Heartbleed Bug Update

Online Security

  • Multi-Factor Authentication Explained posted on April 4, 2012
  • Alert — beware of new text message phishing scam! posted on March 3, 2012
    SIS has been alerted of a text message phishing scam that has gone out to hundreds of people in the Southern Maine area.  Scammers try to obtain debit card information. The message says your ATM or debit card has been de-activated and gives a local phone number to call to re-activate the card.  This is a scam to get your social security, account number and/or pin number. The text of the phone calls vary slightly, what is consistent is they are asking the consumer to enter their entire account number or entire social security number.  NEVER GIVE OUT THIS INFORMATION IN ENTIRETY!  When you receive a telephone call from a legitimate SIS representative, they will ask you for only the last 4 digits of those numbers – they will never ask for the entire number. The other key to avoiding all Phishing Scams is a legitimate source will NEVER, ON ANY CIRCUMSTANCES, ask for a PIN (Personal Identification Number).  This information is for your eyes only. If you believe you have been contacted by a scam artist or need any other information, contact us at 1-888-226-5747.
  • Mobile Banking Security posted on February 2, 2012
  • Fraudulent and Dangerous Email Alert posted on November 11, 2011
    A phishing scam has come to our attention. Please be on the lookout for emails claiming to be from the Better Business Bureau. These emails are fraudulent and are an attempt to infect your computer with a virus. The email states that a case has been filed against you. It then instructs you to open an attachment included with the email. This attachment is most likely a virus or another form of malicious software. DO NOT OPEN THIS ATTACHMENT. SIS recommends that you delete this email entirely from your inbox and delete items folder upon receipt. Always be aware of every email you receive and do not open email attachments from someone you are not familiar with, even if it appears to be from a legitimate business or service. Marc Martin Vice President ~ Operations and Security
  • New FFIEC Guidance on Internet Banking Authentication posted on July 7, 2011
    What has changed for SIS Customers using Online Banking? Sanford Institution for Savings (SIS) would like to take a moment to review recent Internet Banking rules that have been issued by the Federal Financial Institutions Examination Council (FFIEC). The FFIEC is a collection of the regulatory agencies that govern banks. SIS is governed by the FDIC. On June 28, the FFIEC sent guidance to all financial institutions regarding how we currently protect your information while using SIS Online Banking services. As you know, SIS takes the security of your information very seriously, and has complied with all regulations and guidance provided by the FFIEC. SIS will continue to comply with this guidance and examine the best practices available to protect your information while using SIS online services. Currently, SIS employs a combination of a secure browser connection, customer number, password, and our enhanced login security system. We recently added the ability for you to use email, voice and text to receive a one-time passcode needed when we do not recognize your computer. We do realize that having to use a one-time passcode is inconvenient at times. Please be assured that SIS will research other options to make this more convenient. However, at this time, using a one-time passcode is considered the best practice in authenticating you as a user when you login into SIS Online Banking. This method is also compliant with the FFIEC guidance issued to SIS. We are also working with our Online Banking provider on other security efforts in response to the FFIEC guidance.
    • Enhanced Device Identification – We will enhance the security of the multifactor authentication enrollment cookie, where it is in use, by adding device fingerprinting. This means that if the cookie is present on a system whose device fingerprint differs from what is on record, the cookie will not be honored and an additional authentication step will be required.
    • Removal of Challenge Questions – In the near future, we will no longer allow the use of a Challenge Question to authenticate you. Instead you will need to use one of the three passcode methods available; text, voice call and email.
    • Web Fraud Detection, Behavior Monitoring – We are evaluating different options to monitor your online access for fraud. Once we have a solution in place, we will notify you on how it might affect you as a user.
    • Malware Prevention & Detection – We are evaluating different options to monitor the use of malware to “hack” your online access. Once we have a solution in place, we will notify you on how it might affect you as a user.
    SIS remains committed to providing you with the best and most secure Online Banking experience possible. With the ever-changing landscape of online fraud, this is proving to be more difficult every day. We are confident that with your help and some hard work on our side, we can achieve our goal. If you have any questions, please contact the Electronic Banking department at 1-888-226-5747 or email ebanking@banksis.com
  • Is It Safe to Bank Online? posted on June 6, 2011

    nerdynate-video-icon As a community focused financial institution, we have a strong policy when it comes to your privacy and security (onlinesecurity.banksis.net). In addition, when doing business online it is important to be aware of any and all safety issues that could affect you. Nerdy Nate asks that you please read these timely and practical tips published by the US News & World Report. http://money.usnews.com/money/personal-finance/articles/2011/06/13/is-it-safe-to-bank-online

  • Fraudulent Emails Claiming to be from NACHA posted on April 4, 2011

    See message from NACHA regarding fraudulent email:

    Further to notices issued on March 11 and February 22, 2011, NACHA – The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.

    NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

    Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
    If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

    Always use anti-virus software and ensure that the virus signatures are automatically updated.

    Ensure that the computer operating systems and common software application security patches are installed and current.

    Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).

Comments are closed.