Online and Mobile Security Tips
Password protect your mobile device. This makes it much more difficult for someone else to view your information.
Avoid storing your passwords. Don't store your passwords or other sensitive information on your smartphone or in an app where it could be discovered if your phone is stolen.
Frequently delete texts and emails. Delete texts and emails containing personal information, especially before loaning , discarding, or selling your mobile phone.
Don't share your private/sensitive information. Keep you account numbers, passwords, Social Security number and date of birth private. Never share your personal or financial information in a text message, phone call or email.
Keep your mobile information up to date. If you lose your mobile device or change your cell phone number, sign into your online account at www.fortmadisonbank.com to remove the old number from your mobile banking profile or call customer service at 319-372-5164 or toll-free 800-832-0997.
Always log off your account. Once you've finished with an app or website, always log off. Fort Madison Bank & Trust's smartphone apps and mobile banking site will automatically log you off after 10 minutes of inactivity. This reduces the risk of other access your information from your mobile device.
Keep your mobile operating system current. Make sure you have the most recent version to ensure the highest level of protection. Before you download an update to your device, check the company's website to confirm it's legitimate.
Avoid using public wireless access points for online banking and other activities involving sensitive information. Open wi-fi networks are prime targets for hackers and identity thieves.
Log off. Always "sign out" or "log off" when finished with an app rather than just closing it.
Be wary of suspicious links. Never click on suspicious links in emails, tweets, posts, or online advertising. Links may take you to websites different from what their labels indicate. Typing the address into your browser is a much safer alternative.
Protect sensitive information. Only give sensitive information to websites that are secure and encrypted, so it's protected as it travels across the Internet. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http:''. Some browsers also display a padlock.
Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information. Open wi-fi networks are prime targets for hackers and identity thieves.
Don't trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
Always "log off" or "sign out" of password protected websites when you're finished with your session to prevent unauthorized access. Simply closing the browser window may not actually end your session.
Create a unique password for every online account . If you don't, one breach could leave all your accounts vulnerable.
Never share your password over the phone, in texts, by email, or in person. if you are asked for your password, it's probable a scam.
Use unpredictable passwords and change them frequently. Combine lowercase letters, capital letters, numbers, and special characters. Changing you password once a month reduces your risk of fraud.
Make your password tough to crack. The longer the password, the better. Use at least 8 characters. More than 8 is even better. Every additional character you add exponentially strengthens the password.
Avoid using obvious passwords such as:
- your social security number
- your name
- your business name
- a family member's name
- your user name
- birthdates or anniversaries
- dictionary words
Choose a password you can remember. It's best not to write your password down or share it with anyone. If you must write it down, make sure you store it in a secure place.
Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
Update your software frequently to ensure you have the latest security patches. This includes your computer's operating system and other installed software.
Automate software updates, when the software supports it , to ensure it's not overlooked.
If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (PCs, smart phones, tablets, etc.).
Require a password to gain access. Log off or lock your computer when not in use.
Avoid downloading programs from unknown sources.
In a social engineering attack, a fraudster uses human interaction to manipulate a person into providing information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen, it can be used to commit fraud or identity theft. Common types are Website Spoofing, Phishing, Pharming, and Smishing.
Website Spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure, encrypted connection. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http:''.
- Avoid using websites when your browser displays certificate errors or warnings.
Phishing, Pharming, and Smishing
These techniques are used by a fraudster in an attempt to acquire information by masquerading as a trustworthy entity in an electronic communication. The electronic messages often direct the recipient to a spoof website. These attacks are typically carried out through email, instant messaging, telephone calls, and text messages.
- Delete email and text messages that ask you to confirm or provide sensitive information. legitimate companies don't ask for sensitive information through email or text messages.
- Beware of visiting website addresses sent to you in an unsolicited message.
- Even if you feel the message is legitimate, type the web address into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
**Fort Madison Bank & Trust will never email, text, or call you unsolicited to ask for account information, social security numbers, online banking credentials, or other sensitive information.
Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your Fort Madison Bank & Trust accounts.
Call us at 319-372-5164 or visit your nearest Fort Madison Bank & Trust branch location.
Regularly monitoring your account activity is a good way to detect fraud. If you notice unauthorized transactions on your account, notify Fort Madison Bank & Trust immediately.