Identity Theft is the unlawful use of another person’s identification. It may take many forms. Common methods include credit card or other financial institution fraud, phone or utility service theft, and the taking of government documents or benefits. Recent online hackers (or cyber thieves) have especially targeted on business of all sizes which have no computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. One way in which to help stop these activities is to protect your account information from thieves and unauthorized users. The FDIC has published a multimedia presentation to help consumers protect themselves from identity theft - “Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams” to show some basics at online security. You can visit the video at http://www.fdic.gov/consumers/consumer/guard/.
Phishing is a type of e-mail designed to steal your identity. It involves Internet e-mail fraudsters who send spam, pop-up messages, or a look alike legitimate email from a well known Bank, online retailer, or a credit card company to lure personal information (credit card numbers, bank account information, social security numbers, passwords, or other sensitive information) from unsuspecting victims. For more information, please visit: www.antiphishing.org
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. For more information, please visit: http://en.wikipedia.org/wiki/Pharming
MITM is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private Internet connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle). For more information, please visit: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
MIB attack is the same approach as MITM, but in this case a Malware (such as a Trojan horse) is used to intercept and manipulate calls between the browser and its security mechanisms or libraries on-the-fly. This can cause a financial fraud by manipulating transactions of Internet banking systems, even when other authentication methods are in use. For more information, please visit: https://www.owasp.org/index.php/Man-in-the-browser_attack
Keylogger is a hacker’s tool to tracking (or logging) the keys struck on a keyboard, also called keystroke logging or keylogging, typically in a covert manner so that the user using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis. For more information, please visit: http://en.wikipedia.org/wiki/Keystroke_logging
To avoid Phishing, Pharming, Man-In-The-Middle, Man-In-The-Web and Keylogger scams, take the following precautions:
Online Banking Security Information
United Bank of Philadelphia understands that the security of your personal account information is important to you. We also understand that our continued success as a financial institution relies on both our ability to offer banking services to you in a secure manner as well as your responsibility in keeping your access ID and password secure. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures, which are described below. These measures allow us to properly authenticate your identity when you access these services and protect your information. With the proper safety measures in place, your online banking transactions remain safe and secure. The following measures have been taken to ensure your privacy.
The Bank uses the latest encryption technology to ensure that your private information cannot be intercepted. Encryption is a way to use a unique “key” to code and decode the transaction information. When you request information about your accounts, the request is sent encrypted to United Bank of Philadelphia. We decrypt your request and send the requested information back to you in an encrypted format. When you receive the information, it is decoded so that you can read it.
Unique ID and Password
In order to access your accounts online, you must enter a unique ID and password. We strongly recommend that you choose a password that you can remember but do not use information that can be easily guessed by someone. Avoid using birthdays, names, phone number, etc. The most important thing is “Do not reveal your ID or password to anyone”.
Layer Security & Multifactor Authentication
To guard against unauthorized attempts to enter into an end user's account by trying to guess a login ID and password, the bank will disable the password on the third incorrect attempt, thus invalidating the login combination. To further protect you, a timeout feature is enforced after a 10-minute inactivity period on our site.
Your password will expire every 6 months. The Bank requires user to use a strong password which has at least, 8 characters including but not limited to symbols, upper and lower cases. The bank also implements Multifactor Authentication with secret questions along with your user ID and password to further protect unauthorized access. The bank deploys Token to authenticate merchant customers who use Remote Deposit Capture.
United Bank of Philadelphia understands communication through the regular email is not secure against interception. The Bank uses secured email to communicate with customers. If you need to email sensitive personal or confidential information, such as your bank account, charge card or Social Security number, please contact us to initiate the use of secured email.
How You Can Protect Your Internet Security
While the Bank works to protect your banking privacy, you will also play an important role in protecting your accounts. There are a number of steps you can take to ensure that your account information is protected, including:
If you notice suspicious or unusual activity on your Online Banking accounts, call the bank immediately at 215-351-4600.