San Diego Trust Bank

Information Security

 November 16, 2012

Recommendations for Information Security                                       

The following websites may provide helpful information to you on how to protect your computer and information:

Internet Fraud

The FBI, which receives about 25,000 consumer complaints a month via the Internet Crime Complaint Center (IC3), has established the following website dedicated to educate consumers about internet fraud:

FBI: Internet Fraud – Common Fraud Schemes

http://www.fbi.gov/scams-safety/fraud/internet_fraud

If you are interested in staying up to date on the latest scams,  simply register on the above website to receive updates when the FBI posts new information.

Cyber-security

If you are interested in looking for practical tips for securing your computer and networks against current and evolving cyber threats, you can review the following websites:

On Guard Online - This website is the federal government’s website to help you be safe, secure and responsible online: www.Onguardonline.gov

Stop.Think.Connect -  This website is hosted by the Department of Homeland Security.  This is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online: www.dhs.gov/stopthinkconnect

Interested in conducting a review of your computer security?  Contact one of our branches today to obtain a copy of our Commercial Internet Banking Risk Assessment and Control Evaluation form.  It’s quick and easy to complete, and will provide a good starting point to determine where your computer security is.

San Diego Regional Banking Center:          619-525-1700
Encinitas Regional Banking Center:            760-479-4340
Point Loma Regional Banking Center:        619-225-1355

October 11th, 2012 

 Online Business Account Takeover Fraud Prevention Recommendations

 You may have seen media reports or articles lately regarding online business account takeover. Business account takeover is when cyber-thieves gain control of a business’ bank account(s) by stealing the business’ valid online banking credentials. It is the business equivalent of personal identity theft. Although there are several methods being employed to steal credentials, the most prevalent involves Malware software that infects a business’ computer workstations and laptops. Malware is commonly distributed via e-mail links, social networking sites and malicious websites.

Once credentials are obtained, business accounts are accessed online, and wire transfers, bill payments, intra-bank transfer or ACH (Automated Clearing House) transactions are initiated, draining the balance in the client’s account. In most cases, the clients do not discover the fraudulent transactions in time to recover the funds from the recipient of the funds, so the clients have been faced with significant losses.

The cyber-thieves appear to be targeting small to medium sized businesses, as well as smaller government agencies and non-profits. We believe the risk and liability is significant, so we are advising our clients to utilize the following recommendations to mitigate the risks:

  • Dual Control: Utilize dual control for Administrative functions as well as releasing any payments electronically.
  • Ensure that all anti-virus and security software and mechanisms for all computer workstations and laptops that are used for online banking and payments are effective and up to date.
  • Access online banking and other critical online systems through the use of computers that are limited to business-related activities only. A computer used for online banking or other critical functions should not be used for general web browsing, social networking and accessing personal e-mail.
  • Password Protection: A unique password is the first step of securing your online information. Select a password/PIN that is easy for you to remember but not quickly guessed. Don't write down passwords and never click "save my password." Do not share your password/PIN with anyone.
  • Apply operating system and application updates (patches) regularly. 
  • Contact your information technology provider to determine the best way to safeguard the security of your computers and networks.
  • Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity or if you believe your San Diego Trust Bank account has been compromised to any of our branches:

              San Diego Regional Banking Center:          619-525-1700
              Encinitas Regional Banking Center:            760-479-4340
              Point Loma Regional Banking Center:        619-225-1355

 FDIC Insurance does not cover online fraud losses. We recommend that all business owners discuss fraud coverage with their insurance carriers. San Diego Trust Bank provides the Online Banking platform to its business clients to add convenience for conducting financial transactions, but we cannot assume liability for breaches and system vulnerabilities of the client’s computer systems.    

 Read about National Cyber Security Awareness Month at http://www.dhs.gov/national-cyber-security-awareness-month.

 

Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

We would like to make you aware of a new ransomware, named Reveton, which hijacks computer operating systems in order to steal online banking credentials and other financial information. This is a very serious malware and will freeze the user’s computer until the ransom is paid. This is a new kind of attack and the so-called ransom message that displays on hijacked computers appears to be from the FBI. The message usually suggests the user violated a federal law and that the FBI has identified the user by his or her IP address. This is a scare tactic.

You can visit the FBI’s Internet Crime Complaint Center (IC3) site (http://www.ic3.gov) for the latest update on internet crime schemes.

The following is the warning published by the FBI:

The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares the user’s IP address was identified by the Federal Bureau of Investigation as visiting child pornography and other illegal content.

 To unlock the computer, the user is instructed to pay a fine to the US Department of Justice, using prepaid money card services. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar do not follow payment instructions. Infected computers may not operate normally. If your computer is infected, you may need to contact a local computer expert for assistance to remove the malware.

It is suggested that you;

  • File a complaint at www.IC3.gov.
  • Seek out a local computer expert to assist with removing the malware.

                                                                                                                                                                                                           

 Global Payments, Inc. Breach

 Global Payments Inc., a payment processor, announced on Friday, March 30, 2012 that it identified unauthorized access into its processing system. The company believes the breach has   impacted 1.5 MM cards. Global Payments processes billions of payment card, check and e-commerce transactions annually for more than 1 million global merchant locations worldwide. Based on the forensic analysis to date, networking monitoring and additional security measures, the company believes that the incident is contained. The company continues to work with regulators and law enforcement to assist in the efforts to minimize potential cardholder impact.

Global Payments has launched a new website dedicated to consumer updates about the breach:  www.2012infosecurityupdate.com .

Consumers across the U.S. and potentially the world are going to have to be extra cautious in light of the Global Payments breach. The key is to be vigilant and aware

 We recommend that:

  • Watch for any signs of trouble.
  • Monitor your accounts regularly, checking for unauthorized transactions. A $1 charge could be an indication that a criminal has access to a person's account number and is testing to see if they notice the activity. If you spot any unknown purchases or transactions, call the bank or the credit card company immediately.
  • Never provide sensitive information to unsolicited requests.
  • Get a credit report – You are entitled to a free credit report once every 12 months.
  • If you believe your account has been compromised, you can place a Fraud Alert on your credit report. To do this, you’ll need to contact one of the three credit bureaus listed below. The company you call is required to contact the other two, which will place an alert on their versions of your report:

            TransUnion:  1-800-680-7289        www.transunion.com

            Equifax:         1-800-525-6285        www.equifax.com

            Experian:       1-888-397-3742        www.experian.com

                                                                                                                                                                                                           

 Preventing Identity Theft and Reduce Your Risk of Becoming a Victim

Identity Theft has become an unfortunate part of our lives. However, you can reduce the risk of becoming a victim by following these simple steps:

  1. Don’t use the links in an e-mail to get to any web page, if you suspect the message might not be authentic. Be suspicious of any e-mail with urgent requests for personal financial information, especially when you are instructed to “validate” or “update” account information or face cancellation of services.
  2. Don’t give away any personal information, like SSN, account numbers, passwords, mother’s maiden name, birth date or PIN over the phone, unless you initiated the call.
  3. Never set up your computer system to remember your password. This feature although helpful, allows entry into your system.
  4. Consider replacing your current mailbox with one that has a lock and never leave outgoing mail sitting in a non-secure mailbox.
  5. Carry only the credit card you would use in an emergency and keep all other credit cards at home, in a secure place.
  6. If you do carry all of your cards, make sure to record their names, account numbers and customer service numbers and keep them in a secure place, in case any of the cards get lost or stolen you can report them immediately as missing to the card issuer.
  7. Do not have your driver’s license or social security number printed on your checks.
  8. Don’t carry your SS card in your wallet unless you need it that day.
  9. Check your credit report at least once a year. You can obtain a free credit report once a year from each of the credit reporting agencies: Experian, Equifax and Trans Union. www.annualcreditreport.com or toll free at (877) 322-8228.
  10. Consider adding a statement to your credit file that makes it more difficult to grant credit without calling you to confirm the application.

Experian: www.experian.com or (888) 397-3742
Equifax: www.equifax.com or (800) 525-6285
Trans Union: www.transunion.com or (800) 680-7289