Information Security
EMBank’s top priority is preserving your privacy and keeping your financial information secure. We also believe it is our job to provide you with information security awareness topics so you can take the necessary steps to protect yourself. If you’d like to learn more about financial and confidential information security, please browse the resources below. Our strategy to secure personally identifiable information (PII), protected financial information, and other forms of private and confidential information is multifaceted and includes the following:
Encrypting our data:
Desktops and laptops are encrypted where privacy data is stored; removable media such as flash drives, external hard discs, optical discs, wired or wireless printers are strictly limited to approved personnel, and all data written to those devices is encrypted.
Securing our locations:
Employees use security badges to access buildings and interior secured areas on the head office, and video cameras are monitored 24/7.
Strictly governing passwords and access:
Passwords are changed at regular intervals, and “strong” passwords are required; we review accounts regularly for appropriate access; access is immediately revoked on all employee terminations or separations, and two-factor authentication is in place for all users.
Conducting checks:
We perform background checks on all employees and contractors prior to being granted access to systems.
Protecting our systems:
Endpoint protection solutions are installed and updated on all desktops, laptops, and servers; internal and external firewalls segregate Internet-facing traffic from internal, and they segregate internal users from direct access to servers; egress filtering reduces the threat of command and control malware infections, and email security software identify and block messages that contain malicious links or attachments.
Testing our security:
We regularly try to penetrate and exploit our systems to make sure everything is functioning as it should and no weaknesses exist.
Antivirus Protection
Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
Latest Updates
Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g., Web Browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
Automate software updates, when the software supports it, to ensure it is not overlooked.
Public Internet or Computer
Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
Personal Firewall
Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g., PCs, smartphones, and tablets).
Susception of Compromise
If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website Spoofing
- Phishing
- Phone Scamming
The following sections explain the definition of these common attacks and provide tips you can use to avoid being a victim.
Website Spoofing
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like legitimate websites published by a trusted organization.
Prevention Tips:
-
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
- Avoid using websites when your browser displays certificate errors or warnings.
Phishing
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS).
Prevention Tips:
- Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages.
- Beware of visiting website addresses sent to you in an unsolicited message.
- Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
Phone Scamming
Telephone fraud, or vishing, is particularly sneaky. Fraudsters call up pretending to be the police or Embank’s fraud department and warn you that your account has been compromised to trick you into revealing your full password or persuade you to move your money somewhere ‘safe’.
Some tell you to call the genuine number for your bank to ‘verify’ the call, then play a dialing tone while they stay on the line, before posing as Embank and conning you into giving them sensitive information.
They may use software to make the call seem legitimate, for example, number spoofing software displays false caller-ID information to trick you into thinking that their number belongs to Embank or another legitimate business.
Criminals may also attempt to trick you into installing remote-access software to ‘fix’ a spurious problem.
Prevention Tips:
Call-blocking services and phones offer some respite from unwanted calls but the easiest way to stay safe is to hang up and call back on a phone number you trust such as the number Embank provides on the website.
Report Fraudulent or Suspicious Activity
Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your European Merchant Bank accounts.
Call us at +370 615 40102 or email [email protected]
Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions under your account, notify European Merchant Bank immediately.
- Create a unique password for all the different systems you use. If you do not, then one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it is probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password.
- Avoid using obvious passwords such as:
- Your name
- Your business name
- Family member names
- Your user name
- Birthdates
- Dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
- Configure your device to require a passcode to gain access if this feature is supported in your device.
- Avoid storing sensitive information. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, bank account numbers, etc.). If sensitive data is stored then encryption should be used to secure it.
- Keep your mobile device’s software up-to-date. These devices are small computers running software that needs to be updated just as you would update your PC. Use the automatic update option if one is available.
- Review the privacy policy and data access of any applications (apps) before installing them.
- Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to non-discoverable when Bluetooth is enabled.
- Delete all information stored on a device before the device changes ownership. Use a “hard factory reset” to permanently erase all content and settings stored on the device.
- “Sign out” or “Log off” when finished with an app rather than just closing it.
- Never click on suspicious links in emails, tweets, posts, nor online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
- Only give sensitive information to websites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. Some browsers also display a closed padlock.
- Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
- Always “sign out” or “log off” of password-protected websites when finished to prevent unauthorized access. Simply closing the browser window may not end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
Ransomware:
Ransomware is a kind of malware attack, in which, you are denied access to the data on your computer. The data often gets locked, typically by encryption and a payment is demanded before the ransomed data is decrypted and you can access it again. Attackers mostly do it for extracting money from the attacked individual. But, with careful planning and prevention, you can combat ransomware and save your data and money from being lost.
Here is how to avoid Ransomware:
Install an Anti-Malware/Antivirus
An Anti-Malware software can help you secure your system from unknown cyber fraudsters who can claim access to your data and demand ransom in return for granting you access back to your data. Install good Anti Malware to protect yourself from the perils of data theft and ransomware in the long run.
Have a Back-up
Ensure you have an offline data backup of all your necessary documents and information. Check your backup regularly and update them if necessary, so that all your data is up-to-date, and you don’t find yourself in a fix even if you are subject to a ransomware attack.
Keep your software updated
Ensure that your operating software and mobile applications are up to date. Updates bring with them greater security fixes and as such, make your system stronger and less vulnerable to attacks. Therefore, making sure that all your software and applications are regularly updated and upgraded will keep your system safe.
Be careful where you click
Ransomware attacks can be distributed in phony online ads, email links, social media messages, and even via text messages. Do not respond to messages from strangers or click on links in spam emails. Your conscious and careful online behavior is the first step towards preventing ransomware attacks.
Stay Aware
Cybercrooks are always looking for new ways to trick us out of money and information. You should always try to stay informed about the latest ransomware attacks and how to avoid them.
What is Identity (ID) Theft?
Identity theft occurs when an unauthorized party uses your personally identifying information, such as your name, address, Social Security Number (SSN), or credit card or bank account information to assume your identity to commit fraud or other criminal acts.
How does identity theft occur?
Identity thieves can steal your personal information directly or indirectly by:
- Stealing your wallets and purses containing identification cards, credit cards, and bank information.
- Stealing your mail including credit and bank statements, phone or utility bills, new checks, and tax information.
- Completing a “change of address form” to redirect the destination of your mail.
- Rummaging through your trash for discarded personal data is a practice known as “dumpster diving.”
- Taking personal information that you share or post on the Internet.
What can ID thieves do with your information?
- Call your creditors and change your mailing address on your credit card account.
- Open new lines of credit using your personal identification information.
- Establish phone services using your name which is charged to you.
- Open bank accounts in your name and writes bad checks.
- Forge checks to wipe out your bank account.
- Apply for auto loans taken out in your name.
- Commit other crimes and then give your name, instead of their own, to the police during their arrest.
What you can you do to prevent ID theft?
Identity theft is on the rise. While there are no guarantees that your identity will not be stolen there are steps you can take to minimize your risk.
- Use passwords on all your credit card, bank, and phone accounts.
- Never keep passwords, “PINs” or your SSN card in your wallet or purse. Learn about security procedures in your workplace.
- Never give out personal information on the phone, through the mail, or over the internet unless you know the receiver and have initiated the contact.
- Guard your mail and trash against theft.
- Shred or destroy discarded financial statements in your trash.
- Give your SSN only when absolutely necessary.
- Keep your purse or wallet in a safe place at work.
How can you protect your personal computer from ID theft?
SSNs, financial records, tax information, birth dates, and account numbers may be stored on your personal computer. Follow these tips to help keep your personal information safe.
- Update your virus protection software regularly, especially when a new virus alert is brought to your attention.
- Do not download files from strangers or click hyperlinks from people you don’t know. This could expose your system to a virus.
- Use a firewall program. This will stop uninvited guests from accessing your computer.
- Use a secure browser to guard the security of your online transactions.
What to do if you are a victim?
- Contact European Merchant Bank.
If you think you are a victim of identity theft or identity fraud, immediately call the European Merchant Bank at +370 700 11200.
- Contact all other creditors.
In addition to contacting European Merchant Bank, you must also promptly contact all other banks, financial institutions, and other creditors with whom you do business and let them know your identity has been compromised. Follow up phone conversations with an email or certified letter.
- Close accounts.
Close accounts that you believe were tampered with or opened fraudulently. When you open new accounts, be sure to use different Personal Identification Numbers (PINs) and passwords. Choose new, non-obvious passwords that combine numbers, letters, and symbols and are hard for thieves to guess.
- File a Police Report.
Complete a report about the theft at your local police department. Keep a copy of the police report in your files.
- Dispute fraudulent transactions on existing accounts.
Review your credit reports for fraudulent transactions on your bank accounts, retailers, utility and companies, or other businesses.
- Dispute fraudulent new accounts opened in your name.
Contact the fraud department of each business that reported a new account opened in your name by an identity thief.
ADDITIONAL RESOURCES
To learn more about information security visit any of the following websites:
• cybersecuritymonth.eu
• OnGuardOnline.gov
• StaySafeOnline.org
• US-CERT.gov