Browser update notice

Effective Monday, July 11, 2016, users attempting to gain access to online banking with Internet Explorer versions 7 or 8 will be unable to do so. Please update your browser to the latest version.

 

Online Banking Supported Browsers

Supported Browsers – our online banking supports the latest versions of Safari, Chrome, Internet Explorer and Firefox. Each time a new version of these browsers is released the bank encourages you to update your internet browser for the best online experience.

Effective Monday, July 11, 2016, users attempting to gain access to online banking with Internet Explorer versions 7 or 8 will be unable to do so. Please, update your browser to the latest version. Feel free to contact your local branch with any questions regarding this update. Thank you!

 

New Phishing Email Uses Accurate GPS Data To Attempt to Gather Credit/Debit Card Information

There is a newly reported phishing tactic that may prove to be very effective. Criminals, most likely using GPS data from compromised mobile phones, will use this data to craft an e-mail with accurate travel information to a specific user. The e-mail will contain a link or attachment to either gather credit/debit card information or load malware to the recipient’s device.

Remember that traffic citations are never emailed or sent out in the form of an email attachment, and report scams like this to your local police department.

A sample scam e-mail is below:

From: Speeding Citation <citation@safe-browsing.com></citation@safe-browsing.com>

To: (Accurate Email Removed)

Date: 03/11/2016 03:08 PM

Subject: [External] Notification of excess speed

First Name: (Accurate Name removed)

Last Name: (Accurate Name removed)

Notification of excess speed

Route: (Accurate Local Township Road –removed)

Date: 8 March 2016

Time: 7:55 am

Speed Limit: 40

Detected Speed: 52

The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.

 

Source: KnowBe4.com

YToxOntzOjE3OiJ0cmlnZ2VyX3JldmlzaW9ucyI7czoxOiIxIjt9

Safeguard Yourself & Your Family|fa-key|159|Identity Protection|1

The Harm in Password Reuse

Every day malicious cyber-actors compromise websites and post lists of usernames, email addresses, and passwords online. While this can be embarrassing, such as when thousands of government employees email addresses and passwords were exposed during the recent Ashley Madison breach, it also leaves users open to follow-on potential attacks due to password reuse.

Every day malicious cyber-actors compromise websites and post lists of usernames, email addresses, and passwords online. While this can be embarrassing, such as when thousands of government employees email addresses and passwords were exposed during the recent Ashley Madison breach, it also leaves users open to follow-on potential attacks due to password reuse.

Password reuse is when someone reuses the same password on multiple websites or accounts.  This is a vulnerability when the password is exposed in coordination with other information that identifies who is using the password, such as first and last names, login names, or email addresses.

How Password Reuse is a Threat

NEVER use your work email address when signing up for and accessing personal web sites.

Password reuse is a threat because malicious actors can take advantage of a reused password if there is other associated information that identifies you. This typically occurs through one of two potential scenarios:

In the first, and most common  scenario, the malicious actors can search for other accounts you use and try to login with the same password. In some cases the actors might try to find personal accounts such as Facebook, Twitter, or banking websites. If they can identify those accounts, and you reuse your password, they can login as you. In other instances the malicious actors may try to determine where you are employed and attempt to use for remote access, such as through a remote email or timecard access.

A second scenario involving a malicious website is much less common, but still poses a threat. In this scenario the malicious cyber-actor sets up a website that spoofs a legitimate web site, which requests you enter an email address, password, and potentially other information to gain access. Once you have done that, they know who you are and can search for your other accounts where you used the same password.

Avoiding Password Reuse

Avoiding password reuse can be challenging because of the number of websites and accounts that require passwords, some of which require updating your password every 30 days.  There are two ways to both avoid password reuse and to ensure any password meets the recommended password complexity requirements.

The first technique is to use a password manager to remember each unique password. Password managers are applications that can be stored on a computer, smartphone, or in the cloud, and will securely track passwords and where they are used. Most password managers can also generate complex random passwords for each account if you choose to do so. As long as the password to access the password manager is sufficiently complex, this technique can be affective. However, if the company running the password manager is compromised (which does happen!) it is possible that all your passwords will also be compromised. If you choose a password manager that is local to your computer or smartphone, that information may be compromised if malware gets on your computer or you lose your smartphone.  When choosing a password manager, ensure it is from a known, trustworthy company.

The second technique is to choose a repeatable pattern for your password, such as choosing a sentence that incorporates something unique about the website or account, and then using the first letter of each word as your password. For example the sentence: “This is my August password for the Center for Internet Security website.” would become “TimAp4tCfISw.” Since a strong password is complex, and includes upper and lower case letters, numbers, and a symbol, this password keeps the capitalization within the sentence, translates the word “for” to the number “4,” and adds the period to include to add a symbol. The vulnerability in this technique is that if multiple passwords from the same user are exposed it may reveal the pattern.

Regardless of how a unique password is chosen, it is critically important that every password is unique. Some companies, such as Facebook, have begun programs to identify password reuse. Facebook’s program to identify password reuse involves monitoring for lists of compromised usernames, emails, and passwords, and attempting to match those to the usernames or email addresses of existing Facebook users. If a match is found Facebook asks the user to reset their Facebook password.

Article sourced from the Desk of Thomas F. Duffy, Chair, MS-ISAC. Republished with permission.

Further advice on choosing a strong, complex password is available in the MS-ISAC Security Primer available at: http://msisac.cisecurity.org/documents/SecuringLoginCredentials.cfm

 

Netteller Password Self-Reset Instructions

Password Self-Reset Instructions

Anticipate Forgetting Your Password (PIN)
It happens to many of us! But you can reset your Online Banking password yourself if you have forgotten it, or you’re not sure if you remember it correctly.

Please note: If you try the incorrect password three times you will “lock” your account and will need to contact us to release it.

Here are the steps for this process:

1) Set up the reset capability ahead of time: Log into Online Banking as usual, and go to the Options tab.

You will see two lines:
PIN Reset Question
PIN Reset Answer

Create your own question and answer. These will be used to identify you if you ever want to reset your PIN.
For example, your question and answer could be something like:
Q – What is my favorite animal? A – dog
Click “submit”

Now you have the capability of self-resetting your PIN any time you are in doubt, without logging into Online Banking.

OK, you’ve forgotten your password, or you’re not sure you remember it correctly!

1) Go to the usual login page and enter your ID (or alias that you have created)

2) To the right of the PIN entry box you’ll see the text “Reset Password.” Click on this text.

3) You will next see a screen asking for your Online Banking ID (or alias), the e-mail address you have on file via Online Banking; and a subject line that you create.

4) You will then receive an email alert from do-not-reply@fmbankva.com with wording as follows:

“You have requested that your Internet Banking PIN be restored. To confirm this request, please click here.”
This link will be valid for two hours.

5) After following the “click here” link you will be directed to enter your Online Banking ID and the answer to your security question. Be sure to click this link within two hours, as it will expire.

6) Once done, the PIN will reset to the last 4 digits of your tax ID# (Social Security number). You can then begin the process of logging in again using these 4 digits as your PIN, and then create a new PIN of your choosing.

 

Online Banking Browser Requirements

F&M Bank’s Online Banking program supports the latest version of Safari, Chrome, Internet Explorer and Firefox. Each time a new version of these browsers is released the bank encourages you to update your internet browser for the best online experience.

 

Sophisticated fraud scheme is targeting large and medium-sized U.S. companies, bank customers

The Dyre Wolf
IBM has uncovered a new and effective strategy criminals use to compromise consumers’ online banking accounts and send unauthorized wires on their behalf. The scheme, which IBM security researchers have dubbed, “The Dyre Wolf,” is targeting people working in companies by sending spam email with unsafe attachments. If the end user clicks on the attachment to download, the person’s (and company’s) computer are then infected with malware. The sophisticated malware then waits silently until it recognizes that the user is visiting a bank website.

April 7, 2015

IBM has uncovered a new and effective strategy criminals use to compromise consumers’ online banking accounts and send unauthorized wires on their behalf. The scheme, which IBM security researchers have dubbed, “The Dyre Wolf,” is targeting people working in companies by sending spam email with unsafe attachments. If the end user clicks on the attachment to download, the person’s (and company’s) computer are then infected with malware. The sophisticated malware then waits silently until it recognizes that the user is visiting a bank website.

The program then generates a “pop up” screen that the bank’s website is having problems and asks the victim to contact the bank at a specific phone number. If the victim calls the number, the criminals are on the other end acting as the bank and offering “help” when actually gathering the user’s information. This scam results with criminals logging in to the victim’s commercial internet banking account and originating a wire to an unauthorized account. The criminals have also been known to generate a Denial of Service (DOS) attack on the victim’s IT infrastructure to prevent the victim from logging in to his or her internet banking account to delay detection of the fraud.

Please be aware of this scam as it has the potential to make its way to the Valley, as have prior scams.

For your security, F&M Bank does not permit wire originations through internet banking. F&M Bank will also always communicate a website or online banking service interruption in advance on our homepage (www.fmbankva.com), via email to customers, and on its Facebook and Twitter pages.

Read more at Reuters about this scam.

 

 

Anthem Breach: How To Protect You and Your Family

Anthem Breach: How To Protect You and Your Family
Follow these tips to protect you and your family’s data from compromise due to the Anthem Data Breach.

  

February 6, 2015

Recently, Anthem announced a breach of their computer systems which may have compromised the information of up to 80 million customers. The breach involved access to customer names, social security numbers, date of birth, job history and insurance account numbers among other items.

What makes this compromise different from recent compromises involving debit and credit cards is that criminals can use this Non Public Personal Information (NPPI) to do some of the following;

–    Make fraudulent claims for medical care,
–    Use this NPPI to gain access to on-line banking, shopping or e-mail accounts,
–    Apply for loans and credit cards under the victim’s name,
–    File fraudulent tax returns with the IRS.

There are things you can do to protect you and your family from this compromise. 

–    Monitor notifications from your health insurers on claims made on your policy,
–    Change your passwords, update your security questions and constantly monitor bank accounts, shopping accounts and electronic mail.
–    If you do not plan to file for any credit in the near future, consider putting a fraud alert or credit freeze on your credit file with the big 3 credit reporting firms.
You can find more information on this process on the Federal Trade Commission website.
–    Enroll into the IRS Identification Protection PIN service and consider filing your Tax Return sooner rather than later. If criminals have enough information, they may try to file your tax return and collect your refund.
–    Ensure you are signed up for IDSafeChoice, F&M Bank’s Fraud Protection Services, a free service for Platinum Account Holders.

If you become a victim of identity theft, consider filing a complaint with the FBI at the Internet Crime Complaint Center (IC3) on your experience.

Finally, you will want to educate yourself and your family on good security practices to keep you identity safe. Some good resources on this issue are below:

–    Anthem Breach Frequently Asked Questions: Call Anthem’s toll-free number for questions at 877-263-7995
–    Federal Trade Commission site on Identity Theft Fraud: http://www.consumer.ftc.gov/features/feature-0014-identity-theft
–    Internal Revenue Service site on Identity Protection: http://www.irs.gov/Individuals/Identity-Protection

 

 

Features and Benefits Of Online Banking

Features And Benefits Of Online Banking
An overview of F&M Bank’s Online Banking features and benefits.

By Jackie Burner, Assistant Manager of the F&M Bank Bridgewater Branch

The last time we chatted, we discussed safety procedures for online banking.  This time I would like to discuss a couple of the features that our online banking offers.

My absolute favorite feature of online banking is Bill Pay.

I came from the “Old School” that said, “I like having a check in my hand”.  “I feel more in control when I write a check, address the envelope and run to the post office because I ran out stamps and finally mail the letter”.  I cringed as I typed that statement, because what I have found is that the “Old School” way controlled me.

Well, times have changed and I have finally embraced our online banking with a passion. Here are just a couple of the benefits it offers.

Convenience
It is so nice to be able to pay your bills right from the comfort of your own recliner.

It is so easy and with just a few clicks on your computer, your bills are paid. I can actually pay all my bills in about two minutes. You can even pay your bills while away on vacation. If you have recurring payments you definitely will like bill pay. You set them up once and each month on that day, your bill will be paid.   Our system is very easy to navigate and if you do have an issue, we have many friendly faces in our branches that would be more than happy to help you.

Safety
Using your bill pay is very safe. Keeping your passwords up to date and confidential is very important. Using Bill Pay gives you the assurance of knowing that your bill, when processed properly, will be handled quickly and efficiently.

The second benefit of Online Banking is the Mobile Banking feature. My husband loves this feature.  If you are paid by check like he is and can’t get to the bank, Mobile banking is for you.  Just take a picture of your check and deposit it directly into your checking account. How amazing is that.  You even get a confirmation text that your check was processed correctly. Checking your balance on your phone is a breeze.  You can even have your balance texted to you every day.

Online Banking offers you the ability to print copies of your monthly statements and let’s not forget the ability to make transfers from one account to another by just a few clicks.

It’s all about making life easier for our customers.

If you have never used Online Banking, give it a try.  We are here to help you through the entire process from beginning to end.  Don’t wait!  Start today and enjoy the benefits available to you.

 

Online Banking Internet Browser Update

Our bank is pleased to present its website for all of our current and future customers to enjoy. The Internet is viewed through web browsers.

Our Online Banking program supports the latest version of Safari, Chrome, Internet Explorer and Firefox. Each time a new version of these browsers is released the bank encourages you to update your internet browser for the best online experience. Online Banking requires the latest browser version because of the increased security features. If you don’t have the more recent versions then you will not have access to these features as a precaution to protect your personal information.

Browsers can be downloaded for free by going to the browser provider’s website or by following this link: http://www.updatemybrowser.org/

All of these installs are several megabytes. If you have a dial up connection to the internet then we recommend you start your download before going to bed and it will be ready for you in the morning..

Please contact us if you have any questions.