print this page

Securities & Alerts

2/04/2015 BEWARE OF TAX RELATED PHISHING SCAMS

Tax-Related Phishing Scams

On Friday, January 30, 2015, the IRS and US-CERT released ST15-001 "Prepare for Heightened Phishing Risk This Tax Season. "The full alert text is here: https://www.us-cert.gov/ncas/tips/ST15-001

This is a timely, and important, reminder about phishing scams that every computer user should be aware. Recently two major malware campaigns delivering the banking trojans Dridex and Upatre-Dyre have heavily leveraged phishing messages to infect targeted machines. Once infected, these tools collect banking credentials and other information from the system.

Recently an article was released by TrendLabs detailing an additional capability by the Upatre-Dyre campaigns that enables the malware to use Microsoft Outlook to further spread the Upatre-Dyre infections. This article is linked here: http://blog.trendmicro.com/trendlabs-security-intelligence/new-dyre-variant-hijacks-microsoft-outlook-expands-targeted-banks/

The Citizens National Bank encourages customers to remain vigilant about phishing email messages and to be wary about opening attachments that either look out of place or are not from a trustworthy source. Protective measures against phishing scams and malware campaigns include:

  • Maintain up to date antivirus software.
  • Do not follow unsolicited web links in email, text, or chat messages.
  • Use ad-blocking software to avoid 'malvertising' and potential downloading of malicious content.
  • Enable "click to play" in your internet browser to avoid automatically playing embedded content on a web page (i.e. news sites, Facebook, etc...).
  • Do not open unexpected attachments.
  • Save and virus scan attachments before opening them.
  • Do not provide personal or corporate information over the phone, through a website, or via email to unknown persons or to an unsecure web site.
  • Verify the identity of the person with whom you are communicating.

If you have any questions or concerns, please do not hesitate to contact The Citizens National Bank service@cnbct.com or at 1-860-928-7921.

1/15/2015 BEWARE OF TAX RELATED MALICIOUS E-MAILS

It’s tax season… Since it is that time of year again please be vigilant against any malicious e-mails you might receive related to filing taxes, potential refund issues, or even just the IRS.

 

Click on image to view larger

 

As you might notice there are a few things noticeably wrong with this e-mail.

  1. “TO” email address and the recipient may be different.
  2. If this were a legitimate e-mail it would be addressed to a specific person, not “Dear business owner”.
  3. The link claims to point to the IRS website; however, if you hover over the link you can see it really points to a Russian website (note the .ru domain in the link).

If you receive any e-mails of this type do not click on any links or open any attachments they might contain. If you are reluctant to delete the e-mail because you feel it might be legitimate please contact your IT or Computer Support provider.

11/26/2014 Holiday Phishing and Malware Campaign Notice

Holiday Phishing and Malware Campaign Notice

 

The holiday season provides increased opportunities for malicious criminals to conduct seasonal phishing and malware campaigns as a means to gain unauthorized access to computer systems.  Over the course of the holiday season, please continue to practice safe browsing and to evaluate e-mails, SMS messages, and other communications with a critical eye.

 

Please be aware that cyber criminals may attempt scenarios to entice individuals into opening attachments, clicking links, or installing software that contains malicious code or collects personal information or giving away information or access. Some samples of their tactics can include; sales, good will, and other aspects of the holiday season to. Customers should practice safe internet browsing both on personal and corporate computer systems. 

 

Potential attack avenues include:

  • Seasonal E-Cards/E-mails
  • E-mails/In-mails on social networking sites
  • Fraudulent posts on social networking sites
  • Fake advertisements
  • Fake shipping notifications, with attachments or links to view the notice
  • Charity scams

 

Protective measures against phishing scams and malware campaigns include:

  • Maintain up-to-date antivirus software'
  • Maintain up-to-date, patched software (operating systems, internet browsers, Adobe Flash, Silverlight, etc...)
  • Do not follow unsolicited web links in email, text, or chat messages
  • Use ad-blocking software to avoid 'malvertising' and potential downloading of malicious content
  • Enable "click to play" in your internet browser to avoid automatically playing embedded content on a web page (i.e. news sites, Facebook, etc...)                    
  • Do not open unexpected attachments
  • Save and virus scan attachments before opening them
  • Do not provide personal or corporate information over the phone, through a website, or via email to unknown persons or to an unsecure web site. 
  • Verify the identity of the person with whom you are communicating

If you have any questions or concerns, please do not hesitate to contact The Citizens National Bank, 860-928-7921.

10/24/2014 Recent Store Security Breaches             

10/24/2014:  Please note, if you have not received a letter from The Citizens National Bank regarding recent security breaches (ex. at Home Depot, K-Mart, Staples, etc.) this correspondence does not pertain to you.

 

VISA has notified CNB of the Debit Cards that may have been compromised due to one of the security breaches (ex. at Home Depot, K-Mart, Staples, etc.) that have been announced recently. We have issued a letter to the customers that hold those cards.

 

 Although this data breach did not take place at The Citizens National Bank, we are taking the following steps to protect our customers that may be affected by it.

  1. New CNB VISA Check Cards and PINs have been ordered. Please activate your new card as soon as possible.  Once you activate your new card, your existing card will no longer function.
  2. In the interim, the purchase limit for the existing card has been reduced. If you need to discuss the specific limit, please call our Data Center at 860-928-7921, ext. 115. 
  3. If you have set up pre-authorized payments with the existing debit card, you will need to notify the payee of your new card number.  If you have stored your debit card number with any internet merchant, you will need to notify them of the change as well.

Following this incident, we recommend that you take extra care in examining your account statements and periodically check your account activity online if you are signed up for e-Banking.  If you see any transactions that you do not recognize or that appear suspicious to you, please notify us immediately by visiting any office or by calling our Data Center at 860-928-7921, ext. 115.

 

You may also consider obtaining a copy of your credit report.  To order your free credit report, visit www.AnnualCreditReport.com or call toll free at (877) 322-8228.

 

If you should have any questions or concerns, please do not hesitate to call us.  The safety and security of your funds and your personal information are our top priority.

SSL Version 3 Vulnerability aka "POODLE"              

We are aware of a vulnerability that exists with SSL v3.0 being referred to as "Poodle". This vulnerability allows secure connections to be decrypted by a network attacker.

What is SSL?
Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over the Internet. SSL encrypts the data transported over the network, using cryptography for privacy and a keyed message authentication code for message reliability.

 

What is TLS?
Transport Layer Security (TLS) is a standard protocol that is used to provide secure web communications on the Internet or on intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest version of the Secure Sockets Layer (SSL) protocol.

 

Is TLS affected by this issue?
No. This issue is specific to SSL 3.0.

 

Is this an industry-wide issue?
Yes. The vulnerability resides in the design of the SSL 3.0 protocol and is not limited to Microsoft’s implementation.

To prevent our systems from being exposed to this threat, we will cease support for the SSL 3.0 protocol. CNB supports the two most current major releases of Internet Explorer, Firefox,

Safari, and Chrome, we anticipate minimal customer impact with this change.

 

We recommend the following (Consult support for specific browsers to perform these actions):

  • Disable SSL 3.0 (and 2.0 if it is enabled)
  • Enable TLS 1.0, 1.1, and 1.2
  • After doing so you may not be able to access websites that only accept SSL
  • Protect your computer by enabling a firewall, installing available software updates, and installing/updating antivirus software.

Ebola Phishing Scams & Malware Campaigns                   

October 20, 2014

 

As coverage for the Ebola virus continues to be highlighted in international, national, and local news and social media, an increased risk for phishing scams and malware campaigns exists.  Please be aware that cyber actors may leverage the fear and concerns generated by this event to lure consumers into opening attachments containing malicious code or to click on links directed to websites to collect personal information.  Customers should practice safe internet browsing both on personal and corporate computer systems. 

 

Protective measures against phishing scams and malware campaigns include:

  • Maintain up to date antivirus software
  • Do not follow unsolicited web links in email, text, or chat message
  • Use ad-blocking software to avoid 'malvertising' and potential downloading of malicious content
  • Enable "click to play" in your internet browser to avoid automatically playing embedded content on a web page (i.e. news sites, Facebook, etc...)
  • Do not open unexpected attachments
  • Save and virus scan attachments before opening them
  • Do not provide personal or corporate information over the phone, through a website, or via email to unknown persons or to an unsecure web site.
  • Verify the identity of the person with whom you are communicating

Additional resources and information on this informational alert may be found here:

US-CERT Ebola Notice and US-CERT Phishing Awareness.

Home Depot Data Breach

 Please note, if you have not received a letter from The Citizens National Bank regarding the security breach at Home Depot, this correspondence does not pertain to you.

VISA has notified us of the Visa Debit Cards issued by us that may have been compromised due to a security breach at Home Depot. We have issued a letter to the customers that hold those cards.

Although this security breach did not take place at The Citizens National Bank, we are taking the following steps to protect our customers that may be affected by it.

  1. New CNB VISA Check Cards and PINs have been ordered. Please activate your new card as soon as possible. Once you activate your new card, your existing card will no longer function.
  2. In the interim, the purchase limit for the existing card has been reduced. If you need to discuss the specific limit, please call our Data Center at 860-928-7921, ext. 115.
  3. If you have set up pre-authorized payments with the existing debit card, you will need to notify the payee of your new card number. If you have stored your debit card number with any internet merchant, you will need to notify them of the change as well.

Following this incident, we recommend that you take extra care in examining your account statements and periodically check your account activity online if you are signed up for e-Banking. If you see any transactions that you do not recognize or that appear suspicious to you, please notify us immediately by visiting any office or by calling our Data Center at 860-928-7921, ext. 115.

You may also consider obtaining a copy of your credit report. To order your free credit report, visit www.AnnualCreditReport.com or call toll free at (877) 322-8228.

If you should have any questions or concerns, please do not hesitate to call us. The safety and security of your funds and your personal information are our top priority.

Phishing Scam Aimed at Users of the Toll Service E-ZPass

While Connecticut currently does not have toll roads, several of our neighboring states (New York and Massachusetts) do.

Customers of the toll collection company E-ZPass are being warned of a new Phishing scam that is being sent masquerading as a delinquent payment notification.  The company states that, if E-ZPass customers legitimately have a payment due, they would not receive an email. E-ZPass invoices are strictly mailed directly to home addresses via the United States Postal Service. The fraudulent emails appear to be using E-ZPass's brand colors but are poorly worded and ask users to download an infected file.

One such email reads:


Security professionals have determined that the malware that is installed is primarily being used for advertising click-fraud, but that the program could also be used to steal other sensitive information such as passwords and financial data.  The contact information used as a source for these emails is seemingly random, as not all targets are E-ZPass customers.

How to avoid “Phishing” scams:

  • Be suspicious of any email with urgent requests for personal financial information.  (Remember, Citizens National Bank will never ask you for that information— we already have it on file.)  Do not be intimidated by an email that suggests dire consequences and DO NOT respond to the email or click the link provided.
  • Don't use links provided in an email.  If you suspect the message might be authentic, call the company or log onto the website directly by typing in the web address in your browser.
  • Be cautious about opening any attachments or downloading any files from emails.
  • Regularly log on to your online accounts and review your transaction history to ensure only legitimate transactions have occurred.
  • Ensure that your browser is up to date and security patches are applied. If you use Microsoft Internet Explorer browser, visit www.microsoft.com/security to download special patches related to "phishing" scams.

Important Information Regarding a Recently Reported Breach by Russian Hackers

Important Information Regarding a Recently Reported Breach by Russian Hackers

According to Pete Williams, NBC Justice Correspondent, on the Today Show, no firms/websites have been named in the breach at this point. Some of the individual sites affected have been notified, however. In a New York Times articles, it is said that the “targeted sites range from Fortune 500 companies to very small websites – and most are still vulnerable,” this coming from Alex Holden, Founder and Chief Information Security Officer of Hold Security, the company that discovered the breach. In this same article it was stated that “so far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks at the behest of other groups, collecting fees for their work.” The Hold Security team is currently working on creating an online tool that would allow individuals to securely test their information in the database. As this is a developing story, the details of what sites have been affected will likely surface as investigations into the breach continue.

Based on the limited information available regarding the impacted websites most sources are recommending that individuals assume their information has been compromised and improve information security immediately. Additional recommendations are suggested for ongoing information security as the likelihood of such breaches continues to be of concern. We at The Citizens National Bank strongly encourage all of our online banking customers to use the following tips provided by a New York Times article, How to Keep Data Out of Hackers’ Hands by Molly Wood:

  • Change passwords for sites that contain sensitive information, such as financial, health, or credit card data. DO NOT use the same password across multiple sites.
  • Try a password manager to create a unique password for each site you visit and store them in a database protected by a master password.
  • If you must create your own passwords, make sure they are not based on dictionary words.
    • Security expert Bruce Schneier suggests creating an anagram from a sentence and using symbols and numbers to make it more complicated.
  • Create the strongest passwords for the sites that contain the most sensitive information and DON’T reuse them.
  • Regularly monitor your financial records to help minimize the damage if someone gets your information. 

Sources:

Perlroth, Nicole, and David Gelles. "Russian Gang Amasses Over a Billion Internet Passwords." New York Times. N.p., 5 Aug.

2014. Web. 6 Aug. 2014. <http://nyti.ms/1mjPhsL>.

Pete Williams, NBC Justice Correspondant. Russian Hackers Steal More than 1 Billion Passwords. Today Show, 6 Aug. 2014.

Web. 6 Aug. 2014. <http://www.today.com/video/today/55808004#55808004>.

Wood, Molly. "How to Keep Data Out of Hackers’ Hands." New York Times. N.p., 5 Aug. 2014. Web. 6 Aug. 2014.<http://nyti.ms/1mjVULT>.

Office of the Comptroller of the Currency - Phishing Scam: Solidwall Bank

Alert 2014-25

Subject: Phishing Scam
Date: August 5, 2014

Description: Solidwall Bank

Phishing Scam: Solidwall Bank

To: Chief Executive Officers of All National Banks and Federal Savings Associations; All State Banking Authorities; Chair, Board of Governors of the Federal Reserve System; Chairman, Federal Deposit Insurance Corporation; Conference of State Bank Supervisors; Deputy Comptrollers (Districts); Assistant Deputy Comptrollers; District Counsels; and All Examining Personnel

The Office of the Comptroller of the Currency (OCC) has been informed that an entity titled “Solidwall Bank” is involved in a Web site spoofing and phishing scam. This entity has spoofed the Web site of a legitimate bank in Somerville, Massachusetts. The Solidwall Bank Web site, [www.solidwallf.com], replicates the following text found on the legitimate bank’s Web site in wording and appearance:

  • About Us
  • President’s Message
  • Community Involvement
  • Privacy Policy
  • Contact Us (Bank Locations)

The Web site [www.solidwallf.com] was established in April 2014 in Lagos, Nigeria, and presents a telephone number of (414) 263-9615, which is an Internet-based telephone number registered to the unauthorized entity.

Consumers are receiving unsolicited e-mails of an urgent nature from the fictitious entity. The e-mails contain a hyperlink to the Solidwall Bank Web site, which is designed to harvest financial and personal information. Anyone receiving e-mails from this entity should not respond but rather report the incident to the following agencies:

  • Federal Trade Commission (FTC): by telephone at (877) FTC-HELP or, for filing a complaint electronically, via the FTC’s Web site at www.ftccomplaintassistant.gov.
  • National Consumers League (NCL): by telephone at (202) 835-3323 or by e-mail at http://www.nclnet.org/contact_us. To file a fraud complaint, visit the NCL fraud Web site at www.fraud.org.
  • Federal Bureau of Investigation Internet Crime Complaint Center (to report scams that may have originated via the Internet). Its Web site is www.ic3.gov.

Additional information concerning this matter that should be brought to the attention of the Office of the Comptroller of the Currency (OCC) may be forwarded to

E-mail: occalertresponses@occ.treas.gov
Mail: Office of the Comptroller of the Currency
Special Supervision Division
400 7th St. SW, Suite 3E-218; MS 8E-12
Washington, DC 20219
Phone: (202) 649-6450
Fax: (571) 293-4925
Internet: www.occ.gov

For additional information regarding phishing fraud, please visit the OCC’s anti-fraud resources page at http://www.occ.gov/topics/consumer-protection/fraud-resources/internet-pirates.html.

Ellen M. Warwick
Director for Enforcement and Compliance

# # #

Alert: Security Breach At Michael's Craft Stores & Aaron Brothers Stores

SECURITY ALERT: UPDATED (04/18/2014)

On April 17, 2014 Michael’s Arts and Craft Stores announced there was a security breach at several locations last year (05/08/13-01/27/14).  Some of those stores are located in Connecticut (including Killingly Commons) were among those impacted.  Please be advised that we have received a report indicating a small number of our customers were impacted by the Michael’s security breach.  Our Managers and Assistants will be contacting the affected customers directly.

We will continue to monitor this situation closely and update our customers of any changes.  We ask that you continue to monitor your accounts closely and contact us immediately if you should see any suspicious transactions, 860-928-7921 ext 115.

Note:  A sister company to Michael’s, Aaron Brothers, also suffered a breach.  Their security was compromised between 06/26/13 – 02/27/14.  At this point, we are not aware that any of our customers are at risk because of the breach at Aaron’s.

"HEARTBLEED BUG"

SECURITY ALERT: UPDATED (04/11/14)

“HEARTBLEED BUG”

WE WISH TO LET YOU KNOW WE ARE AWARE RESEARCHERS HAVE RECENTLY UNCOVERED A SECURITY VULNERABILITY, KNOWN AS THE “HEARTBLEED BUG”, IN A COMPONENT OF CERTAIN VERSIONS OF THE TECHNOLOGY OpenSSL.

THE VENDOR THE CITIZENS NATIONAL BANK UTILIZES TO SUPPORT OUR WEBSITE AND THE ELECTRONIC BANKING SERVICES WE OFFER HAS COMPLETED ITS INITIAL ASSESSMENT OF THE FOLLOWING SERVICES AND FOUND THEM TO BE UNABOUT REVIEWING YOUR ACCOUNT ACTIVITY AND CONTACT US IMMEDIATELY @ 860-928-7921 EXT. 115 W/QUESTIONS OR CONCERNS. THANK YOU.

***WARNING OF POTENTIAL INCREASE IN PHISHING & OTHER SCAMS***

IT IS POSSIBLE FRAUD-RELATED ATTEMPTS WILL INCREASE BECAUSE THERE HAS BEEN SO MUCH PUBLICITY RECENTLY ABOUT THE “HEARTBLEED BUG”. BE WARY OF EMAILS THAT APPEAR TO BE FROM BANKS OR OTHER SECURE SITES ADVISING THAT THEIR SITE WAS VULNERABLE TO THE “BUG” AND ASKING THAT THE USER RESET HIS/HER PASSWORD. THESE COULD BE ILLEGITIMATE TRICKS DESIGNED TO RESULT IN THE USER DIVULGING HIS/HER LOGIN INFORMATION TO A CRIMINAL. DO NOT CLICK ON ANY LINKS IN AN EMAIL SUCH AS THIS. INSTEAD, IF YOU FEEL THE EMAIL IS LEGITIMATE, TYPE THE WEBSITE URL IN YOUR BROWSER AND CHANGE YOUR PASSWORD AFTER YOU HAVE ACCESSED THE SITE IN THAT MANNER.

BEWARE OF OTHER POTENTIAL SCAMS SUCH AS SERVICES THAT INDICATE THAT THEY CAN HELP YOU DETERMINE IF YOU ARE VULNERABLE TO THE “BUG” OR TO “CLEAN-UP” ISSUES RESULTING FROM IT. WE RECOMMEND THAT YOU RESEARCH ANY SUCH OFFERING THROUGHLY AND THAT YOU DO NOT PROVIDE ANY INFORMATION OR MONEY TO THEM UNTIL YOU HAVE BEEN ABLE TO CONFIRM THEIR LEGITIMACY.

Alert: Target Debit Card Transactions 11/27/13 - 12/15/13

SECURITY ALERT: UPDATED (01/29/2014)

SECURITY BREACH AT TARGET STORES - THIS ALERT PERTAINS ONLY TO THOSE CNB DEBIT CARDHOLDERS THAT USED THEIR CARDS AT TARGET BETWEEN 11/27/13 – 12/15/13.

By now you should have received a new CNB Visa Card in the mail. This card was sent to you to replace the one that was compromised as a result of the security breach that occurred at Target stores. You also should have received the Personal Identification Number (PIN) that you will need to activate your new card.

IF YOU HAVE NOT ALREADY DONE SO, PLEASE ACTIVATE YOUR NEW CARD IMMEDIATELY. IT IS IMPERATIVE THAT YOU DO SO, AS THE CARD THAT IT REPLACED WAS DEACTIVATED ON FRIDAY, JANAURY 17, 2014. THE INSTRUCTIONS FOR ACTIVATING YOUR NEW CARD ARE OUTLINED IN THE BROCHURE THAT IT WAS ATTACHED TO. SINCE YOUR EXISTING CARD HAS BEEN CANCELLED IT WILL NOT WORK IF YOU SHOULD ATTEMPT TO USE IT. IF YOU SHOULD HAVE ANY QUESTIONS REGARDING THE CONTENTS OF THIS MESSAGE, PLEASE CALL OUR DATA CENTER AT (860) 928-7921, EXT 115 OR VISIT ONE OF OUR BRANCHES. THANK YOU.

Important Security Information

WHAT DO WE DO FOR CUSTOMER PROTECTION

At The Citizens National Bank the protection of your personal information and account information is just as important to us as it is to you. The security of your information relies on both our ability to offer banking services to you in a secure manner, as well as your responsibility for keeping User Identification Names (User ID's), Personal Identification Numbers (PIN's), answers to your personal challenge questions secure, updating and performing regular scans of your antivirus and antispyware programs on your home computer. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures, which are identified below. These measures allow us to properly authenticate your identity when you access these services and to protect your information as it travels the Internet between your personal computer (PC) and The Citizens National Bank.

Our e-Banking and PowerPay security measures include:

  • A requirement for each user to privately maintain a combination of a User ID and a 6 -12 character (alpha & numeric) PIN.
  • A user-selected watermark that appears after you enter your User ID. This watermark assures that you are signing onto The Citizens National Bank’s website and not an imposter site.
  • The option to change your PIN at any time.
  • A risk-based authentication system to verify your identity and authorize transactions. Our multi-factor authentication solution improves our ability to verify your identity when you access Online Banking. You simply select three challenge questions and supply answers that only you know. When additional security is needed, we'll prompt you with two of your three questions. We may do this if you forget your password or if you sign in from a computer that we do not recognize (for example, if you sign in from a computer at work, we'll ask you a security question to verify that it's really you).
  • Perform regular monitoring and maintenance of the risk-based authentication cases within the system.
  • An automatic logoff feature which will end your session if it remains inactive.
  • An automatic lockout feature will disable your e-Banking ID if the PIN is entered incorrectly multiple times.
  • The use of account pseudo names will be assigned to eliminate any need for your account numbers to appear online.
  • A requirement that you utilize a secure browser that supports 128-bit encryption. PC users - utilize Microsoft Internet Explorer (IE) Version 7.0 - 8.0 or Firefox Version 3 and Higher.
    Mac Users – utilize Safari Version 1.0 and Higher.
  • The use of secure servers. This security is evident by the "https" that will appear in the URL (as opposed to "http" which appears for normal web pages). If you are using Internet Explorer or Netscape Navigator you will see a locked padlock at the bottom right of your browser window when browsing secure websites.
  • The use of a firewall which isolates our server from the Internet and limits access that outside computers have to The Citizens National Bank’s server.
  • Secure email communication with The Citizens National Bank through e-Banking.

CUSTOMER AWARENESS - WHAT YOU CAN DO

While we have instituted numerous security measures, you also play a role in protecting your confidential account information. There are a number of steps that you can take to ensure that your information remains protected, including:

  • Don't reveal your User ID, your PIN or the answers to your personal verification questions to anyone. This information is designed to protect your account information, but it can only be effective if it is kept private.
  • Select an unusual watermark and watch for its appearance after you enter your User ID. If you do not see the watermark you selected, you should not enter your PIN and you should call our Internet Banking department immediately (860-928-7921).
  • Remember that we will never contact you via e-mail asking you to furnish your PIN, social security number, mother's maiden name or any other confidential information. There are no pop-up windows on our website that request such information. If you receive such a request it is not legitimate; please contact our Internet Banking department immediately (860-928-7921).
  • Use care when selecting your PIN. Don't select PINs that can be easily guessed. Don't select a PIN that is so complex that you have to write it down.
  • Do not use the same or similar PIN for online banking as you use on social networking sites such as, My Space, Facebook or Twitter.
  • Do not use the same or similar PIN for online banking as you use on shopping sites such as Amazon, eBay, Craigs List etc...
  • Change your PIN periodically.
  • Don't leave your computer unattended while you're logged on.
  • When you have finished your e-Banking session, you should log off before visiting other Internet sites.
  • Do not change the pseudo names for your accounts to their numeric account numbers.
  • Do not click on links within emails you are not familiar with.
  • Scrutinize your emails. If you are not familiar with the sender, do not open the email.
  • Do not open unsolicited requests. Simply delete it.
  • Enlist the use of spam detection and/or pop up blocking on your computer.
  • Do not fall prey to telephone scams asking you to disclose personal information such as account number, social security number, ATM or Debit Card number, mother’s maiden name, date of birth etc… Hang up the phone and call The Citizens National Bank (860-928-7921) to report the inquiry.
  • Only access your personal financial information from a computer you "trust." Publicly accessible computers are not as secure as your personal computer.
  • Strengthen the defenses on your PC by using and regularly updating personal firewall, virus scanning and anti-spyware software. These programs will reduce the risks that your PC will be vulnerable to penetration. These programs are designed to help protect your confidential information from interception and unauthorized disclosure.
  • Do not log into e-Banking if you suspect a virus or spyware has infected your PC.
  • Keep your browser updated. The newest versions have the latest safety features.
  • Stay up-to-date on Internet threats. The Federal Trade Commission (“FTC”) maintains a consumer education website called “OnguardOnline” that provides practical tips to help you be on guard against Internet fraud, secure your computer, and protect your personal information. Go to The Federal Trade Commission website.

If you notice any suspicious or unusual activity in your accounts, or if you suspect unauthorized access to your accounts, contact us immediately at 860-928-7921 or toll free at 888-928-7921.

Avoid Identity Theft

What Is Identity Theft?

The Citizens National Bank employees will never ask you for your Online Banking password.  In addition, The Citizens National Bank will never request that you send email containing your personal or financial information.

The Citizens National Bank wants to help you to protect yourself against online scams.  Email fraud is a common and damaging method used to scam consumers.   Fraudulent email scams are described below:

  • Phishing:  Phishing schemes use forged emails claiming to be from someone that you know and trust (like your Bank or the FDIC).  They attempt to get you to reveal sensitive information like user ID’s , passwords, debit card numbers, account numbers, social security numbers, etc.  This information can then be used to access your accounts, finances, and your identity.
  • Spoofing:  Most forged emails ask you to supply, confirm, or update personal information by directing you to click on a link in the body of the email text.  The link will connect you to a web page or login page that appears identical to the actual website’s.  This is referred to as a “spoofed” site.  The site will appear to belong to the company but in fact is totally unrelated and is being used to collect your information!

What are email scams such as "Phishing"?

"Phishing" is a scam that uses fraudulent emails with “urgent” (but false) messages and even websites to obtain personal financial information.  In a typical case you would receive an email requesting personal or financial information; the email would appear to originate form a trusted entity, would have emphasis on the urgency to respond, and contain a threat of terrible consequences if you didn’t respond immediately by providing the requested information or clicking the link provided.   By posing as trusted brands of well-known banks, online retailers and credit card companies, "phishers" are able to convince recipients to respond to them and to provide personal and financial information.

How to avoid "Phishing" scams:

  • Be suspicious of any email with urgent requests for personal financial information.  (Remember, Citizens National Bank will never ask you for that information— we already have it on file.)  Do not be intimidated by an email that suggests dire consequences and DO NOT respond to the email or click the link provided.
  • Don't use links provided in an email.  If you suspect the message might be authentic, call the company or log onto the website directly by typing in the web address in your browser.
  • Be cautious about opening any attachments or downloading any files from emails.
  • Regularly log on to your online accounts and review your transaction history to ensure only legitimate transactions have occurred.
  • Ensure that your browser is up to date and security patches are applied. If you use Microsoft Internet Explorer browser, visit www.microsoft.com/security to download special patches related to "phishing" scams.

What is "Spoofing"?

Spoofing is the use of a website or email that appears to come from a well known company but is phony.  For example, an Online Banking customer, who routinely logs in to an online banking website, may be redirected to an illegitimate web page instead of accessing his or her bank’s website.  These spoofed websites are then used to obtained password/PIN, credit card information, ATM/Debit information, social security number, Bank account information.

Spoofed websites are utilized in many ways:

  • Static domain name spoofing: The "pharmer" (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer’s web site. For example, a pharmer may redirect a user to anybnk.com instead of anybank.com which is the site the user intended to access.
  • Malicious software (Malware): Viruses and "Trojans" (latent malicious code or devices that secretly capture data) on a consumer's personal computer may intercept the user's request to visit a particular site, such as anybank.com, and redirect the user to the site that the pharmer has set up.
  • Phishing emails often contain links to spoofed websites (see “Phishing Section”).
  • Domain Name Servers (DNS) poisoning: The most dangerous instance of pharming may be DNS poisoning. Domain name servers are similar to Internet road map guides. When an individual enters www.anybank.com into his or her browser, DNS on the Internet translate the phrase anybank.com into an Internet protocol (IP) address, which provides routing directions. After the DNS server provides this address information, the user's connection request is routed to anybank.com. Local DNS servers can be "poisoned" to send users to a website other than the one that was requested. This poisoning can occur as a result of misconfiguration, network vulnerabilities or Malware installed on the server.

Although there’s no fool proof way to spot a spoof email or website, these signs should arouse your suspicion:

  • Sense of Urgency – emails containing statements that imply that your account will be closed if you don’t respond.
  • Emails that contain embedded links – even if the name includes all or part of a real company name.
  • Obvious Spelling Errors – errors are made to help the spoof email avoid the spam filters.
  • If you get an email or pop-up message that asks for personal or financial information, do not reply.  Don’t click the link in the message either.  Open a new internet browser session and type in the company’s correct web address yourself.  Don’t cut and paste the link from the message into your Internet browser-legitimate companies don’t ask for this information via email.

How to protect yourself from Financial Fraud and Identity Theft:

  • Never provide your personal information in response to an unsolicited request.
  • Never write or give your ATM/Debit card Personal Identification Number (PIN) to anyone.  Never give your online banking password to anyone.
  • Never give out personal information such as your checking or savings account number, credit card number or social security number, through the mail, telephone or Internet, unless you have initiated the contact and you are certain that the company is reputable.
  • Never click on the link provided in an email.
  • Report to the bank any lost or stolen ATM/Debit Card or lost or stolen personal checks.
  • Balance your checking or savings account statement every month and report any unauthorized transactions to the bank immediately.
  • Regularly review credit card statements to check for unauthorized charges.
  • Shred your charge receipts, credit card applications, insurance forms, old checks, bank statements, anything that contains any of your personal identification.

If you’re a victim of Identity Theft:

  • Call the ID Theft Clearinghouse toll free at 1-877-438-4338 to report the theft.
  • Place a Fraud Alert on your file at all three agencies.
  • Contact the fraud departments of each of the credit agencies:
  1. Equifax  http://www.equifax.com/   1(800)-525-6285
  2. Experian  http://www.experian.com/  1(800)-397-3742
  3. TransUnion  http://www.transunion.com/  1(800)-680-7289
  • Contact The Citizens National Bank at 860-928-7921 and your credit card companies immediately to stop access to your accounts.
  • Stop payment on fraudulent transactions or stolen checks.
  • File a police report with your local police department or the police in the community in which the identity theft occurred.
  • Report all suspicious contacts to the Federal Trade Commission; http://www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT

For More Information

You can learn more about this important issue at the US Government central website. And if we can help you in any way with this important issue, please contact us at 860-928-7921.