Titonka Savings Bank - Security Corner

Welcome to my first article on Internet Security. I hope to make updates about twice per month to keep you current on the various scams, worms, and other assorted nastiness that is spreading around the internet. In the battle against the bad guys that prey on the unsuspecting users of the internet, knowledge is the first line of defense.

As Technology Officer at the Titonka Savings Bank, my job is to keep up to date on security issues in general, and internet security in particular. It is my hope that this small corner of our website will be useful for our customers for protecting themselves at home and at work.

In the coming installments of this column, I'll be talking about phishing, internet viruses and worms, spam, spyware, and other pitfalls of using the internet. If you as a reader have any specific questions, please e-mail me at security@tsbbank.com and I'll include these questions and answers in upcoming articles.

I'll keep an archive of previous Security Corner columns for reference here.

And now, onto some real content:

I'd like to talk about phishing. Phishing occurs when a bad guy sends out e-mail appearing to come from a trusted source (such as the bank or a government agency). The e-mail makes claims about your account status, and has a link to direct you to a website - but the website is often not where it claims to be, even though it has the same look and feel of the real site! The goal of a phishing expedition is to trick the unwary user into entering personal nonpublic information on a false website so that the perpetrator can use that information to steal their identity.

How can I defend myself?

With a little common sense and a small amount of online paranoia and skepticism, everyone can protect themselves from these phishermen. If you ever receive a questionable e-mail that appears to be from our bank, don't hesitate to contact us for verification.


	Security Corner - 11/11/2004
	Welcome to my first article on Internet Security. I hope to make updates about twice per month to keep you current on the various scams, worms, and other assorted nastiness that is spreading around the internet. In the battle against the bad guys that prey on the unsuspecting users of the internet, knowledge is the first line of defense. As Technology Officer at the Titonka Savings Bank, my job is to keep up to date on security issues in general, and internet security in particular. It is my hope that this small corner of our website will be useful for our customers for protecting themselves at home and at work. In the coming installments of this column, I'll be talking about phishing, internet viruses and worms, spam, spyware, and other pitfalls of using the internet. If you as a reader have any specific questions, please e-mail me at security@tsbbank.com and I'll include these questions and answers in upcoming articles. I'll keep an archive of previous Security Corner columns for reference here. And now, onto some real content: I'd like to talk about phishing. Phishing occurs when a bad guy sends out e-mail appearing to come from a trusted source (such as the bank or a government agency). The e-mail makes claims about your account status, and has a link to direct you to a website - but the website is often not where it claims to be, even though it has the same look and feel of the real site! The goal of a phishing expedition is to trick the unwary user into entering personal nonpublic information on a false website so that the perpetrator can use that information to steal their identity. How can I defend myself? If you receive an e-mail from a bank that has a good logo, and claims that if you don't act quickly to enter some of your information (Social Security Number, password, account number, or credit card number) something bad will happen to your account (it will be shut down or a large debit will go through) - don't click on any links. Either telephone the bank and ask about it, or manually enter the address in your browser. Before submitting any financial information to a legitimate website, look for the lock icon on the browser and look for the address bar to contain "https://" - both of these indicate that you have a secure, encrypted link to the website. Some browsers, such as Mozilla's FireFox (external link) will highlight the address bar to show a secure connection. Beware of this though - an illegitimate website can have a secure link. Know what website you're dealing with! There are now phishing attacks occurring that can attack you without even clicking on the link in the e-mail (external link). To avoid these kinds of phishing attacks (as well as viruses that attack in the same manner), keep you e-mail client up to date with the most current security patches, turn off the "preview pane", disallow ActiveX controls in your e-mail client, and turn off Windows Scripting Host on your machine. Report suspicious activity to the FTC. You can forward phishing attack e-mail to the FTC at spam@uce.gov or you can fill out a complaint form at the FTC website (external link). TSB Bank will not send out e-mails asking for your Social Security Number, account number, or password. If you receive such an e-mail, please forward it to us at info@tsbbank.com to investigate. TSB Bank uses the tsbbank.com domain for the main website and e-mail communications. TSB Bank uses the tsbbankonline.com domain for online banking. With a little common sense and a small amount of online paranoia and skepticism, everyone can protect themselves from these phishermen. If you ever receive a questionable e-mail that appears to be from our bank, don't hesitate to contact us for verification. Aaron Boyken Technology Officer Titonka Savings Bank 11/11/2004 List of previous articles
	173 Main St N, PO Box 309 • Titonka, IA 50480-0309 Telephone 515-928-2142 • 800-920-2085 Fax 515-928-2042 101 Highway 69 N • Forest City, IA 50436-1616 Telephone 641-585-3247 • Fax 641-585-3907 155 Jackson St, PO Box 7 • Thompson, IA 50478-0007 Telephone 641-584-2275 • 866-984-2275 Fax 641-584-2575 ©2001-2007 Titonka Savings Bank 11/16/2004