Skip to main content

Cyber Awareness

Cyber Awareness

Keeping Your Banking Information Safe in a Digital World

Important Information Regarding Phishing Scams

Cyber Awareness is more critical than ever before. First Freedom Bank will strive to inform you about Phishing Scams and fraudulent activity when possible.

Please be aware that other banks are experiencing fraudulent text scams (SMS Phishing) in our area. A text message alerts recipients that their debit card has been blocked or suspended. The fraudulent text message instructs recipients to follow a link to “solve the problem” or “log in.” DO NOT CLICK ON THIS LINK.

If the text link is clicked, the recipient is redirected to a fraudulent website that appears to be the Bank’s branded website. But it is not. This fraudulent website prompts users to provide their debit card number, card expiration date, and CVV code. Providing this information could result in fraudulent charges occurring on your debit card. Also, it is possible that potentially harmful malware could be downloaded to the device that received the text. This can occur by simply opening the website page.

Understanding the Risks

According to the Federal Financial Institutions Examination Council (FFIEC), the threat landscape has significantly changed recently. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms. Ultimately, allowing cyber criminals unauthorized access to customers’ online accounts. Rapidly growing organized criminal groups have become more specialized in financial fraud.  They have been successful compromising an increasing array of controls.

Various complicated attack tools have been developed and automated into downloadable kits. This increases availability and permits their use by less experienced fraudsters. Malware surreptitiously installed on a personal computer (PC) can monitor a customer’s activities. This can facilitate the theft and misuse of their login credentials. Such malware can compromise some of the most robust online authentication techniques, including some forms of multi-factor authentication. As a result, cybercrime complaints have risen substantially each year since 2005, particularly concerning commercial accounts. Fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers.

Protecting Your Account Authentication

Financial institutions can use various technologies and methodologies to authenticate customers. These methods include customer passwords, personal identification numbers (PINs), and digital certificates using a public key infrastructure (PKI). Additional methods include physical devices such as smart cards, one-time passwords (OTPs), USB plug-ins or other types of “tokens,” transaction profile scripts, biometric identification, and others.

Authentication methods that depend on multiple factors are more difficult to compromise than single-factor methods. For example, using a logon ID/password is single-factor authentication (i.e., something the user knows). Whereas, an ATM transaction requires multifactor authentication: something the user possesses (i.e., the card) combined with something the user knows (i.e., PIN).

Mutual authentication is a process that authenticates customer identity and authenticates the target website to the customer. Phishing attacks succeed because unsuspecting customers cannot determine if they are being directed to spoofed websites during the collection stage of an attack. Casual users often cannot distinguish the well-constructed spoofed sites from legitimate ones.

First Freedom Bank uses additional layers of security if you log in from a device that has not been used in the past. Instead of simple challenge questions, you will be asked to validate your identity thru a one-time security code. This code will be requested via a phone call or SMS message. These enhanced security features help safeguard your information.

Cyber Awareness: Protecting Your Account Layered Security

Layered security involves using various controls at different points in a transaction process. The approach generally compensates for the weakness of one control with the strength of another. A layered security program may effectively include controls such as, but not limited to:

  • Fraud detection and monitoring systems that include consideration of customer history and behavior. This will enable a timely and effective institutional response
  • The use of dual customer authorization through different access devices
  • Using “positive pay,” debit blocks, and other techniques to appropriately limit the transactional use of the account
  • Enhanced controls over account activities. This may include transaction value thresholds, payment recipients, number of transactions allowed per day, and allowable payment windows (e.g., days and times).

Our fraud monitoring constantly monitors account activity.

First Freedom Bank utilizes several of the above security measures to protect its customers and enhance our Cyber Awareness. Our fraud monitoring service constantly monitors activity on all accounts. We will flag activity patterns that are outside that customer’s usual pattern. If unusual activity is detected, we may contact you to determine whether the activity is legitimate. Please note that First Freedom Bank will never independently contact you to ask for your online banking username and password. We will positively identify ourselves as First Freedom Bank employees if we contact you. If you are concerned about possible fraud, call us back and ask to speak to the individual who contacted you.

Additionally, the Bank has set transaction volume and dollar limits on electronic and point-of-sale activity. This should limit exposure to potential fraud.

For our business customers, another layer of security is required to send money out of your account via ACH. Most customers will be required to verify separately that the requested activity is legitimate. This will be done prior to the Bank making these types of payments.

How Not to Get Hooked by a “Phishing” Scam

Internet scammers who are after people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing financial information. This could be your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message claiming to be from a business or organization you deal with. For example, your Internet service provider (ISP), bank, online payment service, or government agency. The message usually says you must “update” or “validate” your account information. It might threaten some dire consequences if you don’t respond. It then directs you to a website that looks just like a legitimate organization’s site, but it isn’t. What is the purpose of the bogus site? To trick you into divulging your personal information. The operators can then use this to steal your identity and run up bills or commit crimes in your name.

Red Flags of Identity Theft

  • Incorrect information on your bank, credit card, or other account statements
  • Mistakes on the explanation of medical benefits from your health plan
  • Your regular bills and account statements don’t arrive on time
  • Bills or collection notices for products or services you never received
  • You are turned down unexpectedly for a loan or job
  • Calls from debt collectors about debts that don’t belong to you
  • A notice from the IRS that someone used your Social Security number
  • Mail, email, or calls about accounts or jobs in your minor child’s name
  • Unwarranted collection notices on your credit report
  • Businesses turn down your checks

Cyber Awareness Steps to Protect Yourself

Understanding the risks and the various channels fraudsters use to steal your information is an essential first step. It would help if you also made your computer as safe as possible by regularly installing and updating the following:

  • Anti-virus software
  • Anti-malware programs
  • Firewalls
  • Operating system patches and updates

You can also visit the following websites to learn more about online safety and security:

Business customers should also perform periodic internal assessments to ensure the highest level of security for their accounts. Those assessments should consider the business’s internal controls, such as policies, procedures, system administrator access, and transactional risk levels.

Your Protections Under Regulation E

First Freedom Bank follows regulatory guidelines for disputed electronic transactions. These guidelines, issued by the Consumer Financial Protection Bureau (CFPB), are found in Regulation E. Under those guidelines, consumers may recover losses associated with electronic transactions based on how quickly they are reported to the Bank. It is imperative that you notify us as soon as possible if you identify any fraudulent activity on your account.

Have Questions or Concerns

If you notice suspicious activity in your account or experience security-related events, immediately contact First Freedom Bank at (615) 444-1280. If you need to come in person, stop by one of our many locations. Your Cyber Awareness is important; we are here if you need us.