Cyber Security Tips

Protecting Your Identity and Accounts 

Pony Express Bank will never send unsolicited emails, text messages or phone calls asking you to provide, update or verify personal information. 

If you have given out personal information in response to a suspicious email, text, phone call or phony website claiming to be affiliated with Pony Express Bank, contact us immediately.

 

Security Practices to help you prevent fraud and identity theft before it happens:

  • Monitor your accounts frequently for any suspicious activity.
  • The same passwords or security challenge questions should never be used for social media, email and online banking access.
  • Choose passwords that would be difficult to guess and avoid using easily identifiable information such as DOB, SSN, phone numbers or your mother's maiden name. 
  • Change your login ID and passwords frequently – every quarter is optimal.
  • Guard your mailbox from theft. Do not leave checks in the mailbox, rather take them to USPS directly or better yet set up ACH or Bill Pay and stop using checks. 
  • Update your contact information to ensure Pony Express Bank can contact you in case of suspicious activity.
  • Sign up for account and transaction alerts thru email or text to know what is happening in your accounts.
  • Ensure anti-virus, operating systems and apps are up to date.
  • Request and review a free copy of your credit report every 12 months via annualcreditreport.com.
  • Do not carry your social security card on you. Keep it in a lock box. 
  • Never carry PINs in a wallet along with the cards they activate. 
  • Make sure your home wireless network is secure. Change the default name and password to something only you and your family know.
  • Smart speakers and some smartphones have an “always listening” setting that allows you to speak to it at any time. We recommend turning off this setting or muting the microphone while working from home or while discussing sensitive information.
  • Much like a web browser, smart devices track your activity history. Review your history periodically to check for unusual activity. We also recommend clearing your device history on a regular basis.

If you’ve become a victim of identity theft, report it to the appropriate parties immediately. File a complaint with the Federal Trade Commission (FTC). Call the FTC’s identity theft hotline tollfree at 1-877- 438-4338. Additionally, we suggest you call the fraud departments of all three credit bureaus. Ask them to put a “fraud alert” on your file. This tells creditors to call you before they open any more accounts in your name.

Equifax: 1-800-525-6285
Experian: 1-888-397-3742
TransUnion: 1-800-680-7289

{beginAccordion}

HOW CAN I IMPROVE MY MOBILE SECURITY PRACTICES?

  • Watch out for malicious apps in your app store. Official app stores regularly remove applications containing malware, but sometimes these dangerous apps slip past and can be downloaded by unsuspecting users. Do your research, read reviews and pay attention to the number of downloads it has. Never download applications from sources other than official app stores.
  • Ensure applications are not asking for access to things on your phone that are irrelevant to their function. Applications usually ask for a list of permissions to files, folders, other applications, and data before they’re downloaded. Don’t blindly approve these permissions. If the permission requests seem unnecessary, look for an alternative application in your app store.
  • No password or weak password protection. Many people still don’t use a password to lock their phone. If your device is lost or stolen, thieves will have easy access to all of the information stored on your phone.
  • Be careful with public WiFi. The bad guys use technology that lets them see what you’re doing. Avoid logging in to your online services or performing any sensitive transactions (such as banking) over public WiFi.
  • Keep location settings enabled in case your phone is lost or stolen.
  • Setting up two-factor or multi-factor authentication. Single Factor Authentication is no longer secure. In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in. Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication. 

STRONG PASSWORDS

  • Improve the strength of your passwords. Strong passwords are usually made up of at least thirteen characters. They should contain numbers, uppercase and lowercase letters, as well as special characters.
  • Use passphrases. Recently, security standards strongly recommend using a passphrase rather than a single word. A good passphrase is one that is unique to you so that you can remember it but is also secret enough that no one else can guess it.
  • Never use personal or obvious information in your passwords. For example, never include your name, email address, phone number, birth date, or any other information connected to you.
  • Never use the same password for multiple accounts. If cybercriminals steal your password from one account and you’re using that password on other accounts, then you’ve given them the key to all of the accounts where you’ve used the same password.
  • Use a password manager. If your organization allows it, use a password manager to create, store, and sync complex passwords across multiple devices. Password managers only require you to remember one master password. Ask your internal IT (or other applicable) team to see if this is something you can do.

EMAIL SAFTEY 

  • Don't open emails from senders you do not recognize.
  • Look for suspicious email addresses,
  • Never email financial information or your Social Security Number unless it is through a secure email platform.
  • Don't stay signed into your accounts.  When you are finished, log-off.

SOCIAL MEDIA SAFTEY 

  • If you receive a login link through email or text message, never click it. Always log in directly to the social media app or website.
  • Don't take the inceasingly popular "Social Media Quizzes". The answers reveal a lot about you and are oftentimes the same answers you'd use for online banking security questions. You are giving criminals the information without even thinking about it. 
  • We recommend keeping your social media profile set to private and only connecting with people who you know and trust.
  • Don’t share anything online that you wouldn’t want to be made public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands.
  • Watch out for posts that trick you into oversharing. For example, you may have seen a post that gives you a silly nickname based on random personal details. Personal details such as your first pet’s name or the year you were born, can be used by cybercriminals to guess passwords, answer security questions, or even impersonate you on social media.
  • If someone you follow on social media posts something suspicious or sends you a suspicious message, follow up with the person directly instead of replying over social media. Call or text the person to confirm that they sent the message or created the post. 
  • Never trust giveaways or fast-money schemes that seem too good to be true. These giveaways and schemes are almost always scams. 
  • Never send money, credit card information, or banking information over social media. If a giveaway requests payment information, it is most likely a scam. If someone you follow requests money from you in return for an item or service, contact the person directly by calling or texting them.

HTTPS - "S" STANDS FOR SECURE 

When signing in to a website such as Facebook or Amazon, have you ever seen the beginning of the URL change from “HTTP” to “HTTPS”? The “s” in “HTTPS” stands for “secure” and indicates that your web browser is accessing the website through a secure connection that no one else can access.

Think of it this way: If you needed to share the combination to a lock with someone else, you wouldn’t shout “HERE IS MY COMBINATION” for everyone to hear. You should find a safe and secure way to share the information with the trusted individual. Typing sensitive information into a browser works the same way. If the URL does not have “HTTPS” at the beginning, it would be like you were shouting out that information for anyone to hear.

Remember to look for that important little “s” when entering any sensitive information into a web browser.

TOP 5 SOCIAL MEDIA SCAMS 

Facebook now has over a Billion users, that's a mind-boggling number of people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year.

  1. Who Viewed Your Facebook Profile: This scam lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.
  2. Fake Naked Videos: There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!
  3. Viral Videos: Viral videos are huge on social media platforms. If you click on one of these "videos" you'll be asked to update your video player (similar to the scam above) but a virus wil be downloaded and installed instead. To avoid this, type the name of the video into Google and if it doesn't have a YouTube or other legitimate site link, it's likely a scam. 
  4. Fake Profile Scam: Scammers are stealing the name and pictures from an existing profile and "friending" the real person's friends in efforts to scam friends and family by faking an emergency. Be very cautious of accepting friend requests from someone you're already friends with.
  5. Romance Scams: A specific type of "Fake Profile Scam" where con artists create a fake profile using the photos and stories of another person, and then develop "relationships" with their victims over posts, photos, and Facebook messenger. These scammers typically shower you with romantic language, promise happiness, and eventually con you into giving up personal information, or even money. Avoid personal and financial heartbreak, don't "friend" people you don't know in real life.

Facebook is used for connecting with people you know. Be especially cautious of "friending" strangers, and of clicking on links in suspicious posts, and in messages. Stay away from these traps if you want to avoid giving away personal information or getting your PC infected with malware

SSDF

Content

ONLINE SHOPPING SAFETY 

  • Only shop on well-known, reputable websites. When signing in to a website such as Amazon, have you ever seen the beginning of the URL change from “HTTP” to “HTTPS”? The “s” in “HTTPS” stands for “secure” and indicates that your web browser is accessing the website through a secure connection that no one else can access.
  • Only pay using a credit or debit card. Never agree to send cash or wire money to a seller.
  • Shop for the safest deal and not the cheapest. Remember, if a deal seems too good to be true, it probably is.

Accordion 10

Content

{endAccordion}