Improving your online line security
|Online Security||Tips and resources on how to improve your online security.|
By taking some simple precautions, you can increase your level of online security. While technology has made things easier, nothing will protect you against fraud if you are careless with personal information. By keeping your personal information secure and being aware of security, you can play an important part in protecting your personal financial information and preventing fraud.
Listed below are areas you can focus on to keep your personal information secure
1. Be Aware of Fraudulent Emails
2. Protect Your Member Number/Access Password
3. Use "Verified by Visa" Sites Where Possible
4. Limit the Size of Your External Transfer Limit
5. Request Email Notification of Transactions on Your Account
6. Log in Through the Correct Sites
7. When using Internet Banking Look for the "Closed Padlock" Symbol at the Bottom of your Web Browser
8. When using Internet Banking Look for "https:/www" in the Address Bar
9. Log Out After Using Internet Banking
10. Install a Firewall
11. Control Spam
12. Update Virus/Spyware Protection
13. Keep Your Computer Software Up to Date
14. Disable Password AutoComplete Settings on Your Internet Browser
15. Keep Track of Your Records
Be very cautious of emails that have a link to a website and/or an Internet Banking site that asks for personal details, your member number, your Internet Banking access password and/or card details.
- Only click on a link in an email if you are absolutely certain that it is from a reliable source.
- Do not click on emails where you do not know the sender or source and don't be duped by great offers coming through email.
- Think twice about forwarding an email with a "great offer" to a friend/relative.
- If you receive a suspicious email (especially ones purporting to come from a financial institution), do not act on the instructions contained in the email.
- Avoid opening suspicious or dubious emails or attachments, even if the email is from someone you trust (the email and attachment could have been forwarded automatically without the person's knowledge).
- You should not reply to "spam" emails or emails where you do not know the sender or source. It simply confirms that your email address is valid and you may receive further emails from them. You should simply delete the email.
- Email is one of the prime movers for malicious viruses. Regardless of how enticing the "subject" or attachment may look, be cautious. Any unexpected email, especially one with attachments (from someone you may or may not know), could contain a virus and may have been sent without that person's knowledge from an infected computer. Should you receive an email of this kind and you are doubtful of its legitimacy, delete it.
What you should look out for
You should be very cautious of any email that asks you to reply with or enter your personal details no matter how real it looks. Do not reply to emails that request your:
- personal details,
- member number,
- internet banking access password and/or
- card details.
Remember, Transport Mutual Credit Union will not request such information via an email. ^
To access your accounts, you will need your member number and a personal "access password". Your access password protects the security of your information. Access passwords will only keep outsiders out if they are kept secret!
Here are a few helpful tips to assist you in choosing and using your access password:
- Have a unique access password for your internet banking. Avoid using the same access password for different online applications. Doing so puts your money at risk should anyone discover your single access password
- When choosing an access password, select something that you will remember easily but which will not be obvious to others
- Do not use your debit, credit or access PIN number or, your date of birth as your access password. Avoid repeated digits or simple sequences; where possible use a combination of letters and numbers. Refrain from using your birth date, telephone number, car registration, postcode or other words and numbers easily linked to you personally
- Keep your access password confidential - you should not share or reveal your access password to anyone. Do not disclose your access password to anyone including a family member, friend or a credit union staff member.
- As an additional safeguard, it is advised that you regularly change your access password; we recommend every 30 days
- Do not write your access password down even if it is disguised.
- Be wary of unsolicited calls or emails requesting personal information, access password or card numbers.
Note: change your access password, or notify us as soon as you suspect your existing access password has become known or used by someone else.
Care should always be taken in unknown areas, like internet cafes: to prevent any other persons viewing your member number and access password, this applies equally to people watching the keyboard or watching the mouse on the screen. ^
Verified by Visa gives you the peace of mind of knowing no-one but you can use your Credit Union Visa card online.
All you have to do is link a password and a Personal Assurance Message (PAM) to your Visa card. Once registered, you will be shown your PAM and asked to enter your password every time you shop online with a participating Verified by Visa merchant.
The appearance of your PAM will confirm your transaction is being authenticated by the credit union. Entry of your password will confirm you really are the authorised cardholder.
Once your password is checked, your identity will be verified, the transaction will be completed as normal and you will have the peace of mind of knowing no-one but you can use your Visa card online. ^
Choose a daily external transfer limit that you are comfortable with. You can even set it to nil if required. ^
Select to receive email confirmations of actions you complete inside Internet Banking - including notification of a change to your email address. ^
Only log in to Internet Banking in one of the following ways:
- Click on the Internet Banking link on the top right of our home page
- Bookmark our home page (www.transportmutual.com.au) in your favourites
7. When using Internet Banking Look for the "Closed Padlock" Symbol at the Bottom of your Web Browser
When logging onto or using Internet Banking, look for the closed padlock symbol at the bottom of your web browser. You can double-click the padlock symbol to view the server security certificate's details. The certificate informs your browser that the web site you are connected to is in fact your Credit Union’s and not a "fake" site. The closed padlock images appear below. ^
When using Internet Banking, check to see that you are correctly accessing our secure site by looking at the address bar at the top of your browser. Check to see that the web address begins with "https://www". Web addresses that begin with "https://www" are secured (unsecured addresses start with "http://"). ^
Always log out completely from Internet Banking and close the browser session after you have finished. When leaving your computer unattended, you should either shut it down or physically disconnect from the Internet connection. This lessens the chance that someone will be able to continue to use your current connection. We recommend that you do not access Internet Banking via public access computers, eg Internet cafes, universities etc.
As an additional precaution, Internet Banking system has been set to automatically log out after 2 minutes if your banking session remains unattended. ^
We recommend you install a 'firewall' to protect your computer from unauthorised access over the Internet. A firewall is a software program that filters all Internet traffic between your computer and the outside world. It works to either block or permit Internet traffic to and from your computer. You can use the firewall to protect your home or business computer and any personal information it holds from offensive websites, spam and unauthenticated logins from potential hackers. ^
Major firewall providers include:
Spam is all unsolicited electronic mail sent out in bulk to individuals that have not consented to receive it. ‘Spammers’ use email addresses harvested from websites or procured by means without the owners’ consent.
You can protect yourself from spam in a number of ways:
A filter is kind of software that sorts incoming emails and rejects those it considers spam.
Spam filters can be very useful but are not perfect. Sometimes they block genuine messages (this is called a “false positive”). On other occasions they fail to identify real spam (this is called a “false negative”). Because of this, a good approach is to divert emails that have been identified as spam to a “spam folder”; this way you can manually review the diverted messages to check for any that are genuine.
Protect your Email Address Online
Spammers have typically used two techniques for gathering email addresses: “dictionary attacks” and “harvesting”. While both of these techniques are now outlawed under the Spam Act 2003, you should still exercise caution.
A dictionary attack occurs where a spammer sends out bulk emails to large numbers of possible addresses in the hope of locating a real email recipient. Harvesting refers to the process whereby a spammer finds your email address from a publicly available source, for instance where you have registered a domain name or just posted a message on a bulletin board. If you do supply your email address, try to limit the scope of subsequent communications (eg by ticking a box to indicate that you do not want to receive any further offers or information).
Also, consider using different email addresses for different purposes. This will help to limit the amount of unwanted mail you receive to your main email address.
Protect your Email Address when Publishing it on Your Website
If you want people to be able to be able to get in touch with you through your website, you can limit the risk of spam by using a non-personal email address or setting up an online form for visitors to complete (rather than giving them your email address). ^
For further information, click on the following links:
Internet Industry Association Security Portal
Australian Communications and Media Authority
A computer virus is a program that attaches itself to another program, but changes the action of that program so that the virus is able to spread. Anti-virus software is designed to protect you and your computer against known viruses, worms and Trojans. A Trojan is a malicious program disguised as something harmless, such as a game or a screen saver, which in fact contains hidden code that allows an intruder to take possibly control of your machine without your knowledge.
New viruses are constantly appearing; viruses range from harmless pranks that merely show an annoying message, to programs that can destroy or disable a computer altogether.
- It's important that everyone who uses a computer is aware of proper security practices. Protect your computer with up-to-date antivirus software. You should regularly update your computer system with the latest anti-virus software.
- Avoid opening, running, installing or using programs/files you have obtained from a person or organisation that you do not know you can trust, especially unsolicited email containing file attachments
- Scan new programs/files/attachments for viruses before opening, running, installing or using them
- Ensure you have the latest available updates and anti-virus definitions for your anti-virus software. Unless your software is kept up to date it will quickly become ineffective at preventing virus infection
- You should regularly scan your computer with current anti-virus software to ensure your system is not infected by a virus
Major antivirus software providers include:
- Trend Micro www.trendmicro.com
- McAfee www.mcafee.com
- Symantec www.symantec.com
- MessageLabs www.messagelabs.com
"Spyware" is the collective name given to software that is installed on your computer to secretly obtain information and send it back to another source. Spyware programs can be installed through a virus or as part of another software installation e.g. a ‘freeware’ program.
Spyware can be removed from your PC by:
- Running a spyware remover program: special programs such as Ad-aware www.lavasoftusa.com can be used to remove spyware that has been installed onto your machine
- Virus checking: scanning your machine with a virus checker can remove any virus related spyware;
- Deleting cookies: deleting cookies from your browser can help spyware related problems; and
- Installing a personal firewall: a personal firewall will stop unauthorised ‘attacks’ to your computer from spyware sources. A personal firewall is particularly important if you have a permanent, high-speed connection to the Internet.
Virus writers and hackers look for vulnerable areas of software programs to gain unauthorised access to PCs. Publishers of software programs provide updates from time to time to solve vulnerabilities that are discovered in their programs. The publisher will normally release a security upgrade as a “patch” to your existing program.
You should check your computer security on a regular basis and download the latest security updates. To check for updates and patches you should visit the publisher’s website, typically in their ‘Download’ section.
Use the latest version of your Internet browser: we use 128-bit technology in data encryption to protect your personal information. To take advantage of this feature you'll need to ensure you are using the latest version of your Internet browser. ^
AutoComplete functions remember your personal information and passwords.
We recommend you consider disabling the auto password auto completion function on Internet Explorer by clicking on Options, Internet options, selecting the Content tab, clicking AutoComplete; deselect the ‘Use AutoComplete for user names and passwords on forms’ box. You can clear any stored passwords in this section also.
In addition, do not download any computer software that remembers and pre-populates any of your access details required to logon to Internet Banking. ^