CUSTOMER AWARENESS

Cybersecurity Awareness

First Federal Savings Bank of Washington is committed to ensuring the confidentiality, maintaining the integrity, and safeguarding the availability of its customers' personal and financial information. We encourage all customers to place the same priority on their own online presence through cybersecurity awareness. The Department of Homeland Security "Stop.Think.Connect" campaign is a resource providing suggestions for online safety and best practices, available below:

Passwords

  • Make your password eight characters or longer. Create complex passwords with eight characters or more and a combination of letters, numbers, and symbols. Use unique passwords for different accounts. Change your passwords regularly, especially if you believe they have been compromised.


  • Use a long passphrase. Use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.

  • Don't make passwords easy to guess. Do not include personal information in your password such as your name or pets' names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.


  • Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter "A" and an exclamation point (!) can replace the letters "I" or "L".


  • Get creative. Use phonetic replacements, such as "PH" instead of "F". Or make deliberate, but obvious misspellings, such as "enjin" instead of "engine".


  • Never share your password. Don't tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.


  • Unique account, unique password. Use different passwords for different accounts and devices so that if attackers do guess one password, they will not have access to all of your accounts.


  • Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.

Mobile Banking and Payments

  • Use unique passwords. Use different passwords for different programs, accounts, and devices. By having multiple passwords, even if attackers do get one of your passwords, they will not have access to all of your accounts. Do not choose options that allow your device to remember your passwords.


  • Check your account statements regularly. Review your banking, credit card, or payment service statements regularly to ensure there are no unauthorized charges or withdrawals.


  • Know your applications. Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information and determine what information you want the app to be sharing or transmitting. Delete any apps that you do not use regularly to increase your security.


  • Review social media permissions. If a payment service is linked to your social media account, your payment or purchase history could accidentally be shared with your larger network. The more you post about yourself, the easier it might be for someone to use the information you post to access your accounts, steal your identity, and more. Be sure to review and understand those privacy permissions and settings.

Online Safety at Home

  • Keep a clean machine. Update the security software, operating system, and web browser on all of your Internet-connected devices. Keep software up to date and install updates for apps and your device's operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities.


  • When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious (even if you know the source), delete it.


  • Secure your Wi-Fi network. Your home's wireless router is the primary entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network, and your digital devices, by changing the factory-set default password and username.


  • Know your apps. Be sure to review and understand the details of an app before downloading and installing it. Also, check to make sure the vendor or creator of the app is reputable. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.


  • Share with care. Limit the amount of personal information you share about yourself online. Your full name, phone number, address, school or work location, and other sensitive information should not be published widely. Disable geo-tagging features that let people online know where you are. Limit your online social networks to the people you know in real life, and set your privacy preferences to the strictest settings.


  • Install and update anti-virus software. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and anti- spyware.

Online Safety at Work

  • When in doubt, throw it out. Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it's best to delete it.


  • Back it up. Make electronic and physical back-ups or copies of all your important work. Data can be lost in many ways including computer malfunctions, malware, theft, viruses, and accidental deletion.


  • Guard your devices. In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.


  • Secure your accounts. Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. When available, turn on stronger authentication for an added layer of security, beyond the password.


  • Report anything suspicious. If you experience any unusual problems with your computer or device, report it to your IT Department.


  • Install and update anti-virus software. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and anti- spyware.

Online Safety While Traveling

Before You Travel

  • Update your mobile software. Treat your mobile device like your home or work computer. Keep your operating system software and apps updated, which will improve your device's ability to defend against malware.


  • Back up your information. Back up your contacts, photos, videos and other mobile device data with another device or cloud service.


  • Keep it locked. Get into the habit of locking your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords.


While You Are Traveling

  • Stop auto connecting. Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. And Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to.


  • Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network. Only use sites that begin with "https://" when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.


  • Think before you click. Use caution when downloading or clicking on any unknown links. Delete emails that are suspicious or are from unknown sources. Review and understand the details of an application before installing.


  • Guard your mobile device. To prevent theft and unauthorized access or loss of sensitive information, never leave your mobile devices–including any USB or external storage devices–unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.

Online Safety in the Public

  • Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, or café – be sure to confirm the name of the network and login procedures with appropriate staff to ensure that the network is legitimate. Cybercriminals can easily create a similarly named network hoping that users will overlook which network is the legitimate one. Additionally, most hotspots are not secure and do not encrypt the information you send over the Internet, leaving it vulnerable to cybercriminals.


  • Use your mobile network connection. Your own mobile network connection, also known as your wireless hotspot, is generally more secure than using a public wireless network. Use this feature if you have it included in your mobile plan.


  • Avoid conducting sensitive activities through public networks. Avoid online shopping, banking, and sensitive work that requires passwords or credit card information while using public Wi-Fi.


  • Disable auto-connect features and always log out. Turn off features on your computer or mobile devices that allow you to connect automatically to Wi-Fi. Once you've finished using a network or account, be sure to log out.


  • Ensure your websites are encrypted. Ensure your websites are encrypted. When entering personal information over the Internet, make sure the website is encrypted. Encrypted websites use https://. Look for https:// on every page, not just the login or welcome page. Where an encrypted option is available, you can add an "s" to the "http" address prefix and force the website to display the encrypted version.

Online Privacy

  • Limit the amount of personal information you share online. Don't overshare on social networking websites. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans.


  • Review privacy and security permissions. Be sure to review and understand the privacy and security permissions for any websites or apps where you share your personal information. When using social media sites, you can often customize your privacy settings. Make your privacy settings strict so that only people you know or approve can view your information.

Reporting Cyber Crime

  • US-CERT.gov: Report computer or network vulnerabilities to US-CERT via the hotline (1-888-282-0870) or the website (www.us-cert.gov). To report phishing attempts to US-CERT, forward phishing emails or websites to US-CERT at phishing-report@us-cert.gov.


  • FTC.gov: Report fraud to the Federal Trade Commission at www.ftc.gov/complaint, if applicable. Report identity theft at www.IdentityTheft.gov, the government's free, one-stop resource to help you report and recover from identity theft.


  • IC3.gov: If you are a victim of online crime, file a complaint with the Internet Crime Compliant Center (IC3) at www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).



  • SSA.gov: If you believe someone is uSSA.gov: If you believe someone is using your Social Security number, contact the Social Security Administration's (SSA) fraud hotline at 1-800-269-0271. For additional

Reporting Cyber Crime

  • US-CERT.gov: Report computer or network vulnerabilities to US-CERT via the hotline (1-888-282-0870) or the website (www.us-cert.gov). To report phishing attempts to US-CERT, forward phishing emails or websites to US-CERT at phishing-report@us-cert.gov.


  • FTC.gov: Report fraud to the Federal Trade Commission at www.ftc.gov/complaint, if applicable. Report identity theft at www.IdentityTheft.gov, the government's free, one-stop resource to help you report and recover from identity theft.


  • IC3.gov: If you are a victim of online crime, file a complaint with the Internet Crime Compliant Center (IC3) at www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).



  • SSA.gov: If you believe someone is uSSA.gov: If you believe someone is using your Social Security number, contact the Social Security Administration's (SSA) fraud hotline at 1-800-269-0271. For additional

Identity Theft

Banking

  • Avoid accessing your personal or bank accounts from a public computer or public Wi-Fi network, such as the public library. Not only can cybercriminals potentially gain access to your accounts through public Wi-Fi, but strangers can easily shoulder surf and see the sensitive information on your computer or mobile device screen.


  • Don't reveal personally identifiable information such as your bank account number, Social Security number, or date of birth to unknown sources.


  • When paying a bill online or making an online donation, be sure that you type the website URL into your browser instead of clicking on a link or cutting and pasting it from the email.


Shopping

  • Make sure the website address starts with "https"; the "s" stands for secure.
  • Look for the padlock icon at the bottom of your browser, which indicates that the site uses encryption.
  • Type new website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.
  • Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete it. You also have the option, if appropriate, to mark it as "junk email" so you no longer receive emails from this sender.
  • Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
  • Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.
  • Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and anti- spyware.

Don’t Fall for Fake Check Scams!

If someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost you thousands of dollars.


How do fake check scams work? There are many variations of the scam. It usually starts with someone offering to:


  • Buy something you advertised for sale;
  • Pay you to work at home;
  • Give you an “advance” on a sweepstakes you’ve won; or
  • Give you the first installment on the millions you’ll receive for agreeing to transfer money in a foreign country to your bank account for safekeeping.


The scammers often claim to be in other countries and say it’s too difficult to pay you directly, so they’ll have someone in the U.S. who owes them money send you a check or money order.


The amount of the check or money order may be more than you’re owed, so you’re instructed to deposit it and wire the rest to the scammer or to someone else. Or you’re told to wire some of the money back to pay a fee to claim your “winnings.” In some cases, the scammer promises to transfer money directly to your bank account. You provide your account information for an electronic fund transfer. Instead, the crook sends your bank a phony check or money order with instructions to deposit it in your account. When you check your balance, it looks like the funds have arrived. Whatever the set-up, the result is the same-after you’ve wired the money, you find out that the check or money order has bounced.


  • Can my bank tell if the check or money order is good or not when I deposit it?



These fakes look so real that even bank tellers may be fooled. Some are counterfeit money orders, some are phony cashiers checks, and others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has dummied up the checks without their knowledge.


Under federal law, banks must make the funds you deposit available quickly-usually within one to five days. But just because you can withdraw the money doesn’t mean the check is good, even if it looks like a cashier’s check or money order from the post office. Forgeries can take weeks to be discovered.


  • If the check or money order turns out to be a fake, isn’t that the bank’s problem?   


You are responsible for the checks and money orders you deposit. That’s because you’re in the best position to determine how risky the transaction is-you’re the one dealing directly with the person who is arranging for the payment to be sent to you. When a check or money order bounces, you owe your bank the money you withdrew. The bank may be able to take it from your accounts or sue you to recover it. In some cases, law enforcement authorities could bring charges against the victims because it may look like they were involved in the scam and knew the check or money order was counterfeit. 


  • How do these scammers find their victims?


Fake check scammers scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. They place their own ads with phone numbers or email addresses for people to contact them. And they call or send emails or faxes to people randomly, knowing that some will take the bait.


  • How can I protect myself from fake check scams?


There is no legitimate reason for someone who is giving you money to ask you to wire money back-that’s a clear sign that it’s a scam. If a stranger wants to pay you for something, insist on a cashiers check for the exact amount, preferably from a local bank or one with a branch in your area.


If you think someone is trying to pull a fake check scam, don’t deposit it-report it! Contact the National Consumers League’s National Fraud Information Center, www.fraud.org or (800) 876-7060. There are also more detailed tips about fake check scams in the telemarking and Internet fraud sections of the Web site.

Share by: