Skip Navigation
Currie State Bank
Currie State Bank
Security Alerts & Tips


Security Alerts & Tips

'WannaCry" Ransomware: What You Need to Know

WannaCry Ransomware and You
A new Ransomware campaign dubbed "WannaCrypt" or "WannaCry" has wreaked havoc and infected (the data is encrypted) hundreds of thousands of organizations throughout the world. Once a computer is infected, it sends the same virus out to all other computers on the same network. Infected computers block activity until money is paid to the attackers, hence the 'ransom' in the name. As of this writing, there is not a consensus on how the ransomware was able to get onto the computers in the first place.

This Ransomware is affecting Windows machines and Microsoft has released a fix for the vulnerability; however, it is almost guaranteed that hackers will be trying to evolve the Ransomware so it can continue to infect networks and systems.

As always, it is important to keep Operating Systems and software versions up to date. Downloading updates now can save you from massive headaches later. Though the main induction method has yet to be determined, if it was brought on by fraudulent emails, it is a perfect example of how diligent one needs to be when it comes to emails.

Safe Email Practices with the WannaCry Threat
One way to think about safely using email in a business setting is to consider the three strike rule. Yes, a good baseball analogy is fitting in this situation when it comes to WannaCry.

  • First strike – IT IS AN EMAIL! But this email just got up to the plate so it is just getting started.
  • Second strike – Is it from someone you know? If not, consider deletion. The count is now 0 and 2. Not looking good for this email.
  • Third strike – Does it have attachments or links? No question about it. If you get to three strikes, delete it.

In this situation three strikes should, without question, lead directly to deletion. Do not be concerned about whether or not it may be a valid email. If it is a valid email that requires your action, they will call to discuss and resend if necessary. Given our ransomware environment, it is better to error on the side of safety than to wish you had after clicking on the attachment or link.

Some notes on Windows XP:

Windows XP was first released October 1, 2001 and support for it ended April 8, 2014. It was easy to use, extremely stable and performed admirably for many years. However, from a “safe to use on the Internet” standpoint, its swansong was years ago. It was conceived and designed shortly after Bill Gates had his hallelujah moment and told the world that he finally understood the Internet. Windows XP was Microsoft’s first Operating System built for the Internet.

Unfortunately, it was not built with the security requirements necessary for use on the Internet moving into the latter half of the first decade of the new century. Microsoft would have to had completely rewritten the underlying architecture of the Windows XP OS to begin to make it secure. Sadly, there are consumers still using Windows XP today. Some people still use Windows XP. It is time to cut the cord. Windows XP is not a safe operating system for use on the Internet.

Note: Two things are historically evident. First, Internet users running expired operating systems will be compromised. Secondly, they never accept responsibility for their lack of security preparedness. They will discuss with a lawyer who probably does not have the personal knowledge to tell the customer the fault is most likely their own.

ALERTS

Windows Virus Scam:
Some of you may have heard of the Windows virus scam, and some of you may have even been affected. If you see a random technical support pop-up on your computer that asks you to call a phone number or click on a link to fix your Windows or Apple Mac OS, your machine may be infected with an adware or a potentially unwanted program (pup). Do NOT call or click on the link. If you’re suspicious, contact a local computer technician. Scams like this have been reported in our communities.

Protect Your Personal Information:
If you receive a phone call or an email asking for any personal information such as birth date, social security number, or debit card information and you’re not expecting it, do not give it out. Chances are, you’re being scammed. Most reputable companies will never ask for your personal information via email or text message. If you’re wary contact the company directly yourself.

Debit Card Phishing Scam:
Perpetrators are attempting to obtain debit card and personal financial information for fraudulent use. There are several types of phishing scams out there so it is extremely important to be aware if and when something like this happens to you. These scams can be in the form of emails or phone calls. The phone calls may be automated or you may even speak with a live individual. Types of information that you may be asked to provide are your social security number, debit card number, or your pin number.

Never provide any of this information to anybody over the phone or in an email! Financial institutions will never ask for personal financial information via email. In light of the recent data breaches at merchants such as Home Depot and Target, the perpetrators may say that your information has been compromised or that your card has either been locked or blocked. In order to unlock your card, they may say you need to provide some type of personal financial information. If you receive any phone call or email that seems suspicious, your best response is to not respond at all. If you think the call or email may be legitimate, always contact Currie State Bank before providing any information.


10 Things You Can Do To Avoid Fraud*

  1. Spot imposters . Scammers can often pretend to be somebody you trust, like a family member, government official or a company you do business with. Don’t send money or give out personal information when it is an unexpected request.
  2. Do online searches. For example, use Google to search the company or product in question with words like “review”, “compliant”, or “scam”.
  3. Don’t believe your caller ID. Technology makes it possible for scammers to fake caller ID information so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
  4. Don’t pay upfront for a promise. You may be asked to pay in advance for things such as debt relief or credit and loan offers and they may even say you have won a prize. If you do pay, they will most likely take the money and disappear.
  5. Consider how you pay. Credit cards have significant fraud protection built in; other payment methods such as debit cards may not. Wiring money through services like Western Union or MoneyGram is risky because it’s nearly impossible to get your money back.
  6. Talk to someone. Before you give up money or personal information, talk to somebody you trust.
  7. Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up and report it to the FTC.
  8. Be skeptical about free trial offers. Nothing is free! Some companies use free trials to sign you up for products and bill you every month until you cancel.
  9. Don’t deposit a check and wire money back. By law, banks must make funds from deposited checks available within days, but uncovering a fake check can take weeks. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
  10. Sign up for free scam alerts from the FTC at ftc.gov/scams to get notified and report any scams to ftc.gov/complaint.

*Information from the Federal Trade Commission


Using Online Banking or Mobile Banking? ALWAYS Remember These Important Security Tips!

Always control and have ownership of the device, whether it is your mobile phone, tablet or laptop. It is also recommended that a backup method be installed on a mobile device so that should the device be lost or stolen and the device needs to be remotely wiped that no data is lost.

Create strong passwords. Easy to remember passwords or PINs may also be easy for a thief to figure out. Also remember to keep your screen clean after use on your mobile device. Smudges on the screen can be used to determine swipe or gesture patterns. In addition to this, never store your login or credit card information within any applications or websites.

Don’t respond to texts or emails from unknown or untrusted sources. Texts with links in them can often lead to viruses or other malware being downloaded onto your devices. Third party apps and programs are available to detect and/or combat these potential threats.

Don’t access unknown or untrusted websites, even on your mobile browser. More and more mobile specific threats are being used to infect mobile devices from the web.

When downloading apps, ensure that they are from a genuine and trusted source. ASI (our core software provider) recommends that iTunes/App Store, Google Play and Windows Store only be used to download apps. Third party marketplaces can contain apps designed to infect devices and/or steal data. Never install an app attached in an email or delivered in a text message.

Only download apps from trusted developers. Also inspect what permissions the apps need. If a simple game or app wants access to your contacts and device location, the end user (you) should be highly skeptical about downloading and using the app or game.

Never use unsecured “public” wireless networks when using your various devices.

It is a good idea to have some type of anti-malware and anti-virus software running on all of your devices.

Familiarize yourself with these important terms:

Phishing:
the activity of defrauding an online account holder of financial information by posing as a legitimate company. These attempts are usually made through email.

Smishing:
security attack in which the user is tricked into downloading a Trojan horse, virus, or other malware onto their cellular phone or other mobile device. Short for "SMS phishing".

Pharming:
a cyber-attack intended to redirect a website's traffic to another, fake site.

Spoofing:
a person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

 

Signs you May be on a Phishing Site:

Phishers are becoming more and more sophisticated in designing their phony websites. There's no surefire way to know if you're on a phishing site, but here are some hints that can help you distinguish a real website from a phishing site:

Check the Web address. Just because the address looks correct, don't assume you're on a legitimate site. Look in your browser's URL bar for these signs that you may be on a phishing site:

  • Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).

Be leery of pop-ups. Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.

Give a fake password. If you’re not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. Just because your fake password is rejected, don't assume the site is legitimate.

Use a Web browser with anti-phishing detection. Web browsers such as Internet Explorer and Mozilla Firefox have free add-ons (or "plug-ins") that can help you detect phishing sites.

Be wary of other methods to identify a legitimate site. Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the left of the URL bar of your browser is not a reliable indicator of a legitimate website. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.

 
Print Print Save as PDF Save as PDF
 
Copyright © Currie State Bank. All rights reserved. Member FDIC. Equal Housing Lender