Tuesday, August 2, 2011
Looking for a security-related article from a past issue of GCFlash? Find the best of the batch here.
Our Current Rates:
For a listing of our current deposit and loan rates, click here.
We're all well aware of the need to protect our personal information. A stolen wallet containing credit cards, driver's license or other identifying information can cause major upheaval in our lives as we try to restore our good name and credit rating.
We protect our computer against viruses, hackers and other malware to prevent login information from falling into the hands of cyberthieves.
Yet many of us are a bit lax with the one item that carries the most risk if lost or stolen. And that's your smartphone.
Any danger present on your computer can affect your smartphone as well. Plus you have the added risk of portability. Your phone can easily fall into the wrong hands.
Just what can be stolen from your smartphone? Plenty. Your phone holds login information for any site you visit. Do you use mobile banking? What about email or social media accounts?
Many companies will send a one-time password (OTP) in the form of a text message as an additional form of authentication when conducting business. The thief who is trying to login to your bank account using your stolen smartphone now has all the tools to conduct a high-value transaction at your expense.
Data can be compromised even if you haven't lost your phone. Signals can be intercepted when transmitted over public WiFi or personal Bluetooth.
So what is a savvy smartphone user to do? There are several steps you can take to protect your phone.
Keep your screen locked with a PIN code or password. This adds an extra layer of difficulty for an unauthorized user.
All major mobile operating systems offer remote services. Install and enable whatever your phone supports. Options differ by system, but can include the ability to delete your files, lock your phone remotely or find it using GPS location.
If your phone allows for data encryption, use it. This protects data stored on external memory cards as well as SD cards installed in the device.
Mobile malware is on the rise. It isn't enough to protect your PC against threats. Your smartphone needs antivirus software, too.
Take the time to download software updates. Like their PC counterparts, they often include patches for security flaws recently detected.
Don't provide personal information when using public WiFi or personal Bluetooth. You can browse online shopping sites, but wait until you're in a secure setting before sending your credit card number. Save your online banking chores or visiting any sites requiring a login/password for a time when you can do it securely.
Exploring all of those neat apps can turn your phone into an entertainment experience. But unless you're using a Blackberry, those apps can be distributed by some unscrupulous folks. Only download apps from sites you trust. Check its rating and read reviews first.
Read the small print to learn what information the app will access. Stay clear of any app that wants access to any personal information, text messages or location that doesn't seem important to its function.
As you've learned with traditional email, don't click on links sent by users you don't know or appear suspicious. Smishing, a combination of SMS texting and phishing, has become quite common.
Like your PC, create a backup plan. Backup your data often. All important data should be saved at least twice, in separate locations. If your remote service utility includes a weekly backup, choose a mid-cycle day to backup to your computer as well.
Your smartphone is no longer a device used solely to place a phone call. You're holding your identity, your personal information, and your very security in the palm of your hand. Do it wisely.
ZeuS Gone Mobile
Regular GCFlash readers may remember our article about the ZeuS banking Trojan last August. Those who don't can refresh their memories here.
While the article was written one year ago, the threat today is stronger than ever. And this time, it's gone mobile.
Android devices have been targeted by this man-in-the-middle attack. Symbian, BlackBerry and Windows phones are also vulnerable. Communications between the sender and receiver are intercepted by a proxy in the middle, who reads and modifies data sent between the two with this type of threat.
It works like this: A consumer logs into their bank's website from a PC. The bank responds with a text message to the consumer's phone number that includes transaction details and a verification code. The code is then typed into the PC, assuming that an unauthorized user wouldn't be able to complete the transaction.
But when that PC is infected with ZeuS, the malware asks the victim to download a security component onto their mobile device to complete the login process. The user thinks their bank is requesting the download and complies. Now both devices are controlled by cyberthieves.
The malware then initiates a fraudulent transaction posing as the consumer. The bank sends a confirmation message to the infected mobile device, the malware sends the message to the victim's PC. It enters the confirmation code and transaction is approved.
The malware then deletes the bank's confirmation message to erase any trace of what occurred.
Take action to protect your smartphone from being compromised. All of the tips offered in today's 1st Flash apply here equally.
Research the publisher of an app before downloading. The open architecture of both Android and Apple makes it easy to distribute malware through suspicious apps.
Read reviews to learn what other users are saying about an app. But realize that malware developers can post fake reviews. Research, but don't believe everything you read. If something doesn't feel right, don't download.
Download and install apps only from official sources, not a third-party site. Malicious code is easily embedded in APK files.
Turn WiFi, Bluetooth and other connections off when you're not using them. Turn them on only when you need them.
Connect through only known access points. Avoid networks with a generic name like "linksys."
Major antivirus software vendors are scrambling to develop a suite of products to protect your mobile device. Norton, McAfee, Trend Micro and Kapersky are already on the market. Others are close behind.
You'll also find antivirus solutions specific to your device in your system's app store. As with any other app, research a variety of sources before you choose to download a particular product.
Lawmakers, debt ceilings, spending and taxes: The national lawmakers declare that once again the deadline was met with a law that expects to reduce the U.S. deficit by $2.1 trillion in the future. Without this law, the U.S. could have defaulted on debt. This possibility caused the rating agencies to warn that the U.S. could be downgraded from the stellar credit worthiness the country enjoys.
However, the rating agencies are still not happy with this package. Standard & Poor's warned that they had expected to see a deficit reduction of $4 trillion in the next 10 years. Moody's also may still downgrade the US, with Fitch deferring until the end of August. The Dow Jones Industrial Average dropped in response to this continued uncertainty.
So what does a downgrade mean? A higher rated borrower enjoys paying lower interest because they are such a great credit risk. Other countries, like Greece, have had their credit rating downgraded, causing that country to pay higher interest rates. On the other hand, Japan was dropped from the highest rating years ago and still pays very low rates compared to other nations. In fact, yields on government bonds are still low. This seems to mean that the market still feels that the U.S. is a stable investment, and willing to take the lower return to invest in its debt.
Still, getting a compromise on Capital Hill that would meaningfully reduce our debt is a goal shouldn't be left behind - despite the impact to the bond market!
GCFlash is a weekly e-mail sent only to its listed customers and associates free of charge. GCFlash informs customers of special product offerings which may be of interest, current interest rates on both deposit and loan products, selected financial news and other financial tidbits. GCFlash is intended to supplement the more comprehensive information listed on the GCF Web site at http://www.gcfbank.com.
For more comprehensive information, visit our Web site at http://www.gcfbank.com or call (856) 589-6600 Ext: 337 (Timothy P. Hand)GCFLASH PRIVACY STATEMENT
GCF maintains your e-mail address in a confidential and secure database along with much of your other account information, such as mailing address and telephone number, etc. Before aggregating our e-mailing list each week, we filter out any duplicates. In most cases, this inhibits the unintended e-mailing of multiple copies of GCFlash to a single e-mail address. However, because these account records are kept by both individual and account, there is a chance members of the same household could each receive a copy of GCFlash or any other transmission at the same e- mail address - resulting in multiple copies. For example, a husband and wife that both have accounts with GCF may both receive a copy because the names are different but listed at the same e-mail address. This is similar to the manner in which each individual may share a common telephone number. To handle this situation, GCF recommends you simply delete any extra copies of GCFlash as this will ensure that ALL individuals receive any future promotional mailings, which might only be targeted or offered to specific accountholders meeting certain criteria. GCF has the capability to suppress customer e-mail addresses so they are omitted from our transmission list. If you would rather have a specific household memberÃ¢â‚¬â„¢s e-mail address suppressed in our electronic database, simply send us a reply, as stated below, and indicate the accountholder for which you would like to have e-mail suppressed. Please keep in mind that this suppression will mean that NO future e-mails are sent, including special promotional offers. If you have any questions about this process or need additional information, please contact us at firstname.lastname@example.org.
If you would like to be removed from this electronic mailing list, please hit reply and place the word REMOVE in the subject line. Please note, removing your name from our electronic mailing list means GCF will send NO FUTURE NEWS or SPECIAL OFFERS.
Banking With Us