Security

Educate

Welcome to Bridgewater Bank’s Security Resource Center, where you can find important and helpful information about protecting your privacy, preventing identity theft and how to counteract suspected identity incidents.

As an added security measure, please note that Bridgewater Bank will never ask you for verification information over the phone or via email.

Account Takeovers & Corporate Account Takeovers

Account Takeovers, also known as Corporate Account Takeovers, is a fast-growing electronic crime where thieves typically use some form of malware to obtain login credentials to online banking accounts and then fraudulently transfer funds from those accounts. This can be an account to account transfer, a POP Money transfer, etc.

There are multiple methods for the thieves to try and steal your credentials; the most popular is through malware that infects a computer. Malware can be distributed through malicious websites, email links and social networking sites.

How to Reduce Your Risk of Account Takeovers:

  1. Maintain strong passwords
  2. Watch your statements and/or accounts closely for unauthorized activity.
  3. Install Security software, like anti­virus and anti­-spyware.

Hacked Email

When an attacker gets a hold of your email account and sends emails from your email account (Gmail, Yahoo, Hotmail, etc.) to your friends or your financial institution, it is considered email hijacking.

In the emails, the attackers insert links that include malware, hoping your friends or financial institution will click on the link because it is from a known contact or trusted friend.

You might have been hacked if:

  • Friends and family are getting emails or messages you didn’t send
  • Your sent messages folder has messages you didn’t send, or it has been emptied
  • Your social media accounts have posts you didn’t make
  • You can’t log into your email or social media account

In the case of emails with random links, it’s possible your email address was “spoofed,” or faked, and hackers don’t actually have access to your account. But you’ll want to take action, just in case.

What to do if you have been a victim of email hijacking:

Change your email password. Create a strong password that you don’t use for any other service. Contact your service provider for help and advice.
Go into your email account’s advanced options and change your account recovery options (challenge questions, phone numbers, and backup email address). Review these settings for changes you did not make.

Check the websites and applications that are allowed to access your account, and revoke any settings that are unfamiliar.
Check your advanced mail settings for suspicious forwarding addresses or delegated accounts. Check your email folders, (such as spam, sent items and deleted items) for any messages that may have been sent from your account.

Contact recipients of unauthorized email to inform them of what occurred. Consider advanced security settings that protect you from future issues.

Fake Checks

While most people consider checks a convenient and safe form of payment, they can be misused by scammers. A “fake check” scam happens in many ways.

In most cases, the scammer sounds very credible. Someone could offer to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping.

Don’t fall for their con. Scammers hunt for victims and seek to make them “mules.” They do this by sending a fake check that draws money from an account that does not belong to them (another victim). They may offer this check as payment for service or work. Many times, they will call the victim an “agent,” requesting they transfer money overseas. In exchange, they will typically allow the victim to keep a percentage of money as “payment.” Whatever the scam, the act is illegal and the victims will be defrauded. They may also be subject to legal prosecution.

Tip: Just because funds are available, it doesn’t mean that the check has cleared. If a check doesn’t clear, you will be liable for money drawn against it.

To avoid being victimized, consider the following precautions:

If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid.
Throw away any offer that asks you to pay for a prize or a gift.

Avoid entering foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
Never wire money to strangers. If possible, meet them before sending money.
If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story.

If the buyer insists that you wire back funds, end the transaction immediately. Visit the FTC’s website to learn more about fake check scams.

Internet Purchases

Visit the Federal Trade Commission’s website Onguardonline.gov to learn even more about online shopping and Internet Auctions.

What is Malware?

Malware (Spyware, Viruses & Trojans) 

Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term “computer virus” is sometimes used as a catch­all phrase to include all types of malware, including true viruses.

Malware can be brought to a computer in many ways but the most common ways are through email and webpages. Email from strangers with attachments or clickable links can install malware, or simply surfing the web to a page that hosts malware can cause this problem.

Types of Malware

Virus – A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. It can go from computer to computer or it can come from a website. There is no useful purpose for a virus, it is meant to put malicious software on your computer.

Spyware – Spyware is a type of virus that is usually not harmful to your computer. Most of the time it tracks the websites where you’ve been going along with the passwords you use at those sites and can pop­up advertisements. They also slow your computer dramatically and can act like an anti­virus program.

Trojans – Trojans in computing is any malicious computer program which misrepresents itself as useful, routine, or interesting in order to persuade a victim to install it. Many times, illegal copies of software will contain Trojans.

Trojans are also spread by some form of social engineering, for example where a user is duped into executing an e­mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in). Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

How to prevent Malware on your computer:

  • Keep your computer up to date by applying software updates (patches) as soon as possible.
  • Don’t rely solely on anti­virus to protect your computer. Install and configure a quality software security suite, and keep it updated. Be sure that the product contains multiple protection methods, including anti­virus, anti­-spyware, and web protection. Don’t ignore warnings from security software. Take the recommended actions (if offered).
  • Only install reputable, legal versions of software on your computer.
  • Don’t change computer or Internet browser settings to values that weaken security.

If your computer is infected with malware:

  • Stop using that computer for banking online or for online shopping. 
  • On an unaffected computer change your passwords (especially the passwords to your financial institution). 
  • Obtain professional help from a reputable business who has experience in computer support and specializes in malware identification and removal.
  • For serious malware infections, consider wiping the computer and reloading it from original install disks. This method will remove data and programs from the computer, so only do this you have backed up your personal data. This is the most reliable way of removing complex malware threats.

To learn more about malware, visit the Federal Trade Commission’s website Onguardonline.gov.


Phishing

Phishing is what it sounds like – scammers throw a wide net (billions of fraudulent emails) in an attempt at “hooking” a few people. In this case, the trophy is your password, username, and personal information. Once they get this information, it could be quickly used to access your accounts. The term phishing refers to a fraudulent attempt to obtain account information done via email.

Don’t be a victim. Learn to spot the hallmarks of phishing. Phishing may have the following hallmarks:

  • Unexpected email that warns of some consequence (like account suspension). This may have a “clickable” link that takes you to a “lookalike” site.
  • Poorly worded or confusing terminology in the text.
  • Promise of reward or refund, with a clickable link to a “lookalike” site.
  • Lack of personal information in the email. Things like account details are very generic.

Phishing can take other forms too:

  • Vishing – Voice + Phishing. Calls by phone from live people or recorded messages
  • SMSishing – Text + Phishing. Text messages that ask you to click on links or call a phone number.

Scammers may research a business more directly, and even target people by name. This is called “spear phishing.” No matter the form, precautions are still the same.

If you get a message via email, text, pop­up or phone that asks you to call a phone number to update your account or give your personal information to access a refund – don’t respond and cease communication. When in doubt, call the number on the back of your credit or debit card, or on your financial statements to confirm the information.

If you believe you may have compromised your account information, please immediately report it to Customer Care at 952.893.6868.

To learn more about phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

Mobile Security

Mobile devices such as cell phones or tablets need security protections in place too.

Security precautions for Apple® iOS devices (iPhone, iPad)

  • Avoid “jailbreaking” the system. Jailbreaking is a process of modifying the mobile operating system to allow a great deal of customization, but doing so drastically increases the chance of malware threats to your device.
  • Set a security lock on the device that is a passphrase or PIN. Newer devices also support “touch ID” which uses your fingerprint to unlock your phone. This will avoid someone simply picking up your device and accessing your information.
  • Be aware of your surroundings. Don’t type passwords for your accounts while people may be watching you or looking over your shoulder. Don’t leave your phone or tablet unattended in a public place, even for a minute.
  • Don’t connect to untrustworthy, unknown, or “open” (no security) WiFi networks.
  • Keep your device up to date with the latest version of the operating system available for your device; also, keep all of your Apps up to date. Updates prevent security threats due to software flaws.

Security precautions for Android devices

  • Avoid “rooting” the system. Rooting is a process of modifying the mobile operating system to allow a great deal of customization, but doing so drastically increases the chance of malware threats to your device.
  • Don’t allow your device to install applications from “unknown sources.” This is a setting under “Security” in your device.
  • Install a trustworthy antivirus program, just like you would with your main computer. Once installed, scan your device for viruses on a regular basis.
  • Remove applications you don’t need from the device. Understand and be picky about the permissions an application wants from you. A flashlight application should not access your personal contacts!
  • Set a security lock on the device that is a passphrase or PIN. This will avoid someone simply picking up your device and accessing your information.
  • Be aware of your surroundings. Don’t type passwords for your accounts while people may be watching you or looking over your shoulder. Don’t leave your phone or tablet unattended in a public place, even for a minute.
  • Don’t connect to untrustworthy, unknown, or “open” (no security) WiFi networks.
  • Keep your device up to date with the latest version of the operating system available for your device; also, keep all of your Apps up to date. Updates prevent security threats due to software flaws.

SMiShing

SMiShing scams are similar to phishing scams. You may get a message from a bank or service provider asking you to do something. However, the SMiShing is really a message from a scam artist.

How SMiShing Works

SMiShing scams often direct you to visit a website or call a phone number. If you dial the number, you’ll be asked for sensitive information like a credit card number.

After visiting the website, it may attempt to infect your computer with malware. Scammers continually get more and more creative. Most consumers are savvy enough not to fall for the old “we need your bank account password” email. However, a text message seems less threatening.

Instead of just trying to get money from you, such as with cashier’s check scams, SMiShing schemes often just try to get information such as credit card numbers.

What You Need to Know About SMiShing

If you get a suspicious message, don’t fall for it. Call a bank from a phone number you trust – one that is on your statement or the bank’s website. If you get a message about a service you’ve been signed up for, and will have to cancel, search the web for other reports of the message. To learn more about the related threat of phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

Vishing

Scammers are increasingly using a low-­tech tool, the telephone, to rip people off. They can set up a system that automatically dials a long list of phone numbers and asks for account information. Many times the phone number that they are calling from is masked. The caller shows up with a name that looks legitimate.

How to Protect yourself from Vishing

  • To protect yourself from vishing, use some of the same techniques you use to avoid phishing scams.
  • Don’t give information to anybody unless you are certain you know who you’re dealing with. If you get a phone call about one of your accounts, hang up and call the institution.

To learn more about the related threat of phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

Safety

Computer Physical Safety

In an instance when your computer is stolen or lost, your information can still be at risk, even if your computer’s software may is protected. You could also be at risk if you give away old computers without completely wiping the old system’s internal storage.

Encryption products can protect your information and make the data useless if it leaves your control. Recent versions of Windows, Macintosh, and others provide encryption options free with your computer. You just have to enable them.

Always make sure to thoroughly wipe the storage before you give away old computers. Formatting or deleting your old information is not enough. Better yet, remove the old hard drive and keep it.

To learn more about computer disposal and how computers store personal information, visit the Federal Trade Commission’s website Onguardonline.gov.

Identity Theft

Identity theft happens when someone uses your Social Security number or other personal information to open new accounts, make purchases, or get a tax refund.

Most people who experience identity theft must take several steps to recover. IdentityTheft.gov is the federal government’s one­-stop resource to help you report and recover from identity theft. The site provides step-­by­-step advice and helpful resources like easy-­to-­print checklists and sample letters.

If you believe that someone is using your personal information, visit IdentityTheft.gov.

My Credit Report

Under federal law, you are entitled to a copy of your credit report annually from all three credit reporting agencies – Experian, Equifax and TransUnion. You can take advantage of a report from each agency once every 12 months. Doing so will help give you a clear picture of your credit profile, all while ensuring your credit is up-­to­-date and accurate.

Look closely at the data from each credit bureau to see that it all matches up.

Things to look for:

  • Wrong mailing addresses
  • Incorrect Social Security info
  • Old employers
    Signs of identity theft
  • Errors in your credit accounts
  • Late payments
  • Unauthorized hard inquiries

If you see something suspicious, visit IdentityTheft.gov resources and next steps to restore your credit.

Patching

A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bug fixes, and improving the usability or performance.

Keeping your systems up­to­date can keep attackers from using the vulnerabilities that have been identified in certain software. As soon as a patch is available it should be installed to prevent security issues or improve performance.

Almost all software today has patches or software releases to fix vulnerabilities that are found. To learn more about patching, see the Federal Trade Commission’s website Onguardonline.gov.

Security Questions

Security questions, also referred to as Multifactor Authentication, are an online banking security feature that provides you with an extra layer of security to help protect you against identity theft and fraud. You may be asked to create a series of security questions when you enroll for certain financial services. These security questions are essential to ensure we can validate your identity under certain circumstances.

Security questions should be answered so they are personal, yet memorable for you. The answers to these questions should be unique and as detailed as possible, yet something that can’t be guessed or easily discovered by others. Your unique answers to your selected questions will be used to confirm your identity when you login to Online Banking from an unknown computer or based on a combination of security criteria.

Strong Passwords

Passwords are used in many places to access everything from email, bank accounts, medical records, etc. It is used to verify that you are the person to whom the information should be given. Protecting many of your accounts can begin with a strong password.

What is the difference between a passphrase and a password?

While passwords and passphrases essentially serve the same purpose – providing access to secure services or sensitive information – passwords are generally short, hard to remember and easier to crack. Passphrases are easier to remember and type. They are considered more secure due to the overall length of the passphrase and the fact that it shouldn’t need to be written down.

A strong passphrase:

  • Is 20 to 30 characters long
  • Is a series of words that create a phrase
  • Does not contain common phrases found in literature or music
  • Does not contain words found in the dictionary
  • Does not contain your user name, real name, or company name
  • Is significantly different from previous passwords or passphrases

A strong password:

  • Is at least eight characters long
  • Does not contain your user name, real name, or company name
  • Does not contain a complete word
  • Is significantly different from previous passwords
  • To learn more about passwords, visit the Federal Trade Commission’s website Onguardonline.gov.

UserID and Password

Bridgewater Bank will never ask for your personal account information or credit card information over the phone, via email or the internet, unless the client initiates the contact. We will never ask for your password in any way. We advise you to never share this information, unless you are sure with whom you are dealing. If you are ever in doubt about legitimacy, hang up (or cease communication), and call the number on the back of your credit/debit card, or as printed on your financial statement.

Tips:

  • Never re­use your password from site to site. Your important passwords (like those used for banking) should only be used in one place. If another site experiences a security issue, your passwords for other services are safe.
  • Change your password from time to time, and customize your userID to something very unique.
  • Your userID should not be something that is personally identifiable, like your Social Security Number.
  • Avoid using online banking services from shared computers that are not under your control and are untrusted, such as those found in hotels, libraries, or internet cafes.
  • Business clients should be especially vigilant, and use existing business online banking features that allow for multiple users with differing roles and dual controls over processing.

If you have released any information improperly or believe you may have compromised account information, please immediately report it to Customer Care at 952.893.6868.

Wireless

Wireless networks can be found at hotels, coffee shops, or airports. If not properly configured, wireless networks can provide a way to for scammers to oversee your computer’s communications, therefore risking your personal information.

Tips:

  • Wireless networks should be configured for encryption, specifically a form called WPA or WPA2. This type of encryption should require a password that is complex and isn’t guessable for access.
  • If you have wireless at home, configure it for security, and customize important settings. Default passwords (those provided by hardware makers) should be changed, and wireless passwords should be something you choose.
  • If you are a business and provide customers with wireless Internet access, ensure these wireless systems are completely isolated from your internal computer systems.

To learn more about wireless security, visit the Federal Trade Commission’s website Onguardonline.gov.

Report

Lost or Stolen Card

A lost or stolen card can be a stressful situation. Bridgewater wants to ease your concerns and take the necessary precautions to lessen your risk of financial loss and identity theft.

Please contact us at 952­893­6868 or call the after­hours line (1­800­472­3272) to report your lost or stolen card.

Reporting Fraud

Bridgewater Bank will never ask for your personal information via email or via text. If you have received a suspicious email please contact the bank at 952­893­6868.

What to do if your Identity has been Stolen

If you suspect you are a target of identity theft, the Federal Trade Commission provides the following next steps that should be acted upon immediately to best insure your protection:

  • Place an Initial Fraud Alert: If you think someone has misused your personal or financial information, call one of the companies and ask them to put an initial fraud alert on your credit report. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit in your name.
  • Order Your Credit Reports: After you place an initial fraud alert, the credit reporting company will explain your rights and how you can get a copy of your credit report. Placing an initial fraud alert entitles you to a free credit report from each of the 3 credit reporting companies.
  • Create an Identify Theft Report: An Identity Theft Report helps you deal with credit reporting companies, debt collectors, and businesses that opened accounts in your name.

For more information on the above steps, see the Federal Trade Commission’s document on Taking Charge if your identity is stolen.