Online Banking Security It is important to be wary when banking online. Criminals have many ways of making money online. They can steal your passwords and bank details with viruses, fake emails and fake websites, ask you to provide security details, send spam with bogus offers and products, take over your computer and use it to attack other people's computers. Following are descriptions of some of the top online fraud risks, and what you can do to protect yourself online           TOP FRAUD RISKS Phishing: An attempt at identity theft where criminals lead users to fake web sites to get them to disclose private information: Fake e-mails are sent by criminals posing as legitimate businesses Fraudsters try to con users into surrendering passwords and other private information, often by linking to a fake web site that looks like a legitimate log-on screen or online form Reverse ACH Phishing-e-mails from fake trading partners requesting account changes for ACH credits "Spear" Phishing-customized emails targeting specific groups-especially Treasury Professionals Bank impersonations by phone and text requesting security credentials-often following an earlier phishing e-mail Malware (malicious software): Programs or files that are harmful to computer users, including computer viruses, worms, Trojan horses, and spyware "Spyware" is software that can spy on all your computer activities Criminals can embed spyware in Web pages, e-mail, spam mail or attachments Man-in-the-Middle "kits" to hijack online sessions           SAFE ONLINE BANKING PRACTICES OUTLINE Limit Access to Those Who Need It: Lock it up Memorize your passwords Create strong passwords that are hard to guess (like letters and numbers and use of capital and lower case letters) and change them regularly Lock up your token when not in use Manage entitlements carefully Control access, account by account Set approval limits carefully Use the Account / User Administration Business Settings and Reports Tailor System time-out period Set and adjust password expiration period for your business Review Entitlement and System Admin Audit Reports regularly Flexible entitlements by user, account and function and dollar limit System Administration capabilities with tiered administration authority and Maker/Checker option Be Suspicious on the Internet: Don’t give out your passwords to anyone – ever, Citibank will never ask for this information via email, mail or phone. Criminals can be quite good at "Social Engineering", posing as bank employees to gain access to secure systems Do not share passwords, tokens or other account information, even with someone you know or work with! Be careful about sharing personal information such as your address, mother’s maiden name, or first school attended online. This information is useful to people who want to steal your identity or gain access to your online banking accounts. By sharing this information on social networking sites, you could be giving away sensitive data to online thieves. Make sure you visit the real CitiBusiness Online site. Always type our address www.citibusinessonline.com directly into the address bar of your browser. Enter directly through the CitiBusiness® Online sign-on page only! Do not click on links in unsolicited emails, especially those requesting personal information or requiring urgent action on your part—this could be an online fraud con trick. Criminals can be very convincing and it is important to be vigilant and suspicious when presented with e-mails that make big promises, are threatening, entail unnecessary secrecy, or involve receiving money for strangers. If an e-mail attachment seems suspicious, do not open it. Only open software attachments from a site you trust! If you don’t know what someone is sending you, don’t open it Greeting cards "Funny" videos Screen savers           PROTECT YOUR COMPUTER Purchase, update, and use anti-spyware and anti-virus software, both at work and at home. Anti-virus software protects you, your privacy and your account information from viruses—also called malware or Trojans—that can steal your personal information and take over your computer. Stay Current: Anti-virus and anti-spyware programs need frequent updates to fight off the latest threats; make sure you have the latest updates and patches, which can be downloaded over the internet. Keep Your Software Updated: Updated software is more difficult for viruses to infect. Criminals take advantage of software bugs to infect computers. By downloading the latest updates to your software, you can ensure that you have the latest fixes installed. Beware of fake e-mails regarding bogus updates—always use the update software that comes with your computer and never click on links in e-mails! In addition to your computer software, update your web browser and any applications you use. Ensure your computer has firewall protection to detect and prevent unauthorized access. Firewalls are intrusion detection software applications and can be purchased online. Use a separate computer for all online banking activities to ensure that accidental infection with a virus at another web site is not transferred to your banking application.           STAY INFORMED Read CitiBusiness Online Sign On Notes and Broadcast Messages. Check for additional fraud prevention information online, and visit the Anti-Phishing Working Group sites for up-to-date information about how to stay safe online. Check your account activity daily for any unusual transactions. If you don’t recognize a transaction, or if you suspect fraudulent activity on your account, contact your bank customer service department immediately!           USE YOUR SECURITY TOKEN The use of Tokens gives the user a dynamic "one-time" password that is only valid for a brief period. Impairs the ability of fraudsters to obtain passwords and access accounts Adds a layer of strong authentication to drastically reduce the risk of fraudulent funds transfer activity Provides an easy to use, portable…and free method of strong and secure authentication