Reprinted from United States Computer Emergency Readiness Team Website
What unique risks are associated with children?
When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.
You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can’t cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she’s done or may not tell you what happened because she’s afraid of getting punished.
Online predators present another significant threat, particularly to children. Because the nature of the Internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users (see Avoiding Social Engineering and Phishing Attacks for some examples). Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. Another growing problem is cyberbullying. These threats are even greater if a child has access to email or instant messaging programs, visits chat rooms, and/or uses social networking sites.
What can you do?
• Be involved – Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child’s online activities while teaching her good computer habits.
• Keep your computer in an open area – If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she’s not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
• Set rules and warn about dangers – Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child’s age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the Internet so that they recognize suspicious behavior or activity. Discuss the risks of sharing certain types of information (e.g., that they’re home alone) and the benefits to only communicating and sharing information with people they know (see Using Instant Messaging and Chat Rooms Safely, Staying Safe on Social Network Sites, and the document Socializing Securely: Using Social Networking Services for more information). The goal isn’t to scare them, it’s to make them more aware. Make sure to include the topic of cyberbullying in these discussions (see Dealing with Cyberbullies for more information).
• Monitor computer activity – Be aware of what your child is doing on the computer, including which websites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
• Keep lines of communication open – Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
• Consider partitioning your computer into separate accounts – Most operating systems give you the option of creating a different user account for each user. If you’re worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges they have. If you don’t have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser (see Evaluating Your Web Browser’s Security Settings for more information), avoid letting your browser remember passwords and other personal information (see Browsing Safely: Understanding Active Content and Cookies). Also, it is always important to keep your virus definitions up to date (see Understanding Anti-Virus Software).
• Consider implementing parental controls – You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain websites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options, choose the Content tab, and click the Enable… button under Content Advisor.There are other resources you can use to control and/or monitor your child’s online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs.
For more information about how to keep your child safe online visit us-cert.gov.
Malicious software — or “malware” for short — is a broad class of software built with malicious intent. “You may have heard of malware being referred to as a ‘computer bug’ or ‘virus’ because most malware is designed to spread like a contagious illness, infecting other computers it comes into contact with,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “And if you don’t protect your computer, it could become infected by malware that steals your personal financial information, spies on you by capturing your keystrokes, or even destroys data.”
Law enforcement agencies and security experts have seen an increase in a certain kind of malware known as “ransomware,” which restricts someone’s access to a computer or a smartphone — literally holding the device hostage — until a ransom is paid. While businesses have been targeted more than consumers to date, many home computer users have been victims of ransomware. For more information, see an alert issued by the U.S. Department of Homeland Security.
The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file. Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or Web page on the Internet. The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!”
Malware also can spread across a network of linked computers, be downloaded from an infected website, or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive.
Here are reminders plus additional tips on how to generally keep malware off your computer.
Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails. Think before you click! Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number). “Even if the attachment is from someone you know, consider if you really need to open the attachment, especially if the email looks suspicious,” added Benardo.
Install good anti-virus software that periodically runs to search for and remove malware. Make sure to set the software to update automatically and scan for the latest malware.
Be diligent about using spam (junk mail) filters provided by your email provider. These services help block mass emails that might contain malware from reaching your email inbox.
Don’t visit untrusted websites and don’t believe everything you read. Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more. If something sounds too good to be true, then most likely it’s fraudulent or harmful.”
Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer. It could have hidden malware on it. “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes. “If you are still unsure, don’t take a chance.”
To learn more about how to protect against malware, visit OnGuardOnline.
Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. “Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer.”
Here are some basic steps you can take to secure your mobile devices.
Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution’s website to confirm where to download its official app for mobile banking.
Keep your device’s operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. “Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play,” said Robert Brown, a senior ombudsman specialist at the FDIC.
Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.
Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the “time out” or “auto lock” feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.
Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.
Have the ability to remotely remove data from your device if it is lost or stolen. A “remote wipe” protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.
To learn more about safely using smartphones and tablets, see the Federal Trade Commission’s Computer Security Web page.
Reprinted from FDIC Consumer News – Winter 2016
In today’s world, it’s important for small business owners to be vigilant in protecting their computer systems and data. Among the reasons: Federal consumer protections generally do not cover businesses for losses they incur from unauthorized electronic fund transfers. That means, for example, your bank may not be responsible for reimbursing losses associated with an electronic theft from your bank account — for instance, if there was negligence on the part of your business, such as unsecured computers or falling for common scams. (To learn more about the rules pertaining to electronic theft, including losses involving a business debit card, see How Federal Laws and Industry Practices Limit Losses From Cyberattacks).
Here are tips to help small business owners and their employees protect themselves and their companies from losses and other harm. Several of these tips mirror basic precautions we have suggested elsewhere in this issue for consumers.
Protect computers and Wi-Fi networks. Equip your computers with up-to-date anti-virus software and firewalls to block unwanted access. Arrange for key security software to automatically update, if possible. And if you have a Wi-Fi network for your workplace, make sure it is secure, including having the router protected by a password that is set by you (not the default password). The user manual for your device can give you instructions, which are also generally available online.
Patch software in a timely manner. Software vendors regularly provide “patches” or updates to their products to correct security flaws and improve functionality. A good practice is to download and install these software updates as soon as they are available. It may be most efficient to configure software to install such updates automatically.
Set cybersecurity procedures and training for employees. Consider reducing risks through steps such as pre-employment background checks and clearly outlined policies for personal use of computers. Limit employee access to the data systems that they need for their jobs, and require permission to install any software.
And, train employees about cybersecurity issues, such as suspicious or unsolicited emails asking them to click on a link, open an attachment or provide account information. By complying with what appears to be a simple request, your employees may be installing malware on your network. You can use training resources such as a 30-minute online course from the Small Business Administration (SBA).
Require strong authentication. Ensure that employees and other users connecting to your network use strong user IDs and passwords for computers, mobile devices and online accounts by using combinations of upper- and lower-case letters, numbers and symbols that are hard to guess and changed regularly. Consider requiring more information beyond a password to gain access to your business’s network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.
Secure the business’s tablets and smartphones. Mobile devices can be a source of security challenges, especially if they hold confidential information or can access your company’s network. In the case of the latter, require employees to password-protect their devices, encrypt their data and install security apps to prevent criminals from accessing the device while it is connected to public networks. Also develop and enforce reporting procedures for lost or stolen equipment.
Back up important business systems and data. Do so at least once a week. For your backup data, remember to use the same security measures (such as encryption) that you would apply to the original data. In addition, in case your main computer becomes infected, regularly back up sensitive business data to additional, disconnected storage devices.
Use best practices for handling card payments online. Seek advice from your bank or a payment processor to select the most trusted and validated tools and anti-fraud services. This may include using just one computer or tablet for payment processing.
Be vigilant for early signs something is wrong. “Monitor bank account balances regularly to look for suspicious or unauthorized activity,” suggested Luke W. Reynolds, chief of the FDIC’s Outreach and Program Development Section.
As you may have heard, Home Depot is investigating the theft of credit and debit card data from its payment systems. We have been informed that there is potential risk for transactions completed at Home Depot stores between April 11 and September 7, 2014. This announcement is yet another example of why it’s always important to monitor your accounts.
Where can I learn more about the breach and Home Depot’s response?
Home Depot released a preliminary announcement that it is working with law enforcement to investigate the breach. Check the Home Depot media center for updates.
How can I find out if my card was affected?
At this time, there is no need for customers to call us. We will receive a list of potentially compromised cards and we will contact you.
Should I reset my PIN?
The investigation is open and has not yet confirmed if PIN information was compromised. However, it is good practice to reset your card’s PIN periodically.
Should I cancel my card?
There is no need to cancel your card. We will automatically reissue your card if it was affected.
What should I do if I see suspicious charges on my account?
Monitor your account(s) and review your monthly statements carefully. Notify us immediately if you see any unauthorized activity by calling 508.820.4000.
If my card has been compromised, will MutualOne Bank reissue my card?
Yes. If we find your card has been compromised, we will send you a new card with a new number.
There is a telephone phishing scam underway in our area that we want our customers to be aware of. The victims of this scam receive a bogus text or telephone message that is supposedly from their bank, which is mentioned by name. The message claims that the customer’s debit card has been deactivated, and tells them to call a phone number provided in the message. When the customer calls that number, they are told to enter their debit card information and a replacement card will be issued.
Under no circumstances would MutualOne Bank contact you in this manner. If you receive such a message or experience any other suspicious or questionable activity regarding your account, please notify us immediately by calling us directly at (508) 820-4000.
Target is warning all customers about a phishing scam related to the November 27 to December 15 data breach at its stores.
Individuals may be contacted via email, phone or text by an individual claiming to be from Target. Messages ask recipients to share financial or otherwise identifying information. THESE ARE A SCAM!
In response, Target has set up a special section on its corporate website with all the official communications shared by the company surrounding the data breach. If you have received any email messages concerning the breach we urge you to visit the site and check the authenticity of any emails received against official messages from the company.
These scams may ask the recipient to verify certain information or may even claim to offer protection against a potential security issue. Please do not provide this type of information or click on any links associated with this or any other unsolicited messages.
Remember, no legitimate business will ever contact you directly and ask for your personal or private information. Please do not share your personal or private information with another party unless you initiate the communication.
If you have any questions please call us directly at 508.820.400 or visit any of our offices during normal banking hours.
If you made credit or debit card purchases in person at a Target store between November 27 and December 15, you may have been affected by a recently revealed data breach. Information that may have been compromised includes customer name, credit or debit card number, the expiration date, and the three or four-digit security code on cards.
We have contacted those MutualOne customers that we believe may have been subject to the breach, and are issuing new cards. If you believe your card may have been compromised and you have not heard from MutualOne, please call us at 508.820.4000, or visit any of our offices during normal banking hours.
Online purchases were reportedly not involved.
An alert on the Target website describes in detail what steps you should take to detect or avoid fraudulent use of your credit or debit card information. We urge you to review the information you will find there.
Other steps you can take include regularly reviewing activity on your account and reporting anything suspicious to your financial institution or card issuer.
Several customers have made reports of an automated telephone scam attempting to obtain personal information about debit card accounts. The call claims your debit card has been compromised or is on hold. It asks that you press 1, and then input personal information including the card number and its PIN number. These are not legitimate calls and should be ignored. These calls are coming from a variety of area codes in the U.S.
Awareness is essential to help combat fraud. Should you receive any questionable calls or emails, do not provide your personal information including your account numbers, PIN numbers or social security number.
MutualOne Bank will NEVER initiate a call or email to you requesting your personal information. Do not call back a number provided over the phone or click on a link in an email. To verify whether a call or email is legitimate, call MutualOne Bank at 508.820.4000.
Most fraudulent communications will include an urgent claim about something that will concern or excite the victim. If you have been the victim of a scam, file a complaint with local law enforcement and notify us at 508.820.4000.
Questions and Answers about the incident:
Q – Have any cards been compromised?
A – None that we are aware of. It’s important to remember to never give out your card number and PIN.
Q – What happens if I have already given my card number and/or PIN to the scammers?
A – Please let us know and we will cancel your card and reissue you a new one.
Q – Is there any risk to cards of customers that do not respond to fraudulent texts or calls?
A – No. This is not a card information breach. It is a fishing expedition to attempt to have customers volunteer information about their personal cards.
Q – Does MutualOne Bank ever make calls to customers about debit cards?
A – Yes. In the event of suspicious card activity, our fraud protection partner may call. The caller never asks the customer to provide card number or PIN information.
Q – Does MutualOne Bank issue legitimate text messages to customers?
A – Yes. Customers have the option to register for text alerts that are associated with our online and mobile banking applications. These text alerts do not ask customers to volunteer information about their accounts or cards. To learn more about text alerts, click here.
Q – What should customers do if they have ongoing concerns about debit card activity or security?
A – Call MutualOne Bank’s Client Services at 508.820.4000. To directly cancel a card over concerns about loss, theft, or fraudulent activity, customers may additionally dial our Card Support Services at 800.264.5578.