Online Banking Security
Multi-Factor Authentication and Secure Access Code
Charlevoix State Bank Online Banking uses multi-factor authentication to protect your accounts from unauthorized access. Due to their increased complexity, authentication systems using a multi-factor configuration are harder to compromise than ones using a single factor. You will need to provide your username and password along with a secure code to access your account. This secure code is a virtual token that identifies the device you are using to access your account. We only deliver secure codes via text, phone or email based on information you provide during enrollment. It is important to provide accurate contact phone numbers, mobile phone number, and E-mail address to ensure delivery of secure codes.
Charlevoix State Bank Online Banking uses multi-factor authentication to protect your accounts from unauthorized access. Due to their increased complexity, authentication systems using a multi-factor configuration are harder to compromise than ones using a single factor. You will need to provide your username and password along with a secure code to access your account. This secure code is a virtual token that identifies the device you are using to access your account. We only deliver secure codes via text, phone or email based on information you provide during enrollment. It is important to provide accurate contact phone numbers, mobile phone number, and E-mail address to ensure delivery of secure codes.
Username and Password
Your username and password are the first line of defense and act as unique identifiers for your personal or business account. Avoid using passwords such as your birth date, name, address, or Social Security number. Use a combination of upper and lowercase letters, numbers, and special characters. Do not share this information with anyone. Identity theft and fraud attempts are usually conducted with someone the victim knows.
Your username and password are the first line of defense and act as unique identifiers for your personal or business account. Avoid using passwords such as your birth date, name, address, or Social Security number. Use a combination of upper and lowercase letters, numbers, and special characters. Do not share this information with anyone. Identity theft and fraud attempts are usually conducted with someone the victim knows.
Do not allow your computer or a public computer to “save” or “store” your password. Allowing your computer to remember login information gives anyone with physical access to your computer the ability to log in to your accounts.
Secure Messaging
With Charlevoix State Bank’s Online Banking system you are able to securely communicate with Customer Service via our Secure Messaging system.
With Charlevoix State Bank’s Online Banking system you are able to securely communicate with Customer Service via our Secure Messaging system.
Phishing
Fraudulent emails (phishing) and fraudulent websites are used to trick people into providing personal information that can be used for identity theft. Charlevoix State Bank will never ask you to verify your account number or personal information via email. We will never ask for your online banking password or secure access code. If you notice suspicious activity on your account or experience security related events, please contact the Bank immediately at 231-547-4411 or support@csbchx.com.
Fraudulent emails (phishing) and fraudulent websites are used to trick people into providing personal information that can be used for identity theft. Charlevoix State Bank will never ask you to verify your account number or personal information via email. We will never ask for your online banking password or secure access code. If you notice suspicious activity on your account or experience security related events, please contact the Bank immediately at 231-547-4411 or support@csbchx.com.
If you receive an e-mail asking for personal information, do not hit the “reply” button or click on any link in the email. Instead, go directly to the website by typing in the website address in your internet browser.
Best Practices for Devices - Customer Vigilance is the First Line of Defense
- Make sure you are using up-to-date virus and malware protection.
- Install patches and updates regularly.
- Install and update firewalls.
- Do not use the automatic log-in feature on your devices.
- Do not plug unknown or unfamiliar USB drives, DVDs, etc. into your computer.
- Do not save credit or debit card, bank account, or other financial information on your computer, phone or tablet.
- Use a password on mobile devices. Set your devices to automatically lock after a period of time and turn on encryption to ensure no one can access your smartphone, tablet or laptop.
- Be aware of the location of your mobile devices (smartphones, tablets) at all times. Log on to financial websites only when you have a secure Internet connection.
ID Theft/Credit Card Fraud
What is identity theft?
Identity theft is when a criminal uses your name, Social Security Number, date of birth, or other information, without permission, to commit fraud. An example of identity theft would be the use of your personal information to open a credit card account or get a loan in your name.
What are some common signs of identity theft?
- Bills that do not arrive as usual
- Unexpected credit cards or account statements
- You are denied credit for no apparent reason (e.g., for credit for which you did not apply)
- Phone calls or letters about purchases you did not make
- Transactions on your financial statements you do not recognize
- Incorrect information on your credit reports – accounts, addresses or information that is inaccurate
What should I do if I think I may be a victim of identity theft?
Visit the Federal Trade Commission website to report it and get a recovery plan.
Visit the Federal Trade Commission website to report it and get a recovery plan.
Here are some other steps you can take:
- Contact the security or fraud departments of the company where an account was opened or charged without your permission.
- Follow up in writing with copies of supporting documents.
- Keep copies of documents and records of your conversations about the identity theft.
- Use the ID Theft Affidavit at https://www.irs.gov/pub/irs-pdf/f14039.pdf
- Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
- Contact law enforcement to help you correct your credit report and deal with companies who may want proof of the crime.
- Close the accounts that you know, or believe, have been tampered with or opened without your permission.
- Report the theft to the Consumer Finance Protection Bureau by submitting a complaint. Your complaint helps law enforcement officials nationally in their investigations. To find out more, visit the Consumer Finance Protection Bureau’s website at help.consumerfinance.gov/app/creditreporting/ask.
Here are some tips to prevent identity theft:
- Monitor accounts regularly for fraudulent activity.
- Use a cross-cut shredder when disposing of personal records, especially financial records (thieves have been known to splice together single shred documents).
- Never give out your personal information including credit and debit card info over the phone, through the mail, or on the Internet unless you've initiated the contact and are sure you know who you're dealing with before proceeding. If you must share personal information, always confirm that you are dealing with a legitimate organization.
- Protect your personal information. Do not leave documents containing personal information where anyone can see it.
You should periodically review your credit reports from each nationwide credit reporting agency. If any information on the credit report appears fraudulent, request that the credit reporting agency correct that information from your credit report file. Under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. Obtain a free copy by going to http://www.annualcreditreport.com or by calling 1-877-322-8228.
You can also visit the Federal Trade Commission at www.consumer.ftc.gov/topics/repairing-identity-theft, or FTC Consumer Response Center Room 130-B 600 Pennsylvania Avenue, N.W. Washington, DC, 20580
Avoid Social Engineering Scams
Social engineering is the act of tricking people to obtain their personal or confidential information. The types of personally identifiable information criminals want varies. Typically, these bad actors try to trick unsuspecting individuals into giving them their passwords or financial information. They also want to trick their victims into installing malicious software, known as malware, to gain control over their computers.
Anyone can fall into the trap of cleverly designed social engineering tricks. Learning how to spot all types of social engineering attacks is the first step to avoid being tricked.
What are the types of social engineering attacks?
Phishing: Phishing attacks occur when scammers send emails to “fish” for information. These messages are intended to look identical to ones from trusted sources like organizations and people you know.
The message attempts to use your emotions against you to instill fear, excitement or urgency into revealing sensitive information by clicking on links to malicious websites or opening attachments that contain malware.
Once the malware is installed, criminals can redirect you to their controlled site to trick you into giving up your information. This is also known as “pharming.”
Vishing: This is when a legitimate phone number has been spoofed. This trick is commonly used on businesses. Scammers will contact a company’s front desk, customer service, HR or IT and claim to need personal information about an employee.
Smishing: Smishing is like vishing, but the scammer sends text messages instead of calling. Scammers purchase spoofed phone numbers to blast out messages containing malicious links.
In-person: This occurs when a scammer tricks an employee to let them into an area they don’t have access to.
Also known as "piggybacking," scammers may be dressed as delivery drivers, say they forgot their ID or pretend that they’re “new” to enter a restricted area. Once inside, they can spy on people, access workstations and more.
Tips to protect against social engineering attacks
1. Carefully check emails for errors.
If you receive a suspicious email, check for spelling and grammar mistakes. Also, be on the lookout to make sure any hyperlinks or the sender’s email address is the same spelling as the company they represent.
Be suspicious of any messages you’re not sure of. If the email looks like it is from a trusted source, do your own research. For example, use a search engine to go to the real company’s site or a phone directory to find their phone number.
2. Think before you click.
Phishing emails use an enticing and emotionally charged subject line to trick you into getting what they want. If you have a strong reaction to an email or online offer, take a minute to check in with your better judgment before proceeding.
Credible representatives will never make you feel threatened or demeaned, nor will they pressure you to act quickly. If an offer is too good to be true, it probably is.
Don't open email attachments from questionable sources. Even if you do know the sender and the message seems suspicious, it's best to contact that person directly to confirm the authenticity of the message.
3. Verify the identity of anyone you don’t know personally.
If you’re unsure of a person’s true intentions, it’s best to act upon your suspicions. Even when the sender appears to be someone you know, check with your friend or coworker before opening links or downloading attachments.
Also, be suspicious of any unwanted requests for your personal information. You can directly contact the bank they are impersonating to confirm whether the contact was legitimate.
It only takes one human error to become a victim of a socially engineered attack. And this vulnerability is the reason criminals are using social engineering techniques more often.