The security of your account(s) and personal information is very important to us. Please take time to review the following information on current threats, scams, cybersecurity and tips on how you can protect yourself:
Attempts to scam or fool you can happen over almost any form of communication you use - from Skype, WhatsApp, and Slack to Twitter, Facebook, Snapchat, Instagram, and even gaming apps. Communication over these platforms or channels can feel more informal or trustworthy, which is precisely why attackers are using them to fool others. In addition, with today's technologies, it has become much easier for any attacker anywhere in the world to pretend to be anything or anyone they want. It is important to remember that any communication that comes your way might not be what it seems and that people are not always who they appear to be.
Here are the most common clues that a message or post may be an attack:
The message has a sense of urgency that demands "immediate action" before something bad happens, like threatening to close your account or send you to jail. The attacker wants to rush you into making a mistake.
The message pressures you to bypass or ignore policies or procedures at work.
The message invokes a strong sense of curiosity or promises something that is too good to be true.
The message includes a request for non-public information such as a credit card number or password, or any information that you are not comfortable sharing.
The message may say it comes from an official or government organization but has poor grammar or spelling. Most government organizations will not use social media for official communications. If you are not sure if the message is legitimate, call the organization using a trusted phone number, such as one from their website.
You receive a message from a friend or co-worker, but the tone or wording does not sound like them. If you are suspicious, call the sender on the phone to verify they sent the message. It is easy for cyber criminals to create messages that appear to be from someone you know. In some cases, they can take over one of your friend's accounts and then pretend to be your friend and reach out to you.
Be particularly aware of text messages, Twitter, WhatsApp and other short message formats where it is more difficult to get a sense of the sender's personality.
You are the best defense against scams, cons, and attacks. If a post or message seems odd or suspicious, simply ignore or delete it. If it is from someone you personally know, call the person on the phone to confirm if they really sent it.
Cybersecurity is a shared responsibility and each of us has a role to play. It only takes a single infected computer to potentially infect thousands and perhaps millions of others. Everyone should take basic cybersecurity measures that can improve both individual and collective safety online. Here are some common tips:
Tip #1 - Install or activate antivirus with anti-malware protection
Antivirus and anti-malware software are great ways to protect your devices from malicious viruses and software.
- Install or activate the latest antivirus and anti-malware software on all your devices with latest virus definitions and keep them updated to ensure your program remains effective and safe to use.
- Install routers and firewalls to prevent unauthorized access to your computer or network.
Tip #2 - Keep software up-to-date
Installing software updates for your operating system and all programs is critical. Always install the latest security updates for your devices:
- Turn on Automatic Updates for your operating system.
- Install security updates to operating systems and all applications as they become available.
- Block pop-ups and use current versions of browsers as they contain advanced security features.
- Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
- Make sure to keep browser plug-ins (e.g., Flash, Java, etc.) up-to-date.
- Install, use and maintain spam filters.
- Remove any software that is no longer supported by the software maker (End of Life – e.g., Internet Explorer, Java etc.)
Tip #3 - Avoid Phishing scams - beware of suspicious emails and phone calls
Phishing scams are a constant threat - using various social engineering ploys, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
- Phishing scams can be carried out by phone, text, or through social networking sites - but most commonly by email.
- Be suspicious of any official-looking email message or phone call that asks for personal or financial information.
- Do not open email from unknown sources.
- Do not respond to unsolicited e-mails and do not click on links contained within an unsolicited e-mail.
- Avoid filling out forms contained in e-mail messages that ask for personal information.
- Log in directly at the official website for the businesses or organization identified in the e-mail instead of following the link within an unsolicited e-mail.
- Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.
Watch for emails that:
- Purport to be from a financial institution, NACHA, IRS, FDIC, Federal Reserve Board, UPS, Federal Courts or other agencies. Do not follow links in these e-mails. They are most likely scams.
- Claim to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
- Urge you to act quickly because your account may be suspended or closed, or to update your personal information. Fraudsters create a sense of urgency to get you to act quickly.
- Do not address you by name but use a more generic one like "Dear valued customer."
- Ask for account numbers, passwords, Access IDs, or other personal information.
- Offer a scheme or plan involving wire transfers, Cashier’s Checks, and/or funds transfers.
- Offer to overpay you for goods sold over the internet or rentals, with the difference being sent to a third party such as a “shipper” or “agent”.
The Bank will NEVER ask for sensitive information, such as account numbers, Access IDs or passwords, via e-mail or by phone. Always type PacificAllianceBank.com directly into your browser and NEVER follow a link to access our website.
Tip #4 - Practice good password management
We all have too many passwords to manage and it's easy to take short-cuts like reusing the same password. A password manager can help you to maintain strong unique passwords for all your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.
Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords as soon as possible to a sufficiently strong and unique password.
- Avoid using available information like birth date, the last four digits of your SSN or your phone number. When opening new accounts, you may find that many businesses still have a line on their applications for your mother’s maiden name. Use a password instead.
- Protect your PINs (don’t carry them in your wallet!) and passwords; use a combination of letters and numbers for your passwords and change them regularly.
Tip #5 - Think before you click!
Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that is automatically installed (often silently) and compromise your computer.
If attachments or links in the email are unexpected or suspicious for any reason, do not click on it.
Tip #6 - Never leave devices unattended
The physical security of your devices is just as important as their technical security.
- If you need to leave your laptop, phone, or tablet for any length of time - lock it up so no one else can use it.
- If you keep protected data on a flash drive or external hard drive, make sure it is encrypted and locked up as well.
- For desktop computers, lock your screen or shut-down the system when not in use.
Tip #7 - Safeguard Protected Data
- Keep high-level Protected Data (e.g., SSN's, credit card information, student records, health information, etc.) off your workstation, laptop, or mobile devices.
- Securely remove sensitive data files from your system when they are no longer needed.
- Always use encryption when storing or transmitting sensitive data.
- Don’t carry your social security card with you; leave it in a secure place. Carry only the identification and credit/debit cards that you need.
- Don’t put your address, phone number or driver’s license number on credit card sales receipts.
- Social security numbers or phone numbers should not be put on checks.
- Shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you’re discarding, and credit offers you get in the mail.
- Secure personal information in your home, particularly if you have roommates or hire outside help.
- Promptly remove mail from your mailbox. If you're planning to be away from home and can't pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold.
- Ask about information security procedures in your workplace. Find out who has access to your personal information and verify that records are kept in a secure location. Ask about the disposal procedures for those records as well.
- Before revealing any personally identifying information (for example, on an application), find out how it will be used and secured, and whether it will be shared with others. Ask if you have a choice about the use of your information. Can you choose to have it kept confidential?
- Keep an eye out for any missing mail.
- Do not mail bills from your own mailbox.
- Review your monthly accounts regularly for any unauthorized charges.
Tip #8 - Use mobile devices safely
Considering how much we rely on our mobile devices and how susceptible they are to attacks, make sure you are protected:
- Lock your device with a PIN or password and never leave it unprotected in public.
- Only install apps from trusted sources (Apple AppStore, Google Play).
- Keep the device's operating system up-to-date.
- Do not click on links or attachments from unsolicited emails or texts.
- Avoid transmitting or storing personal information on the device.
- Most handheld devices are capable of employing data encryption and consult your device's documentation for available options.
- Use vendor’s tools to help prevent loss or theft (e.g., tracking software to locate your phone such as Apple’s Find My iPhone or Android’s Find My Device)
Tip #9 - Back up your data
Back up your data regularly - if you are a victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system.
Tip #10 – Use your card safely
Make sure to use a physical credit or debit card with an EMV Chip embedded. Pay attention when using an ATM for unusual devices which may be a skimming device installed by a cyber criminal to steal your card information.
EMV Chip Cards: All new Pacific Alliance Bank debit cards now come with a security chip embedded in the card. This technology makes it nearly impossible for your card information to be stolen when used at a merchant's chip reader. For your convenience, this card can be used for contactless payments making it a secure, convenient and touch-free process. The new card should have a Contactless Indicator on either the front or back. You can tap to pay wherever you see the Contactless Symbol at many of your favorite stores.
Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection/locked system, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands.
Identity theft occurs when a thief obtains some piece of personal information about a consumer, and without the consumer’s knowledge, appropriates the information to commit fraud or theft. A common example is when an identity thief uses consumers’ personal information to open a credit card account in the consumer’s name, and uses the account to “run-up” fraudulent charges or obtains credits for business etc.
Check Your Credit Report
Order a free copy of your credit report from each of the three major credit-reporting agencies every year by visiting www.annualcreditreport.com. Make sure it is accurate and includes only those activities you have authorized.
By checking your report on a regular basis, you can catch mistakes and fraud before they wreak havoc on your personal finances. Don't underestimate the importance of this step.
If you become a victim, contact:
- The fraud departments of the three major credit bureaus
- The creditors of any accounts that have been misused
- The local police to file a report
- The bank to cancel existing accounts held in your name and re-open new accounts with new passwords