The safety and security of your data is extremely important to us. To ensure the security of your financial information at Northern California National Bank, we recommend the following:
A strong password is your first line of defense against intruders and imposters. Here are some tips about creating and storing your passwords for any site you visit.
- Never give out your password – never give it to a friend, even if you feel they will keep it safe.
- Use a “Strong” Password – a strong password includes a combination of upper and lower case letters, numbers and symbols.
- Don’t use dictionary words – if you use a dictionary word, there’s a chance someone will guess it.
- Don’t write your password down – this information can be lost and fall into the wrong hands.
- Don’t fall for “phishing” attacks – be very careful before clicking on any links, even if it appears to be known to you. See below for more information on phishing.
- Keep your anti-virus/anti-malware software up to date – malicious software can be used to record your keystrokes on your devices and can be used to steal passwords and other information. Make sure that your software and operating system is up to date.
Malware which is sometimes referred to as adware, spyware or trojans is any program on your computer that tracks or records your activities without your knowledge.
Viruses – viruses are harmful computer programs that can be transmitted in a number of ways. Although they differ in many ways, all are designed to spread themselves from one computer to another through the Internet. They are designed to give the criminals some sort of access to infected computers.
Spyware & Adware – spyware and adware apply to several different technologies. The two important things to know about them is that they can download themselves onto your computer without your permission like when you visit an infected website or open an attachment from an email. In the worst cases, spyware can track your online movements, steal your passwords and compromise your accounts.
Botnets – networks of computers infected by malware (computer virus and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on website or networks.
Spam & Phishing
Cybercriminals use different attempts to lure people into giving out protected information. This can be through clicking on links or opening infected attachments. Many times the notifications insist on urgency and through that, they persuade the user into giving out information or clicking on links. If you receive an email asking you to click on a link, stop and think first. Contact the company directly using information not provided in the email. Use contact information on the back of your card, from your bank statements or look them up online.
Spam – the electronic version of “junk mail”, it consists of emails you haven’t signed up for. Utilize filters on your email programs to set levels and attempt to block these types of emails. Be cautious of giving out your email address.
Phishing – phishing attacks using email or malicious websites by clicking on links to collect your personal information or infect your computer with malware or viruses. Targeted phishing emails are called “spear phishing” – these are highly targeted to individuals for specific purposes.
Business Email Compromise (BEC) & Hacked Accounts
Business email compromise (BEC) is a very sophisticated scam that targets businesses that work with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Most victims have reported wire transfers as the common method of transferring funds for business purposes; however, some victims report the use of checks as common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices to carry out the fraud.
Once the business email has been compromised, the fraudsters monitor the businesses behavior and email correspondence. Once a pattern is recognized, they spoof the business executive’s emails and start a correspondence within the business to various departments which often times results in fraudulent wire transfer requests.
For detailed information about cybercrime and Business Email Compromise, visit the Federal Bureau of Investigation’s Internet Crime Complaint Center.
ID Theft, Fraud & Cybercrime
How to Protect Yourself
- Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the internet. E-mails and internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
- If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and web sites on the monthly statements you receive from your financial institution, or you can look the company up in the phone book or on the internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
- Never provide your password over the phone or in response to an unsolicited internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
- Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
What to Do If You Fall Victim
Contact your financial institution immediately and alert it to the situation. If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place fraud alerts on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:
Report all suspicious contacts to the Federal Trade Commission through the internet a www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT