Author: Chelsea Culp

October is Cybersecurity Awareness Month and FNB has been providing valuable weekly tips and information throughout the month to help you protect your good name.  Thank you for tuning in with us this month on GrowWithFNB.com and we hope these weekly tips have helped you #BeCyberSmart.

It’s the final week of Cybersecurity Awareness Month and FNB’s helpful tips.  It’s also Halloween time, so we’re going to talk about a frightening topic.  What do you do when something scary happens, such as your home computer getting hit with ransomware?  When your business e-mail has been compromised?  When your identity is stolen?  Do you know what to do?  Where to start?  Who to contact and when?

Let’s take a look at the Federal Trade Commission’s (FTC) What to Know/What to Do Guide for helpful tips on general identity theft, medical identity theft, child identity theft, and military families theft below:

First, above all, remain calm.

Call the companies where you know fraud occurred and explain that your identity has been stolen. Credit card companies and banks see this every day and will know how to help you.

Contact the three credit bureaus and place a free fraud alert on your information. In addition, you should request your free credit report to review and make notes of any transactions you don’t recognize:

1. 1. 1. Experian.com/help (888-EXPERIAN; 888-397-3742)
      2. TransUnion.com/credit-help (888-909-8872)
      3. Equifax.com/personal/credit-report-services (800-682-1111)
      4. Annualcreditreport.com (877-322-8228)

Go to IdentityTheft.gov and start your free personalized recovery plan. Be sure to include as many details as possible. This will make your recovery plan more accurate and will help law enforcement if they need to be involved.

You may contact the Social Security Administration to make them aware of the situation.

Change your passwords on your accounts if you can.

Remember to track all communications (get a paper trail and document everything in a notebook).

Go to ftc.gov to let authorities know what’s going on.

Utilize downloadable and printable PDF guides from the FTC for additional tips:

• https://www.bulkorder.ftc.gov/system/files/publications/501a-identity-theft-a-recovery-plan_2018.pdf
• https://www.bulkorder.ftc.gov/system/files/publications/825a_idt-child-what-to-know-what-to-do.pdf
• https://www.bulkorder.ftc.gov/system/files/publications/973a-medical-idtheft-what-to-know-what-to-do-508.pdf
• https://www.bulkorder.ftc.gov/system/files/publications/705a_idt-military-what-to-know_what-to-do-508.pdf

First, above all, remain calm.

Disconnect your computer from the Internet.

Document everything that you’re doing, who you’re contacting, and when it happened. Create a paper trail in case you need it.

Change your passwords to online banking, email, and other services if you can from a different device.

If you suspect your online banking or financial information has been compromised, contact your bank and credit card companies. Look at the Identity Theft guide above from the FTC for additional tips.

Call your IT Support to get your computer examined and cleaned. This is an important point. Some scammers will call you after they’ve compromised your system and pose as Microsoft or another computer company asking to fix the problem. Don’t believe them. You should do your own research and call a company yourself.

Have backups beforehand. This makes the situation much easier. A complete wipe of your system allows your backups to be restored and you won’t lose anything, and you’ll have a fresh computer again. This is especially important for ransomware that asks you to pay money to unlock your files. If you conduct backups after the compromise, make sure they are clean before you restore them.

Speaking of ransomware, never pay the ransom. There is no guarantee you’ll get your files back and you’ll be out the money. Additionally, the United States government has recently come out with guidance that says those that pay ransoms to foreign counties and entities known as enemies of the Unites States can be held liable for sending them the money!

Make sure you reinstall computer security up once your computer or device is cleaned up. Run scans and updates like we discussed in Week 4.

Remember to file a complaint with the FTC at ftc.gov/complaint.

Here are a couple links from the US-CERT and FTC with some additional information:

1. • https://us-cert.cisa.gov/sites/default/files/publications/trojan-recovery.pdf
   • https://www.consumer.ftc.gov/articles/0011-malware#rid

October is Cybersecurity Awareness Month and FNB wants to bring you valuable weekly tips and information that will help you protect your good name.  Your accounts, social security number, and personal identification information doesn’t come with a built-in alarm, so we’re bringing you a variety of weekly tips to help keep your money and identity safe.  We encourage you to stay tuned to GrowWithFNB.com throughout October and let’s #BeCyberSmart.

We’ve highlighted many resources over the last few weeks on what you can do if you fall victim to a cybersecurity scam.  In this week’s edition, we will focus on the “Easy Wins” that will help individuals and businesses be proactive.

There are numerous ways we take precautions in everyday life.  It’s best to have things on hand before there’s a problem, right?  Football players wear pads.  We keep band-aids on hand for unexpected injuries.  We keep spare tires in the trunks of our cars in case of a flat tire.  We keep fire extinguishers on hand in case of a fire.  Your technology, data, and information should be treated the same way in our modern world.  We’re going to focus on a few “Easy Wins” for you that the cyber criminals hope you’re not doing.

When the bad guys aren’t trying to scam and phish you, they’re going to try to cause a breach.  What does this mean?  This means that cyber criminals look for vulnerabilities in your computer, cell phone, and network.  How do you prevent this from happening?  Patch Systems Regularly! This means doing Windows Updates, updating your iPhone and Android cell phone and tablets, making sure your wireless router has the latest updates. These are critical in fixing the holes that bad guys will try to get through.

Run a quality antivirus and keep it up to date.  Many antivirus programs contain parental controls that can limit access on certain devices to certain websites or even limit the time a device can be online. If bad guys try to put ransomware, viruses, or other malicious code on your device, this should find it and stop it in its tracks.

Ransomware is still out there.  Accidents happen.  Devices fail and can get lost.  Conduct backups of your system in case you need to restore your important pictures, videos, and business/financial documents you can’t stand to lose.  You will also need to check your backups regularly to make sure your data is indeed there.  There are many inexpensive and even free services out there to help you with conducting backups.

Remember last week?  Use a strong password.  Length beats complexity.  Industry standards are trending towards 14- or 16-character passwords at a minimum. Think of easy to remember things like song lyrics, movie quotes, book titles, etc.

Be sure to secure your WIFI network.  Make sure your wireless is secured with a password you control to keep neighbors or people you don’t know off.  This can apply when you connect to WIFI in public.  Staying in a hotel, going through an airport, or walking through a store and you jump on the free WIFI?  Who else could be on it snooping around for trouble?  Consider using a VPN service on your mobile devices that create a secure tunnel that keeps bad guys from potentially seeing your information.

Finally, have a plan for just in case. We’ll discuss this more next week, but you must have a plan in place before an event happens. We teach kids how to call 911 and ask for help and where safe places are because it’s common sense. Technology and information are so vital to our lives that we need to think similarly about it. Most people don’t know where to start when they experience identity theft, or their computer is hacked. Not having a plan adds time, is expensive, and adds stress to a situation. Having a plan and knowing what to do will get you back faster, cheaper, and with much less stress.

October is Cybersecurity Awareness Month and FNB wants to bring you valuable weekly tips and information that will help you protect your good name.  Your accounts, social security number, and personal identification information doesn’t come with a built-in alarm, so we’re bringing you a variety of weekly tips to help keep your money and identity safe.  We encourage you to stay tuned to GrowWithFNB.com throughout October and let’s #BeCyberSmart.

Last week, we touched on the topic of Phishing.  This week we are going to dive deeper into this subject, as this is a huge issue in today’s society for both individuals and businesses.  Phishing is a form of social engineering where a bad guy impersonates someone you think is legitimate in an attempt to gain access to your system or get you to do something for them.  Phishing attacks can happen over the phone, across text messages, and most commonly over email.  The FBI’s Internet Crime Complaint Center (IC3) recorded more than $3.5 billion in losses to individuals and businesses in 2019 with the most frequently reported complaints as phishing and similar ploys.

If you are not sure about an email, the best rule of thumb is to call and get confirmation from the sender.  Compromised email accounts can lead to other issues with your banking, shopping, and more.  What safeguards can you put in place for extra layers of protection?  Create strong passwords that are long and complex.  A helpful tip for creating strong passwords and being able to remember them is by using favorite movie quotes, song lyrics, book titles, and more.

Let’s talk about Business Email Compromise (BEC), also known as Customer/Corporate Account Takeover (CATO).  According to the FBI’s IC3, BEC’s cost businesses over $1.7 billion in losses in 2019.  Compromised business email accounts are extremely serious. Bad guys compromise and takeover your real business email address (almost always through a phishing email that tricked a user into giving up their password) and use it to impersonate you, steal money through conducting illegal payments, wire fraud, gift card purchases, go after payroll funds, and more.

1. First and most importantly, train your staff about phishing emails and the risks of email compromise. Teach them how to avoid phishing scams and red flags to look out for. Train them not to give out passwords and other sensitive information.
2. Keep your security up to date.
   • Email filters don’t always work but they work better when kept up to date.
   • Keep your antivirus up to date and install your system patches. Malware that tries to get installed will have a harder time if you do this.
   • Communication is key! Encourage your staff to talk with their coworkers about possible phishing emails.  Bad guys often take a “shotgun” approach and target many users at once hoping one person will allow the compromise.
3. Verify, verify, verify! Just like at home if you were to get an email from someone and you’re unsure about it, call and check. A two-minute call can save you months or years of problems. What if your customer has experienced a business email compromise? Stay on your toes!
4. Remember Week 1? Stay Security Aware!  Check out the following resources below from the FBI and the FTC:
   • https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise
   • https://www.ftc.gov/tips-advice/business-center/guidance/scams-your-small-business-guide-business

As we wrap up Week 3, we want to remind you that FNB (and any other financial institution) will not ever call, text or e-mail you and ask you for your debit card number, PIN number, social security number, account number and more.  We already have your personal information securely on file at the bank from when you opened your accounts; therefore, we would never have reason to contact you again for them.  As always, please contact your bank immediately if you feel like you’ve accidentally fallen victim to a scam.  We are here to help and guide you through the process and help protect your identity.

October is Cybersecurity Awareness Month and FNB wants to bring you valuable weekly tips and information that will help you protect your good name.  Your accounts, social security number, and personal identification information doesn’t come with a built-in alarm, so we’re bringing you a variety of weekly tips to help keep your money and identity safe.  We encourage you to stay tuned to GrowWithFNB.com throughout October and let’s #BeCyberSmart.

Welcome to Week 2 of FNB’s Cybersecurity Awareness Month Tips.  This week we are highlighting the importance of Protecting Your Privacy.  At FNB, we see the damage firsthand of how identity theft affects our customers every day.  In 2019, 13 million consumers fell victim to identity fraud, totaling $3.5 billion in out-of-pocket costs for those consumers.

• Children and Senior Citizens. Children’s social security numbers are a target for cyber criminals due to their credit being a clean slate.  On the opposite end of the spectrum, seniors are viewed as more trusting, thus causing them to be more vulnerable to be targeted by phone through a variety of internet and phishing scams.
• Members of the Military. Military members are often suspectable to having bank and credit card fraud, as it may be difficult to detect while being deployed.
• Social Media Users. Let’s face it, we live in a very social media fixated culture.  Many social media users do not take the proper safety precautions when setting up their accounts and post a lot of personal information about themselves on multiple social media platforms.  With this easy to find and accessible information, there’s no wonder why social media cybercrime is up 23% since 2018.
• Repeat Victims. I’ve already been a victim of a cybercrime; it can’t happen to me again.  Think again!  This is the wrong mindset to have as 7-10% of the US population are victims each year and out of those impacted, 21% of those experience multiple incidents.
• The Deceased. Did you know that 2.5 million deceased identities are stolen every year in the United States?  How does this happen?  Public obituaries and social administration’s Master Death File houses public information that cyber thieves utilize to their benefit.  This can potentially leave a lot of work and headache for those family members handling the estates after someone has passed.

• Shredding personal documents before throwing them away.
• Recycle old/expired electronics, such as old cell phones, computers, etc. that may contain personal information on them before discarding or selling them.
• Sign up for free scam alerts from the Federal Trade Commission at ftc.gov/scams.
• Credit cards have significant fraud protection built in and are a great way to pay for online purchases.
• Get your free credit reports from annualcreditreport.com.
• Let’s face it, your 4-year-old doesn’t need a loan. Consider a child credit freeze until they’re older.  To do this, you’ll need to contact the 3 credit bureaus (Equifax, Experian, and TransUnion) separately.
• Go to identitytheft.gov to get personal recovery plans and advice on tax, medical, and child identity theft.

We protect your personal information from unauthorized access and use and use security measures that comply with federal law.  These measures include computer safeguards and secured files and buildings. We restrict access to non-public personal information about you only to those employees who need it in order to provide our services to you.  Click here to view FNB’s Privacy Policy.

October is Cybersecurity Awareness Month and FNB wants to bring you valuable weekly tips and information that will help you protect your good name.  Your accounts, social security number, and personal identification information doesn’t come with a built-in alarm, so we’re bringing you a variety of weekly tips to help keep your money and identity safe.  We encourage you to stay tuned to GrowWithFNB.com throughout October and let’s #BeCyberSmart.

Welcome to Week 1 of FNB’s Cybersecurity Awareness Month Tips.  Our first focus is bringing you a Cybersecurity Awareness overview that you can apply at home and at work.  There’s a common misconception that individuals and small businesses in rural America are immune to cybersecurity attacks.  The statistics are staggering and prove quite the opposite.

Phishing is the fraudulent practice of sending emails claiming to be from reputable companies and people in order to induce individuals to reveal personal information, such as passwords and credit card numbers.  Here’s the scary part.  To protect yourself from a Phishing attempt, you must be correct 100% of the time.  It’s always best to be cautious.  By simply clicking on a link in a phishing attempt, you can instantly have malware deployed on your computer.

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.  Out of all the phishing attempts, 94%+ malware is delivered via email.  The best rule of thumb when protecting yourself from phishing attacks is to look before you leap.  Do not click on any links or open attachments contained in the suspicious email.  Do not enter personal information in a pop-up screen, as legitimate companies do not use this method for collecting information.  From there, you can delete or not respond to the suspicious e-mail.

At FNB, we encourage you to utilize free resources that help protect you against cybercrime.  We encourage you to check out the United States Computer Emergency Readiness Team’s (US-CERT) website.  You can sign up to receive text and e-mail security tips, alerts, and bulletins, as well as information and training for home and small business users.  We recommend you to check out the following links to access the large variety of resources: https://us-cert.cisa.gov/home-and-business and https://us-cert.cisa.gov/ncas/tips.