While Evans Bank, N.A. does everything it can to protect the confidentiality of your online information, we can’t do it alone, and there are certain things that you can do to further secure your information. While the following is not an exhaustive list we feel that it can greatly improve your online security, not just your online banking.
- Protect your user name and access code; never give them to anyone that does not have access to the accounts linking to the user name.
- Access Codes:
Use complex passwords. To do so, use a combination of upper and lower case letters, numbers, and special characters. Do not write a whole word, especially one that could be associated with you in any way. The longer the password the harder it is to guess—use a password at minimum 8 characters long.
Change your password at regular intervals. Preferably a minimum of every three months.
Do not write your passwords down. Make sure it is complex but easily remembered-try using a phrase to help you remember it. An example of this could be (do not use this example as your Access Code!):
- Phrase is “F(4)our s($)core and s(7)even years ago Our Fathers” Access Code is “4$&7yaOF”.
- Make sure you have the latest security updates and patches applied to your computer software. This includes your operating system (Windows, Mac OS, etc.), web browser, Adobe Products (Adobe Reader, Adobe Flash Player), Java, and any other software that assists in your web browsing experience.
- Evans Online Banking allows you to set up ALERTS that may be delivered to three e-mail addresses or cell phones. Use this functionality to know when your balance goes above or below a certain dollar value and/or when a transaction above a certain dollar value posts to your account. Just click on the “Alerts!” tab within OnLine Banking” to set this up.
- Use Anti-virus and Anti-malware software. Make sure that you have automatic updates turned on to ensure the software remains up to date. Schedule regular full system virus scans of your computer.
- Do not share personal information on social networking sites, especially your Social Security Number, date of birth, personal phone number, home address, etc. In addition, enable privacy settings to further restrict access to all information you post on a site. Refer to your specific social networking site for instructions on how to do this.
- Before conducting any financial transaction online or entering a user name and password to any site, ensure the site you are using is secure. The address of a secure site begins with “https,” rather than http. Most web browsers will also display a padlock indicating security.
- Sign Out of your Online Banking Session when you have completed your transactions.
- Don’t use the same password for all websites, especially those with financial or personal information. Your online banking password should not be used for any other site.
- Do not access Online Banking from a public computer, or from a laptop connected to a public unsecured Wi-Fi hotspot such as in a restaurant or other public space.
- Review account balances regularly to confirm payment and other transaction data is accurate.
- Review the last time the Online banking system was accessed at each login. It is displayed on the initial screen of online banking after log on. This may help you determine if someone other than yourself is accessing your account.
- All types of Operating systems are vulnerable to attacks from multiple sources, this means that no matter what operating system you use, you should follow security best practices including the use of anti-virus software to ensure you are as secure as possible.
Many of the security principals that apply to online banking through your computer also apply to a mobile device, the main difference being that your mobile device is with you almost everywhere you go and much more susceptible to loss. The same protections offered to you through our Online Banking also apply to our mobile banking platforms. However, there are some extra steps you can take to further secure your mobile banking.
- Keep your mobile device updated, they are just like computer operating systems. Updates not only provide better functionality, they also provide key security updates and enhancements.
- Password protect your device. Most mobile devices allow for a pin, passphrase, or some other protection against an individual other than you accessing the device. In addition, set your device to automatically lock, requiring your password, after a certain length of inactivity.
- Only download apps from trusted app stores such as iTunes, Google Play, BlackBerry App World, etc. In addition, be sure to review what that app has access to on your device. Some apps may have more access than is needed for that app to operate, these apps should be avoided. In addition, be sure the developer is trusted, do your research. If the developer does not appear to be a legitimate developer of good software, do not download the app.
- Install mobile security software, when available, to protect your device against malicious software and other viruses.
- Install software that allows you to locate or remotely wipe your device.
- Do not modify your phones operating system, this is often referred to a jailbreaking or rooting.
- Do not use an unsecured public wi-fi hotspot to access mobile banking, use your providers 3G, 4G, or LTE data network or a private secured wireless connection.
- Disable Bluetooth when it is not in use.
Here is a listing of other resources, not affiliated with Evans Bank, but are helpful to consumers.
National Cyber Security Alliance – http://www.staysafeonline.org
The National Cyber Security Alliance (NCSA) is a public-private partnership focused on promoting internet security and safe online behavior.
On Guard Online – http://www.Onguardonline.gov
OnGuardOnline.gov is the federal government’s website to help you be safe, secure and responsible online. The Federal Trade Commission manages OnGuardOnline.gov, in partnership with the federal agencies listed below. OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.
Internet Crime Complaint Center (IC3) – http://ic3.gov
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). Its mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.
Types of Online Attack:
The following are an example of the types of attacks that can be carried out online. While this is not an exhaustive list, it can be used as a quick resource to understand some terminology. In addition, many Anti-virus and Anti-malware softwares can help to reduce the risk of an attack. Also, by taking a proactive approach to understand safe web browsing and e-mail practices you can further reduce the risk.
Phishing involves an unsolicited e-mail sent to you with the intention of capturing personal information – such as your Social Security number, your Online Banking login and password, your account numbers, etc. Such e-mails may even appear to come from legitimate companies and could be disguised to come from Evans Bank, your credit card company, your Internet Service Provider (ISP), or other companies. To avoid these scams you should never reply to an e-mail unless you can confirm the sender is who they say they are. Do not click on a link within an e-mail to access a site, it could be for a Pharmed website if the e-mail is fraudulent. Instead, open a web browser and type the address of the company contacting you into the URL bar to access their site.
If you should receive a suspicious e-mail message that appears to come from Evans Bank – please do the following:
- Do NOT OPEN or RESPOND to a suspicious e-mail message
- Forward the e-mail message to email@example.com
- Then delete the message from your personal e-mail box
If you have already responded to a suspicious or fraudulent e-mail, please call Evans Bank Security Department at 716.926.2000.
Please remember – Evans Bank will NEVER request personal information about you, your account, your Social Security number, user names or passwords via e-mail or pop-up messages!
How to Identify a Suspicious E-mail
Criminals who send suspicious or fraudulent e-mails use many means to disguise fraudulent e-mails. Sometimes their messages ask you to respond directly. While other times they may ask you to link to a website that may appear legitimate but is in actuality fraudulent. Either way, they will generally ask you to provide sensitive, personal or financial account information. The following tips are usefully in spotting suspicious or fraudulent e-mails. Beware of e-mails:
- With a threatening or urgent tone to their message such as an e-mail that claims your account may be closed if you fail to respond immediately
- Requesting personal or financial information such as an e-mail that claims Evans Bank has lost important information about your account or account activity and needs you to forward such information to another website
- With improper grammar and/or misspellings
Pharming involves a fraudster creating a false website hoping that people will visit them by mistake. This can happen by mistyping a website address, or by redirecting traffic from legitimate websites to their own. A pharmer will attempt to gather personal information from an individual that unknowingly visits their site. Pharming may also be used in conjunction with a fraudulent e-mail that contains a link to the fraudster’s false site; this link may also download other malicious software to a computer.
Malware is short for Malicious Software, which is used to disrupt computer operations, obtain sensitive information, or gain access to the computer’s resources. Malware is a general term used to describe multiple types of intrusive software, including viruses, worms, Trojan horses, spyware, adware, or other types of malicious programs.
Spyware – Often contained within “Free” programs, spyware monitors web activity and may also contain keystroke logging and other virtual snooping on computer activity.
Trojan horses – Can be used to assist hackers in obtaining unauthorized access to a computer system.
Virus – A program designed to automatically replicate itself and spread from one computer to another, as well as other programs within the infected computer. Some viruses are harmless, but typically have a negative affect such as slowing a computer or corrupting files beyond use. Typically, they are spread by e-mail or file sharing services.
Worm – A program designed to replicate itself within a computer until it uses up all available storage on a hard drive.