Useful Security Tips and Ideas
Threats are ever evolving and keeping up with current threats can be difficult. We encourage you to use caution and never provide confidential information via text, email, incoming call (by a person or automated call), or pop-up ad on your computer.
When you receive a call or message that seems suspicious or unusual, hang up and call the phone number from your most recent bill or the back of your card. With our increased dependence on electronic devices and the Internet, below is information to help educate and provide you and your business.
Ransomware is malware that is downloaded through email attachments that then encrypts an entire system, including any attached storage. One particular ransomware that businesses need to pay attention to is CryptoLocker.
The only way to decrypt an infected device is to pay a fee or "ransom" to the malware owner. Preventing the malware from loading is the key. Don't open any email with a .zip file as an attachment - even if you are familiar with the sender. The exception is if you confirm the sender actually sent the email.
Beware of email alerts which advise you that a package is being shipped to you, especially when the email contains a link to a tracking number. Clicking through a link in a phishing email can result in malware being downloaded to your PC which may then put your business at risk.
Never click on links or open attachments from email senders that you are not familiar with or expecting an email from. If the email is from a known sender but appears unusual or is unexpected, call the sender to verify the validity of the email before you open it or click on any links.
A large percentage of PCs with Java do not contain Java security patches or are not running the most current version of Java. Java runs on millions of PCs and is often exploited by cyber criminals to infiltrate or attack your PC. To combat this vulnerability, as part of your overall security best practices, keep Java up-to-date and secure.
This is a common form of identity theft for business customers. An account takeover occurs when a fraudster has an individual's information such as social security number, User ID and password, account number, and/or access to email accounts. Once the fraudster has access to this information, they can use it to pose as the customer and conduct unauthorized transactions.
There are many ways a criminal can obtain confidential information. Social engineering is a contributing factor to these and many more scams. Fraudsters use every avenue of communication to have you divulge sensitive account information.
Phishing uses fraudulent emails or pop-up messages to attempt to collect personal or account information. These messages often have a sense of urgency that suggests dire consequences, such as an email from your 'bank' stating your account has been or will be frozen.
Smishing uses a text message from an unknown number, asking you to click a link to another site or call a phone number. They entice you to provide personal or account information and may attempt to infect your mobile device with malware.
Vishing uses the telephone in an attempt to get the user to provide personal or account information, often presenting themselves as legitimate businesses offering assistance to the user.
Contact Us / Questions?
Your security is important to us. When communicating via email please do not include any personal, business, or confidential account information. Thank you!
Phishing, vishing, and smishing all involve spoofed communication that appears to be from a legitimate business urging you to “act immediately” or your account might be closed. Phishing uses email messages, smishing employs text messages, and vishing combines phone calls and email. Hackers use this information to access your online accounts to withdraw money or make purchases.
First Bank will never email you and ask you to call a phone number and enter any type of personal information. A First Bank representative may call you regarding activity on your account or to verify specific transaction activity on your account. We will always verify that you are the account holder before discussing specific account activity.
Ways to Avoid Phishing, Vishing, and Smishing
- Do not click on links in emails or texts. Go directly to a company's website. Pay close attention to the URL in the browser window.
- Verify messages by contacting the company or financial institution that supposedly sent them.
- Look up email addresses, links, and phone numbers. Do not use those provided in the messages or over the phone.
Ransomware is a type of malware that is unwittingly downloaded when you click on a tainted link, open an infected attachment, or even click on a phony advertisement. If your computer freezes, and a message on your screen tells you that your computer will remain frozen until you pay a ransom or a fee, you have become a victim of ransomware. The criminals often ask for a minimal amount of money to give you access to your computer again. They believe that you are comfortable paying them to avoid the frustration of the situation. Sometimes the denominations are very small and the accepted method of payment transmission might include wiring money through a common wire service. Thieves also may ask you to make a payment via a premium text message or send them money as a type of online cash.
Protect Your Devices Against Ransomware
- Install current firewall, anti-virus software, and anti-malware software on your computer, tablet, and other mobile devices.
- Back up everything on your devices to a cloud service or a USB drive.
- Never click on a link or download an attachment unless you have independently confirmed that the communication or advertisement is legitimate. Emails that contain links to businesses sent from friends may have been hacked by scammers. Go directly to a company’s website instead of clicking on a link in an email.
- Create different passwords for all of your accounts.
- Change your passwords regularly.
IRS, Summit Partners warn on tax deadline scams, ‘IRS Refunds’ email
WASHINGTON – When the tax deadline is approaching, the Internal Revenue Service and Security Summit partners urge taxpayers and tax professionals to be alert to identity theft scams, especially a new email version currently pretending to be from “IRS Refunds.”
As the filing season comes to a close, thieves step up their efforts, warned the Internal Revenue Service and the Security Summit partners. The Security Summit, a partnership between the IRS, state tax agencies and the tax industry, continues to take steps to combat tax-related identity theft.
The “IRS Refunds” scam is a common tactic used by cybercriminals to trick people into opening a link or attachment associated with the email. This link takes people to a fake page where thieves try to steal personally identifiable information, such as Social Security numbers.
Often these links or attachments also secretly download malware that can perform many functions, such as giving the thief control of the computer or tracking keystrokes to determine other sensitive passwords or critical data.
The IRS does not randomly contact taxpayers or tax professionals via email, including asking people to confirm their tax refund information. The IRS initiates most contacts through regular mail delivered by the United States Postal Service.
However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment, or to tour a business as part of an audit or during criminal investigations.
Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail.
Note that the IRS does not:
- Demand that taxpayers use a specific payment method, such as a prepaid debit card, gift card or wire transfer. The IRS will not ask for debit or credit card numbers over the phone. Taxpayers should make check payments to the “United States Treasury” or review IRS.gov/payments for IRS online options.
- Demand that taxpayers pay taxes without the opportunity to question or appeal the amount they say is owed. Generally, the IRS will first mail a bill to those who owe any taxes. Taxpayers should also be advised of their rights as a taxpayer.
- Threaten to bring in local police, immigration officers or other law-enforcement to have taxpayers arrested for not paying. The IRS also cannot revoke a driver’s license, business license or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.
With scams like these circulating, taxpayers and tax professionals should take ongoing security precautions to protect their identities and their computer networks from identity thieves. Here are a few basic security steps for taxpayers:
- Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records stored on computers. Use strong, unique passwords for each account.
- Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect personal data. Don’t routinely carry Social Security cards, and make sure tax records are secure. Shop at reputable online retailers. Treat personal information like cash; don’t leave it lying around.
Here are few basic security steps for tax professionals:
- Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: the IRS never initiates initial contact with tax pros via email.
- Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
- Review internal controls:
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
- Use strong and unique passwords of 10 or more mixed characters, password-protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
- Encrypt all sensitive files/emails and use strong password protections.
- Back-up sensitive data to a safe and secure external source not connected fulltime to a network.
- Wipe clean or destroy old computer hard drives that contain sensitive data.
- Limit access to taxpayer data to individuals who need to know.
- Check IRS e-Services account weekly for number of returns filed with EFIN.
- Report any data theft or data loss to the appropriate IRS Stakeholder Liaison.
- Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alert and Social Media.