Protect Your Business Online
Corporate account takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium sized businesses to obtain access to their online banking credentials or email account or remove controls of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers' accounts.
As a business owner, you need an understanding of how to take proactive steps to avoid, or at least minimize, most threats.
Beware of Business Email Compromise Scam
According to FBI alerts, cybercriminals have stolen over $750 million from small and medium-sized business through a scam in which a business executive's or employee's email is spoofed – and the number of victims is growing rapidly. The fraudsters use the compromised or spoofed email to trick another employee to send funds, typically via a wire transfer. To the business' bank the transaction would appear legitimate. Please review the following document for information about the scam and best practices for businesses to detect the scam:
Online Business Banking Tips
The following information can help you protect your information when using our online services. While Northeast Bank maintains the highest level of security on our systems, we are not responsible for any breach of security that is beyond our control. The following are suggestions to help protect you online on your computer or mobile device.
- Apply operating system and application updates (patches) regularly
- Ensure the anti-virus/spyware software is installed, functional and is updated with the most current version
- Have host-based firewall software installed on computers
- Use the latest versions of internet browsers, such as Explorer, Firefox, Safari or Google Chrome with "pop-up" blockers.
- Turn off computer when not in use
- Do not batch approve transactions; be sure to review and approve each one individually
- Review your banking transactions daily and your credit report regularly
- Set time restriction access on user's access
- Enforce dual wire controls and/or ACH dual controls for users
- Limit number of users with administrative access
- Request IP Restrict to limit access to your online business banking by IP address(es)
- Perform a routine audit of your network and security controls you have in place
- Do not share your NetTeller online banking login information with anyone. If you think your information has been compromised, change your password immediately and call us at 612-379-8811.
- Choose a hard-to-guess password. Do not use words that can be found in a dictionary or information related to you, such as your name, address, birth date, etc.
- Disable auto-complete or similar features on any computer you use for online banking.
- Do not write down your password or reveal it to anyone.
- Change your password regularly.
- Remember to log out when you are finished banking online or are leaving the computer unattended.
- Avoid using unfamiliar computers to conduct any online banking, as they may be compromised.
- Avoid using regular email to share information about your account with Northeast Bank, use our secure email service instead.
- Use account activity alerts to notify you of account transactions and balances.
Mobile Banking Security
Our mobile banking and mobile deposit services utilize best practices from online banking, such as HyperText Transfer Protocol Secure (HTTPS), 128‐bit multi‐layer encryption, password or multi‐factor authentication access, and application time‐out when your phone is not in use. In addition, no account data is ever stored on your phone and if your phone is lost or stolen, you can restrict access to your account by resetting your NetTeller online banking credentials online or by calling us at 612-379-8811.
Mobile Banking Security Tips:
- Lock your device with a password or PIN when it is not in use.
- Use strong account passwords with at least one number and capitalized letter. Do not use your name, birth date or other easily identifiable personal information.
- Do not store personal information including your User IDs and passwords on your phone or send them via email or text messages which could be intercepted.
- Only download applications from trusted sources. Make sure to download updates regularly, as updates often fix security flaws.
- Do not enter personal information unless there is an "s" after http, which indicates the site is secure. Also look for security symbols like the lock icon.
- Do not bank or shop online when using unsecured, public Wi‐Fi access.
- Do not click on any links in emails claiming to be from Northeast Bank. Instead go to the Bank website directly and log in.
- Always log off completely after using Mobile Banking.
Northeast Bank will never solicit your personal information by phone, auto-dialer, text message, email or providing links within an email requesting that you update your information. You will not receive any email notification asking you to click a link or visit a website to unlock your account or to provide any private information unless otherwise requested by you through the online banking password self-reset feature or requested by someone else you know sending you a payment through our Person-to-Person (P2P) payment service. If someone you know is sending you a P2P payment for the first time, they should inform you and provide you with a unique keyword to authenticate. If you receive an email or phone call requesting confidential information from someone claiming to represent Northeast Bank, please do not respond.
Please be aware of these types of phishing scams designed to obtain information from you.