Some Privacy Policies are not Private Enough
There are organizations on the Internet that offer free services such as e-mail or virus scanning. It is important to be aware that some of these companies have privacy policies that allow them to collect and share personal information about your browsing habits. These companies might also collect secure information from you. In addition, related software may be difficult to uninstall, despite your attempts to do so.
FIRST FEDERAL does not share or sell any customer information to third parties. However, it is important for you to be aware that some of the Internet companies that use technologies to intercept secure information will also have complete access to your personal information. When you accept an agreement with these companies, you are also agreeing that they can share your information with third parties.
What you can do:
- When in doubt, do not accept the agreement.
- Install spyware programs like AdAware to check your computer for software that collects this type of information.
- Report suspicious organizations to the Federal Trade Commission.
“Pharming” is the practice of redirecting Internet domain name requests to false websites in order to capture personal information, which may later be used to commit fraud and identity theft. For example, an Internet Banking customer, who routinely logs in to his or her Online Banking website, may be redirected to an illegitimate website instead of accessing his or her bank’s website. FIRST FEDERAL has steps in place to combat the art of “pharming” from happening to you.
Pharming Can Occur In Four Different Ways:
Static domain name spoofing: The “pharmer” (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer’s website. For example, a pharmer may redirect a user to anybnk.com instead of anybank.com, the site the user intented to access.
Malicious software (Malware): Viruses and “Trojans” (latent malicious code or devices that secretly capture data) on a consumer’s personal computer may intercept the user’s request to visit a particular site such as anybank.com , and redirect the user to the site that the pharmer has set up.
Domain hijacking: A hacker may steal or hijack a company’s legitimate website, allowing the hacker to redirect all legitimate traffic to an illegitimate site. Domain names generally can be hijacked in two ways:
- Domain slamming:
By submitting domain transfer requests, a domain is switched from one registrar to another. The account holder at the new registrar can alter routing instructions to point to a different, illegitimate server.
- Domain expiration:
Domain names are leased for fixed periods. Failure to manage the leasing process properly could result in a legitimate ownership transfer. In this instance, trade name laws usually must be invoked to recover lost domains.
DNS poisoning: The most dangerous instance of pharming may be Domain Name Server (DNS) poisoning. Domain Name servers are similiar to Internet road map guides. When an individual enters www.anybank.com into his or her browser, Domain Name Servers on the Internet translate the phrase anybank.com into an Internet protocol (IP) address, which provides routing directions. After the DNS server provides this address information, the user’s connection request is routed to anybank.com. Local DNS servers can’t be “poisoned” to send users to a website other than the one that was requested. This poisoning can occur as a result of misconfiguration, network vulnerabilities or Malware installed on the server.
There are 13 root DNS servers for the entire Internet, which are closely protected and controlled. Most requests are directed by the local DNS server before they reach a root DNS server. However, if a hacker were to penetrate one or moreof these root servers, the Internet could be severely compromised.
Detection and Prevention
Consumers can take these steps to prevent pharming attacks:
- Digital certificates:
Legitimate Web servers can differentiate themselves from illegitimate sites by using digital certificates. Websites using certificate authentication are more difficult to spoof. Consumers can use the certificate as a tool to determine whether a site is trustworthy.
FIRST FEDERAL recommends Internet banking customers install current versions of virus detection software, firewalls and spyware scanning tools to reduce computer infections, and should stress the importance of regularly updating these tools to combat new threats. If suspect you have been a victim of pharming, please contact FIRST FEDERAL Web Technical Support Services at 262-542-4448 as soon as possible.
Don’t Get Hooked by Phishing Scams
If you find a request for personal information in your inbox, you may think it’s safe to click and comply, especially if the e-mail displays a familiar logo and convincing words and graphics. Better think again. Chances are this seemingly authentic message camouflages a “phishing” excursion angling to hook your identity.
Phishing, also called “carding” or “brand spoofing,” is a serious Internet scam that trolls for your personal data by luring you to a replica of a well-known website. (The “ph” is a carryover from so-called “phone phreaking” attacks on the early 1970’s telephone systems.)
The high-tech swindle begins with an unsolicited, but official-looking, e-mail that frequently uses scare tactics to reel in a response. It may, for example, threaten to close your bank account unless you verify some of your information. The e-mail will likely include a link that’s a dead ringer for your bank’s website address. But click that link and enter a password or account number, and you could be giving an Internet swindler free rein to your life savings.
How FIRST FEDERAL Protects You
At FIRST FEDERAL, we’re aware of such scams, and because your privacy and account security are important to us, we maintain strict safeguards to help keep your data out of the phishing nets. You should know that FIRST FEDERAL does not:
- Send any e-mail that asks for your personal account information.
- Ask for your password in an e-mail or request it via the phone or U.S. mail.
- E-mail sensitive information to you.
- Make any address or account changes without mailing a confirmation of your request. If you receive a notice about a change you did not initiate, contact FIRST FEDERAL right away.
- Display a pop-up warning or pop-up security alert when you log on if you’ve kept your Web browser up-to-date. If you do encounter a log-on caution message, click “No” and call FIRST FEDERAL Web Technical Support Services at 262-542-4448. Please note: A security alert could indicate that either the date on your computer is incorrect or you are using an older version of the Microsoft Internet Explorer browser.
How You can Protect Yourself
While FIRST FEDERAL does its best to protect you, you also share responsibilty for maintaining secure account information. The following precautions will help you outsmart the phishing scam:
- To access FIRST FEDERAL’S website, type our address (www.firstfederalwisconsin.com) in the Web browser address field, and bookmark it. Always use this bookmark to enter our site.
- Before submitting your Access ID and password, make sure your browser displays the FIRST FEDERAL website.
- Log off the website when you complete a transaction, and close your browser. This will help prevent anyone else from accessing your account.
- Be wary of any e-mail declaring your account in jeopardy or asking for personal information. Don’t reply to the e-mail, click any links in the e-mail or open any attachments. Report these incidents to FIRST FEDERAL immediately, using an address or phone number you know to be accurate.
- Make sure your Web browser is up to date. (Windows users can go to Windows Update to stay current)
- Choose a password that includes both letters and numbers. Avoid predictable words or dates, and change the password often.
- Never share your password or user name. And never store them on a computer.
- Be vigilant. Review your account regularly, any report and discrepancies.
- Deleting a suspicious e-mail with its look-alike links, accessing a site via an address you type in, and keeping your system up-to-date may be the best ways to prevent an Internet phisher from landing another big catch. For more information about identity theft, visit the Federal Trade Commission’s website.