Security

Password Security

• Create a unique password for all the different systems/websites you use. Otherwise, one breach leaves all your accounts vulnerable.
• Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it's possible it could be a scam.
• Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
• The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens your password.

Avoid using obvious passwords such as:

• Names (your name, family members' names, business name, user name, etc.)
• Dates (birthdays, anniversaries, etc.)
• Dictionary words

Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.

To learn more about information security, visit any of the following websites:

• onguardonline.gov
• staysafeonline.org
• bbb.org/data-security
• us-cert.gov

Online Security

• Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
• Only submit sensitive information to websites using encryption to ensure your information is protected as it travels across the Internet. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://". Some browsers also display a closed padlock.
• Do not trust sites with certificate warnings or errors. These messages could indicate your connection is being intercepted or the web server is misrepresenting its identity.
• Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
• Always "sign out" or "log off" of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
• Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.

In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.

Criminals use a variety of social engineering attacks to attempt to steal information, including:

• Website spoofing
• Phishing

The following information explains the meaning of these common attacks and provides tips you can use to avoid being a victim.

Website Spoofing

Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.

Prevention Tips:

• Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
• If you are suspicious of a website, close it and contact the company directly.
• Do not click links on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative. Only give sensitive information to websites using a secure connection. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://".
• Avoid using websites when your browser displays certificate errors or warnings.

Phishing

Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS).

Prevention Tips:

• Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don't ask for sensitive information through email or text messages.
• Beware of messages sent through social media. Legitimate companies don't ask for sensitive information through social media.
• Beware of visiting website addresses sent to you in an unsolicited message.
• Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
• Try to independently verify any details given in the message directly with the company.
• Utilize anti-phishing features available in your email client and/or web browser.
• Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
• Do not open attachments received from unknown senders or unexpected attachments from known senders.
• Be cautious of the amount of personal information you make publicly available through social networking sites and other methods. The more information publicly available about you, the easier it is for attackers to craft more convincing phishing messages.

Report Fraudulent or Suspicious Activity

Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your Liberty Bank and Trust Co. account(s).

Call us at (504) 240-5288 or at (800) 883-3943. Additionally, you may visit your local Liberty Bank branch location.

Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions in your account, notify Liberty Bank and Trust Co. immediately.