Phishing is an e-mail fraud attempt to acquire information such as usernames, passwords, and credit or debit card information through a legitimate looking email. The message appears to come from a well known and trusted site such as PayPal or from a bank. The message usually asks that you "update" or "validate" your account information. The e-mail contains a link that takes you to a bogus website that looks almost identical to the real website. Never click on the link and enter account information. Contact the company by using the contact information provided on your account statements to verify that the information is needed.
Forward the phishing e-mail to the company, organization or bank impersonated in the phishing message. Most companies and organizations have information on their websites about where to report problems.
Malware is a general term used to describe malicious software such as spyware, key logging, or adware. The malware is installed on your computer without your knowledge affecting the ability to use your computer by monitoring or controlling how you use it, or for the purpose of collecting confidential information. Don't install software unless you know exactly what it is. Your anti-virus software may include anti-spyware software that you can activate or install separate anti-spyware software
Commercial online banking customers can protect themselves by performing a risk assessment and control evaluation.
List risks related to online transactions that your business faces including but not limited to:
- Passwords being written down and left in the open
- Possibility of internal fraud or theft
- Delays in terminating the rights of former employees
- Lack of dual control or other checks and balances over individual access to online transaction capabilities.
List controls your business may use but not limited to:
- Policy and process to terminate access for former employees.
- Segregating duties among two or more people so no one person has too much access or control.
- Conducting internal or third party audits of controls.