dollar sign and question mark banner
Internet Safety / Online Security
Stay Safe Online
- When possible, enable MFA for your online accounts. For more information on MFA and its role in protecting your accounts click here, https://www.cisa.gov/resources-tools/resources/multifactor-authentication-mfa
- Coming soon! During the summer of 2023 Springfield State Bank will offer MFA for Online Banking and Mobile Banking. Currently, we use security challenge questions during the login process, but this will change the verification process to a text message code. When logging in you will be sent a 6 digit code to your cell phone to verify your identity. If you have any questions or concerns regarding this change you can contact the IT dept at email@example.com or via phone at 859-336-3939.
- Use a strong and separate password for your email.
- Make sure you use an up-to-date Antivirus on your computer.
- Make sure to keep all your software updated.
- If something pops up on your screen stating that your computer is infected and to call a specific number, do not do this. This is a scam that fraudsters use to get access to your pc and accounts.
Current Online Threats
“Phishing” is a rapidly growing scam that is performed through email. If you haven’t heard of it yet, it’s not that complicated and very easy to avoid – you just need to know the facts.
According to the Federal Trade Commission (FTC), “phishers” send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your internet service provider (ISP), bank, credit card company, or even a government agency.
The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a website that looks just like a legitimate organization’s site, but it isn’t.
The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
There are some simple ways to outwit these identity thieves:
- NEVER directly respond to e-mail asking for personal information. If you are a customer of Springfield State Bank, we already have your information and would not ask you to verify via email.
- If you doubt a message’s authenticity, verify it by contacting the institution itself.
- Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won’t.
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. (CISA.GOV)
More information on Ransomware – https://www.cisa.gov/stopransomware/ransomware-101
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. (CISA.GOV)
More information on Social Engineering – https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks