Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend you help safeguard your identity and personal information by using effective password protection. Here are some suggestions for creating safer passwords and some cautions against weaker ones.

Tips for choosing more-secure passwords:

• Create original passwords that contain a combination of letters, numbers, and even special characters (#, &, %) if allowed.
• Use both capital and lowercase letters (if your password can be case sensitive).
• Do not reuse a password that you may have used for another website
• Choose a password you can easily remember, so you don’t have to write it down
• Change your passwords at least twice a year
• Ensure your passwords are at least eight characters.
• Avoid using:
  • Your Social Security number
  • Account numbers
  • Phone numbers or addresses
  • Birth dates or anniversaries
  • Obvious or common nicknames
  • Names of relatives or pets
  • Common words from the dictionary

“Phishing” refers to fraudulent processes in which fraudsters attempt to obtain your personal information through electronic communications, such as emails, text messages, or instant messages. These messages appear to be from a trustworthy entity, such as a bank, insurance company, retailer, or regulatory agency. However, the messages are not legitimate. The fraudsters typically ask you to send your personal information to a website and then use that information to commit identity theft.

Remember, Areti Bank does not request personal information by email, text messaging, or instant messaging. Beware of any unsolicited emails that request personal information of any kind. Do not respond to any such emails, texts, instant messages, pop-ups, or links.

The following tips will help you spot fraudulent messages:

• The message title generally concerns an “urgent matter” that requires your immediate attention, such as “verifying” certain information to prevent the company from suspending or closing your account.
• The sender may ask for ATM or credit card numbers, personal identification numbers (PINs), sign-on IDs, and other personal information, such as your Social Security number, date of birth, or mother’s maiden name — all of which thieves can use to take over an account or commit identity theft.
• The sender’s name is usually generic, such as “Customer Service Department,” or is just the company’s name, such as “ABC Bank.”
• The message may look professional and official, often displaying the look and feel of a website that you know. It may even contain links or pop-up windows that have the appearance of legitimacy.
• The message may point you to a domain name that is spelled very close to or appears to be related to the legitimate domain name.
• The message may point you to a web page that is protected by Secure Socket Layer (SSL), better known as https.

Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malwares, allows distant hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals.

Follow the tips below to protect your computer and private information from these dangerous programs:

• Never open any email attachments, web links, or files if the sender or source is not trustworthy or cannot be confirmed. This will help prevent spyware (which is designed to secretly access information) from being installed on your computer.
• Use the automated update wizards in your operating system to download and install the latest security patches.
• Install a firewall and anti-virus software with spyware protection on your computer. Use the automatic update options, and keep your subscriptions current, as fraudsters continue to develop new malware and viruses.
• Use email spam-filtering software.
• Avoid using public computers shared by many individuals to pay your bills, check your account balance, or transact business. If you do have to use a public computer, remember to log out of any websites completely and log off the computer.
• Always use encryption for wireless access.

Configure your mobile device to require a passcode to gain access and with auto-lock features. Whether you have an Android, Apple or some other kind of mobile device, only download apps that come from the official app stores such as the Apple App Store or Google Play Store. Always ensure that the apps you’re using are the latest versions. Similarly, you should always download and install updates to the phone’s operating system.

Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different address. If you are suspicious of a website, close your browser and contact the company directly by phone Do not click links on social networking sites, pop- up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative. Only give sensitive information to websites using a secure connection. Verify the web address begins with https:// (the “s” is for secure) rather than just HTTP:// with no “s”.

We recommend you perform regular risk assessments to determine any potential exposure you may have related to Internet banking activities with an enhanced focus on “high risk” transactions. A sample risk assessment form is available below here. Please adopt your risk assessment/management program in light of your own operating environment, business type, market conditions, legal and compliance risk, control environment, and any other potential threats and risks application to your situation.