Security

At First International Bank & Trust, we care about security.

From spam email to social media, password security to family protection, we have put together all the best information for keeping your information secure.


Bank Interactions: Main Website

By utilizing Digital Certificate technology, First International Bank & Trust ensures the accuracy and security of any data that is transmitted to us using our secure forms or Online Banking solution. We utilize special certificates which help to provide a higher level of assurance to customers that they are actually visiting our website. The address bar turns green when you are securely visiting our main Bank site as well as Online Banking. HTTPS communications are secured whereas HTTP are not.

Bank Interactions: Online Banking

Alerts

Enabling alerts and monitoring account activity is one of the quickest methods which helps identify fraudulent activity. Listed below are the instructions for setting up Online Banking eAlerts. Once logged into your online account do the following:
Select Accounts
You have [0] secure messages and [0] eAlerts waiting for you.
Select the 0 or number before eAlerts
Select Messenger(0)
Select Setup New Alert
CHECKING DEPOSIT- CUSTOMERS
Notifies when an ACH deposits is made to an Account:
DDA CHECK CLEAR
Notifies you when Check number #### clears Account:
DDA LOW AVAILABLE Balance
Notifies you about a low balance.
DDA TRANSACTION ACTIVITY
Notifies you of any transaction activity.
DDA-LOW CURRENT BALANCE
Specify the value the account falls below before you receive a notice.
Select Online, E-Mail or Mobile
Mobile
Enter Phone Number
Enter Phone Carrier

Access
• Always use a password unique from passwords you use on other sites. See the Password Security section for additional best practice recommendations.
• Ensure that your PC or mobile device is always running current vendor supported software on the latest patch release. See the PC Security section for additional security recommendations. Utilize layers of defense in order to improve your protection. See the PC Security section on our website for additional information.
• Always access from a trusted PC or mobile device. Avoid Kiosk PC or PC in hotel lobbies for example. Best practices are to not access Online Banking when connected over a non-trusted/free Wi-Fi network or hotspots.
• Usage of a device (PC or mobile) dedicated for financial transactions is a best practice. This helps reduce the risk of malicious software being installed on the device.
• You will not randomly receive pop-up messages from our websites asking for information such as your Name, Date of Birth (DOB), Social Security Number (SSN), account numbers, credit card numbers. We will never ask for your PIN. If you receive a popup message asking for sensitive information while visiting Online Banking, contact the Customer Care Center immediately so that we can take appropriate action.

Bank Interactions: Communication

If you receive a call from someone representing the Bank, don’t give out sensitive information. Call a number which you have on record or which you located on our website in order to validate that you know who you are talking to.

Please note that email is not a secure form of communication so remember to never send account numbers, social security numbers or any other information you would like to keep private to First International Bank & Trust or anyone else in an email message.

Sending email can be equated to sending a postcard in the mail. You don’t place anything on a postcard which is sensitive. With email you utilize the same practice and avoid sending sensitive information via email as it may be viewed by more than the intended recipient.

Password Security

The media is full of news articles relating to passwords being compromised. Based on this growing trend, it is critical that we protect our passwords by utilizing unique passwords on each website in order to limit your exposure when there is a disclosure of passwords being compromised. Following the best practices below will help improve your security:

General Tips
• Utilize strong passwords which are changed frequently!
• Never email a password!
• Make your password easy to remember and hard to guess!
• Don’t write down passwords.
• Don’t store passwords in password protected documents or spreadsheets as these documents are not secure and are easily accessed or cracked into.
• Don’t utilize sensitive information such as birthdays, Social Security Number or other information which may be public knowledge.
• Don’t utilize information readily available via social media: pet names, friends, hobbies, sports of interest, favorite sports teams, etc….
• When asked for challenge response phrases, use custom options when available. Don’t select the same challenge items on different websites. Don’t utilize common knowledge items such as where did you go to school as these can be easily researched and or guessed.
• Don’t carry passwords around in your wallet or purse.
• Don’t select to remember your password if prompted to by your web browser especially for any financial related site or when accessing your email. This recommendation may be an inconvenience, but it will increase your security and reduce the risk of financial loss.

Change & Sharing
• Change passwords often and never share them: Remember that passwords are like toothbrushes, we change them often and never share them.
• Our Online Banking system will automatically prompt you to change your password.

Length
• Passwords should be a minimum of 8 in length. Remember that longer passwords are harder to guess.
• Utilizing pass phrases within passwords makes them easier to remember. Use a phrase such as “I moved far away while in 10th Grade 2010” and use the initial of each word like this: “Imfawi10G2010”.

Password Strength
• Strong passwords contain Letters, Numbers and Symbols as well as utilize Upper and Lower case.
• Avoid dictionary passwords as they are easy to guess.

Age
• Best practice is to change passwords every 90 days.

Uniqueness
• Use unique passwords which you haven’t used in the past.

Alerting
• Configure alerts if available to alert you that someone has attempted to access your account.

Guarantee Access to Your Account
• Many email and other providers allow you to configure your account so that you can regain control of it if when someone else gets in and changes your account password. Search for “Security” under the providers help section.

PC Security

Best practice for protection of your PC or mobile device is to utilize layers of defense in order to protect the device. Many industry experts acknowledge that Anti-Virus as a stand-alone protective measure doesn’t provide adequate protection. Layers of defense including but not limited to firewalls, spam filtering, web filtering and proper PC permissions and configurations are all components of defense in depth.
The best practices below may be technical in nature. If you are unfamiliar with performing the actions below, refer to the manufacturer instructions.
Protections
Utilize a Firewall, install Anti-Virus, Anti-Malware and Spam Filtering software!
• Enable a firewall on your PC and your network equipment. Most PC and network equipment come with a build in firewall. The firewall helps reduce the risk of criminals having direct access to your PC. Firewalls typically block inbound connections by default.
• Install Anti-Virus/Anti-Malware protection on your PC.
• Reference resources:
Microsoft Security
Apple/Mac Support
• Utilize web filtering software as an additional layer of protection from accessing a malicious site or as a way to protect your children. Protect Children
• Disable your wireless card when not in use on your Laptop or Mobile Device. Criminals like to monitor for devices doing wireless broadcasting.
• Enable an automatic screen lock.
• Always lock your device when you walk away from it.
• Never attach a removable media device such as a USB device or SD type card to your PC if you don’t know the source of the card.
• Login to the PC with User level permissions versus Administrative permissions. This helps prevent the unauthorized installation of malicious software.
• Backup your files. Ransomware has become a growing trend. Without backups you may not be able to regain access to your files.
Maintain the equipment which allows you to attach to the Internet (DSL and Cable Modems)
• Change default passwords
• Block administrative access to the device from the Internet
• Enable the firewall if not enabled by default.
• Wireless: change the default wireless SSID.
• Wireless: utilize WPA2 or greater when possible. Consider a new device(s) if it doesn’t support WPA2.

Applications
• Install and utilize only reputable software. Non-reputable sources frequently offer free items in order to lure people into installing their software which may be malicious.
• Pop-up windows are frequently dangerous. Don’t click on links, buttons or the “X” box contained within pop-up windows. To safely close the windows, don’t select the “X” in the upper right corner of the window but instead, right click the web browser icon in the task bar (at the bottom of your computer screen) and select close. An alternate option is to use Task Manager to close the web browser windows.

Patching
• Enable automatic updates when installing new software or when prompted after installation. Install the latest updates.
• Always utilize vendor supported software which is on a currently supported version.

Warning Signs
Warning signs that your PC may have malicious software installed on it include:
• Pop-up windows which may include windows asking for sensitive information
• Icons which don’t appear normal
• Slow performance
• Receiving Anti-Virus/Anti-Spyware warning messages

Infected PC Response
Resolving a PC infection will likely require professional assistance in order to help provide confidence that your PC is safe to use. Many times the best response to a PC infection is to reinstall the Operating System (OS). When this is done, all files are complete removed, thus having versions of backups is critical.

Disposal
• Erase (or physically destroy) your hard drive before discarding your old computer. Safe Disposal Guidelines

Social Media

Social media is one of the most widely targeted resources by criminals. The criminals use social media in order to learn a lot of information about you. They then use this information to target you and our friends. They may even send you a friend request hoping that you granting them access to your social network. The items below help protect you from the criminals and other social media privacy related issues.
Customize Your Settings
Reviewing social media site settings and available features on a regular basis is a best practice in order to protect your privacy.

Guarantee Access to Your Account
• Many email and other providers allow you to configure your account so that you can regain control of it if when someone else gets in and changes your account password. Search for “Security” under the providers help section.

Public Information
• Consider the fact that anything you do or say on social media may be or become public knowledge and is to be considered permanent! It doesn’t go away even if you believe you have deleted it.

Friends
• Choose your friends wisely! Your parents most likely taught you not to talk to strangers when you were a child. The same goes for social media. Friend requests are used as a way to access your social network. If you would like to be a friend with a stranger or someone you don’t know well, place them into a group and only allow them access to limited information.
• Beware of all links sent to you. Consider the following before responding to or clicking on a link:
• If a friend sends a link, is that normal activity?
• Does the message seem out of context?
• Are there grammar issues?
• Does the time of day the message was sent seem normal?

Web Browsing

Best practice is to always ensure that your PC and installed software are all up to date before web browsing. This helps to reduce the risk of your PC or mobile device becoming infected. Listed below are some additional best practices.
• Never click on a link and visit a website after receiving an email from an untrusted sender. Visiting a website is enough to infect your PC or mobile device. To learn more view phishing security resources.
• Utilize web filtering software as an additional layer of protection from accessing a malicious site.
• Firewall is enabled
• Anti-Virus is up to date
• Prior to entering in login credentials including passwords, make sure that the URL begins with HTTPS versus HTTP. HTTPS protects your communications with the website where as HTTP doesn’t.

Caution!
• Avoid links where the domain name has been shortened and you don’t know where you will end up if you click the link. An example of a shortened link is one which contains bit.ly.
• Pop-up windows are frequently dangerous. Don’t click on links, buttons or the “X” box contained within pop-up windows. To safely close the windows, don’t select the “X” in the upper right corner of the window but instead, right click the web browser icon in the task bar (at the bottom of your computer screen) and select close. An alternate option is to use Task Manager to close the web browser windows.
• Never type in a website address located on a car window flyer. Criminals have been known to place flyers on car windows when they are after a specific target.

Family Protection

The Bank values your safety and the safety of your family. As a starting point, please review the many security related topics under the Security portion of our main Bank website. Since there are so many methods of protection and so many items which you may be interested in learning about and protecting, we are providing links to additional educational resources below.

The Bank is in no way affiliated with or promoting any of these companies. Usage of the processes, concepts, strategies or technologies presented on these sites does not guarantee your safety or the safety of your children.
• http://www.staysafeonline.org
• http://www.onguardonline.gov
• http://www.consumer.ftc.gov/topics/kids-online-safety
• http://www.microsoft.com/security/default.aspx
Most large technology and Anti-Virus providers also have resources available online to help with protecting your family.

Education is an important component of family protection. In addition to the resources above, the resource below is a good educational reference for individuals.
• https://www.infragardawareness.com

Mobile Security

The best practices below may be technical in nature. If you are unfamiliar with performing the actions below, refer to the manufacturer instructions.

Online Banking Mobile Application
• Our online Banking mobile application is only available via: Apple App and Google Play store. Locate Apps by searching for First International Bank & Trust.

Wireless Access
• Avoid usage of public Wi-Fi networks.

Protection
• Password protection of your mobile device is a critical first step!
• Lock your phone when not in use.
• Configure your phone to erase all data after 10 failed login attempts.
• Erase (or physically destroy) your mobile device before discarding or exchanging it.
• Download apps from reputable sources and review the permissions required on your device before downloading.
• Protections similar to your PC should be installed on your mobile device.
• Firewall
• Virus Scanner
• Anti-Theft protection
• Privacy Advisor
• Application Management
• Disable your wireless card when not in use on your mobile device. Criminals like to monitor for devices doing wireless broadcasting.

Updates
• Ensure that updates are applied to the Operating System and all installed applications.

Safe Habits
• Avoid clicking on links or attachments from unknown sources

Add-Ons
• Beware of add-ons as they could be have malicious intent and could be used to access your information including your contact book or other sensitive information.

Backups
• Utilize backups to ensure that you don’t lose sensitive information such as your address book or contacts. Consider what is being backed up. Personal pictures may be backed up and available to others if your online access account is compromised.

Internet Scams: Phishing, Vishing and Smishing

Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details by appearing as a trustworthy entity in an electronic communication. Vishing is similar to phishing but it uses voice or phone calls with local numbers to give the appearance of a local trusted organization. Smishing utilizes text messages send to cell phones in order to lure a user into taking action or clicking a link.
Phishing
Sending out emails is a numbers game. Criminals know that by sending volumes of emails, some individuals will fall victim by clicking a link or opening an attachment.

If you ever receive a phishing email specific to the Bank, do not click on the link or open attachments. Forward the message to: abuse@firstintlbank.com.

Common email or text subject lines to lure people:
• Sense of urgency (Action Required, Urgent!, Eligibility Renewal, Outstanding invoice,)
• Human Nature (Important, Contact Information Updated, Background Check, Criminal Charges, Fired, Severance)
• Events (Breaking News!, Tragic Event!, Outbreak, School Shooting)
• Health (Weight Loss, Cancer Cure, Celebrity Slim Down, Miracle Workout)
• Free (Gift Card, Register, Winner, Voucher, Congratulations, Rewards
• Personal Interest (Pets, Hobbies, Relationships)

Best Practices
Never click on links, open attachment or reply to email from non-trusted sources.
• Be suspicious of any unsolicited email requesting personal information.
• Avoid filling out forms in email messages that ask for personal information. Never send personal or sensitive information via email.
• Always compare the link in the email to the link that you are actually directed to.
• Visit the official website by typing in the address, instead of clicking on a link in an unsolicited email.
• Contact the actual business that supposedly sent the email to verify if the email is genuine. Do not use a number contained within the email. Lookup the phone number on the Internet or within a phonebook.

Phishing Signs
• Grammatical issues
Vishing (Phone and Messages)
If you receive a call claiming to be a financial institution, person of authority or someone looking to confirm information, they are likely a criminal.
• Be suspicious of any calls requesting personal information. Call the organization directly to validate if a call is legitimate. Don’t call back the number which shows up on your Caller ID unless you have validated that it is the number you want to call.
• If you receive a call by someone claiming they have seen suspicious traffic from your computer or can help fix your slow computer, it is a scam. They may also ask you to visit a website so they can help fix your computer.
• If you receive a call indicating that you have won the lottery, it is a scam.
• If you receive a call indicating that you have a relative in jail and they require money to get out it is a scam. See the Scams section to learn more.
Smishing (Text Messages)
If you receive a text from an untrusted sender don’t click on the link, respond to it or take any further action. If the text message is impersonating a financial institution, you may want to make them aware of the event.

Additional resources to learn more about phishing and social engineering are listed below. The Bank is not promoting or affiliated with these resources, they are for reference purposes only:
http://www.lookstoogoodtobetrue.com
http://www.antiphishing.org

Spam Email

Criminals send numerous emails attempting to appeal to our interests in order to sell us products. The challenge is that spam can be easily confused with malicious email phishing messages. Best practice it to error on the side of caution and delete suspicious messages from untrusted senders.
• Enable and configure spam filters.
• Don’t open spam. Delete it unread.
• Don’t click on links or open attachments from untrusted sources. Visiting a website or opening an attachment is enough to compromise your PC or mobile device.
• Never respond to spam as this will confirm to the sender that it is a “live” email address. When in a business environment, best practices for out of office replies is to only send them to your contacts only.
• Have a primary and secondary email address. Use one for people you know and one for all other purposes.
• Avoid giving out your email address unless you know how it will be used.
• Never purchase anything advertised through an unsolicited email.

Scams

Criminals utilize many scams in order to get your money or attempt to have you move money for them through employment scams.
• Lottery: If you receive a call, email, letter or text indicating that you have won the lottery, it is a scam.
• Foreign Country Relative In Jail: If you receive a call, email letter or text indicating that you have a relative in jail and that they require money in order to get out it is a scam.
• Auction Fraud: If someone ever offers you more than the asking price, it is a scam.
• Cashier’s Checks: Validate a cashier’s check by contacting the Bank before turning over goods.
• Employment/Business Opportunity Scams: Advertise for company X and we will pay you. If it sounds too good to be true, it is most likely a scam.
• Additional crime prevention tips are available via: http://www.ic3.gov

Privacy, Confidentiality and Security of Information

Online Banking
• Enable Online Banking alerts. Refer to the Online Banking section for enabling alerts.
• Monitor your transaction history on a regular basis.

Change of Address or phone
• Visit a branch to change your address or phone number. Having current information on record helps us contact you when we detect fraud or suspicious activity.

Internet Access Related
• Avoid usage of public Wi-Fi networks.
• Never input an ID or password into a Kiosk computer in a hotel lobby or any other location.

Identity Protection
• Utilize a cross cut micro shredder for all sensitive documents including credit card applications, checks you may receive associated with an account if you don’t plan to use them. When in doubt, shred!
• Remove address labels from magazines or newspapers before discarding them. The address labels contain sensitive account information and could be used for social engineering.
• Wallets and purses should never be in plain site within a vehicle
• Don’t carry around all your credit or debit cards
• Don’t carry around your Social Security card
• Avoid carrying a book of checks around in your car
• Avoid conversations about sensitive topics in public places. Consider who is around you and whom may be listening in.
• Never attach a removable media device such as a USB device or SD type card to your PC if you don’t know the source of the card.
• Never type in a website address located on a car window flyer. Criminals have been known to place flyers on car windows when they are after a specific target.
• Don’t write your pin numbers on your Credit or Debit cards.
• Consider paying bills online versus writing checks.
• Place garbage out in the morning versus the night before pickup day.
• Place outgoing mail in a secure mailbox. Placing them in a mailbox near a post office is the most secure option. Don’t place outgoing mail in a mailbox on the street.

Phone Calls
• Never give out personal information over the phone if you receive a call. You should call the company via a trusted phone number which you are able to lookup.
• Criminals will appear to come from local numbers in order to establish a sense of trust. Beware of this and don’t fall victim.

PC/Laptop and Mobile Device Protection
• Hide electronic devices (Phones, PC, Mobile Devices) when in unattended vehicles.
• Disable your wireless card when not in use on your Laptop or portable device. Criminals like to monitor for devices doing wireless broadcasting.

Credit Monitoring
To order your free credit report, visit www.annualcreditreport.com, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

Learn more about how to protect yourself from becoming a victim of identity theft: www.ftc.gov/idtheft