Online Security & Privacy

At International Finance Bank, protecting your information and assets is top priority. As fraud schemes evolve and become more sophisticated, the best way to be safe is to stay informed about the current trends.

Bank Safely Online

Here are some proactive tips for keeping your bank account safe:

• Don’t leave personal items like your wallet or purse in your car.
• Don’t leave outgoing mail in your mailbox with the flag up. It is a notice to thieves that you may have checks in your mailbox.
• Don’t write down PIN’s or logins. Memorize them.
• Put a password on your account that only you know.
• Use caution with public unsecured Wi-Fi. Criminals may be waiting to access your device.
• Notify your bank as soon as you think your identity may have been compromised. Data remains safe.

“End user” will be used to signify an authorized customer using software for the benevolent purposes it was intended and “agent” will be used to signify a person whose goal it is to exploit a software application for some negative end.

THREE STRIKES AND YOU’RE OUT!

If an agent attempts unauthorized entry into a customer’s account by trying to guess a Login ID and password, the customer’s International Finance Bank Online Banking account will be disabled on the third incorrect login attempt, thus invalidating the Login combination. The disabling and/or destruction of the password keeps an unauthorized agent from running a brute force attack, which uses an application that will run through millions of possible passwords eliminating the invalid ones until it arrives at a match. In this scenario, to guard against unauthorized use of a customer’s Login ID and password, International Finance Bank Online Banking system disables the password indefinitely until the customer calls the Bank and requests the associated Login ID and password to be reset, or the customer clicks the “receive a new password” link to have a temporary password sent to the email address on file with the Bank. A customer will also trigger this security feature by unintentionally miskeying a password three times. In this situation the customer will need to call the Bank to reestablish the password for the locked account(s). For example, a common mistake made by end users is having the caps-lock on while keying in a password. Since the password is case sensitive and an end user cannot actually see the characters being typed, it is easy to think the password is being typed correctly when the caps-lock is engaged.

SUGGESTIONS FOR PASSWORDS

A password and Login ID provide security against unauthorized entry and access to customers’ accounts. Passwords should not be easy to guess; for example, children’s or pet’s names, birth dates, addresses or other easily recognized identifications should be avoided. Combining cases (utilizing upper and lower case) within your password as well as combining alpha, numeric, and special characters is a good security precaution in selecting a password.

PUBLIC WiFi

Open, unsecured public WiFi networks can be dangerous. Criminals can set up routers to provide WiFi service in public places. Once you connect, they can intercept, capture, and divert all your communications. That means criminals can access everything from your logins and company email file attachments to the credit card information you enter on e-commerce sites.

How to safeguard against it:

• Don’t use public WiFi networks that don’t require a password.
• Pay attention to warnings that you’re connecting to a network that hasn’t been secured.
• Use a Virtual Private Network (VPN) wherever possible, and always use the company’s VPN to connect remotely to company resources.
• If you’re on a public WiFi network, limit your browsing to sites that use encryption (sites with names starting with HTTPS instead of HTTP).
• Avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords or personal information — such as social networking sites, online banking services, or websites that store your credit card information.
• If relaying sensitive information, consider using your mobile device’s data network instead of WiFi.
• Make sure your device has the most current updates and patches.

TRANSMISSION SECURITY

End-users must use later versions of Mozilla Firefox, Safari, Google Chrome and Microsoft Internet Explorer to access the Bank’s Online Banking application. The later versions come equipped with Netscape developed encryption technology known as Secure Sockets Layer, commonly referred to as SSL. SSL’s specific function is to manipulate data into an unreadable format as it leaves the end user’s computer. The temporary scrambling of data in transit is referred to as ‘encryption.’ In the unlikely case that an agent should intercept the data in transit, the encryption makes the data unreadable to a human. Furthermore, data in transit is split up into packets that travel separately and are not reorganized until they filter through the Bank’s router and firewall. The Bank also uses multiple measures to ensure data is encrypted and subsequently decrypted in a secure fashion. The use of electronic keys that lock data as it is transmitted and unlock the data once received and passed successfully through the Bank’s firewalls is just one example.

EMAIL

Public email is not always a secure process, as data is not always encrypted as it travels over the public Internet, and it can be intercepted by third parties. Please be careful not to provide information in a single message that would allow an agent to log onto your account. Full account numbers should not be included in an email. If an account must be referenced, reference it by only the last four digits. International Finance Bank will never request a customer’s password for any system and encourages customers to never share passwords.counts.

Our Online Banking System uses an Internet server completely separate from the Bank’s mainframe computer. The Online Banking System also uses the latest industry technology including password-controlled entry, secure sockets layer (SSL) protocol, data encryption, public-private key pair, firewalls and filtering routers. Each component acts as a secure layer of protection to safeguard all data.

VISHING

In vishing, a cybercriminal contacts you by phone, impersonating someone in a position of authority.  Vishing is similar to phishing, but the attack is delivered by phone instead of via email.  The caller might pretend to be from the company’s IT or finance department, impersonate an executive or business partner, or claim to be from a software company such as Microsoft. The caller attempts to convince you to provide private information or take an action that can be used to compromise the company’s systems, or to steal from you personally.

How to safeguard against it:

• Verify unexpected phone requests in ways that aren’t connected to the incoming phone call. For example, use an official directory and another phone to call the company’s main office and ask to speak with the caller who is making the request.
• Be very suspicious of any caller who asks you to share login information over the phone.
• If a caller asks you to provide account data or personally identifiable information, refuse to do so — and report the contact to security.
• Security won’t call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer. Refuse the request and notify security.

RANSOMWARE

Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment.

As with all threats, prevention is key. This is especially true for threats as damaging as ransomware.

You should:

• Backup your important files regularly.
• Consider using the 3-2-1 rule: Make three backup copies, store in at least two locations, with at least one offline copy.
• Use a vetted cloud storage service to store an archive of your files. You can try to restore your files from backup in the event of a ransomware infection.
• Install and use an up-to-date antivirus solution.
• Don’t click links or open attachments on emails from people you don’t know or companies you don’t do business with.
• Make sure your software is up-to-date to avoid exploits.
• When browsing the Internet, use a vetted browser which stops exploit kits, blocks pop-ups, and blocks malicious URLs.

WIRE TRANSFER FRAUD

Reports of wire transfer fraud have soared from 14% of companies (2014) to 48% (2017).* Cybercriminals trick individuals into initiating fraudulent payments or providing information they can use to steal directly from company accounts. Wire payments are executed by the financial institution almost instantly. They can be impossible to reverse. Criminals have become sophisticated about impersonating staff members to make urgent requests seem legitimate. For example, they’ve started linking wire scams to tax requirements, and using domestic accounts rather than more suspicious international accounts. Today, employees need to be more careful.

*2018 AFP® Payments Fraud and Control Survey Report, Association for Financial Professionals, 2018.

How to safeguard against it:

• Always follow the company’s processes for authenticating payment requests and making payments.
• Check personally with your manager or vendor before responding to any unexpected request for a wire transfer or other payment.
• Be suspicious of urgent requests and ones that are made at a time when it may be harder to confirm them.
• Carefully confirm any requested changes to a vendor’s payment location.
• Don’t be tricked by calls or emails, claiming to be from the IRS or other tax authorities, that demand immediate wire transfer payments.
• Avoid posting information on social media that might be used by fraudsters to impersonate you (for example, information about your travel plans).
• Contact company security immediately if you suspect someone is trying to commit wire transfer fraud.

IDENTITY THEFT

Tips to protect yourself against identity theft:

• Do not share personal information. Never give your passwords, PIN, checking account and credit card numbers or Social Security number to anyone unless you know the person or the organization. International Finance Bank will never ask you for this type of sensitive information via email or during a phone call that we initiate without your request.
• Shred financial solicitations, bank statements or other papers containing personal information before disposing of them.
• Put outgoing mail into a secure, official Postal Service collection box.
• If you stop receiving your bills, call the companies generating the bills to find out why.
• Carefully review all account statements and investigate immediately if your bills include questionable items or charges.
• At least once a year, contact the major credit reporting companies to review your credit report and make certain the information is correct.
• For more information, including steps to take if you become a victim of identity theft, visit the Federal Trade Commission’s website at ftc.gov.

The scam usually works like this: You receive an email that appears to come from a reputable company – one you recognize and possibly do business with – like your Internet provider, a bank, credit card company, government agency, etc. The language in the email will be designed to make you think you must respond immediately to solve a problem with your account, avoid cancellation, claim a valuable prize, etc. Most likely you will be asked to update or validate information – account number, password, Social Security number or other information that can be used to verify your account. You will be encouraged to click on a button to go to the organization’s website. Don’t do it!

If the email you received was part of a phishing scam, the link provided would take you to a fake website that looks just like the real thing. Or, it may actually be the real website, but will include pop-up windows designed to gather your personal information. Another objective of this scam may be to infiltrate your computer with a virus or software designed to spy on your Internet transactions.

It’s never a good idea to open an email attachment you did not request or one from an unknown sender. And, you should never provide confidential information in response to an email or call you did not initiate.

If you are concerned about your accounts as a result of receiving an email, visit the company’s website directly (don’t cut and paste the address in the phisher’s email), or call to find out if there is a problem and let the company know you received the email. returned leaving the victim at a financial loss.

Protect yourself by watching for the following red flags:

• The amount of payment for the item or task is inflated.
• The issuer of the check is unknown to you.
• You are asked to withdraw the funds quickly and send it to someone else.

Techniques used to perpetuate this crime include spear-phishing, social engineering, identity theft, email spoofing, and use of malware.

Follow these best practices to help protect your business:

• Protect your computer network to prevent intrusion.
• Verify email changes in wiring instructions by phone.
• Verify new email requests for wires by phone.
• Provide training to employees on how to protect company-issued computers and cell phones.

Businesses who fall victim to a wire fraud loss from a compromised email request can file a complaint with the FBI at https://www.ic3.govopens in a new window.

Both of these schemes are more common with online job applications and work-from-home opportunities.

Watch for the following red flags while job hunting:

• The pay for the job is higher than expected.
• The job description and requirements are vague.
• You are expected to send money to someone you don’t know.

• You are not able to find information about the company in online searches.
• They ask for your bank account information or login..

If you find yourself in a winning situation, prevent it from becoming a losing one by being aware of the following:

• Taxes are typically deducted from lottery winnings, not paid up front.
• Be extra cautious if you do not remember entering the lottery or contest.
• Do not send funds to an unknown individual.

Look for the following red flags before falling in love online:

• You have not met in person.
• Attempts to meet are postponed.
• The person is usually out of the country or can’t be reached.
• They ask you to send funds to an unknown person.
• The reason for the funds transfer does not make sense.

Let International Finance Bank know immediately if you have lost or stolen checks or cards; if you feel your user ID, password or account numbers have been compromised; or if you notice any unauthorized activity associated with any of your International Finance Bank accounts. These situations should be reported by calling (305) 648-8800 (Monday-Friday 8 a.m. to 5 p.m. ET,) contacting us via our website or stopping by your nearest branch.