October is cyber security month and First Bankers Trust is committed to keeping our customers’ accounts and information safe and secure. Security attacks are at an all-time high and while there are countless ways to keep yourself safe, there are two security tips that stand out above all others. Here is what you need to know.
#1 - Manage Your Passwords
One of the easiest and most effective ways to defend yourself and your account information from cyber security risks is to prioritize strong, unique passwords. You can check out our blog post with tips and tricks about Why Password Management is Important to help you strengthen your password usage.
Don’t just take our word for it, though. Microsoft has shared that, “Password spraying is one of the most popular attacks, accounting for more than a third of account compromise in organizations.”
Password spraying is the exploitation of previously compromised credentials that are posted and sold on the dark web. "Attackers can utilize this tactic, also called 'credential stuffing,' to easily gain entry because it relies on people reusing passwords and usernames across sites," Microsoft explains. (source)
Nikki Cain, VP ERM and ISO at First Bankers Trust Company, N.A., says, “User names and passwords collected from various data breaches are compiled and attempted against popular online apps and services – including online banking. There is success with this method because many of us re-use the same password across multiple sites.”
So what can you do to keep your passwords secure?
- Use a password manager to help manage unique passwords.
- Use multi factor authentication where you can.
- Don’t share your user names and passwords.
#2 - Beware of Social Engineering
Have you ever received an email that didn’t look quite right? An email that you weren’t expecting? Maybe even from someone you know? Chances are good that was a phishing email that was intended to socially engineer information from you.
These specially crafted emails are made to entice you to click on a link or open an attachment. The links will take you to a website. While it may look like nothing is happening malicious software is potentially being downloaded in the background and creating a link for hackers to gain access to your computer. A link may also take you to a lookalike website in an attempt to capture your login credentials.
The attachment scenario works the same way. It may be presented as a pdf (Adobe) or other file type ending in xls (Excel) or doc (Word) but in reality it is an executable installing the malicious payload. Visually on the computer monitor nothing happens. Unfortunately, more often than not, anti-virus is not catching the activity.
Because it’s no longer just about phishing. Social engineering can be done over email, phone calls, text and even in some cases in person.
Here’s what you can do to protect yourself against social engineering:
- Look closely at emails requesting personal information:
- Were you expecting it?
- Is the sender email address correct?
- Does the logo look right?
- Urgency should raise your suspicions.
- If in doubt, pick up the phone to double check
- Text message from your bank or credit card company:
- Don’t respond to a text or call a number provided in a text.
- Login to online banking from the web or your mobile app to look for any messages.
Also, your bank will never ask personally identifying questions over email and only over text if you initiate the conversation with our texting service. Call us if you are ever in doubt – we love to hear from you anyway! You can find our contact information on our website or the back of your debit card.
Our team is always here and ready to help! If you are ever in doubt, contact us!