August 17, 2020Spoofed SBA COVID-19 Relief Webpage

According to the American Bankers Association, the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding an unknown malicious cyber actor targeting small business owners through phishing emails. The emails contain links that redirect victims to a spoofed Small Business Administration (SBA) COVID-19 relief webpage; the spoofed page is used to steal credentials. The phishing email subject line currently reads "SBA Application - Review and Proceed" and the sender is marked as "disastercustomerservice@sba[.]gov".

Details about the alert and CISA-recommended mitigations are available on the CISA website. More info

February 22, 2021Social engineering

Guard Against Social Engineering

Social engineering is a form of psychological manipulation that is used by criminals to influence or trick people to gain control of their computer systems or access their personal information. Criminals use phone, email, regular mail, or direct contact, and a variety of techniques, such as phishing, spear phishing, baiting, and pretexting, to gain illegal access. Once the criminal has access, they can use it to steal money, personal or financial information, and more. 

Keep these points in mind if you receive a phone call, email or other form of message about RSI Bank or your other banking institutions:

  • Only call your financial institution using the phone number(s) listed on your bank's public website.
  • RSI Bank will never ask users to share their online banking credentials.  Do not share your online banking credentials (username and password) or provide one-time passcodes. to anyone who is not authorized to have access to your account.
  • Never click on links in unsolicited emails or texts. If you are unsure if an email or text was sent legitimately from RSI Bank, contact our Call Center for assistance.
  • If you receive a text, call, or email for one-time passcode authorization that you did not request, do not respond to the text, call, or email.
  • Never trust Caller ID; Caller ID may be modified by scammers to show your financial institution's name. This is called Caller ID spoofing.

Learn more about common online scams on the Federal Trade Commission’s website and read tips on common security issues for non-technical computer users on the Cybersecurity & Infrastructure Security Agency website.


Security

Not securing your own computer, or not updating it properly, can be a recipe for disaster.

We encourage you to implement several security tips when you use our Online Banking services:

  1. Always access your online banking account on the RSI.bank homepage. Never click on a link sent to you in an email.
  2. Never give out your personal information through an email or over the phone. RSI Bank will never request that information in this manner.
  3. Choose your User ID and password carefully – They should not be easy for others to guess (like your name or birthday, or your children's names and birthdays). Make sure to change your passwords on a regular basis.
  4. Use a combination of letters, numbers, and symbols when creating a password.
  5. Never reveal your password to anyone; never leave your password in a place where someone else can obtain and use it.
  6. Make sure you have a firewall in place when conducting your financial transactions.
  7. Log out completely - Do not simply close your browser or use the back button to exit the site. Use the Exit button to end each Online Banking session and then close your browser.
  8. Never leave an open session unattended. Your online banking session should be your only open internet window or tab.
  9. Change your session timeout in User Options to a time that meets your needs.
  10. Install an antivirus app on both your personal computer and your mobile device and keep it updated.
  11. Always keep your computer and/or smartphone up to date.
  12. Never access your Online Banking account from a public or shared computer.
  13. Avoid installing Android apps from third-party websites or unreliable sources.
  14. Read the permissions requested by every application before installing.
  15. Perform regular backups of data stores on your smartphone.
  16. Protect devices with passwords.
  17. Don't view or share personal information over a public Wi-Fi network.
  18. Balance your account and statements on a regular basis. Online Banking makes it easy!
 

RSI Bank strongly encourages our commercial customers to perform their own risk assessments and controls evaluations.

  • Make a list of the risks related to online transactions that your business faces including: passwords being written down and left out in the open; the use of old or inadequate passwords; the possibility of internal fraud or theft; delays in terminating the rights of former employees; the lack of dual control or other checks and balances over individual access to online transaction capabilities.

  • An evaluation of controls your business uses may include: Using password protected software to house passwords in; conducting employee background checks; initiating a policy and process to terminate access to former employees; segregating duties among two or more people so no one person has too much access or control; conducting internal or third party audits of controls; using firewalls to protect from outside intrusion or hackers.