|
|
|
Online Banking Security |
|
|
|
Marathon Bank is Looking Out for You
|
|
|
|
| |
At Marathon Bank, protecting your personal and financial information is a top priority, which is why we take steps to protect the sensitive/personal information you may provide to us. We follow strict guidelines to guard against unauthorized access to your sensitive information. But it's also important that you learn what you can do to protect yourself against Identity theft, both online and offline. Please take a few moments to read about some important safety tips that will help protect the security of your personal information:
Steps You May Take to Protect Yourself Against Identity Theft:
- Never give your personal information over the phone, through the mail or over the Internet unless you have initiated the contact or are confident you know who you're dealing with.
- If you are not sure that a contact is legitimate, contact the company yourself, either by phone, in person, or by visiting the company's Website by typing in the site's address or using a page you have previously bookmarked.
- Marathon Bank will not contact you via unsolicited email to verify information you have previously given us, such as your account number, password, or social security number.
- Don't carry your Personal Identification Numbers (PINs) with you--memorize them and keep them in a safe, secure location.
- Review account statements regularly to ensure that all charges are correct. If your statement is late in arriving, call your financial institution to find out why. Take advantage of Online Banking to periodically review activity online and identify suspicious activity.
- Perform periodic Risk Assessments of your online banking procedures.
- Tear or shred personal financial documents such as charge receipts, credit applications, insurance forms, or any other important material.
- Keep your Social Security Card in a safe place and only give out the number when absolutely necessary.
- Laptop and Smart Phone Users:
- Never leave your laptop/Smart Phones unattended
- Make sure your laptop/Smart Phones requires a password when starting up
- Encrypt sensitive data on your laptop/Smart Phones to help prevent data theft if the device is lost or stolen
|
|
| |
- The Phishing Lure
Phishing isn't really new -- it's a type of scam that has been around for years and in fact predates computers. Malicious crooks did it over the phone for years. What is new is its contemporary delivery vehicle -- spam and counterfeit Web pages.
Phishing uses email messages that claim to come from legitimate businesses that one might have dealings with - banks, online organizations, internet service providers, online retailers, and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And, because these emails look so official, up to 20% of unsuspecting recipients may respond to them -- resulting in financial losses, identity theft and other fraudulent activity against them.
- Cutting the Line
Even before Phishing became so prevalent, legitimate businesses and financial institutions would hardly ever ask for personal information via email. If you receive such a request, call the organization and ask if it's legitimate or check its legitimate Website (use a search engine to find it).
Look for misspellings and bad grammar. While an occasional typo can slip by any organization, more than one is a tip-off to beware.
If the email refers you to a Web site, look carefully at the URL. It's easy to disguise a link to a site. The longer the URL, the easier it is to conceal the true destination address. Other ways to disguise URLs include substituting similar-looking characters, so that paypal.com could be (and has been) spoofed as paypaI.com or paypa1.com. Similarly, a zero can be substituted for the letter O within a URL. Don't click on links contained in the email if you're unsure whether the contact is legitimate. Instead, contact the organization directly or visit its legitimate Website (use a search engine to find it).
- Pharming for Your Information
Pharming is a technique used to redirect as many users as possible from the legitimate Websites they'd intended to visit and lead them to malicious ones. Pharming involves Trojans, worms, or other technology that attack the browser address bar so that when users type in a "valid" URL they are redirected to the criminals' Web sites. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. Unaware of anything out of the ordinary, you therefore reveal your password and user name to criminals. To help our customers avoid this type of attack, Marathon Bank introduced PassMark Security, an added layer of online banking security. PassMark Security further safeguards your financial information by displaying a picture and phrase that you select to let you know that you are at our legitimate website and that it is safe to enter your log-in information. If you enter your User ID and the next screen does not show your picture and phrase, do not enter any personal information. Instead, re-enter your User ID or contact us at (800) 721-9516. As an additional identity check, we require that customers answer "challenge questions" when logging-in from a computer that our system does not recognize.
|
| |
|
Additional Steps You May Take to Protect Yourself Online
|
|
|
|
| |
- Before entering any sensitive information, verify that the Website is secure by looking for:
- The Lock Symbol
Check the status bar at the bottom of your Web browser window for an unbroken lock symbol. This means your personal information is scrambled, and no one can read it but the e-business you've contacted. Double-click on the lock symbol to view the security certificate. Make sure the certificate is "Issued to" the Website and the "Valid from" dates are current.
- "https" in the Website's Address
Secure sites have "https://" at the beginning of the address, rather than "http://." The "s" stands for "secure" and indicates the information you send is encrypted or scrambled, so it can't be read during transmission.
- Update your anti-virus software regularly to guard against new viruses.
- Keep your browser and operating system up-to-date. Look for programs that offer automatic updates, including important security enhancements, and take advantage of free patches that manufacturers offer to fix newly discovered problems.
- Only open email attachments if you're expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
- Do not be intimidated by an email or caller who suggests serious consequences if you do not immediately provide or verify financial information.
- Use a personal firewall to limit uninvited access to your computer, especially if you have high-speed or an "always on" connection to the Internet, such as broadband cable or DSL.
- If you store financial information on your computer, use a password consisting of numbers and letters, both upper and lower case.
- Avoid using an automatic login feature that saves your user name and password and always log off when you're finished.
- Use anti-spyware and ant-spam software
- Be cautious when using public computers, such as those in coffee houses; or public networks, such as those in hotels and airports, to access the internet . Check with the staff to verify that their network is secure.
- Be sure to read Website privacy policies to know your information will be secure, how it will be used, and if it will be shared with third parties.
|
| |
|
If you think your identity was stolen |
|
|
|
| |
Steps You Should Take If You Believe Your Identity Has Been Stolen. If you suspect your identity has been stolen, there are four steps you should take immediately.
Place a fraud alert on your credit reports. Call any one of the three major credit bureaus to help prevent an identity thief from opening additional accounts in your name.
- Equifax 1-800-525-6285
- Experian 1-888-EXPERIAN (397-3742)
- TransUnion 1-800-680-7289
As soon as the credit bureau confirms your fraud alert, an alert will automatically be placed by all credit bureaus, and all three reports will be sent to you free of charge. Once you receive these reports, review them carefully for any incorrect information, particularly accounts you didn't open or unexplained debts.
Close any accounts that have been tampered with or opened fraudulently
File a report with your local police or the police in the community where the identity theft took place. Keep a copy of the report.
Contact the authorities that specialize in Identity Theft;
Federal Trade Commission Identity Theft Hot Line:
(877) IDTHEFT (438-4338)
Social Security Fraud Hot Line:
(800) 269-0271
US Postal Inspectors:
(800) 372-8347
|
| |
|
Marathon Bank is dedicated to keeping you safe from identity theft. We're taking steps to protect you, and hope you'll take advantage of this valuable information to protect yourself as well. Marathon Bank will not contact you via unsolicited email to verify information you have previously given us, such as your account number, password, or social security number. If you suspect that you have received a fraudulent email or phone call from someone claiming to be from Marathon Bank, please contact Customer Support immediately at (800) 721-9516, or forward the email to customerservice@mnbny.com, so we can investigate. If you have any questions about identity theft, please visit your local branch-because protection of your sensitive/personal information is our top concern.
|
|
