As the electronic financial world gets more complex, online criminals become more sophisticated as well. In response, we have taken a comprehensive approach to meeting this growing threat.
We have evaluated the risks and threats listed below.
- Phishing – Fraudulent e-mails, appearing to be from a trusted source, directing you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers, and passwords, just to name a few. These sites are often designed to look exactly like the site they are imitating. The information you provide is then used to hijack your accounts and your identity. E-mails that warn you that your account will be shut down unless you confirm certain information are very likely phishing. Do not respond to phishing e-mails. Instead use a phone number you know to be legitimate to check the source.
- Pharming – or “domain spoofing” is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site. It is different from Phishing in that the attacker does not have to rely on having the user click a link in an e-mail to deceive the user. Even if the user correctly enters a web address into a browsers address bar, the attacker can still redirect the user to a malicious web site.
Online Banking uses a process called Multi Factor Authentication. The two methods of authentication are 1) something the user knows: password and 2) something the user has: computer. The password is chosen by the user. It needs to be at least eight characters long with at least two numbers and at least two letters. If the password has been lost or if it may have been compromised, a Bank representative can reset it. Online Security verifies the computer the user is using to log in. It checks the machine forensics such as security cookies and macromedia flash shared objects. If the computer is not recognized, the user will be asked challenge questions to assure the user’s identity.
Online Security helps prevent against phishing and pharming by assuring the user that they are on the correct site before any confidential information (ie. Passwords) are asked for. The program uses pictures and a text phrase that is chosen by the user to identify the bank’s website. If the user does not recognize the picture and text phrase, he or she should not continue with the login process.
While we have taken many steps to ensure the safety of our customers, there are some additional measures that you can take to protect your information:
- Do not use your full or partial Social Security number as a Personal Identification Number (PIN), user ID or password.
- Do not use the same user ID and password for your financial accounts as you do for other sites.
- Change online passwords frequently. Never share online passwords.
- Never respond to an urgent email claiming to be from a bank or any company that requests your account information or personal details. Forward these emails to firstname.lastname@example.org.
- Only access Arbor Bank online banking from secure devices.
- Keep your computer operating system and browser up to date with the latest software and security downloads. These may be called 'patches' or 'services packs' and should be installed as soon as possible.
- Install a comprehensive Firewall/Antivirus/Anti-spyware software package on your device.