Online & Mobile Security

Do

• Use strong passwords: at least eight characters with a mix of upper- and lower-case letters, numbers, special characters.
• Create hard-to-guess passwords (no birth dates, child’s name, pet’s name, or part of User ID).
• Change passwords frequently, and immediately if compromised.
• Notify financial institutions if passwords have been stolen.

Do NOT

• Share passwords or security devices.
• Post passwords in or around work areas.
• Use an automatic login feature that saves usernames and passwords.

Do

• Keep operating systems and web browsers up to date, and turn on automatic updates.
• Protect your home wireless network with a password for a secure connection.
• Use comprehensive spyware, virus protection software and a firewall, which prevents unauthorized users from gaining access.
• Ensure online retailers have secure technology: verify "https" and a tiny locked padlock symbol in the address bar.

Do NOT

• Send sensitive information over unsecure public Wi-Fi networks.
• Conduct banking transactions while multiple browsers are open.

Do

• Use the passcode lock on your smartphone and other devices.
• Be aware of your surroundings, especially when entering sensitive information.
• Completely log out when finishing a mobile banking session.
• Install mobile security software to protect against viruses and malicious software.
• Download updates to keep your phone and mobile apps safe with the newest release.
• Notify your financial institution if you change your phone number or lose your mobile device.
• Report suspected fraud immediately to your financial institution.
• Wipe your device before donating, trading or recycling; if it is lost or stolen, try to do so remotely.

Do NOT

• Open links and attachments in emails and texts, especially from senders you don’t know.
• Store sensitive information: passwords, Social Security number, etc.
• Perform banking transactions on a potentially unsecure public network; disable the Wi-Fi and use your mobile network.
• Click ads (not from your security provider) claiming your device is infected.
• Download all apps asking for unnecessary “permissions” – they may contain viruses or malware.

Do

• Be careful opening emails, links or attachments from unfamiliar sources: they could be an attempt to collect your confidential information or infect your device.
• Verify the authenticity of emails by using a phone number or address from your records rather than the contact information in or associated with the email.
• Watch for language that has an extreme sense of urgency if you do not act.
• Take note of logos that appear distorted, unfamiliar web addresses, unusual spelling or grammatical errors – all signs that a fraudster may have designed the email.
• Be wary of messages an automated email from a system saying your password is nearly expired, security alerts, or messages urging you to validate your online banking credentials.
• Forward phishing emails to the Federal Trade Commission at spam@uce.gov – and to the organization impersonated in the email.

Do NOT

• Click on links in emails – sign on to your trusted website directly, using the address from your records or your browser bookmark.
• Provide confidential information in response to an email request (user names, passwords, account numbers, tax ID numbers, Social Security numbers, etc.).
• Open attachments without independently verifying the authenticity of the email.
• Trust emails that appear to be from familiar sources – fraudsters can doctor email ‘from’ names or even addresses.