We are able to present this information to you from the U.S. Department of Justice and Federal Bureau of Investigation’s Cyber Task Forces (www.fbi.gov/contact-us/field) and Internet Crime Complaint Center (www.ic3.gov).
Ransomware is a form of malware that targets both human and technical weaknesses in organizations, as well as individual networks in an effort to deny the availability of critical data and systems. Ransomware is frequently delivered through phishing e-mails. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor will provide the victim with a way to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure.
Key areas to focus on with ransomware are prevention, business continuity, and remediation. As ransomware techniques continue to evolve and become more sophisticated, even with the most robust prevention controls in place, there is no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity.
- Implement an awareness and training program. Because end users are targeted, employees and individuals should be made aware of the threat of ransomware and how it is delivered.
- Patch operating systems, software, and firmware on devices, which may be made easier through a centralized patch management system.
- Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.
- Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary.
- Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.
- Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
Business Continuity Considerations
- Back up data regularly, and regularly verify the integrity of those backups.
- Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware; if you are infected, this may be the best way to recover your critical data.
- Implement application whitelisting; only allow systems to execute programs known and permitted by security policy.
- Execute operating system environments or specific programs in a virtualized environment.
- Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units.
The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved. While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.
In all cases the FBI encourages organizations to contact a local FBI field office immediately to report a ransomware event and request assistance. Victims are also encouraged to report cyber incidents to the FBI’s Internet Crime Complaint Center (www.ic3.gov).
We will be upgrading our Bill Pay service in late May (watch for more information soon!). These upgrades will bring you a new, streamlined interface, better visibility of your payments, and several new features. Here are some of these new features:
- Person-to-Person Payments – pay a friend or family member securely and electronically via email.
- Alerts – receive email and text alerts about your payments and account activity
- eBills – receive and pay bills electronically through approved vendor web sites
- Gift Payments – send gift checks or donations
Bill Pay is $6.00 per month for unlimited payments. If you have a Central Value or Central Premium Checking account Bill Pay is free all the time! *Terms vary depending on account type.
If you’ve been out to our website, you’re already aware there are some big changes going on here at your local bank… and we’re proud to announce we’ve just released our new, mobile responsive website as well as some visual updates to our online banking platform.
A mobile responsive website automatically resizes to fit your screen, whether it’s a desktop computer, tablet or smartphone. Reading this on your phone? Try it here. We’re also working to add more user-friendly content, including a Help section, where you can go to get all of your questions answered.
Don’t worry. You can still log into your account right from the main menu on the home page!
Have questions/comment about our site? Please take our survey and let us know how we did. We always appreciate your feedback.
And, finally, our online account opening feature is being updated. We hope to have that back up and running before the week is over. Thanks for your patience.
UPDATE: We’ve received multiple complaints that the Online Banking log in button is not visible/working. We have added pictures to the instructions below in hopes that we can resolve issues more quickly. If your mobile device or computer screen does not resemble the images following this post then we will need more information about your issue in order to get it resolved. Please email us at email@example.com or call us at 1-888-262-5456. Including information about the web browser or mobile device itself will help us get to a resolution quicker. Our developers thank you for your feedback.
From a mobile device, click the icon in the upper left hand corner of the screen that looks like a black circle with three horizontal white lines Then, click Login. We’ve included some pictures below that should help illustrate this.
From a computer, the login button is now more visible in the upper right-hand corner of the screen. It is a blue button with the word “Log In” in white. We’ve included some pictures below that should help illustrate this.
EMV Cards are a hot topic in the news. That being said, there’s still a lot that the general public doesn’t know about them. We’ve gathered some of the most asked questions, as well as some additional information so you too can be an expert.
What is an EMV card?
An EMV Card, or a chip card, is equipped with a secure computer chip, also known as an EMV chip. The chip produces a one-time code that is used by the merchant to process a payment. Not all businesses in the United States can accept an EMV card just yet, so cards are still being printed with the traditional magnetic stripe on the back. Most merchants who have completed the upgrade will accept both card types while banks go through the process of updating cards.
Why is the industry changing to Chip Cards?
Chip Cards have been used overseas for many years. To date, the industry sees less crime in other countries because fraud is easier with the magnetic stripe. In an effort to reduce fraud, EMV cards are now being issued in the U.S. EMV cards are harder to replicate because of the one-time code that is generated when the card is “swiped” at the pay station. The code only works for one transaction, so it doesn’t matter if it is intercepted at the point of sale. Conversely, if a magnetic stripe is read at the terminal and someone intercepts your information, the crook can take your information and process other payments.
What if I don’t have an EMV card?
You can still use your current card! Merchant terminals are being updated, but they still have the technology to accept a swipe from a magnetic stripe.
I’ve heard that chip cards aren’t “swiped”. What’s so different about the new cards?
Card Terminals are built with the magnetic swipe machine on top and the chip card slot on the bottom. Your chip card will need to be inserted into the bottom of the card reader. The machine should instruct you to leave your card in the machine for several seconds while the code is created and read. The code will be scanned and then you should be instructed to remove your card.
When will I be able to get an EMV card from Central National Bank?
The card printing industry is busy producing EMV cardstock for just about every bank in the nation, which means there’s a waitlist. We’re on it and hope to have new stock in the spring of 2016. Once the cardstock is in we can begin issuing cards to customers. Hopefully a couple months’ time will also allow merchants time to get terminals upgraded to accept EMV card transactions!
Bottom line is… Thank you for being patient with us!
We have seen several instances of check scams in the past months. This article is meant to educate our customers about how check scams occur and what to look for to avoid a check scam.
Many of the recent incidents we’ve seen involve one of the following:
- A scammer may ask you to cash a check/money order or to allow transfer of funds to your account and then say you can keep a percentage of the funds
- The scammer promises you will receive money in exchange for transferring money to your account from an external source
- You are overpaid for an item you sold on the internet (i.e. Craigslist, EBay, etc.)
- You receive a letter in the mail, a phone call, or an email indicating you have won a lottery or sweepstakes
- You receive notice that you have received an inheritance from someone you do not know
- You have received mail, an email or fax requesting an immediate response
So how are all of these check scams the same?
In most cases, you are contacted by someone who says you will be getting a check from them in exchange for a specific action on your part. They usually tell you that after the check is deposited, you will then need to wire transfer the money back to them. The story will be complicated and usually sounds legitimate. It is only after this occurs that the original check you deposited will be returned back to your bank as a counterfeit item. The full amount of the check will then be deducted from your account. The result of such a scam is that you have now paid the scammer the amount of the original check from your own, personal funds in addition to losing the money that was sent to you in the first place.
Why did the bank allow me to withdraw the money?
Federal law requires that we release funds to you within several business days of the deposit. The number of days varies depending on the deposited item, but does not usually surpass 7. Because it may take longer than this for the funds to actually be moved from one bank to another, you may be at risk when spending deposited funds if you do not know the sender personally.
Is it possible for the bank to determine if the check is good or bad?
A bank is not always able to verify funds on an item. It’s extremely important that you know the source of the funds and trust the legitimacy of the transaction prior to withdrawing these funds from your account.
Who is responsible when I incur a loss due to a check fraud scam?
In short, the customer is always responsible for funds deposited to their account. The bank cannot determine the legitimacy of checks you receive since they do not know where you received the check. You should always be careful regarding checks you receive from people you do not know.
This all sounds pretty scary, and hopeless. Isn’t there anything the bank can do to protect me?
At Central National Bank, our staff is trained to recognize the signs of check fraud and ask questions to the customer. It is not always easy to catch this fraud if the customer feels certain the check is legitimate. We do our best to protect our customers, and ask that you work with us to help catch check fraud before it happens. If you have additional questions about check fraud please feel free to contact our service representatives at 1-800-262-5456. When in doubt, ask your local banker for help determining the legitimacy of a check.
We’re now live with Apple Pay, which means you can link your Central National Bank debit card to your Wallet and continue to reap the rewards and savings benefits from the It Makes ¢ents! program!
Don’t know what Apple Pay is?
Apple Pay is a Payments system that allows you to make purchases using your iPhone, iPad or Apple Watch instead of your debit or credit card.
How does it work?
Once your card is stored in Apple Wallet, all you have to do is hold your phone near a compatible card terminal and hold your fingerprint on the TouchID. Apple Pay also allows you to make easier payment with a single touch inside of compatible apps.
What devices is Apple Pay compatible with?
iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPad Pro, iPad Air 2, iPad mini 4, iPad mini 3
Or, an Apple Watch paired with the iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone 5, iPhone 5c, or iPhone 5s.
Where can I use it?
Apple Pay is not accepted everywhere, but the list of retailers is growing each day. For a current list of retailers that accept Apple Pay, click here.
What happens if I lose my phone and my card is attached to my Apple Pay account?
Your card information isn’t actually stored on the device, but a thumb print is required to complete a transaction. To keep a clever thief from using your phone to make payments you can also put your device in Lost Mode to suspend Apple Pay. You can also wipe your device clean using “Find My iPhone” or stop the payment ability using iCloud.
For more information about Apple Pay, please visit Apple’s website at http://www.apple.com/apple-pay/
Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information, a fraud referred to as “corporate account takeover.”
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate, accurate and authorized. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.
As part of National Cyber Security Awareness Month, Central National Bank offers small businesses these tips to help prevent account takeover:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
The internet is a powerful resource that many Americans have come to depend on for everyday activities like shopping, banking, and connecting with friends. Yet, for all the internet’s advantages, it can also make users vulnerable to fraud, identity theft and other scams.
In recognition of National Cybersecurity Awareness Month, Central National Bank offers the following tips to help consumers stay safe and secure online:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
- Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
- Read the site’s privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects.
The number of attacks on mobile devices is growing, in part, as a result of the increased popularity of mobile banking. According to a report by the Federal Reserve, 51 percent of smartphone users say they have used mobile banking in the past 12 months.
In recognition of National Cybersecurity Awareness Month, Central National Bank recommends that consumers take extra precaution to protect the data on their mobile device by doing the following:
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.