Treasury Services Fraud Prevention Tips
Logging into Online Banking
- Install virus / malware protection on all computer systems and ensure they are updated regularly
- Download and install Trusteer Rapport on all your personal computers - download is available at time of log in at www.cbotx.com
- Verify use of a secure session (https, not http) in the browser for all online banking sites
- Avoid using automatic log in features that save usernames and passwords for online banking
- Never share your password with anyone
- Create a strong password with at least eight (8) characters to include a combination of mixed case letters, numbers and special characters
ACH & Wires
- Initiate ACH and wire transfer payment under dual control
- Authenticate requests to make payment or change payment information
- Review accounts frequently
- Require changes to payment account information to be confirmed
- Avoid free web-based email accounts for business purposes
- Do not use the 'reply' option when authenticating email for payment request - instead use the 'forward' option and type in the correct email address
- Be suspicious of all emails, especially emails requesting account verification or banking access credentials, such as usernames, passwords, PIN and similar information - opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer
- Only connect to Wi-Fi networks that you absolutely trust, turn off the automatic connection function on your mobile device and never access online services from public Wi-Fi such as cafes, public libraries, etc.
Identifying Phishing
Phishing refers to attempts to steal personal financial information, such as credit card numbers, account usernames or passwords and social security numbers, through fraudulent emails, phone calls, text messages and websites that will be used for fraudulent purposes.
How Phishing Works
- You receive an email, call or test message which appears to originate from a financial institution or other well-known reputable entity
- The fraudulent message usually provides a link and an urgent message that directs the user to visit a website that looks authentic or provides a number to call where they must verify or update personal information, such as passwords, credit cards, social security number and bank account numbers which the legitimant organization already contains
- The website, however, is bogus and set up only to steal the user's information
How to Avoid Phishing
- Do not reply to these messages or visit websites included in emails warning that your account will be shut down unless your information is confirmed
- Never send sensitive data, such as passwords, account numbers or social security numbers in response to an email, text message or phone call
- Do not reveal personal / financial information or passwords to anyone
- Do not click on links in and email - go directly to the company's main website
- Contact the company in the email by using a telephone number or web address you know to be genuine
- Before submitting financial information through a website, look for the 'lock' icon on the browser status bar to ensure your information is secure during transmission
- Report suspicious activity to the Federal Trade Commission at www.ftc.gov