Online Security Information
Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they should not have access to.
In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. But once you click on that link, you are sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
How to Protect Yourself from Spoofing and Phishing
- Remember that companies generally do not contact you to ask for your username or password.
- Do not click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (do not use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you do not know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Magnolia Bank is committed to maintaining the privacy and security of all account information, whether accessed online, in person or via any other method. Below is important information and useful tips for accessing your account(s) online:
When signing into your online banking account, you connect via encrypted Secure Sockets Layer (SSL) technology. We also provide you with the option of utilizing security alerts that you can customize based on your personal notification preferences.
Magnolia Bank expires passwords periodically to help increase your overall security profile. We recommend using different passwords for any e-banking sites, which should not be the same passwords used for any social media sites such as Facebook or Twitter. It may seem inconvenient to maintain multiple passwords, however, it wouldn’t take long for a hacker to access all your account information once your password was stolen or compromised if you use the same one across various sites. We also strongly recommend PIN, password or fingerprint protecting any mobile device that you use. In the event it is lost or stolen, the password will provide an extra layer of security.
We also recommend using “strong” passwords. Strong passwords consist of a combination of letters, numbers, and special characters. A short phrase is ideal (i.e., Wayt0g0!). Whatever you chose, make your password unique and never write it down in a location that could be easily found. If you have multiple sites requiring passwords, you can utilize a password protected spreadsheet listing the user IDs and passwords. Just make sure this spreadsheet is password protected with your most complex password of all! And do not share your password with anyone.
It is never a good idea to log into a banking site via a wireless hot spot or any unsecured network. Only access financial data from a network that you know is secure.
We recommend always logging off when you are finished with your online banking session, whether you are at home, work or on your mobile device.
Social engineering is the skill of manipulating people to give up confidential information. Common attacks include e-mail hi-jacking, baiting scenarios (great deals on classified or auction sites), foreign offers such as sweepstakes or lottery. Do not respond to any requests for financial information or passwords, use search engines instead of relying on links contained in messages, be cautious of unsolicited messages, set spam filters to high and secure computing devices. If you receive an e-mail from what looks like Magnolia Bank requesting personal information, do not respond and contact us.
Correspondence with Magnolia Bank
Magnolia Bank will contact you from time to time. However, we will never email or text you requesting login information or ask for personal account information via email or text. Never respond to an email or text message that asks for this type of information. Emails from fraudulent sources are referred to as “phishing” and fraudulent text messages are referred to as “Smishing”. If you have been taken advantage of online, report it immediately to the Federal Trade Commission (FTC).
Hackers are at work every day trying to steal personal or account information. Be diligent with what you share and remember that Magnolia Bank will never ask for your PIN or password.
Additional Security Features
Magnolia Bank is always working to increase security within your online banking experience. Another security feature enabled is the Security Verification Questions that provide an additional layer of security. Users are required to answer a question that was setup by the user at enrollment each time they login.
Magnolia Bank also masks account numbers within the online banking system. Masked accounts only display a specific portion of the account. Our online banking also places persistent cookies on the user’s computer as one way of authentication. How long the cookie remains depends on how long the website has programmed the cookie to last.
Best Practices for Protecting Mobile Devices
Keep apps and mobile devices up to date by using the most current operating system. Disable Wi-Fi auto connect. Allow downloads from only trustworthy sources and require notification before an app is downloaded. We recommend using the same security precautions to navigate the internet on a smart device as you do on a personal computer.
Best Practices for Protecting Computers
Keep the most current operating systems and update your browser anytime there are new security updates available. Install antivirus software and keep the software updated. Do NOT install software you are unfamiliar with. Additionally, you can install a firewall on your computer to prevent access.
Mobile payment apps like Venmo, Cash App, or Zelle let you send and receive money through your smartphone. These apps allow you to make payments at stores and send money to people you know. Only send payments to people you trust. Verify and double-check the email address, phone number or username before confirming payment to ensure it is the intended receiver.
Scammers will use all kinds of stories to try and get you to send money to them.
- You have won a prize or sweepstakes and need to pay some fees to collect your winnings
- A loved one is in trouble and they need you to send them some money
- You owe taxes to the IRS
- Rental and pet deposit scams
Scammers want you to pay in a way that is quick and makes it hard for you to get your money back. That is why they will tell you to wire money or to pay them with reloadable cards or gift cards. Scammers may also tell you to send money through a mobile payment app.
If you get an unexpected email or text message that asks you to send money, do not click on any links. Log directly into the app to see if you have any requests for money. If you do not, the email or text is probably a phishing scam.
What to do if You do Send Money to a Scammer
If you sent money to a scammer, report the scam to the mobile payment app vendor and ask them to reverse the transaction right away
Then, report it to the Federal Trade Commission. When you report a scam, the FTC can use the information to build cases against scammers.
Report Identity Theft
Use the following links below to learn more about and report incidents of Identity Theft:
Credit MonitoringGet My Free Credit Report
Corporate Account Takeover (CATO) - What You Need to Know
What is Corporate Account Takeover (CATO)?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating, and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Spot the Warning Signs
It is important to be vigilant in monitoring account activity and looking for reg flags. Always remember these warning signs of a compromised system/network:
- Inability to log into online banking
- Dramatic loss of computer speed
- Changes in the way things look on the screen
- Unexpected rebooting or restarting of the computer
- Unusual pop-up messages
- New or unexpected toolbars and/or icons
- Inability to shut down or restart the computer
How to Prevent CATO
There are several actions that can be taken to prevent being a victim of CATO:
- Install and update your anti-virus and anti-spyware software frequently
- Keep your computer’s operating system up to date
- Use the most recent version of a web browser
- Install a firewall
- Delete suspicious emails
- Do not open or click on links or attachments in suspicious emails
- Monitor account activity closely and watch for unusual activity
What to do if You Fall Victim
If you have fallen victim to CATO, consider doing the following immediately:
- Changing all passwords
- Disconnecting from computer
- Cancel debit/credit cards
- Contact authorities to open an investigation
If you feel that you have been a victim of CATO, please contact us so that we may assist you.