CYBERSECURITY

Protect Your netteller

Fraud can happen anywhere, anytime. While First Citizens Bank employs advanced security technologies to ensure optimum online banking protection, you too have a role to play to help protect yourself and your business against fraudulent transactions.

  • Choose a good password! Your password should be hard to guess and should not be found in the dictionary.
  • Memorize your password! The best password is useless if it can be found written.
  • Don’t share your online banking password. Your password is designed to protect your banking information, but will only work if you keep it to yourself. If you think your password has been compromised, change it immediately and contact the Bank.
  • Change your password as often as you wish. (We recommend doing so every 90 days)
  • Don’t leave your computer unattended during a NetTeller session. Click “EXIT” to end your session and always sign off once you’ve completed your online banking.
  • If anyone else has access to your computer, clear your browser’s cache to eliminate copies of web pages that have been stored on your hard drive.
  • Avoid using public Internet access terminals when conducting online banking.
  • Use a reputable anti-malware software and keep it up-to-date with the latest signature files.
  • Use a firewall.
Protect Your Wireless Network

Having unwanted users on your WIFI can not only slow down your connection, it can be a security risk or even get you into legal trouble.  Here are some simple steps you can take to secure your wireless network:

  • Change the default administrator password.  Most WIFI routers are configured via an administration web page that is protected by a username and password.  The manufacturer default passwords are well-known to hackers.  You should change them immediately.
  • Turn on WPA2 encryption.  If your router is so old that it only supports WEP, you should buy a new one.  Not only will it be more secure, it will probably be faster.
  • Change the default SSID or do not broadcast your SSID at all.  Many routers ship with a default SSID like “Linksys”, this can be a clue to an attacker so change it to something unique like “Jane’s WIFI” and for even more security, do not broadcast your SSID at all.
  • Enable MAC address filtering.  Configure your router so that only the devices you key in manually can access the router.
  • Do not auto-connect to open wifi networks.  Change this setting on your laptop, tablet, or phone to avoid connecting to unknown networks such as free wireless hotspot or your neighbor’s wifi.
  • Assign Static IP Addresses to Devices.  If you disable DHCP an attacker will have a harder time obtaining a valid IP address for your network
  • Enable firewalls on each computer and the router.
  • Position your wireless router safely.  place the router near the center of your home or office rather than near the perimeter to minimize signal leakage.
Protect Your Mobile Devices

Keep your mobile device safe by following these tips:

  • Lock your device with a PIN, Password, or Pattern to prevent unauthorized access.
  • Configure your device to automatically lock after a certain period of inactivity.
  • Never leave it unattended in public—lost and stolen devices are the number-one threat to mobile users.
  • Only install apps from trusted sources.
  • Shop at reputable app stores—Before downloading an app, research the app and its publishers.
  • If you are an Android user do not install apps from unknown sources–disable this feature in your settings.
  • Read the reviews and ratings of each app before you download.
  • Back up your data.  Most smartphones have the ability to backup your data wirelessly.  This gives you the ability to access your data if the device is lost, stolen, or destroyed.
  • Keep your system up-to-date with the latest OS and App releases which usually contain security enhancements.
  • Don’t hack or jail-break your device.  Tampering with your device can open up security holes.
  • Always log out of banking and shopping sites.  Log out instead of simply closing the browser in case your device is lost or stolen.
  • Never save usernames and passwords in your mobile browser or apps.
  • Don’t bank or shop online from public Wi-Fi connections—save those financial transactions for your secure connection at home.
  • Double-check the site URL to make sure you are not on a fake site.
  • Download the official M0bile Banking App so there is no doubt you are on the correct site.
  • Turn off Wi-Fi, location services, and Bluetooth when they are not in use
  • Avoid texting or emailing personal information Even if you receive a text that appears to be from your bank or another legitimate business, never respond with personal information. Instead, contact the bank directly to confirm their request.
  • Don’t click on links or attachments in unsolicited emails or text messages.
  • Delete unsolicited messages as soon as you receive them. Also, be wary of shortened URLs and QR codes—they could lead you to dangerous websites. If you plan to scan QR codes, select a QR reader that offers a preview of the code’s embedded web address, and use mobile security software that warns you of risky links in QR codes.
  • Install a mobile security app, keep it up-to-date and scan your device for malware regularly.
Protect Yourself from Phishing

Don’t Get Hooked!

What is Phishing?

Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action.  Phishing originally described email attacks that would steal your online username and password, however, the term has evolved and now refers to almost any message-based attack.  These attacks begin with a cyber criminal sending a message pretending to be from someone or something you know, such as a friend, your bank, or a well-known store.

These messages then entice you into taking action, such as clicking on a malicious link, opening an infected attachment, or responding to a scam. Cyber criminals craft convincing-looking emails and send them to millions of people around the world.  The criminals do not know who will fall victim, they simply know that the more emails they send out, the more people they will have the opportunity to hack. In addition, cyber criminals are not limited to just email but will use other methods such as instant messaging or social media posts.

What is Spear Phishing?

The concept is the same as phishing, except that instead of sending random emails to millions of potential victims, cyber attackers send targeted messages to a few select individuals.  With spear phishing, the cyber attackers research their intended targets, such as by reading the victims Facebook or any message they post on public blogs or forums.  Based on this research, the attackers then create a highly customized email that appears relevant to the intended targets.  This way the individuals are far more likely to fall victim.

Why Should I Care?

You may not realize it, but you are a phishing target at work and at home. You and your devices are worth a tremendous amount of money to cyber criminals and they will do anything they can to hack them.  Your awareness is the most effective way to detect and stop phishing.

What are some phishing indicators I can look for?

  1.  Misspelled words and odd punctuation
  2.  Formatting errors or odd page layout
  3.  You know you don’t have an account with the company that is emailing you.
  4. How the email is addressed or the salutation seems odd or generic…like “dear customer”
  5.  The sender’s address is unidentifiable or doesn’t make sense.  Why would my bank email me from a Gmail account?
  6. Legal Threats.  Legitimate entities will call you before emailing or send a letter in the mail
  7.  Time restraints or a sense of urgency.
  8. Asking you to verify your account information through email
  9.  Sentence structure.  non-English language hackers will mess up subject/verb agreement.
  10. HTML-only messages.  legit messages will have a plain-text version included.
Protect Your Paperwork

Keep in mind that digital data is not the only thing that needs to be protected. Paper documents also need to be protected. When disposing of any confidential documents, make sure they are shredded first.

Dumpster diving is the act of looking for treasure in someone else’s trash. In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to a network. To prevent dumpster divers from learning anything valuable from your trash, establish a routine where all sensitive paper (like your bank statement) is shredded in a cross-cut shredder before being recycled. Also, make sure all storage media (CD, DVD, Floppy) is erased before discarding.

Protect Your Children

Educating Kids on Cyber Safety

The number of ways children today can go online and interact with others is staggering.  New social media services pop up like weeds and there are an ever increasing number of apps and games that connect online.  In addition, many schools are migrating to services such as Google Drive and require work to be completed and submitted online. Kids are literally growing up “connected.” While this has many benefits, these opportunities also come with risks.

Three Areas of Risk for Kids

  1.  Conduct:  When interacting in online communities or virtual worlds, kids can behave in ways they never would in the real world. The lack of a physical presence can create a powerful sense of anonymity, especially in children. They are often tempted to express themselves in ways that might hurt other kids, called cyberbullying or griefing. In addition, your children may become the victim of others who are deliberately mean or hurtful to them.
  2. Contact: Children are now in almost constant communication with others, whether through texting, interacting in online communities or playing in virtual worlds. The lack of physical presence often causes them to forget that the individual on the other end may not be who they say they are or may not have their best interest in mind. Predators roam these digital streets, and they will use every tactic they can to build relationships with potential victims, often by posing as children themselves.
  3. Content: There is no shortage of ways to capture and post video, sound, images or text-based messages online. The temptation for kids to “out-post” others and over-share information about themselves or their family members is very real, and they often do it without realizing the consequences. Children may also not realize the dangers of identity theft or malware infection when others ask them probing questions or ask them to take actions such as clicking on links. Lastly, we live in an age where there is no “undo” when things are posted online or shared with others. Kids may think Kik, Instagram, Snapchat and other posts are fleeting, but those posts can all come back to haunt them or other family members later in life.

Educating Kids

The number one thing you can do to protect kids is to talk to them. Know what your kids are doing online and educate them about today’s risks and what they should do to protect themselves.

  1. Safety at Home: Even with great mobility, home is where safe, online behaviors start. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues, even going so far as to show them actual negative events that have taken place. If you don’t know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Kids love the idea of being the teacher and will open up. For example, perhaps they are on Instagram. Ask them to show you how Instagram works; have them set up an account for you and have you follow them. Not only are you now learning and monitoring what your kids are doing, you are making it that much easier for them to talk to you. In addition, ensure—to the extent that you can—all online activity takes place in central areas of the home and create time boundaries for usage. By having home computers in a central location, kids are far less likely to engage in dangerous behavior. Also, consider a central charging station for mobile devices, with the rule all mobile devices go there before kids go to bed at night.
  2. Safety with Others: When children are away from home, they are at more risk. Help them understand that your cyber rules apply wherever they are and communicate your restrictions to whomever you trust with their care. If they have mobile devices, check usage patterns (time and bandwidth) to see if there are signs of them taking advantage of the inherently fewer restrictions there are when away from home. You won’t be able to stop all of the infractions, but your caring words will come to mind whenever their mobile devices are about to wander.
  3. Safety in Numbers: You are not alone in this cyber watch. You should engage other parents, guardians, siblings, teachers and friends to help keep an eye out for potentially harmful behavior. Try to have your community keep up with the kids and encourage them to have positive interactions with them when they see kids starting down a dangerous path.

Finally, when kids make mistakes, treat each one as an experience to learn from instead of engaging in an immediate disciplinary action. Explain “why” each time and remind them that you are only trying to protect them from the dangers they cannot yet see. Let them know they can come to you if and when they experience anything uncomfortable in an online interaction, perhaps even have them take a screenshot to share with you. Make sure they also feel comfortable approaching you when they realize they themselves have done something inappropriate. Keeping real-world communication open and active is the best way to help kids stay safe in today’s digital world.

Protect Your Device with Anti-Virus

What is Anti-Virus?

Anti-virus is a security program you install on your computer or mobile device to protect it from getting infected by malware. The term “malware” is a catch-all phrase for any type of malicious software, such as viruses, worms, Trojans and spyware. In fact, the term malware comes from combining the words malicious and software. If your computer has become infected by malware, a cyber attacker can capture all of your keystrokes, steal your documents or use your computer to attack others. Contrary to what some people believe, any operating system, including Mac OS X and Linux, can be infected.

You can purchase anti-virus software as a standalone solution or it is often included as part of a security package. The problem is that anti-virus can no longer keep up with cyber attackers; they are constantly developing and releasing new types of malware. There are so many new versions of malware released every day that no anti-virus program can detect and protect against all of them. This is why it is important for you to understand that while anti-virus will help protect your computer, it cannot detect or stop all types of malware. To better understand better why, let’s look at how most of these programs work.

How Anti-Virus Works

In general, there are two ways anti-virus software identifies malware: signature detection and behavior detection. Signature detection works like the human immune system. It scans your computer for characteristics or signatures of programs known to be malicious. It does this by referring to a dictionary of known malware. If something on your computer matches a pattern in the dictionary, the program attempts to neutralize it. Like the human immune system, the dictionary approach requires updates, like flu shots, to protect against new strains of malware. Anti-virus can only protect against what it recognizes as harmful. The problem is that cyber attackers are developing new malware so fast that anti-virus vendors cannot keep up. As a result, no matter how recently your anti-virus was updated, there is always some new variant of malware that can potentially bypass your anti-virus software.

With behavior detection, anti-virus does not attempt to identify known malware, but monitors the behavior of software installed on your computer. When a program acts suspiciously, such as trying to access a protected file or to modify another program, behavior-based anti-virus software spots the suspicious activity and alerts you to it. This approach provides protection against brand new types of malware that do not yet exist in any dictionary. The problem with this approach is that it can generate false warnings. You, the computer user, may be unsure about what to allow or not allow and become desensitized to all those warnings over time. You might be tempted to click on “Accept” on every warning, leaving your computer open to attack and infection. In addition, by the time the behavior is detected, the malware most likely has already run on your machine and you may not know what actions the malware took before the anti-virus software identified it.

Anti-virus is an important part to securing your computer and mobile devices. Whenever possible, we recommend you install and actively use it. However, the key point to remember is that regardless of how your anti-virus works, it can never protect you from all types of malware. Ultimately, you, and not just technology, are the best defense against today’s cyber attackers.

Anti-Virus Tips

  1. Obtain anti-virus software only from known, trusted sources and vendors. It is a common ploy of cyber attackers to distribute fake anti-virus programs that are really malware.
  2. Make sure you have the latest version of your anti-virus software installed, that your annual subscription is paid for and active and that your anti-virus is configured to update automatically. If your computer has been offline or powered off for a while, your anti-virus software will need to update itself when you turn it back on or reconnect it to the Internet. Do not postpone these updates.
  3. Make sure your anti-virus automatically scans portable media, such as USB sticks, and ensure real-time protection is on.
  4. Pay attention to the on-screen warnings and alerts generated by your anti-virus software. Most alerts include the option of getting more information or a recommendation about what to do next. If you get an alert on a work-supplied computer, be sure to contact the help desk or your supervisor immediately.
  5. Do not disable or uninstall your anti-virus software because you feel it is slowing down your computer, blocking a website or preventing you from installing an app or program. Disabling your anti-virus will expose you to unnecessary risk and could result in a serious security incident. If problems persist on a work computer, contact your help desk. If the problems persist on your personal computer, try contacting the anti-virus vendor, visiting their website for more information or replacing your anti-virus with another product.
  6. Do not install multiple anti-virus programs on your computer at the same time. Doing so will most likely cause the programs to conflict with each other and may actually reduce the security of your computer.
  7. Learn to recognize the warnings that your anti-virus software produces. Cyber attackers can set up malicious websites that post very realistic but fake anti-virus warnings and offer to help you “fix” your computer. Clicking on the links or buttons on these websites can actually harm your computer.
Protect Your Online Accounts with Passphrases

Passwords are something you use almost every day, from accessing your email and banking online to purchasing goods or accessing your smartphone. However, passwords are also one of your weakest points; if someone learns your password, they can steal your identity, transfer your money or access your personal information. Strong passwords are essential to protecting yourself. Try to create strong passwords that are easy to remember by using a type of password called passphrases.

The challenge we all face is that cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at it. This means they can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. The more characters your password has, the stronger it is and the harder it is for an attacker to guess. However, long, complex passwords can be difficult to remember. So instead, we recommend you use passphrases. These are simple phrases or sentences that are easy to remember, but hard to hack. Here is an example:

Where is king Julian?

What makes this passphrase so strong is that not only is it 21 characters long, but it also uses capital letters and symbols. (Remember, spaces are nothing more than another symbol.) You can make your passphrase even stronger if you replace letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero. If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.

Using Passphrases Securely

You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it:

  1. Be sure to use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube or Twitter. This way, if one of your accounts is hacked, the other accounts are still safe. If you have too many passphrases to remember (which is very common), consider using a password manager. This is a special program that securely stores all of your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer and the password manager program.
  2. Never share a passphrase or your strategy for creating them with anyone else, including coworkers. Remember, a passphrase is a secret. If anyone else knows your passphrase, it is no longer secure. If you accidentally share your passphrase with someone else or believe it may have been compromised or stolen, be sure to change it immediately.
  3. Just like passwords, avoid easy-to-guess or commonly used passphrases. For example, the phrase, “Four score and seven years ago,” is not a good passphrase, since it is so well known.
  4.  Do not use public computers, such as those at hotels or libraries, to log in to a work or bank account. Since anyone can use these computers, they may be infected with malicious code that captures all of your keystrokes. Only log in to your work or bank accounts on trusted computers or mobile devices.
  5. Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is that the answers to these questions can often be found on the Internet, or even on your Facebook page. Make sure that if you answer personal questions, you use only information that is not publicly available or fictitious information you have made up. Password managers can help with this, as many allow you to store this additional information.
  6. Many online accounts offer something called two-factor authentication, also known as two-step verification. This is where you need more than just your passphrase to log in, such a pass-code sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always use these stronger methods of authentication.
  7. Mobile devices often require a PIN to protect access to them. Remember, a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase.
  8. Finally, if you are no longer using an account, be sure to close, delete or disable it.
Protect Yourself While Shopping Online

Many of us will choose to shop online in search of a great deal and avoid long lines and impatient crowds.  Let’s look at some of the dangers of shopping online and ways you can protect yourself.

Fake Online Stores

While most online stores are legitimate, some are not; they are fake websites set up by criminals. Criminals create these fake websites by copying the look of or using the name of well-known stores. They then use these websites to prey on people who are looking for the best deal possible. When you search online for the absolute lowest prices, you may be directed to one of these fake websites.
When selecting a website to purchase a product, be wary of websites advertising prices dramatically cheaper than anywhere else or offering products sold out nationwide. The reason their products are so cheap or available is because what you will receive is not legitimate, is a counterfeit or stolen item or, in some cases, you never even receive anything. Protect yourself by doing the following:

  • Verify the website has a legitimate mailing address and a phone number for sales or support-related questions. If the site looks suspicious, call and speak to a human.
  • Look for obvious warning signs like poor grammar and spelling.
  • Be very suspicious if a website appears to be an exact replica of a well-known website you have used in the past, but the website domain name or the name of the store is slightly different. For example, you may be used to going to the website https://www.amazon.com for all of your
    Amazon shopping. But be very suspicious if you were to find yourself at a website pretending to be Amazon with the URL http://www.store-amazon.com.
  • Type the store’s name or URL into a search engine and see what other people have said about the website in the past. Look for terms like “scam,” “never again” or “fake.” A lack of reviews is also
    not a good sign, as it indicates that the website is very new.

Remember, just because the site looks professional does not mean it’s legitimate. If something about the site sets off warning bells, take time to investigate. If you aren’t comfortable with the website, don’t use it. Instead, find a well-known website you can trust or have safely used in the past. You may not find quite as great a deal or find that hot ticket item, but you are much more likely to end up with a legitimate product and a clean credit report.

Your Computer/Mobile Device

In addition to shopping at legitimate websites, you want to ensure your computer or mobile device is secure. Cyber criminals will try to infect your devices so they can harvest your bank accounts, credit card information and passwords. Take the following steps to keep your devices secured:

  • If you have children in your house, consider having two devices: one for your kids and one for the adults. Kids are curious and interactive with technology. As a result, they are more likely to infect their own device. By using a separate computer or tablet just for online transactions, such as online banking and shopping, you reduce the chance of becoming infected. If separate devices are not an option, then have separate accounts on the shared computer and ensure your kids do not have administrative privileges.
  • Only connect to wireless networks you manage, such as your home network, or networks you know you can trust when making financial transactions. Using public Wi-Fi networks, such as at your local coffee shop, may be great for reading the news, but not for accessing your bank account.
  • Always install the latest updates and run up-to-date anti-virus software. This makes it much harder for a cyber criminal to infect your device.

Your Card

Keep an eye on your  card statements to identify suspicious charges. You should review your statements regularly, at a minimum at least once per month. First Citizens Bank gives you the option of notifying you by email or text messages every time a charge is made to your card or when charges exceed a set amount.  If you believe fraud has been committed, call the bank right away and explain the situation.

Finally, there is technology that enables you to pay without exposing your credit card number. Consider well-known payment services, such as PayPal, which do not require you to disclose your card number to the vendor.

© 2019 First Citizens Bank. All Rights Reserved.