Blog   Author Archive

Cyber security: 10 tips for protecting your mobile device

  |  Posted by

Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access to criminals. As we continue National Cyber Security Awareness Month, remember to always follow these tips from the American Bankers Association in conjunction with the Stop.Think.Connect. campaign to keep your information – and your money – safe.

protect your mobile

  1. Use the passcode lock on your smartphone and other devices – This makes it more difficult for thieves to access your information if your device is lost or stolen.
  2. Protect your phone from viruses and malicious software just like you do for your computer by installing mobile security software.
  3. Use caution when downloading apps – Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
  4. Download the updates for your phone and mobile apps. These contain valuable security patches and fixes for vulnerabilities.
  5. Avoid storing sensitive information like passwords or a social security number on your mobile device.
  6. Be aware of shoulder surfers – The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
  7. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
  8. Beware of mobile phishing – Avoid opening links and attachments in emails and texts, especially from senders you don’t know. Be wary of ads (not from your security provider) claiming that your device is infected.
  9. Watch out for public Wi-Fi – Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
  10. Report any suspected fraud to your bank immediately.

Next week we’ll share 10 tips to protect yourself online to wrap up National Cyber Security Awareness Month.

 

Continue Reading

Source: American Bankers Association

 

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.


Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.



Leave a Comment

Tagged: , , , , , , , , , ,

Cyber security: 10 ways cyber criminals try to steal information

  |  Posted by

Did you know that 378 million adults were victims of cyber crime* and more than 13 million consumers suffered from identity theft** in 2013? October is National Cyber Security Awareness Month, and just as in previous years, we’ve joined other organizations, including the Department of Homeland Security to support the Stop.Think.Connect. campaign to help the American public better understand cyber threats and ways to be more safe and secure online.

This month, we’ll be bringing you a series of tips to help you stay safe when banking online, starting with today’s:

  1. Phishing – Phishing is a form of social engineering that uses a sense of urgency, personalization (often gleaned from information found on social media) or masquerades as a legitimate business to convince victims to provide information like bank account numbers, online banking user IDs and passwords or credit card information.
  2. Malware – Malicious software has evolved into stealthy, complex arsenals that are widely used and easily accessible to experienced cyber criminals and novice identity thieves alike. Malware can attach to browsers, steal keystrokes to send back to the attacker or intercept security codes on mobile devices – all of which can be used to steal your information.
  3. Email hijacking – You’ve all seen this one, even if you didn’t have a name for it. Remember when you received odd emails from your friends (which you hopefully deleted), later to get a frantic message from them saying “I was hacked!” Cyber criminals are able to hijack email accounts by guessing passwords, using phishing techniques or installing malware on the victims’ computers. Once they have access to your email account, the cyber criminal may be able to gain access to online banking or social media accounts. They may even begin emailing your contacts requesting money or account information, making you an unwilling accomplice to cyber crime.
  4. Mobile devices – Did you know that your mobile device is no different than your desktop or laptop computer when it comes to malware? Your mobile device can be infected just as your desktop or laptop would. In addition, mobiles devices can be easily lost or stolen. Once a device is obtained, the content of your device, browsing history, account IDs and passwords, may be accessed by the thief. In some cases, malware can even be planted on the stolen device and returned to obtain additional data. We’ll be bringing you more tips specific to your phone later this month.
  5. Eavesdropping – “Sniffing” is a common word used for searching out potential eavesdropping victims. One of the easiest places to sniff is an open Wi-Fi (Wi-Fi networks that don’t require a password) such as hotels, coffee shops and sporting arenas. Once a target is identified, cyber criminals can easily intercept personal or financial information being transmitted over the open Wi-Fi network. Cyber criminals will also set up their own unsecured Wi-Fi connection to lure unsuspecting victims.
  6. Online gaming –Playing games online can often involve a social network and customizable content requiring downloads or computer updates. These can be used to phish for personal or financial information or infect systems with malware. In many cases, online gaming accounts are tied to payment information as well.
  7. Drive-by downloads – It’s easier than you realize to become infected by malware. A drive-by is malware that is automatically downloaded to your computer or device. These downloads occur without your knowledge and don’t require you to click a file, button or link to begin. These infections can be delivered simply by viewing a website, checking an email or clicking a pop-up window.
  8. Merchant breaches – As we’ve seen in the news lately, these breaches occur when a merchant’s security system is compromised. Capable hackers are able to crack the security of the merchant and access large volumes of card or account data. This information can then be sold to create new cards for fraudulent use or commit other financial crimes.
  9. Pretext Calls – One of the oldest tricks in the book is the telephone scam. These veteran social engineers call posing as computer technicians offering to help update your computer, remove a virus or sell you software. Once they’ve established a rapport with the victim, they can ask for credit card or bank account information or direct them to a website to download malware.
  10. Dumpster diving – Believe it or not, this is still a common method of identity theft that happens when thieves go through garbage in search of financial statements, receipts and letters with personal information. Surprisingly, some people still toss personal data in the trash can rather than using a shredder or shred bin.

Next week, we’ll bring you 10 tips for protecting your mobile device.

 

Continue Reading

Sources: Buzz Hilestad, Principal Consultant Partner, Secure Healthcare Solutions

*American Bankers Association
**Javelin Strategy

 

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.


Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.



Leave a Comment

Join the movement: National Cyber Security Awareness Month

  |  Posted by

In a world where our thirst for computers, smartphones, gadgets and Wi-Fi seems to have no limits, cyber security has become more important than ever. At home, at work and at school, our growing dependence on technology, coupled with increasing threats to our online safety and privacy, demands greater security in our online world.

Continue Reading

At UMB, we’re proud to take strides towards a safer, more secure cyberspace. In doing so, UMB has joined the National Cyber Security Alliance, Anti-Phishing Working Group and Department of Homeland Security in support of National Cyber Security Awareness Month in October. The Stop.Think.Connect. campaign was launched in 2010 as a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Consider it a neighborhood watch for your computer. However, just like security in your neighborhood, this campaign can only be successful when people get involved.

Through this national campaign, UMB has teamed with public and private sector resources as well as the U.S. federal government to help improve cyber security. According to the Stop.Think.Connect. campaign, they strive to:

  • Increase and reinforce awareness of cyber security, including associated risks and threats, and provide solutions for increasing cyber security.
  • Communicate approaches and strategies for the public to keep themselves, their families and their communities safer online.
  • Engage the public, the private sector, and state and local governments in our nation’s effort to improve cyber security.

Cyber security is a shared responsibility. I invite you to join UMB in the cyber security movement during National Cyber Security Awareness Month. Do your part by visiting umb.com and the Stop.Think.Connect. resource page to learn more about how to protect yourself online and help make cyberspace a safer place for all cyber citizens.

 

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.


Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.



Read One Comment

Tagged: , , , , , , , , , , , , , , , , , , ,

Wait a minute…who’s been sending emails from my account?

  |  Posted by

Did you know every day thousands of webmail accounts (Gmail, Yahoo, AOL, etc.) are taken over by cyber criminals? Compromised webmail can be used to make purchases, transfer money from bank accounts or even trick friends and family into giving out information that allows access to their webmail – in a matter of minutes.

Take time to do a few simple things to ensure your webmail accounts are as secure as possible:

Continue Reading

Passwords

Weak passwords can be easily hacked and used to access your account.

  • Avoid using the same password on numerous accounts. This may make your email vulnerable if another site is compromised.
  • Change your password often.
  • Use strong passwords. For example, think of a special phrase and use the first letter of each word as your password. For more tips, visit OnGuardOnline.gov

Security Questions

Even a strong password can be compromised if security questions are easy to guess.

  • Make sure answers can’t be researched on social media sites.
  • Pick a question that only you know the answer to.
  • Choose the custom security question option if available.

Phishing Email

Phishing scams use a convincing message to trick you into clicking a link, downloading attachments or other “bait” that can be used to log your online activity, give a cyber criminal control of your computer or even direct you to a phony website where you’re asked to enter your username and password. All of these can be used to commit online crimes. To avoid phishing scams:

  • Look for misspellings or grammatical errors.
  • Question suspicious email; don’t click questionable links or download attachments that appear out of the ordinary, even if from a friend or company you’re familiar with.
  • If you aren’t sure, OnGuardOnline.gov provides help for identifying phishing scams.

Review Account(s)

The best protection against cyber crime is staying alert.

  • Check sent, trash, and other folders for suspicious incoming or outgoing mail.
  • Check advanced account options for changes you didn’t make. Your email may be forwarded to someone else and you didn’t even know it.
  • Investigate security options offered by your provider like notices for suspicious log-in attempts or two-step verification using a code that’s texted to your phone.
  • Regularly review financial accounts associated with your email address for suspicious activity.
  • Contact your bank and all other financial institutions immediately if you think your email has been compromised.

Don’t fall victim to cyber crime. Take time to secure your webmail accounts and encourage friends and family to do the same.


Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.



Read One Comment

Tagged: , , , , , , , , , , , , , , , , , , , , , , , ,

How to get your identity stolen

  |  Posted by

You’ve read hundreds of articles about how to avoid identity theft, but if you actually want to lose your identity then just follow these ten simple steps:

Continue Reading
  1. Use your pets or child’s name as your email password
    Fluffy1234. Who would ever think of that? Identity thieves are using sophisticated technology to crack your passwords and steal your information. Using your dog’s name and a common number sequence will make it so easy that these identity thieves won’t even need a computer to figure it out.
  2. Over-share with your neighbor or a friendly stranger
    Always use the same personal identification number (PIN) or code for all your accounts, credit and debit cards. Remember when you had your neighbors watch your house and you gave them your garage code? Well now they also have your PIN for all your accounts. And what about that friendly stranger who offers to sell you a tropical vacation for pennies on the dollar? Once you give them your name, address and payment information, your identity could be as good as gone!
  3. Throw away personal documents without shredding
    Throw away receipts, old bill statements and credit card applications without shredding them. A more low-tech identity thief will just dig through your dumpster and use the information in receipts and bills to access your personal information. Then he will sign up for a credit card in your name with the application you threw away the other day. He’ll be sitting on a beach sipping a frozen drink after he spent all your money on that tropical vacation we mentioned while you spend months recovering your lost finances and clearing up your credit report.
  4. Make yourself an easy target for pickpockets
    Don’t pay attention to your surroundings in a crowd. Leave your fanny pack unzipped so anyone can reach right in and grab your wallet. This saves an identity thief from the trouble of looking for your information. He can just use your ID and credit or debit cards.
  5. Don’t password protect any personal devices
    Don’t password protect any of your personal devices (laptops, tablets, smartphones, etc.) and leave them out where anyone can access them. Why waste the time pushing buttons to unlock your smart phone when you could be taking a picture of your dinner!
  6. Respond to suspicious emails
    Even if it seems suspicious, respond to all emails asking for your personal information. Click on suspicious links too! This will route you to a website or file download that will make it really easy for you to share all of your online activity with the identity thief – user names, passwords, card numbers, you name it!
  7. Respond to suspicious requests on social media
    Easily hacked passwords on your social media sites allow identity thieves to pose as you and try to con your friends out of their personal information and even their money. Oh, and your ex really is stuck in London without a passport or money! Wire that $5,000 right away!
  8. Transfer money on an unsecure website or via email
    Speaking of sending money, be sure you give out your bank account info via email because it’s definitely a safe way to shop online. Throw in your Social Security number and your mother’s maiden name while you’re at it.
  9. Be careless with logins and personal information in public
    Openly log in to your personal accounts while you’re on a laptop or phone in a public setting. Balance your checkbook in a coffee shop and be sure you move out of the way so the identity thief can clearly read your account number.
  10. Never review your bank account statements
    They say ignorance is bliss. It’s true. If you never look at your account statements, you’ll never know if someone has your account information and is spending all your money. You’ll also never know when your spouse dropped a couple hundred dollars on a shopping spree!

Of course, we are joking and having a little fun with this post. At UMB we take privacy and security very seriously, especially when it comes to our customers. You might think identity theft can’t happen to you, but it is still very common and a few simple things can keep you protected. Just do the exact opposite of everything on this list. Or, take a look at our website to learn more tips and tricks to protect your information and your identity.

 

Bank deposit products provided by UMB Bank n.a., Member FDIC. Equal Housing Lender


Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.



Read One Comment

Tagged: , , , , , , ,