Monthly Security Updates
March 2017 Consumer Protection Week: Avoid Identity Theft
February Security Update: Staying Safe When You Travel
January Security Update: Securely Dispose of Your Device
December Security Update: End of Year Wrap Up
November Security Update: Safe Online Shopping
October is Cybersecurity Month
September 2016 Technology Security Update
August 2016 Technology Security Update
July 2016 Technology Security Update
June 2016 Technology Security Update
May 2016 Cybersecurity Threats, Trends & Tips for Small Businesses
May 2016 Technology Security Update
April 2016 Technology Security Update
Protect Your Identity. Update Your iBank Password.
Each year, more than 50 million Americans fall victim to identity theft. By creating and maintaining a secure password, you can protect your information from fraud.
In order to protect you and your identity, we’ve increased our password security requirements. Update your iBank password today. Your new iBank password must:
- Consist of 8-16 characters.
- Include numbers and letters.
- Include at least one special character.
When creating a new password, you should always follow these password security guidelines:
- Avoid using any kind of name.
- Don’t include any personal information, such as your phone number, address, birthday, license plate number or anything else someone could guess or look up.
- Avoid using words listed in the dictionary or a foreign language dictionary.
- Don’t use sequences or repeated characters such as 22222, 12345, abc123 or asdfg.
- Never write your password down. If you do, keep it in a secure place where others won’t be able to access it.
- Don’t share your password with anyone.
- Don’t use the same password for other online accounts.
The more important the information is, the more carefully it should be guarded. For increased security, follow these guidelines and be sure to change your iBank password frequently.
To change your password, log in to iBank and select, “Manage Profiles.” Under “Password,” select “Edit.” You can then enter your new, secure password.
Microsoft Discontinued Support for Windows XP April 8th, 2014
Windows XP will continue to operate, however, since Microsoft will no longer provide security updates to this operating system, using Windows XP while logging in to Oak Bank’s iBank or iBizBank does pose an increased security risk. Click here to see which version of Windows you are running. Oak Bank strongly recommends using Windows 7 or later.
iBank Security Notification: Heartbleed Bug
All clients are advised to change your password on oakbankonline.com immediately to ensure your information remains safe. Please also update your password on any other websites that utilize the same username and password credentials as oakbankonline.com.
The Heartbleed bug, a serious web vulnerability, was announced this week that affects many websites throughout the world. The weakness allows encrypted information like the transmission of passwords to be leaked. Our home website oakbankonline.com was not vulnerable to Heartbleed, however our internet banking provider has issued a statement that some of their servers were vulnerable. As of beginning of business on April 10, 2014, all web servers that host oakbankonline.com have been patched to guard against the Heartbleed vulnerability. At this time, our intrusion detection systems have not shown any misuse of username and password information due to this flaw.
To maintain your security, change your password often.
To change your password in Oak Bank’s iBank, log in to your iBank account and click on the “Manage Profile” link at the top of the page. Then click on the “Edit” button in the “Password” section of the “Manage Profile” page. Fill in your Current Password, New Password, and Confirm New Password fields and then click on the “Submit” button. Keep in mind that a secure password must be complex and be 6 to 10 characters in length and contain alpha and numeric characters.
Knowledge is the Key to Prevention
Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. The Federal Deposit Insurance Corporation (FDIC) has produced a multimedia presentation to help consumers protect themselves from identity theft. The presentation provides information on steps consumers should take to secure their computer and protect themselves from identity theft, as well as actions consumers should take if they become a victim of identity theft. Click on the link below to view the FDIC’s 18 minute presentation. Or, scroll down this page to read similar information.
Don’t Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams
Macromedia Flash Player is required to view this presentation. The latest version of Macromedia Flash Player can be downloaded at www.macromedia.com/go/getflashplayer.
Fake Emails and Web Sites
Online fraud occurs when someone poses as a legitimate company to obtain sensitive personal data and illegally conducts transactions on your existing accounts. Often called “phishing” or “spoofing” the most current methods of online fraud are fake emails, websites and pop-up windows, or any combination of these.
Always keep in mind that Oak Bank will never send email containing attachments, or require clients to send personal information to us via email or pop-up windows. Any unsolicited request for Oak Bank account information you receive through emails, websites, or pop-up windows should be considered fraudulent and reported immediately.
Fake emails will often:
Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the “From”; field, as this is easily altered.
Contain fraudulent job offers. Some fake emails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company.
Contain prizes or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
Link to counterfeit websites. Fake emails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use.
Link to real websites. In addition to links to counterfeit websites, some fake emails also include links to legitimate websites. The fraudsters do this in an attempt to make a fake email appear real.
Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call.
Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, fraudsters include the real phone numbers in an effort to make the email appear to be legitimate.
These fake emails may also contain a virus known as a “Trojan horse” that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the email.
Again, Oak Bank clients should keep in mind that we do not request personal information via email or send email attachments. Never respond to emails, open attachments, or click on links from suspicious or unknown senders.
If you’re not sure if an Oak Bank email is legitimate, report it to us without replying to the email.
How is my email address obtained?
Email addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Oak Bank, this does not mean that your email address, name, or any other information has been taken from Oak Bank’s systems.
Online thieves often direct you to fraudulent websites via email and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new web browser window and it does not take you to a legitimate website, or you get an error message, it was probably just a cover for a fake website.
Another way to detect a phony website is to consider how you arrived there. Generally, you were directed by a link in a fake email requesting your account information. Again, Oak Bank will not request personal information from customers via email and any unsolicited request should be considered fraudulent and reported immediately.
How can I help protect myself?
With a few simple steps, you can help protect your Oak Bank accounts and personal information from fake emails and websites:
Delete suspicious emails without opening them. If you do open a suspicious email, do not open any attachments or click on any links it may contain.
Never provide sensitive account or personal information in response to an email. If you have entered personal information, call Oak Bank immediately at 608.441.6000.
Install and regularly update virus protection software.
Keep your computer operating system and web browser current.
By understanding exactly what identity theft is, how it happens, and how it affects you, you will be better able to prevent and, if necessary, report identity theft.
In general, identity theft is more extensive than fraud, which is usually limited to an isolated attempt to steal money from an existing account. Fraud and identity theft can be easily confused so we recommend that you review not only this section, but also the sections on Fake Emails and WebSites and Fraudulent Pop-up Windows, so you can confirm that you are addressing the appropriate issue.
What is identity theft?
Identity theft occurs when someone illegally obtains your personal information – such as your Social Security number, bank account number, or other identification – and uses it repeatedly to open new accounts or initiate transactions in your name. For example, someone might do a combination of the following: open new credit cards, open new bank accounts, forge checks, and even apply for loans using your name and personal information. This can cause financial loss and damage your credit, which can lead to a lengthy resolution process.
Keep in mind however, that even if you think your security has been compromised, it does not automatically mean that you are a victim of identity theft. It might be an incorrect entry or an isolated incident of theft from your account that is quickly resolved by calling Oak Bank at 608.441.6000.
How does identity theft happen?
Identity theft is portrayed as a high-tech crime affecting only those people who shop, communicate, or do business online. However, while thieves can obtain personal information via online methods, the majority of identity theft occurs offline. Stealing wallets and purses, intercepting or rerouting your mail, and rummaging through your garbage are some of the common tactics that thieves can use to obtain personal information. The good news is that the more information you have about identity theft the better your defense.
How can I help protect myself?
Do not open or respond to online solicitations for personal information. Oak Bank will never send email containing attachments, or require customers to send personal information via email or pop-up windows.
Carry only necessary identification. In particular, do not carry your Social Security card.
When a Social Security number is requested to sign up for a service, confirm that it is actually needed rather than some other identifier.
Make photocopies of all the information you carry daily and store them in a secure location like a safety deposit box.
Shred financial or personal documents before discarding. Most fraud and identity theft incidences happen as a result of mail and garbage theft.
Utilize paperless options and limit your receipt of paper statements by managing your accounts online with Oak Bank’s iBank. Checking your balances online can help you regularly monitor your account activity and more quickly detect any fraudulent transactions.
Pay bills online with iBillPay. The fewer personal documents sent through the mail, the less chance there is for possible fraud.
Always put outgoing mail in a U.S. Postal Service mailbox, which is more secure than your home mailbox.
Collect your mail promptly each day.
Review additional steps you can take to help protect yourself from criminal attempts to obtain your personal information.
Oak Bank works constantly to help protect our customers from criminal activity. As an informed customer, you are a great ally in this effort. To learn more about identity theft, you can reference the following sites.
How to Report Identity Theft
Fraudulent Pop-Up Windows
Pop-up windows are the small windows or ads that appear suddenly over or under the window you are currently viewing. Fraudulent pop-up windows are a type of online fraud often used to obtain personal information. Online fraud occurs when someone poses as a legitimate company – like a popular shopping site, your bank, or your internet service provider – to obtain sensitive personal data and illegally conducts transactions on your existing accounts. Often called “phishing” or “spoofing,” the most current types of online fraud include fake pop-up windows, emails and Web sites, or any combination of these.
Always keep in mind that Oak Bank will never send email containing attachments, or require customers to send personal information via email or pop-up windows. Any unsolicited requests for Oak Bank account information you receive through pop-up windows, emails, or websites should be considered fraudulent and reported immediately.
When encountering a pop-up window, be aware of the following:
Oak Bank does not use pop-up windows to request customer account information.
We will never display a pop-up window on our site that you haven’t requested by clicking on a link – all of our pop-up windows are user-initiated.
Pop-up windows are often the result of programs installed on your computer called “adware” or “spyware” These programs look in on your Web viewing activity and regularly come hidden inside many free downloads, such as music-sharing software or screen savers. Many of these programs enable harmless advertisements, but some contain “Trojan horse” programs that can record your keystrokes or relay other information to an unauthorized source.
How can I help protect myself?
With the proper precautions you can help protect your Oak Bank accounts and personal information from harmful pop-up windows:
Activate a pop-up window blocker. There are free programs available online that will block pop-up windows. Perform an Internet search for “pop-up blocker” or look at the options provided by major search engines. You should confirm that these programs are from legitimate companies before downloading. Once you have installed a pop-up blocker, you should determine if it blocks information that you need to view or access. If this is the case, you should consider turning off the blocker when you are on Web sites you know use pop-windows to provide information you need or want to view.
Scan your computer for spyware regularly. You can eliminate potentially risky pop-up windows by removing any spyware or adware installed on your computer. Spyware and adware are programs that look in on your Web viewing activity and potentially relay information to a disreputable source. Perform an Internet search for “spyware” or “adware” to find free spyware removal programs. A good one can be found at https://www.malwarebytes.org/ . As with a pop-up blocker, you will want to be sure that your removal program is not blocking, or removing, wanted items, and if it is, consider turning it off for some web sites.
Avoid downloading programs from unknown sources. Downloads may contain hidden programs that can compromise your computer’s security. Likewise, email attachments from unknown senders may contain harmful viruses.
Keep your computer operating system and web browser current.
“Vishing” and “Smishing”
“Vishing” is a form of phishing, where instead of receiving an email trying to lure you into giving personal information, the criminal uses a phone call, either live or automated, and leaves a message instructing you to call a number to get information on an alleged compromise of your credit card or bank account. Scammers often use toll free numbers for this purpose and may even have the legitimate name of the company that is supposedly calling appear as the caller ID. When people call the number, they’re instructed to dial in their credit card number or bank account number, and even sometimes information like personal identification numbers (PINs), or their social security number.
“Smishing” is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a website, a text message is sent to the user’s cell phone with some ploy to click on a link. The link causes a Trojan to be installed in the phone to capture sensitive information entered.
Always keep in mind that Oak Bank will never require clients to send personal information via phone messages or text messages. Any unsolicited request for Oak Bank account information you receive through phone messages or text messages should be considered fraudulent and reported immediately by telephone 608.441.6000, fax 608.441.6001, or email firstname.lastname@example.org.
Oak Bank works continuously to make sure your account and information are safe. Here are some relatively simple steps you can take to help reduce your susceptibility.
1. General precautions
2. Email and online security
3. Credit card and bank account security
4. Phone and mail precautions
1. General precautions
Carry only necessities on a daily basis. Items like a Social Security card should be stored safely at home.
Do not provide your Social Security number unless absolutely necessary. When a Social Security number is requested to sign up for a service, confirm that it is actually needed rather than some other identifier.
Make photocopies of vital information you carry on a regular basis and store them in a secure place, like a safe deposit box.
Limit the use of paper statements. A paperless environment helps reduce the chance of identity theft. When you sign up for free online account access with Oak Bank’s iBank you can take advantage of free Online Statements (coming soon) and iBillPay. The fewer personal documents sent through the mail, the less chance there is for possible fraud.
Limit the credit offers you receive. To reduce the number of credit offers you receive and the information companies share about you, contact the National Consumer Credit Reporting Agencies at 888.5.OPTOUT (888.567.8688).
Remove your name from marketing lists. Visit www.youradchoices.com/ to learn more about controlling internet-based advertising.
Shred documents containing personal or financial information before discarding. Most fraud and identity theft incidences happen as a result of mail and garbage theft.
Review your credit report. Look over your credit report regularly – at least once a year – for any inaccuracies. You can get a free credit report once a year from www.annualcreditreport.com. For a small fee you can obtain a copy at any time directly from the credit bureaus:
Equifax: 800.685.1111 or www.equifax.com
Experian: 800.311.4769 or www.experian.com
TransUnion: 800.916.8800 or www.transunion.com
2. Email and online security
Be wary of suspicious emails. An email requesting your account information and password should be scrutinized carefully, particularly if the information is needed to “award a prize” or “verify a statement.” Avoid opening any questionable emails. If you have opened an email, do not open any attachments or links it may contain, and delete it. Please notify us immediately if you receive a suspect email claiming to come from Oak Bank. Or, if you responded with personal information to a suspicious email, call 608. 441.6000.
Protect your passwords. Memorize your passwords. Do not write them down or share them with anyone. Change them regularly and use combinations of letters and numbers. Do not use your Social Security number as a username or password.
Keep your computer and online experience safe. Read our Online Security Tips to find out about installing a firewall, anti-virus software, and a pop-up blocker, which can help keep your computer and personal information secure when you conduct online transactions.
3. Credit card and bank account security
4. Phone and mail precautions
Be aware of telephone scams. Unless you initiated the contact, do not give out personal information over the telephone. Oak Bank will never make an unsolicited telephone request for your account information, password, or other sensitive data.
Promptly retrieve incoming mail. Collect your mail as soon as possible every day to limit the opportunity for theft.
Do not place outgoing mail in your mailbox. Deposit mail in a U.S. Postal Service mailbox or at the post office to reduce the chance of mail theft.
Know your billing and statement cycles. Contact the company’s customer service department if you stop receiving your regular bill or statement.
Online and Computer Security Tips
Oak Bank wants to empower you with some tips you can take to help you protect your computer and your personal information when you are online.
Keep your computer operating system up to date. If your computer is more than five years old, its operating system (e.g. Windows 98, OS 7, etc.) may not offer the same level of protection as newer systems. System manufacturers provide frequent updates to help make your system more secure. Some manufacturers supply updates automatically through email or via your Internet connection. You may also check their websites, including: http://www.microsoft.com/security/ or http://www.info.apple.com/
Use a current web browser. To provide our customers with the most secure online access to their accounts, Oak Bank continually upgrades our online services. In certain cases, the software you use to connect to the Internet (i.e. your web browser) may eventually become unsuitable for sensitive transactions such as Internet banking. In order to maintain a high level of security, Oak Bank does not allow access to iBank using browsers that do not meet our security criteria. You may need to upgrade to a supported browser.
Note: We strongly recommend that your computer be connected to the internet using one of the browsers indicated.
– Microsoft Internet Explorer
– Download Internet Explorer
– Apple’s Safari Browser
– Download Safari
– Mozilla Firefox
– Download Firefox
Install a personal firewall. Though most office networks include firewall protection, your home computer may benefit from this added level of security. Check to see if your operating system already includes a firewall prior to purchasing a separate one.
Install and update anti-virus software. Commercially available virus protection software helps reduce the risk of contracting computer viruses that can compromise your security. These programs offer continuous upgrades in response to the latest threats. Some of the most popular programs are:
Activate a pop-up blocker. Several free, publicly available programs exist that will block all pop-up windows from occurring while you are online. Perform an Internet search for “pop-up blocker” or look at the options provided by major search engines. You should confirm that these programs are from legitimate companies before downloading. Once you have installed a pop-up blocker, you should determine if it blocks information that you need to view or access. If this is the case, you should consider turning off the blocker when you are on websites you know use pop-windows to provide information you need or want to view.
Scan your computer for spyware regularly. You can eliminate potentially risky pop-up windows by removing any spyware or adware installed on your computer. Spyware and adware are programs that look in on your web viewing activity and potentially relay information to a disreputable source. Perform an Internet search for “spyware” or “adware” to find free spyware removal programs. A good one can be found at http://www.trendmicro.com/. You should confirm that these programs are from legitimate companies before downloading. As with a pop-up blocker, you will want to be sure that your removal program is not blocking, or removing, wanted items, and if it is, consider turning it off on some websites.
Use secure websites for transactions and shopping. Be sure the Web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window, or the web address of the page you are viewing will begin with “https://…”. The “s” indicates “secured” and means the Web page uses encryption. Oak Bank, for instance, provides 128-bit encryption – the highest level commercially available today.
Avoid downloading programs from unknown sources. Downloads from unfamiliar sources may contain hidden programs or viruses that can compromise your computer’s security.
Disconnect from the Internet when not in use. Dedicated services such as DSL or high-speed cable provide a constant connection between your computer and the Internet. When not in use, disconnect from the Internet to avoid unwanted access to the information on your computer. Even if you have a firewall installed, this is an additional step you can take to help protect yourself.
How We Protect You
Oak Bank prides itself in its standards for account security. Today, we remain as committed as ever and utilize the latest technology to protect your personal information and privacy.
When you sign up for online access, Oak Bank asks you to create your own password, along with a access ID, to access your accounts. This information is encrypted during transmission and will remain a secret as long as you do not disclose it.
Oak Bank’s system will automatically log you off from iBank after 10 minutes of inactivity. This reduces the risk of others accessing your information from your unattended computer.
Oak Bank’s computer systems are protected 24 hours a day by a powerful firewall that blocks unauthorized entry. In order to gain access to authorized information, the Web browser you are using must know the proper protocol, or language, and even then only select information is available.
From the moment account information leaves your computer to the time it enters Oak Bank’s system, all online access and Bill Pay sessions are encrypted. Oak Bank employs some of the strongest forms of encryption commercially available for use on the Web today.
During any transaction, our 128-bit encryption turns your information into a coded sequence with billions of possible variations, making it nearly impossible for unwanted intruders to decipher. Oak Bank’s computers possess the proper formulas to turn this code back into meaningful information and complete your transaction.
Look for a “closed lock” icon in the lower right-hand corner (Microsoft Internet Explorer) or lower left-hand corner (Firefox) of your browser to determine if encryption is being used on any Web page you are viewing. Any Web address beginning with “https://…” indicates the page you are viewing uses encryption. The “s” stands for “secured.”
Oak Bank’s security team maintains and monitors all security systems to make sure that your accounts are safe and secure.
In order to confront constantly evolving online threats, Oak Bank is committed to keeping up with and utilizing the latest technology to ensure your account security.