memory of the seven T.J. Maxx employees who died on 9-11 and a bell to honor the 343 firefighters lost in the tragedy.
“We were proud to support the Post’s 9-11 Memorial plans,” said Sousa. “September 11th is a date that will always resonate in our minds and in our hearts, no matter how much time passes.”
Password reuse occurs when someone uses the same password on multiple websites or accounts. This is a vulnerability if the password is exposed in coordination with other information that identifies who is using the password – such as first and last names, login names, or email addresses.
Avoiding password reuse can be challenging because of the number of websites and accounts that require passwords, some of which require updating your password every 30 days. There are two ways to avoid password reuse and to ensure any password meets the recommended password complexity requirements.
The first technique is to use a password manager to remember each unique password. Password managers are applications that can be stored on a computer, smartphone, or in the cloud, and will securely track passwords and where they are used. Most password managers can also generate complex random passwords for each account if you choose to do so. As long as the password to access the password manager is sufficiently complex, this technique can be affective. However, if the company running the password manager is compromised (which does happen!) it is possible that all your passwords will also be compromised. If you choose a password manager that is local to your computer or smartphone, that information may be compromised if malware gets on your computer or you lose your smartphone. When choosing a password manager, ensure it is from a known, trustworthy company.
The second technique is to choose a repeatable pattern for your password, such as choosing a sentence that incorporates something unique about the website or account, and then using the first letter of each word as your password. For example the sentence: “This is my August password for the Center for Internet Security website.” would become “TimAp4tCfISw.” Since a strong password is complex, and includes upper and lower case letters, numbers, and a symbol, this password keeps the capitalization within the sentence, translates the word “for” to the number “4,” and adds the period to include adding a symbol. The vulnerability in this technique is that if multiple passwords from the same user are exposed it may reveal the pattern.
Regardless of how a unique password is chosen, it is critically important that every password is unique. Some companies, such as Facebook, have begun programs to identify password reuse. Facebook’s program to identify password reuse involves monitoring for lists of compromised usernames, emails, and passwords, and attempting to match those to the usernames or email addresses of existing Facebook users. If a match is found Facebook asks the user to reset their Facebook password.
How Password Reuse is a Threat
Password reuse is a threat because malicious actors can take advantage of a reused password if there is other associated information that identifies you. This typically occurs through one of two potential scenarios:
In the first, and most common scenario, the malicious actors can search for other accounts you use and try to login with the same password. In some cases the actors might try to find personal accounts such as Facebook, Twitter, or banking websites. If they can identify those accounts, and you reuse your password, they can login as you. In other instances the malicious actors may try to determine where you are employed and attempt to use it for remote access, such as through a remote email or timecard access.
A second scenario involving a malicious website is much less common, but still poses a threat. In this scenario the malicious cyber-actor sets up a website that spoofs a legitimate web site, which requests you enter an email address, password, and potentially other information to gain access. Once you have done that, they know who you are and can search for your other accounts where you used the same password.
A big shout out to our most recent Employees of the Month, Elizabeth Kuhn, senior personal banker at our Lincoln Street office, and IT Support Specialist Timothy Ellerbe. Liz was chosen because she is a true team member, leads by example, and is a valuable resource for staff questions. Tim was selected for his work installing new systems, building systems for future use, and covering weekend work at our Natick office – all while providing outstanding customer support for the bank’s day-to-day activities.
Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes a social engineer is able to rely solely on information posted online or will sometimes interact with the victim to persuade the victim to share details or perform an action.
Information posted online can seem harmless, until you think about how a social engineer could use the same information. By gathering multiple pieces of information from various sources, a cyber criminal could have enough facts about you to craft a very convincing social engineering scam. Think about how these seemingly innocuous details might be valuable to the cyber criminal:
• Posting a picture of your pet might give away your pet’s name, or posting a photo of your car would identify its color. Pet’s name and car color are common security questions.
• Answering a “meme” can give away personally identifiable information (PII) such as your date of birth or other sensitive information, including answers to security questions.
Be careful about how much information you post and think about how the various pieces might be combined for use by a cyber criminal.
The following three common types of persuasion methods highlight different ways social engineers target victims through the Internet.
Tech Support Call Scams
In Tech Support Call Scams the scammer, claiming to work for a well-known software or technology company cold calls victims in an attempt to convince the victim that their computer is at risk of attack, attacking another computer, or is infected with malware, and that only the caller can remediate the problem. In convincing the victim, the scammer often persuades the victim to provide remote access to the victim’s computer. The scammer can then install malware or access sensitive information. In some variations the scammer persuades the victim to pay for unnecessary or fictitious antivirus software or software updates.
In Romance Scams the malicious actors create fake profiles on dating websites and establish relationships with other site members. Once a sense of trust is established, the scammer fabricates an emergency and asks the victim for financial assistance. The scammer generally claims they will repay the victim as soon as the crisis is over, however, if the victim sends money, the scammer will prolong the scam, sometimes stealing thousands of dollars from the victim.
In this scenario, also known as the “Grandparent Scam,” malicious actors use information posted on social media websites by a traveling family member to trick other family members into sending money overseas. Often the scam targets the elderly, who are less likely to realize the information was originally posted online. The scammer will monitor social media websites for people traveling overseas, and then contact the family members, through the Internet or via phone, with a crisis and requesting that money be sent immediately. The scammers rely on all the information users post online about themselves and their trips, in order to convince the family member that they know the traveler and are privy to personal details, and thus should be trusted.
Easy Tips to Protect Yourself from Social Engineering
• Use discretion when posting personal information on social media. This information is a treasure-trove to scammers who will use it to feign trustworthiness.
• Before posting any information, consider: What does this information say about me? How can this information be used against me? Is this information, if combined with other information, harmful?
• Remind friends and family members to exercise the same caution. Request that they remove revealing information about you.
• Verify the identity of anyone who contacts you through different means – do not use the information they provide you.
• Do not send money to people you do not know and trust.