FDIC-Insured—Backed by the full faith and credit of the U.S. Government
Home / Resources / Cyber Security Page
Computer-related crimes affecting businesses and consumers are frequently in the news and we recognize that these threats continue to evolve.
At Connecticut Community Bank, we strive to provide our customers with up-to-date information to keep you from becoming the victim of fraudulent scams. Whether it’s your personal computers and accounts or your business, we hope to create an awareness of signs of potential fraud and the prevention practices to reduce the risk of these threats.
Be sure to check back often for updates.
Shop Smart
Buy only from reputable and trusted websites. Look for “https” for a secure connection when purchasing and avoid deals that are too good to be true.
Be Aware of Fake Delivery Notices
If you receive a notification for an unexpected delivery don’t click the link unless you’ve confirmed the purchase is real.
Check Statements Regularly
Keep an eye on your bank and credit card accounts for unauthorized activity.
Secure Devices
Keep software and apps updated to protect against vulnerabilities.
Avoid Public Wi-Fi
Public wi-fi networks are vulnerable to bad actors who can steal personal data and passwords.
Use Strong Passwords
Avoid easy-to-guess passwords, use a mix of letters, numbers and symbols.
Enhance your cyber security knowledge by viewing the following videos on cyber security best practices for both businesses and consumers. Learn how to protect your financial information online.
As cybercriminals continually evolve their tactics, targeting businesses of all sizes, a single breach can expose sensitive data such as passwords, social security numbers and other personal information. This can lead to identity theft, fraud and financial loss. By staying updated on recent breaches, you can take immediate action.
Here is a summary of best practices you can follow for security and fraud prevention. More details are available below on this page.
In addition to identity theft, consumers should also be aware of other scams that attempt to trick individuals into giving them money.
Someone calls to ask for money. Are they who they say they are?
Someone asks you to donate money to a charity. Now.
You have a Medicare card, but a caller says you need a new one.
Someone offers to repair your home. Cheap. For cash now.
Ad promised quick and easy money. Guaranteed. No Risk.
Ads promise big money working from home. For a fee.
You’ve won a sweepstakes. Receive a check. Wire a portion to another account.
Unwanted Calls and Text Messages
You get a lot of unwanted calls. Many are from scammers.
You’ve got the job. Pay a fee. Provide account numbers.
You won a prize. But can’t get it until you send money.
Identity Theft – What to Know, What to Do
Child Identity Theft – What to Know, What to Do
Military Identity Theft – What to Know, What to Do
Identity theft is becoming more sophisticated and the number of new victims is growing. A consumer’s identity can be stolen by simply stealing information from your mail or garbage or through sophisticated phone and online schemes. Identity thieves need only to obtain your name, address, an account number and/or your social security number to take over your identity.
This is how it works:
A consumer receives an email or text message which appears to originate from a financial institution, government business, or other well-known/reputable entity. Or you may receive a voice recording or live call searching for information.
The message describes an urgent reason you must “verify” or “re-submit” personal or confidential information by clicking on a link embedded in the message.
The provided link appears to be the Web site of the financial institution, government business or other well-known/reputable entity, but in “phishing” scams, the Web site has been spoofed and belongs to the fraudster.
Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer’s mother or the consumer’s place of birth.
How to Protect Yourself
Vishing works on the same principal. The fraudster calls you and will try to manipulate you into revealing confidential information
Review your credit report annually. AnnualCreditReport.com provides consumers with the secure means to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies in accordance with the Fair and Accurate Credit Transactions Act (FACT Act). You can also contact each credit bureau separately to request your free report or to report fraud.
Credit Bureaus
Equifax
Experian
TransUnion
We’ve all seen it: a senior places his or her trust in a scammer or an untrustworthy individual, and the next thing you know, the senior is left with nothing. Financial abuse against older Americans can take many forms, from illegal debits, to third-party scams and even unauthorized withdrawals by an approved caregiver. And with the share of the U.S. population 60 years and over projected to reach 30 percent by 2025, the opportunities to take advantage of these at-risk bank customers become more prevalent—by the minute.
We’ve partnered with the American Bankers Association to provide you and your families helpful safety tips to avoid senior scams.
Fraud schemes continue to grow, evolve and target legitimate businesses, non profits and government. The FBI monitors schemes like Business Email Compromise, Vendor Impersonation Fraud and Mortgage Closing scams, which typically involve social engineering or computer intrusion techniques. Click here to read more about these scams, and be sure to share with your employees.
Click here for Cybersecurity Tips for Small Businesses
Corporate Account Take Over
An alarming cybercrime now affecting small to medium sized businesses is “corporate account take over.” This involves cyber criminals penetrating the computer network of a business and spreading malicious software, such as a “keylogger” which records the words typed, Web browsing history, passwords and other private information. This in turn allows them access to programs using your log-in credentials.
If they steal your password and breach your online banking system, the cybercriminal can begin an online session to initiate funds transfers, by ACH or wire transfer, to their accomplices. The accomplices withdraw the money almost immediately.
Business Email Compromise
A Business Email Compromise is a type of phishing attack that involves criminals impersonating an employee or executive at an organization or a trusted vendor, such as your bank, in order to gain access to funds or sensitive information. These attacks target small to medium sized businesses, not just large companies.
Review these tips to detect these types of emails:
You can follow these important tips at your business to avoid these types of scams:
Click here to download “How to Protect Your Business from Cybercrime!”
Malware is malicious software such as viruses and spyware that are designed to steal personal information and spread spam. Criminals lure you into clicking on links that will spread the malware to your PC gaining access to your computer – giving criminals access to sensitive information or disrupting your computer’s operation. Most times, you won’t even know it’s there.
Spyware
“Spyware” is a type of malicious software installed on your computer without your knowledge. It collects small pieces of personal information including Internet surfing habits and sites visited. It also can redirect web browser activity and change computer settings. Spyware is typically hidden from the user, and can be difficult to detect once installed. Spyware can be installed on computers via fraudulent emails, legitimate software download or pop-up windows. These messages masquerade and try to be as legitimate looking as possible.
Keystroke Logging
As with spyware, keyloggers are installed on your computer without your knowledge. It is the action of tracking (or logging) the keys struck on a keyboard, typically in a hidden manner so that the person using the keyboard is unaware that their actions are being monitored. Keystroke logging can record the words typed, Web browsing history, passwords and other private information. This is extremely dangerous in all aspects of computer usage, especially with financial information.
Scareware
“Scareware” is a term to describe an attempt to scare a person, via pop-ups, into believing their computer was scanned and has a virus. These pop-ups contain frivolous and alarming warnings or threats and are especially designed to look like they come from the user’s operating system.
The fake scan concludes that the user’s computer has a malware infection and says to fix it the user must download antivirus software and the cost is as much as $50. What the user usually gets is a form of malware that actually does infect the computer. Not to mention being out the fee!
Ransomware
“Ransomware” is an attack carried out using secretly installed malware that encrypts the victim’s files and then requests a ransom payment in return for the decryption key that is needed to recover the encrypted files. It is on your computer because you have most likely clicked on an infected popup advertisement or an infected link in an email. The bad guys hold your computer hostage and attempt to extort payment.
The criminals often ask for a small payment, assuming you will be willing to pay to avoid the aggregation of dealing with the virus. They may ask for as little as $10 to be wired through Western Union, paid through a premium text message or sent through a form of online cash. Business are often ask for payment in Bitcoin. Paying the ransom is no guarantee that your computer will be restored. Protect yourself from ransomware by using reputable antivirus software, back up often to an external hard drive or cloud, enable your popup blocker and use common sense when clicking on advertisements or email links.
Please consider the following to keep your computer safe:
Protect your computers with a strong anti-virus/anti-spyware/anti-spam software program and make sure they are updated on a daily basis at a minimum and note the expiration date. Anti-virus software alone is not sufficient to protect your systems from today’s complicated techniques. Most identity theft problems originate with spyware.
For Windows users, please be sure the Windows Firewall Service is turned on and your computer is up to date with critical patches. Configure Windows Update to check for these critical updates automatically.
Strongly consider the use of a hardware based firewall product. These products are designed to protect all your computers from attackers before it reaches your PC. Typically they also provide anti-spyware and anti-virus capability as well. Stopping the intrusion before a threat arrives at your PC is one of the best measures you can take to avoid infecting your computer.
Don’t trust any email from any source that is asking for or attempting to verify personal information, account numbers, etc.
If your business utilizes an online banking system, you should consider using an additional layer of security called token-based authentication. The security token, provided by your financial institution, is a small hand held device that generates a unique, random password that is required for certain transactions. These transactions are blocked without the physical possession of the token.
On July 28, 2022 the FDIC recently released a Fact Sheet intended to address some common misconceptions about the scope of deposit insurance coverage and whether deposit insurance applies to funds that customers provide to crypto companies.
Please click here to read the FDIC Fact Sheet.
The FBI through a public service announcement is warning of increased and highly anticipated cyber-attacks that can exploit mobile banking apps.
Method 1: Banking Trojans
Banking Trojans have been around for some time but in this case they are typically cloaked or disguised as common mobile apps such as games or tools, (i.e. third party flashlight apps). These apps look innocent enough, but are extremely dangerous. Essentially these Trojan apps lay in a dormant stage until your legitimate mobile banking app is launched. Once launched these Trojans “overlay” a real banking app with a fake login screen that swipes your credentials.
Method 2: Impersonated Apps
These are apps that impersonate a real financial institutions mobile banking app and unfortunately are widely available. If you open one of these, you’ll see what looks like a legitimate login page and of course it’s designed to steal your credentials as well as obtaining security codes that are texted to your mobile devices.
Here’s what you can do:
Only download apps from official app stores or directly from a bank website.
Avoid loading up your phone with tools and utilities that you never use or use infrequently. It’s just as easy to uninstall an app and reinstall it when you need it.
Check the app permissions and only allow those permissions that you are comfortable with. For example, a flashlight app shouldn’t need access to your contacts!
Enable two-factor or multi-factor authentication on mobile devices and accounts. Use strong two-factor authentication if possible such as biometrics, hardware tokens, or authentication apps.
Phishing campaigns via email or text prompting you to update your mobile banking app should be highly suspect. Many banking apps will notify you within the app to update to a current version and direct you to the proper app store to download it. Get in the habit of not clicking on links in emails or text messages that allegedly come from your financial institution.
Don’t share or give two-factor passcodes to ANYONE over the phone or via text or chat!
Don’t reuse passwords across multiple sites. It’s a very unsafe practice! If a bad guy gets one of your credentials and you share it with other sites, you’re just making it easier to lose your identity and your money!
Use complex passwords that are at least 8 characters and have capital letters, numbers and special characters.
When in doubt, contact your financial institution!!!
By: John Longo, Onsite Support Services Corporation
There isn’t a week that goes by that I’m not asked this question and more importantly how to protect your devices, (and your data!), if you absolutely need to join a free Wi-Fi network.
In short, the answer is NO, free unsecure public Wi-Fi, (where no password is required) is not safe. Should you join one? In my opinion NO and NEVER! Do I ever join one?……NOPE!
I realize that there may be a situation that just can’t be avoided where you have to connect to a free hotspot at the airport or hotel for example. I’ve outlined below some Do’s and Don’ts best practices you can use to significantly lower your risks of being compromised.
Some Background:
Current estimates indicate that there are more than 450 million public hotspots in the United States alone and grows annually.
The bottom line….Wi-Fi hotspots are literally everywhere. Cellphone carriers like Verizon, AT&T, etc., offer their customers free WiFi access as do most of the major internet service providers such as Comcast/Xfinity, COX, and others.
Additionally everyone from fast food, coffee shops, airports, airplanes, outdoor venues, home improvement stores, malls, and even your doctor’s office provide Wi-Fi access. Wi-Fi is so prevalent, you can easily find one almost anywhere you go.
The Two Types of Public Wi-Fi
There are basically two kinds of public Wi-Fi networks: secured and unsecured.
An unsecured network can be connected to within range and typically does not require any type of security feature like a password or login. These are commonly referred to as “open” Wi-Fi networks. Conversely, a secured network typically requires a user to agree to legal terms and conditions, register an account, or type in a password before connecting to the network. In some cases it may also require a fee or other purchase to gain access to the password or network.
Regardless of the connection type, you should always use public Wi-Fi with extreme caution. Even “secured” Wi-Fi networks should not be trusted.
Why Public Wi-Fi is inherently unsafe:
A public Wi-Fi network is far less secure than your home wireless network because you don’t know who or how it was set up, what steps are being taken to continuously secure the network, and most importantly, who else is connecting to it.
Hackers can easily position themselves between you and the free hotspot. You might assume your device is communicating directly with the free hotspot but instead you end up sending your information to the hacker. It is so easy to setup a counterfeit hotspot like AirportFreeWifi which is actually a hackers own hotspot. Once you join the hacker’s hotspot, they can easily penetrate your device, collect data, install malware, keyboard loggers, etc.
There is a widely held misconception that as long as you’re not accessing your email or bank accounts that you’re okay. It’s simply not true. Anything you do on a public Wi-Fi network is inherently NOT secure. Any information you share or access on these networks might as well be broadcast on a billboard for everyone to see and for the taking.
Many free hotspots require you to provide information to join it like your name, mobile number, and email address. In addition when you “Agree to the Terms and Conditions”, (which almost nobody reads!), you may be giving the hotspot provider explicit permission to collect browsing information, location data, and tracking information that they can use or resell.
Do’s:
Use a VPN client. Without question, the most effective method for staying safe on public Wi-Fi is to install a VPN, (Virtual Private Network,) client on all your devices. It will encrypt all data traveling to and from your laptop or phone, and connects you to a secure server. Using this method will make it harder for other people on the Wi-Fi network, (or whoever is operating the network), to see what you’re doing, where you’re going, or grab any of your information. Most VPN clients are very inexpensive at 2-4 dollars a month, and are well worth the investment. Avoid “free” VPN client offerings.
Create your own personal hotspot using your cellphone instead of joining a free Wi-Fi network. Most plans from major carriers have this feature enabled and with today’s unlimited data plans, this is a very secure way to access the internet. Be sure to use a strong password when setting up your mobile hotspot.
Turn off File Sharing and AirDrop on your devices. On a Windows PC, go to Network and Sharing Center, then Change advanced sharing settings, then Turn off file and printer sharing. For Macs, go to System Preferences, then Sharing, and unselect everything. Then head to Finder, click on AirDrop, and select Allow me to be discovered by: No One. For iOS devices, just find AirDrop in the Control Center and turn it off. By doing the above no one nearby you can either grab your files, or send you one you don’t want.
Browse with HTTPS only. Most browsers these days will inform you if you are visiting an unsecure site, (HTTP), and you should heed those warnings! When you browse over HTTPS, people on the same Wi-Fi network as you can’t snoop on the data that travels between you and the website you’re connecting to. Over HTTP, it’s relatively easy for a hacker to watch what you’re doing!
Update your devices. Make sure your devices are up to date with the latest security patches installed for both your operating system and applications. Remember approximately 70% of all data breaches can be eliminated by keeping your devices up to date!
Maintain an up to date anti-malware and firewall product on all your devices.
Turn off automatic connection to Wi-Fi networks. Most smartphones, tablets, and laptops have an automatic connection to Wi-Fi feature. Although this is very convenient, it can also connect your devices to networks you ordinarily would not use.
Monitor your Bluetooth connectivity and if you don’t need it, turn it off. Bluetooth allows various devices to communicate with each other but a hacker can easily look for open Bluetooth signals to gain access to your devices.
Use two-factor authentication whenever possible when accessing sensitive sites.
Don’ts:
Never leave your laptop, tablet, phone unattended in a public place. It only takes a minute for someone to get on your device to install snooping software or change your security settings to gain access to your device.
Don’t access personal bank accounts or other sensitive personal data on unsecured public networks. Even “secured” networks can be risky! Instead, and if you have to, turn off Wi-Fi and just use your cellular connection.
Don’t shop online when using public Wi-Fi. Making purchases online requires personal information that could include bank account information and login credentials. Again, use your cellular data, VPN client, or personal hotspot, if you must make an online purchase.
Bottom line:
Although Wi-Fi security standards and protocols are improving, the inherent risks are still the same. Using “an abundance of caution” approach for accessing public Wi-Fi is your best strategy
Our articles are designed to provide educational information for you. Our primary goal is to increase awareness about cybersecurity topics and trends and help keep you safe in our digital world. Remember that no one can prevent all identity theft or cybercrime but following the steps above can significantly lower your risks of being compromised.
By: John Longo, Onsite Support Services Corporation
Cell Phone Safety
If you’ve lost or have had your cell phone stolen and haven’t setup any security at all, your contacts, (and who doesn’t keep account numbers and the 300 passwords we all need to run our lives!), personal confidential documents, and calendar are free for the viewing. You don’t want some criminal knowing you won’t be home for the weekend and the rest of your personal business! With identity theft getting worse, here are 15 simple tips that can make having your phone lost or stolen a little easier to deal with and with a lot less stress!
Divisions of Connecticut Community Bank, N.A.
Connecticut Community Bank in Fairfield County, a top CT community bank, offers personal and business banking services including checking accounts, savings accounts, digital banking, business loans, cash management, and more. Learn more about us, bank online or visit one of our CT banking locations in Darien, Greenwich, Westport, Norwalk, Stamford or Fairfield.
© Copyright Connecticut Community Bank, N.A. 2023 All Rights Reserved. Website Design by Mack Media
Get in touch to find out how we can help you achieve your goals.
© Copyright Connecticut Community Bank, N.A. 2023 All Rights Reserved. Website Design by Mack Media
Lorem ipsum dolor sit amet, consectetur adsdfdsng elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.