Security Center

Online Safety

Computer, Internet & Email Safety

Phishing

Tips for Selling Over the Internet


 

Computer, Internet & Email Safety

There are some steps that you should take to help protect yourself when it comes to personal computer (PC) and Internet security. Eric Thomas, owner and president of ETC Computer Solutions, Inc., suggests the following tips and resources to help you sort out some of the necessary and affordable software programs and precautions to consider in order to protect both your home computer and your peace of mind:

Update your operating system software.
If you own a PC with Windows, head to windowsupdate.Microsoft.com and follow the procedures to update your system. Updates can be released as little as once per month, or three updates may be available in a single day. Check Microsoft’s site to be sure.

Update your antivirus software, if you don’t have antivirus software, get it immediately.
GriSoft makes a free virus scanner available. Viruses can use your machine to mass mail other victims, steal vital information from your computer, or worse, destroy your data. Viruses can come from surfing the Internet, e-mail, removable media like floppy disks, cd-roms, and other file transfer media. You may not even realize your computer is sick. If your Internet has slowed to a crawl, or if odd error messages pop up every now and then, you may be infected.

Use anti-spyware applications.
If you’ve ever received a multitude of pop-up ads while surfing the Internet, you likely are ‘infected’ with spyware. Spyware is a general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, most are used to gather marketing data. Spyware companies make their money by showing ads against your will while you’re surfing the Internet. Some good free PC applications are Spybot, CWShredder, BHODemon, and AdAware. One must also be careful of programs called key loggers. Key logger software is a program, which causes every keystroke made on the computer to be recorded. The program can remain completely undetected and is initiated when the computer is turned on. The key logger records everything outgoing to include e-mails, documents, login names, passwords, and credit card numbers etc. Although not free, SpyCop and SpyDetect are two effective yet affordable programs which will also search out and remove key logger programs.

Utilize a firewall on your system, especially if you us a high speed cable or DSL modem.
Dial-up modems are also vulnerable, but cable and DSL connections are always “on” and therefore easier for hackers to find and exploit. A firewall acts much like a guard when it looks at network traffic destined for or received from another computer. The firewall then determines if that traffic should continue on to its destination or be stopped. The firewall “guard” is important because it keeps the unwanted out and permits only appropriate traffic to enter and leave the computer. There are both hardware and software firewall options. Hardware-based firewalls are separate boxes which will block incoming accesses and prevent denial-of-service attacks. There are simple firewall appliances and industrial-strength corporate firewalls. Firewall appliances are very convenient since you just plug them in, do a simple configuration via a web browser and they're ready to go. Typically there are no changes required on your PC and there is no significant performance impact. A less costly alternative is a software-based firewall. These are programs you run on your PC and they examine every packet. They are inexpensive but they can slightly affect the performance of your PC. ZoneAlarm is a very good program and it is free. Others prefer applications such as Norton’s SystemWorks.

Keep up to date on security warnings for your Internet browser.
Most people use Internet Explorer which is known to have many vulnerabilities that makers of viruses and spyware exploit. You may wish to try other free browsers including Opera or Mozilla.

Don’t fall for phishing scams.
Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Phishers send an e-mail or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information and may even threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. Never reply or link to any sites from these ads and e-mails. Close all pop-up messages (spyware and firewall systems may help reduce pop up ads) and delete any suspicious e-mails. If you are concerned about your account, contact the organization yourself using a telephone number, website or e-mail you know to be genuine. Click here for more Phishing Facts.

Keep passwords unique and closely guarded.
For each computer and service you use, you should have a specific password. Each password should be unique and unrelated to any of your other passwords. You should not write them down nor should you share them with anyone, even your family and close friends. Use combinations of letters and numbers that mean something to you to help in remembering them, but be sure not to use names, dates, and/or numbers such as addresses that are closely associated with you and your immediate family members.

Backup your data.
Create backups of your most important data. A few vendors even have a one-touch backup system that connects to your computer and makes backups as easy as one touch.

Keep your machine clean.
Run de-fragmentation programs, scandisk and disk cleanup applications to keep your system running at optimal performance. All three should be done monthly.

For more information on these and other safe computing tips, check out sites such as:

Microsoft Security At Home

Apple Product Security

Texas Tech University IT Help Center

Sophos Security Information

Melbourne PC User Group

Subscribe to FREE security alerts and tips to protect you and your computer
US-CERT: Department of Homeland Security

back to top



No Phishing Allowed!
How to avoid being lured into a phishing scam

Identity thieves have taken up a new sport – phishing! Internet scammers are using fake e-mails and Web sites to fish for consumers’ sensitive personal information. And unlike some other forms of identity theft where one’s personal information is stolen, in this swindle the victim unwittingly supplies the thieves with exactly what they need to leave the victim reeling from the resulting financial losses.

The FBI has called phishing the hottest and most troubling new scam on the Internet. Many large, reputable businesses and organizations, including the Federal Deposit Insurance Corporation (FDIC) and American Banker’s Association, have been fraudulently represented in this scam. Statistics complied by the Anti-Phishing Working Group reveal that although eBay is one of the most commonly hijacked brands, they also highlight the fact that the financial services industry is the most commonly targeted business sector.

In the typical phishing scam, you receive an e-mail supposedly from a company or financial institution you may do business with or from a government agency. These emails can look quite convincing, with company logos and banners copied from actual Web sites and describe a reason you must “update,” "verify" or "re-submit" confidential information — such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs) — using a return e-mail, a form linked from a “look-alike” Web site of the real business, or a pop-up message with the name and even the logo of the company or government agency.

Perhaps you are told that your bank account information has been lost or stolen or that limits may be imposed on your account unless you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate Web site or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, obtain credit, or even sell your personal information to other thieves.

To avoid becoming a victim of a phishing scam, the American Bankers Association offers these tips:

*Never give out your personal financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
*Do not respond to email that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the e-mail’s validity using a telephone number or Web address you know to be genuine.
*Promptly review your bank account and credit card statements and look for unauthorized transactions, even small ones. Some thieves hope small transactions will go unnoticed. Investigate and report any discrepancies immediately.
*When submitting financial information to a Web site, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with "https." This signals that your information is secure during transmission.
*If you believe you have responded to a fraudulent email, contact your bank immediately so they can protect your account and your identity. In addition, call the three major credit bureaus (see Fraud Alert Hotlines) to request that a fraud alert be placed on your credit report.
*Report suspicious to the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center and to the Federal Trade Commission.

Phishing Phacts

The word "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users. The first mention on the Internet of phishing occurred in January 1996.
"Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phreaking." John Draper (a.k.a. "Captain Crunch") coined this term and pioneered "hacking" by creating the infamous Blue Box, a device that he used to hack telephone systems in the early 1970s.

This first form of hacking was known as "Phone Phreaking". The blue box emitted tones that allowed a user to control the phone switches, thereby making long distance calls for free, or billing calls to someone else's phone number, etc. This is in fact the origin of a lot of the "ph" spelling in many hacker pseudonyms and hacker organizations.
Don’t take the bait!

This is an actual example of a phishing scam sent to millions of consumers earlier this year. Although it appears the e-mail is from the FDIC, it is NOT. Please note that the hyperlink used in the actual phishy e-mail has been removed to prevent any confusion that would aid identity thieves.

In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.

As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.

Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.

Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.

Thank you for your time and consideration in this matter.

Donald E. Powell John D. Hawke, Jr. Michael E. Bartell
Chairman Emeritus FDIC Comptroller of the Currency Chief Information Officer

back to top


 

Tips for Selling Merchandise Over the Internet

Before selling expensive merchandise over the Internet or through newspaper ads, remember the following basic tips that can help protect you from becoming a victim of various fraud crimes.

*Be cautious of dealing with potential buyers who agree to buy the merchandise unseen – especially if you are selling items such as a vehicle, computer equipment, electronic equipment or other high-end items.
*If the purchaser indicates he is overseas or planning to ship the merchandise overseas consider this a major red flag of potential fraud.
*A sale made over the Internet should not call for you, the seller, to provide funds back to the purchaser.
*If you receive a check that claims to be an Official Bank Check for an amount greater than the purchase with a request to wire transfer the excess funds back to the purchaser or another party – this should be a red flag that the transaction is potentially fraudulent.
*Remember that any check can be counterfeited or altered, including checks claiming to be Official Bank Checks, Cashier’s Checks, Certified Checks or Personal Money Orders. As the depositor, you can be held responsible for the overdrafts or losses of the deposited check item if it is not honored by the drawing bank – even if the check hold on the item has expired and your bank has made the funds available to you. Always ask to talk to your bank’s fraud prevention department and explain the details of the transaction to them.

back to top

NOTE: HNB Bank (HNB) is providing the above information as a customer service for educational purposes only. HNB assumes no liability for the use of this information and does not guarantee that the following recommendations will provide appropriate security.

eBanking Services

Looking for more banking convenience? eBanking Services from HNB include online account access, electronic bill payment, email statements and more. Learn More About eBanking Services >

Personalized Debit Card

In Person

We welcome the opportunity to visit with you! Stop by or call to make an appointment to discuss your life planning stragegies and find out more about our solutions that can get you there! See All Branch Locations >