KNOWLEDGE TO KEEP YOU PROTECTED

PRIVACY & SECURITY

Central Citi Holding is committed to protecting your accounts from cyberattacks and identity theft. The products and services we offer come with tools and resources to help keep you and your accounts safe. However, in some cases that may not be enough. We rely on you to take all necessary steps to ensure your accounts are protected on your end, as well. Check out the security information below for tips on how to stay safe online.

Central Citi Holding is committed to protecting the privacy of our clients’ personal information. Please read our Privacy Policy for details regarding how we collect, share, and protect your personal information.

Fraud Alert

08.24.18

We are aware of the recent notifications from law enforcement regarding the threat of a cyberattack potentially targeting ATM devices nationwide. Central Citi Holding follows the FBI’s recommendations to protect against these potential threats. In addition, we continuously assess our security protocols and work closely with our service partners to defend against such attacks in an everchanging technology landscape.


Customers are never responsible for any losses incurred due to unauthorized ATM activity that they report to their financial institution in a timely manner. As a best practice, we encourage all customers to review account activity regularly through Central Citi Holding online banking.


Please notify the bank immediately if you identify any unfamiliar activity. You can also sign up for mobile alerts through Central Citi Holding Online Banking. If you would like more information on setting up alerts, please contact us.

Protecting Yourself Against Identity Theft

Set up strong password

  • Choose combinations of upper- and lower-case letters, numbers and symbols that are hard for a hacker to guess.
  • Do not use your birthdate, address or names a hacker may easily guess.
  • Do not use the same password for multiple accounts; if you do, once a hacker guesses your password correctly, he or she will have access to all your accounts.

Monitor your bank account transactions

  • Check accounts for fraudulent activity at least once or twice a week. Federal laws and industry practices protect account holders when criminals make unauthorized purchases using stolen payment card numbers or other information in certain situations.

Use a designated mobile device or computer for online banking and shopping

  • Some individuals purchase an old PC or designate one device for online banking and shopping. Devices are less vulnerable to cyberattacks when they are not used for web surfing, emailing, social media or playing games.

Effectively use anti-virus and security software

  • It is important to install and constantly update anti-virus and security software. This includes basic anti-virus programs, as well as program updates. Manufacturers are consistently updating their products and services so they operate as efficiently as possible and incorporate the most up-to-date security technology. Next time a program, even as basic as Word, offers an update download it. Please note, you shouldn’t accept updates as they pop up on your computer, because those can be malware or viruses. Instead, you should go directly to the software website, find the appropriate update and download directly from the site.

Be cautious when connecting to the Internet

  • A public computer in places like a hotel business center or library may not have up-to-date security software and could be infected with malware. In addition, if you are using a laptop or mobile device for online banking or shopping, avoid connecting it to a public wireless network. Criminals may intercept your device's signal and use it to collect personal information.

Protecting Your Business Against Email Compromises



The FBI calls it Business Email Compromise and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” If your business conducts any transaction via wire, you and your company could be at risk.

From January 2015 to June 2016, the FBI reported a 1,300% rise in identified exposed losses. Most of the losses were reported in the Central Citi Holding States and fraudulently -transferred funds typically ended up in China and Hong Kong. Unless fraudulent activity is discovered and reported within 24 hours, the chances of recovery are low. Only 4% of funds are ever retrieved.

Per research found by The Verizon 2016 Data Breach Investigations Report, employees and human error are the weakest link in any “IT system.” We recommend educating and training employees on all forms of cyberattacks, as well as asking them to use caution when sharing personal information on social media sites. We recommend educating all employees; however, human resources professionals, IT managers, C-level and senior executives and anyone with finance approval are more likely to be on the receiving end of attacks.

Those involved in large wire transfers are especially susceptible. Many companies have very lax policies when it comes to initiating a transfer. For some, the process is as simple as the CEO picking up the phone and requesting the movement of funds. Cybercriminals fish for information by sending emails to targets to glean information. Once successful, they pose as a familiar person and initiate the transfer. If multi-level safeguards are not in place, you may fall victim.

Human resources professionals are also top targets. Typically, they have access to the employee database, which includes sensitive information such as social security numbers and personal information. In addition, they receive resumes from potential applicants. Criminals may include spyware inside a resume or its delivery source, compromising the system.

What Can You Do to Protect Yourself and Your Business?

Know and guard yourself against the common methods of attack, including:


Phishing

  • Phishing emails are sent to many contacts simultaneously to “fish” sensitive information; hackers pose as reputable sources, such as banks, credit card providers, delivery firms, law enforcement and the IRS, to name a few.

Spear Phishing

  • A more targeted form of phishing, the cybercriminal has either studied up on the group or has gleaned data from social media sites to con users. The email generally goes to one person or a small group of people who use that bank or service. Some form of personalization is included – perhaps the person’s name or the name of a client.

Executive Whaling

  • Targeting top executives and administrators, criminals attempt to pull money from accounts or steal confidential data. Detailed, personal information about the executive and the business has been obtained prior to execution of this method.

Social Engineering

  • The three previous techniques fall under the broader category of social engineering. Social engineering in this application is the manipulation of people to trick them into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues provide a wealth of information about organizational personnel. This can include their contact information, connections, friends, ongoing business deals and more.