EDSB's Web Servers Safe from the Heartbleed Security Vulnerability


What is Heartbleed?

Heartbleed is an internet bug that creates an opening in the encryption software used on websites whose addresses start with “https.” This bug makes it possible to scrape information on the server, including user names, passwords and information contained in the account. EDSB’s website has been tested securely and has not been affected, but we wanted to inform all of our customers about the potential threat found on other websites that may not be as secure.

 

What do I do if a website may have been exposed to Heartbleed or hacked and I have an account there?

 

First,confirm through a test site that the site has installed the software update to fix the Heartbleed bug. Depending on the result, here’s what you can do:

1.) If the site has updated its security certificate since April 7: Change your password. It’s also a good idea to clear your cookies and empty your cache. You can do this in a browser under menu options such as“settings” or “options.”


2.) If the site has not updated its certificate: Hold off on changing your password. Otherwise, you could potentially expose your new password and account information. Instead, perform a vulnerability check on the website again in a day or two to see if it has installed the software update. If you think you’ll forget to check, consider setting a reminder for yourself. Don’t change your password until the site has installed the update.

 

  • Check your bank statement and credit card information to make sure there are no unauthorized charges.

  • If you haven’t checked your credit report in a while, get a free credit report that covers the three major credit agencies at www.annualcreditreport.com.


PLEASE NOTE, EDSB customer information is secure, and there HAS NOT been a breach of EDSB’s Online Banking. 



TARGET Debit & Credit Card Security Breach Information


Today, December 19, Target Corporation released information about a data breach that may have impacted their customers making credit or debit card purchases in their U.S. retail stores. The retailer said credit or debit card numbers of approximately 40 million Target customers may have been exposed between Nov. 27 and Dec. 15, 2013. 


Read Target’s statement  

EDSB advises that all of customers carefully monitor transactions to their accounts, especially those who have made purchases at Target between Nov. 27 and Dec. 15. If you do find any unauthorized transactions on your account, immediately contact a Personal Banker at (563) 587-2424 to report it.

To further protect your accounts and your identity, we recommend that you take the following safety measures:

  • Monitor your bank account statements, and use online banking to regularly check account activity if possible. Please report any suspicious activity to EDSB immediately.
  • Set up online financial alerts through EDSB’s secure Internet Banking to stay on top of account activity.Transaction and balance alerts are extremely helpful in identifying potential fraud. Alerts can be received via text or email, and can be customized.
  • Carefully monitor your credit card statements, and medical statements to ensure there are no charges or claims that are not yours. Make sure to notify your creditors or insurance company of suspicious activity immediately.
  • Contact the three credit reporting companies and place a fraud alert on your credit file if you know you've been victimized by fraud: Equifax 1-800-525-6285 Experian 1-888-397-3742 TransUnion 1-800-680-7289
  • Monitor your credit report to ensure there hasn't been any fraudulent credit opened in your name. Request your credit report from each of the three credit bureaus (by law, you are entitled to one free credit report from each bureau every 12 months). You can make the request via phone using the numbers above or online at www.annualcreditreport.com.
  • When the organization that lost or leaked your information lets you know about the breach, they can further explain your options.


PLEASE NOTE, EDSB customer information is secure, and there HAS NOT been a breach of EDSB’s debit card systems. 







Safe Holiday Shopping Tips

Stick with trusted sites and secure Internet connections 

Online shopping offers many benefits, like allowing you to do all of your shopping from one spot and compare prices instantly, but with these conveniences come a major disadvantage: an increased risk of identity theft. To minimize this risk, buy only from secure websites, like those verified by TRUSTe and those whose URL is preceded by https://. This safeguards your privacy by ensuring only you and the online retailer have access to the data being transferred — no one else.

 

Monitor your accounts and transactions 

One of the reasons criminals target people during the holiday season is because shoppers are so busy spending money that they’re less likely to notice fraudulent purchases. To prevent this, go through your account balances and new transactions regularly and mentally check off each purchase you (or your joint account holder) made. Doing this will allow you to quickly catch and stop any fraudulent activity that may occur.

 

Shred your bills and receipts 

Many people opt to do all of their shopping and banking online nowadays, but if you have any physical credit card bills, ATM receipts, receipts for items you've purchased, or any other documents that include your signature, account number, Social Security number, or other personal information,shred it. If you’re unsure about a document, shred it anyway. Better to be safe than sorry!

 

The Bottom Line

Don’t let identity theft ruin your holiday season! By being proactive,using common sense, and following these simple guidelines, you can really enjoy this season, knowing your identity is safe. Happy holidays!




Phishing Alert

EDSB has received a notification from the FBI and the Iowa Division of Banking to be on alert for spear phishing emails.  The FBI has assessed the possibility of US military action in Syria may lead to further escalation of computer network operations by pro-regime or other aligned cyber actors. Every organization is at risk of being the target of a spear phishing email. Malicious actors are crafting emails that appear to be from a legitimate source to lure victims into providing login credentials. The email will contain a hyperlink that appear to be legitimate; however, the user is directed to a credential harvester that looks like a legitimate Outlook Web Access or other login page.


Here are some tips to protect yourself:

Email from a "Friend"

The spear phisher thrives on familiarity. He knows your name,your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.


Passwords That Work

Think about your passwords. Do you use just one or easy to figure out variations on just one? If you do either, you shouldn't, because you're making it easy for a scammer to get access to your personal financial information. Every password for every site you visit should be different. Random letters and numbers work best, and make sure to change them frequently.


Patches, Updates, and Security Software

When you get notices from software vendors to update your software, do it. Most operating system and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date.


Be Smart

If a "friend" or business emails asking for a password or other information, call or email them (in a separate email) to verify that they were really who contacted you. Legitimate businesses won't email you asking for passwords or account numbers. 


As always, EDSB would never ask you for you login credentials via an email. If you should ever have any questions or concerns please contact a personal banker at 563-587-2424.




Do You Know Where Your Personal Information Is?

As consumers of online services, we create digital information through our use of social media, online shopping, and many other activities. Public records are also a source of information, which can get posted online. Be aware that once this data is online, it can be difficult to remove.


See What Information About You Is Available Online

  • Search engines will help you to do a quick search of your public information. You can also take a proactive approach and set up alerts for search terms of your name. 
  • Data services like Spokeo and Pipl have massive amounts of data about individuals compiled from a variety of sources, including public records and social networking sites. this data can be used by credit issuers, criminal profilers, employers, etc.
The first reaction to seeing your data might be,“Oh my, that’s scary,” followed shortly by, “How do I remove this? If you've experienced a similar reaction, take the actions outlined below. Be aware that some information posted about you is within your control, and some of it is not.


Clean Up Data You Can Control

Information that is under your control includes information you have posted, such as your social networking profiles and related information. In addition, there could be information about you on old blog postings, postings on a friend’s website, an old dating profile, a picture sharing account, or any other services that were useful at a point in time for you but are no longer necessary.

Review the accounts to which you have access.You basically have three options:

  1. Remove the data.
  2. Modify the privacy settings.
  3. Request that the account be deleted.

If you are going to request that the account be deleted, remove all of the data first. Be sure to request that the account be deleted rather than deactivated.


Request Clean Up of Data You Do Not Control

Contact website owners:
If the site does not make contact information for the site owners easily available, you can do a query on the WHOis.net website to find an administrative and technical contact for the site.

Opt out of data service providers:
A data service provider is a company or group that will provide lists of contact information to individuals or companies that request it. They often charge a fee for this information. In many cases, data service providers provide individuals with the ability to opt out of having their data published. Keep in mind that these services are aggregators, so the original provider of the information will likely have to be contacted also to remove your information. The Privacy Rights Clearinghouse publishes the opt-out URLs for more than 240 of these types of services.

Use a professional service:
The maintenance of your online data requires discipline and regular review. What if there is misinformation being posted about you that you cannot get removed through the steps discussed above? Then it is time to consider using a professional service. These services will constantly search for, analyze, and remove data that you do not want made public. Review the service terms from these companies carefully to ensure the service you desire is what is being provided.

    The best course of action you can take is to be aggressive about maintaining a cycle of checking your public data and removing items that you don't want shown publicly.


    Resources For More Information





    DPD & Local Financial Institutions Warn of “Vishing” Scheme


    On May 1st, 2013, a local financial institution notified Dubuque Police of a debit card scam in which members were contacted on their cellular phones (caller I.D. shows “1128”) and a recording advised their debit card had been deactivated and in order to reactivate the card, they must select/press “option 1”. Thus far, those contacted have hung up at this point, but it’s believed the member would ultimately be prompted to provide card number, personal identification number (PIN) and/or the card verification value (CVV).


    This type of scheme often referred to as “vishing," can also be perpetrated via email. Fortunately, regardless of the scam or scheme, prevention remains the same. Just as the above mentioned members did,you should hang up and not provide the requested information – regardless of how legitimate the call may seem. Often the fraudsters will be armed with some of your information before calling/emailing, and this can lead to a false sense of security/validity. Unless you initiated the contact, legitimate financial institutions and companies/businesses will not randomly contact you via phone or email and request personal information.


    When in doubt, do not provide any information. Discontinue the contact and notify your financial institution by contacting them in person or at a phone number you know to be valid.


    For more information on these (and many other) schemes/scams can be found at www.fbi.gov and www.ftc.gov.




    In today's electronic world, using safe practices is very important.

    When using a debit card, it is always a safer practice to enter a secure pin number instead of signing for a transaction. Because this is safer for you, in the state of Florida where there has been considerable fraudulent transactions, we will be requiring all transactions to be pin based for your protection. What does this mean to you?

    • You will need to know your pin number to be able to conduct transactions in Florida
    • If you do not know your pin number, please let us know and we will create a new pin number for you.

     

    Anytime you travel out of the tri-state area, and will be using your debit card, it is always a good practice to notify EDSB of where you intend to use your card. It is also a good practice to be sure we have your cell phone number listed so if an issue should arise; we have sufficient means to contact you.

     

    As always, contact a Personal Banker at 563.587.2440 with any questions or concerns.