April 6, 2020Coronavirus relief scams

As you probably know, the Federal government plans to issue checks to individuals and families in response to the COVID-19 pandemic. Scammers are hoping to take advantage of the situation as the details of the plan are being worked out. The Federal Trade Commission (FTC) has listed four key points to keep in mind to help guard against coronavirus relief check scams.

Read the full post on the FTC website for more information.

Fraudsters may also target small businesses with phishing emails and phoney websites. Watch out for application scams and unsolicited phone calls. Make sure to visit legitimate websites; a safe bet is to go directly to the SBA website by typing the URL sba.gov/coronavirus into the address bar at the top of your browser.

For more information, read the full post on the FTC website.
 

August 17, 2020Spoofed SBA COVID-19 Relief Webpage

According to the American Bankers Association, the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding an unknown malicious cyber actor targeting small business owners through phishing emails. The emails contain links that redirect victims to a spoofed Small Business Administration (SBA) COVID-19 relief webpage; the spoofed page is used to steal credentials. The phishing email subject line currently reads "SBA Application - Review and Proceed" and the sender is marked as "disastercustomerservice@sba[.]gov".

Details about the alert and CISA-recommended mitigations are available on the CISA website. More info

Security

Not securing your own computer, or not updating it properly, can be a recipe for disaster.

We encourage you to implement several security tips when you use our Online Banking services:

  1. Always access your online banking account on the RSI.bank homepage. Never click on a link sent to you in an email.
  2. Never give out your personal information through an email or over the phone. RSI Bank will never request that information in this manner.
  3. Choose your User ID and password carefully – They should not be easy for others to guess (like your name or birthday, or your children's names and birthdays). Make sure to change your passwords on a regular basis.
  4. Use a combination of letters, numbers, and symbols when creating a password.
  5. Never reveal your password to anyone; never leave your password in a place where someone else can obtain and use it.
  6. Make sure you have a firewall in place when conducting your financial transactions.
  7. Log out completely - Do not simply close your browser or use the back button to exit the site. Use the Exit button to end each Online Banking session and then close your browser.
  8. Never leave an open session unattended. Your online banking session should be your only open internet window or tab.
  9. Change your session timeout in User Options to a time that meets your needs.
  10. Install an antivirus app on both your personal computer and your mobile device and keep it updated.
  11. Always keep your computer and/or smartphone up to date.
  12. Never access your Online Banking account from a public or shared computer.
  13. Avoid installing Android apps from third-party websites or unreliable sources.
  14. Read the permissions requested by every application before installing.
  15. Perform regular backups of data stores on your smartphone.
  16. Protect devices with passwords.
  17. Don't view or share personal information over a public Wi-Fi network.
  18. Balance your account and statements on a regular basis. Online Banking makes it easy!
 

RSI Bank strongly encourages our commercial customers to perform their own risk assessments and controls evaluations.

  • Make a list of the risks related to online transactions that your business faces including: passwords being written down and left out in the open; the use of old or inadequate passwords; the possibility of internal fraud or theft; delays in terminating the rights of former employees; the lack of dual control or other checks and balances over individual access to online transaction capabilities.

  • An evaluation of controls your business uses may include: Using password protected software to house passwords in; conducting employee background checks; initiating a policy and process to terminate access to former employees; segregating duties among two or more people so no one person has too much access or control; conducting internal or third party audits of controls; using firewalls to protect from outside intrusion or hackers.