Phishing is an e-mail fraud attempt to acquire information such
as usernames, passwords, and credit or debit card information
through a legitimate looking email. The message appears to come
from a well known and trusted site such as PayPal or from a bank.
The message usually asks that you "update" or "validate" your
account information. The e-mail contains a link that takes you to a
bogus website that looks almost identical to the real website.
Never click on the link and enter account information. Contact the
company by using the contact information provided on your account
statements to verify that the information is needed.
Forward the phishing e-mail to the company, organization or bank
impersonated in the phishing message. Most companies and
organizations have information on their websites about where to
Malware is a general term used to describe malicious software
such as spyware, key logging, or adware. The malware is installed
on your computer without your knowledge affecting the ability to
use your computer by monitoring or controlling how you use it, or
for the purpose of collecting confidential information. Don't
install software unless you know exactly what it is. Your
anti-virus software may include anti-spyware software that you can
activate or install separate anti-spyware software
Commercial online banking customers can protect themselves by
performing a risk assessment and control evaluation.
List risks related to online transactions that your business
faces including but not limited to:
- Passwords being written down and left in the open
- Possibility of internal fraud or theft
- Delays in terminating the rights of former employees
- Lack of dual control or other checks and balances over
individual access to online transaction capabilities.
List controls your business may use but not limited to:
- Policy and process to terminate access for former
- Segregating duties among two or more people so no one person
has too much access or control.
- Conducting internal or third party audits of controls.