Security Tips & Tricks
US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns
Original release date: November 24, 2014
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following action:
- Approach similar content with caution. Do not follow unsolicited links or download attachments from unknown sources.
- Refer to our security Tips to learn more about Shopping Safely Online, Avoiding Social Engineering and Phishing Attacks, and Protecting Personal Internet-Enabled Devices.
- For information on charity scams, visit the Federal Trade Commission website.
If you believe you are a victim of a Holiday Phishing scam or Malware campaign, consider the following actions:
- File a complaint with the FBI's Internet Crime Complaint Center (IC3).
- Report the attack to the police, and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Home Depot Breach
Updated: September 22, 2014
Northeast Bank has received lists of our debit cardholders whose cards were identified as at risk for being used fraudulently due to the Home Depot security breach. We have already contacted these customers and have proactively issued them new debit cards with new account numbers. Please be assured that we are actively monitoring the activity on all customer accounts and continuing to work to protect you from fraud. We ask that review your monthly and/or online statements carefully and call us immediately if you see any suspicious activity. For additional information on the data breach, please view the Home Depot Security Breach Customer FAQ.
Updated: August 27, 2014
We received confirmation from Visa that the compromised card list we received last week was from the Supervalu/Cub Foods data breach. All Northeast Bank customers who had a debit card on the potentially compromised card list have been notified. If a customer has not received a letter that their debit card was part of the compromised card list, then their card was most likely not affected. However, sometimes merchants provide updated lists with additional potentially compromised cards. If we receive any additional lists, we will contact those customers immediately.
As noted in the letter that we sent to potentially affected customers earlier this week:
- The customer does not necessarily have fraud on their account.
- We are replacing their debit cards as a precaution to minimize the chance of fraud on their account. They should receive their new card and PIN within a week.
- They should monitor their account transactions and statements and let us know of any suspicious or unauthorized transactions right away.
- They should activate their new card as soon as they receive, then destroy their old card. Their old card will be deactivated when they use their new card or in 30 days.
The letter contains additional information and instructions for affected cardholders. If you have any questions or comments, please contact the Electronic Banking department at 612-379-8811.
Supported Browsers for NetTeller Online Banking and Bill Pay
For NetTeller online banking the current and prior major releases of Internet Explorer, Firefox, Safari and Chrome are supported. When a new version is announced as Release to Web (RTW), support will cease on the third-oldest major version. Note: As of June 26, 2014, Internet Explorer 8 (IE8) will no longer be supported for NetTeller Online Banking. If you are currently using IE8, please upgrade your browser to a newer version.
Please note that utilizing older browsers may result in disabled functionality or limited access to services.
Download one of the supported browsers now!
Internet Explorer Vulnerability
On April 27, 2024, Microsoft announced an Internet Explorer vulnerability that if exploited could allow a remote, unauthenticated attacker to execute code on a vulnerable system. Internet Explorer versions 6 through 11 are affected.
On May 1, 2014, Microsoft released Security Update for Internet Explorer (2965111) to address this vulnerability. The U.S. Computer Emergency Response Team (US-CERT) recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible. This update is available via Windows Update, however; depending on the version of Windows used, this update may not be deployed automatically.
Here is a link with more information about the vulnerability:
April 7, 2014 a new security vulnerability called OpenSSL "Heartbleed" was exposed. Sites running a particular implementation of SSL could allow sensitive data to be exposed through this vulnerability. Northeast Bank has confirmed with our website developer, online and mobile banking partners, and payment services providers that our sites and services are not vulnerable to the Heartbleed Bug.
For more information regarding the Heartbleed bug, please visit one of the following sites:
Apple iOS Update - Security Threat Alert
On February 24, 2014, Apple released an update for iOS 6 and 7 to address a substantial security vulnerability where unpatched devices are susceptible to attacks which can intercept, read and modify: encrypted mail, web browsing, app traffic and other sensitive data. You can learn more from the Apple website.
The following information can help you protect your information when using our online services. While Northeast Bank maintains the highest level of security on our systems, we are not responsible for any breach of security that is beyond our control. The following are suggestions to help protect you online on your computer or mobile device.
Online Banking Security Tips:
- Do not share your NetTeller online banking login information with anyone else. If you think your information has been compromised, change your password immediately and call us at 612-379-8811.
- Choose a hard-to-guess password. Do not use words that can be found in a dictionary or information related to you, such as your name, address, birth date, etc.
- Disable auto-complete or similar features on any computer you use for online banking.
- Do not write down your password or reveal it to anyone.
- Change your password regularly.
- Remember to log out when you are finished banking online or are leaving the computer unattended.
- Avoid using unfamiliar computers to conduct any online banking, as they may be compromised.
- Avoid using regular email to share information about your account with Northeast Bank, use our secure email service instead.
- Use account activity alerts to notify you of account transactions and balances.
Mobile Banking Security
Our mobile banking and mobile deposit services utilize best practices from online banking, such as HyperText Transfer Protocol Secure (HTTPS), 128‐bit multi-layer encryption, password or multi‐factor authentication access, and application time‐out when your phone is not in use. In addition, no account data is ever stored on your phone and if your phone is lost or stolen, you can restrict access to your account by resetting your NetTeller online banking credentials online or by calling us at 612-379-8811.
Mobile Banking Security Tips:
We also recommend that you follow these mobile banking security tips:
- Lock your device with a password or PIN when it is not in use.
- Use strong account passwords with at least one number and capitalized letter. Do not use your name, birth date or other easily identifiable personal information.
- Do not store personal information including your User IDs and passwords on your phone or send them via email or text messages which could be intercepted.
- Only download applications from trusted sources. Make sure to download updates regularly, as updates often fix security flaws.
- Do not enter personal information unless there is an "s" after http, which indicates the site is secure. Also look for security symbols like the lock icon.
- Do not bank or shop online when using unsecured, public Wi‐Fi access.
- Do not click on any links in emails claiming to be from Northeast Bank. Instead go to the Bank website directly and log in.
- Always log off completely after using Mobile Banking.
General Computer Security Tips:
- Keep your system and software current with updates from vendor websites. For example, use the Windows® update feature and install any critical updates and service packs that are available. Make sure you have the latest versions of all software applications.
- Use virus and spyware protection software and keep it up-to-date in order to detect and block new threats.
- Use a software or hardware firewall to protect your computer from network intrusions.
- Make sure that any wireless network to which you connect your computer is secure and requires data encryption.
- Do not download files, install software or open email attachments from unverified or unknown sources.
- Beware of pop-ups. Watch out for sudden pop-up windows asking for personal information or warning of a virus.
- Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an email claiming you have won an iPad or received a FedEx package -- is this probably real? Would it happen to me walking down the street? Scams today are not all identifiable by poor grammar and spelling mistakes, as they once were.
- Be wary for phishing emails which may appear to be sent from the bank but are really from criminals trying to get your personal information. Never click on embedded links if you are suspicious; instead, type the URL directly into the browser or contact your bank to verify the authenticity of the email.
Northeast Bank will never solicit your personal information by phone, auto-dialer, text message, email or providing links within an email requesting that you update your information. You will not receive any email notification asking you to click a link or visit a website to unlock your account or to provide any private information unless otherwise requested by you through the online banking password self-reset feature or requested by someone else you know sending you a payment through our Person-to-Person (P2P) payment service. If someone you know is sending you a P2P payment for the first time, they should inform you and provide you with a unique keyword to authenticate. If you receive an email or phone call requesting confidential information from someone claiming to represent Northeast Bank, please do not respond.