Blog   Tagged ‘protection’

The Evil Airline Phishing Attack

  |  Posted by

Imagine clicking on an attachment in an email confirmation for an online purchase or hotel reservation and being greeted by an urgent pop-up that reads, “A virus has been detected due to suspicious activity. Click here to run a diagnostic on your computer hard drive.” Seems like good advice, right? Before clicking OK, you might want to learn more about a new email phishing scam.

Continue Reading

Known as the evil airline phishing attack, this scam is a two-wave social engineering scam that attempts to take over your computer and steal sensitive personal information—or both— potentially leading to identity theft or damage to your computer. What makes this especially alarming is that recent research says this scam is successful about 90 percent of the time‡.

The scam targets individuals who frequently book travel or shop online and are familiar with receiving email confirmations on purchases or bookings. Like other phishing scams, cybercriminals research online and offline before sending these authentic looking emails. The subject line will look something like this:

When the victim receives the email, the two-wave phishing attack begins:

  • First wave: Opening the message signals to the cybercriminal that the email address is authentic and has been received by a real person.
  • Second wave: Inside the email is an authentic-looking attachment such as a .pdf or .docx file. This file is masquerading as a travel confirmation or purchase receipt with malware‡ embedded in it. If the attachment is opened, the malware springs into action impacting your data and computer.

The goal of these cybercriminals is to:

  • Trick you into clicking links and opening attachments which can secretly infect your computer or device
  • Access and steal your information (e.g. usernames, passwords, credit card numbers, etc.)
  • Make transactions, file fraudulent tax returns, use you or your children’s identity, share sensitive medical data with other hackers and a variety of other activities

How can you help protect yourself?

  • First defense: Desktops, laptops, tablets and even mobile devices are at risk of this attack. Install antivirus protection on your electronic devices (including tablets and mobile phones) and keep your hardware and software updated.
  • Second defense: Never click on links or attachments in emails you aren’t expecting. If something looks “phishy,” it probably is. If you have questions or concerns about any electronic communication, go to the company’s website to confirm details or contact them directly.
  • Final defense: Communicate with your coworkers, friends and family. One of the best ways to keep from falling victim is to ask questions, open dialogue and stay informed.

For more information to stay cyber aware, visit UMB’s Security and Privacy page.

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.

Ms. Flores serves as senior vice president and Chief Information Security Officer, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and more than 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP/US) and Certified Information Systems Auditor (CISA).

Leave a Comment

Tagged: , , , , , ,

Why can’t I save my online banking password?

  |  Posted by

You might be wondering why you saw this notice below the UMB online banking account sign in.

Login Panel Medium

Continue Reading

We promise we’re not trying to make your life harder by doing this. We know it’s not easy to remember all the passwords you use online these days, so you might see this as a hassle. But we try to do everything we can to make sure your information is secure … and remains secure. Privacy and information security are extremely important to us at UMB and we take it very seriously.

Identity thieves are usually looking for stored information that they can turn into a profit by selling it on the black market. Online banking information like your password and the site you use to access your accounts are valuable to people who make money from stealing and selling personal information. We’ve disabled the ability to save your online banking password on because otherwise identity thieves have a greater opportunity to steal your data and money.

For example, if your laptop is stolen and you don’t have it password-protected, the thief can easily login to your bank account if it automatically pulls your login information. Then this person has access to everything they need to steal your money. If you log in to your online bank account from a shared or public system, the next person that uses the computer could access your account. All it takes is a few clicks and they’ve used your money to buy a new flat screen TV or book a trip to Italy. It’s kind of like when you accidentally leave your laptop sitting out and you’re still logged in to Facebook, and then your roommate comes along and posts an embarrassing status update as you. Only it’s not your Facebook page, it’s your hard-earned money at stake.

Ultimately, we want what’s best for our customers even if it isn’t always the most convenient option. The privacy and the security of your information is our priority.

Read One Comment

Tagged: , , , , , , ,