Identity Theft is the unlawful use of another person’s identification. It may take many forms. Common methods include credit card or other financial institution fraud, phone or utility service theft, and the taking of government documents or benefits. Recent online hackers (or cyber thieves) have especially targeted on business of all sizes which have no computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. One way in which to help stop these activities is to protect your account information from thieves and unauthorized users. The FDIC has published a multimedia presentation to help consumers protect themselves from identity theft - “Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams” to show some basics at online security. You can visit the video at http://www.fdic.gov/consumers/consumer/guard/.
Phishing is a type of e-mail designed to steal your identity. It involves Internet e-mail fraudsters who send spam, pop-up messages, or a look alike legitimate email from a well known Bank, online retailer, or a credit card company to lure personal information (credit card numbers, bank account information, social security numbers, passwords, or other sensitive information) from unsuspecting victims. For more information, please visit: www.antiphishing.org
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. For more information, please visit: http://en.wikipedia.org/wiki/Pharming
MITM is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private Internet connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle). For more information, please visit: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
MIB attack is the same approach as MITM, but in this case a Malware (such as a Trojan horse) is used to intercept and manipulate calls between the browser and its security mechanisms or libraries on-the-fly. This can cause a financial fraud by manipulating transactions of Internet banking systems, even when other authentication methods are in use. For more information, please visit: https://www.owasp.org/index.php/Man-in-the-browser_attack
Keylogger is a hacker’s tool to tracking (or logging) the keys struck on a keyboard, also called keystroke logging or keylogging, typically in a covert manner so that the user using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis. For more information, please visit: http://en.wikipedia.org/wiki/Keystroke_logging
To avoid Phishing, Pharming, Man-In-The-Middle, Man-In-The-Web and Keylogger scams, take the following precautions:
- Treat all e-mail messages with suspicion. What you see in the body of the message, the sender's address, return address, and the header can also be manipulated to disguise its true origin.
- Delete the suspicious e-mail message immediately which may sometimes contain virus that will install small software programs on your computer to later redirect your traffic to hackers.
- Never send any personal or financial information to anyone via e-mail.
- Regularly log into your online accounts to ensure no illegitimate transactions.
- Scrutinize your Bank and debit card statements and ensure that all transactions are legitimate. If anything is suspicious, contact the Bank and all card issuers immediately.
- Never use a link in an e-mail message to get to any web page. If you want to go to another web page, type the URL directly into your browser's address bar to ensure that you are reaching the correct web page.
- Always check the webpage’s address (or URL). When browsing the web, the URL begins with the letters “http”. However, over a secure connection, the address displayed should begin with “https” (“s” stands for secure). It would be much safer when user has initially used the https:// secure connection to the other party to prevent MITM or MIB attacks.
- Always access the online webpage through the official and legitimate website or type your known webpage address.
- Always be on alert when you see pop-up windows. Treat them carefully, especially when you click on a download link.
- Always check your computer to ensure that it does not have any unusual hardware installed.
- Check for the Padlock icon. Microsoft Internet Explorer always displays the lock icon at the bottom right of the browser window for secure webpage’s. Double-click on it to see details of the site's security.
- Use Antivirus and Anti-spyware software, and keep it updated and running on a regular time.
Online Banking Security Information
United Bank of Philadelphia understands that the security of your personal account information is important to you. We also understand that our continued success as a financial institution relies on both our ability to offer banking services to you in a secure manner as well as your responsibility in keeping your access ID and password secure. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures, which are described below. These measures allow us to properly authenticate your identity when you access these services and protect your information. With the proper safety measures in place, your online banking transactions remain safe and secure. The following measures have been taken to ensure your privacy.
The Bank uses the latest encryption technology to ensure that your private information cannot be intercepted. Encryption is a way to use a unique “key” to code and decode the transaction information. When you request information about your accounts, the request is sent encrypted to United Bank of Philadelphia. We decrypt your request and send the requested information back to you in an encrypted format. When you receive the information, it is decoded so that you can read it.
Unique ID and Password
In order to access your accounts online, you must enter a unique ID and password. We strongly recommend that you choose a password that you can remember but do not use information that can be easily guessed by someone. Avoid using birthdays, names, phone number, etc. The most important thing is “Do not reveal your ID or password to anyone”.
Layer Security & Multifactor Authentication
To guard against unauthorized attempts to enter into an end user's account by trying to guess a login ID and password, the bank will disable the password on the third incorrect attempt, thus invalidating the login combination. To further protect you, a timeout feature is enforced after a 10-minute inactivity period on our site.
Your password will expire every 6 months. The Bank requires user to use a strong password which has at least, 8 characters including but not limited to symbols, upper and lower cases. The bank also implements Multifactor Authentication with secret questions along with your user ID and password to further protect unauthorized access. The bank deploys Token to authenticate merchant customers who use Remote Deposit Capture.
United Bank of Philadelphia understands communication through the regular email is not secure against interception. The Bank uses secured email to communicate with customers. If you need to email sensitive personal or confidential information, such as your bank account, charge card or Social Security number, please contact us to initiate the use of secured email.
How You Can Protect Your Internet Security
While the Bank works to protect your banking privacy, you will also play an important role in protecting your accounts. There are a number of steps you can take to ensure that your account information is protected, including:
- Keep your password to yourself and change it frequently.
- Always log out of your online banking session after you have completed your transaction.
- Do not use obvious numbers or easily accessible information for your login ID and password.
- Ensure that no one is watching when entering your login ID and password.
- Do not record your log-in ID and password on paper. Try to memorize them, if possible.
- If you do record your login ID and password, keep them in a safe, secure location.
- Do not share your login ID and password with anyone.
- Review your account information and report any unusual activity immediately.
- Never give account information to anyone over the telephone, unless you initiated the call.
If you notice suspicious or unusual activity on your Online Banking accounts, call the bank immediately at 215-351-4600.