Bulletins

Banks Hit With Massive Cyber-Attacks: Is Your Money Safe?

by Theresa McCoy, Information Technologies Manager

To Our Clients and Friends

Cyber-security specialists reported that cyber-attacks on U.S. banks escalated last week, overpowering some of the most sophisticated computer defenses of U.S. banks. These attacks, known as "Distributed Denial-of-Service," (DDoS) flooded bank websites with traffic, rendering them unavailable to consumers and disrupting transactions for hours at a time. Previous denial-of-service attacks have been covers for looting bank accounts and stealing customers� or employees� personal information. There is no evidence so far that the latest attacks have included theft, but the full extent of the damage may not be known for weeks or months.

What can you do to protect yourself?

1. Check your bank balances daily. Commercial accounts are especially vulnerable as commercial bank customers are only given a 24-hour window to report anomalies to the bank.

2. Set up notifications that alert you via text message when transactions outside the norm take place on your account. Receiving alerts via phone gives the added protection of dual media reporting (in case the source of the breach is a hacker controlling your computer--including your e-mail!)

3. If you make direct deposit payroll payments, talk to your bank about setting up dual control/approval on Automated Clearing House (ACH) transactions.

4. Use strong passwords on all financial accounts and change them regularly. Be sure to use passwords that are different than any passwords you use elsewhere, like social media. When Facebook or LinkedIn has a security breach (which recently happened to LinkedIn), personal data, including passwords can be stolen. Once those credentials have been stolen, they are often sold again and again to other cyber-thieves. Cyber-thieves then try to log in to various banks using your stolen credentials. It is NEVER safe to use those passwords again. There are several placed online to help you pick a strong password. Microsoft has a password checker, plus tips on how to create a strong password.

In this most recent attack, JPMorgan Chase & Co., Bank of America, Wells Fargo, US Bancorp and PNC Financial were found vulnerable. If you bank with any of these banks, at a minimum, it would be a good idea to change your password. No matter where you bank, this is a good time to review the protections you have in place.