Customer Alert 4.10.14
Univest recently learned a bug, called Heartbleed, has attacked OpenSSL, one of the Internet’s key security methods, making user’s private information vulnerable to fraudsters.
Univest reviewed its Internet sites as well as sites of vendors that service our customers, such as Online Banking, and have determined the previously mentioned sites are not susceptible to the Heartbleed bug. OpenSSL contains the Heartbleed vulnerability and neither Univest nor its vendors currently use or ever used the OpenSSL protocol to secure internet transactions. Rather, Univest uses a commercial-grade and industry-standard 128-bit encryption SSL protocol from Symantec Corporation.
The security of your personal and financial information is very important to us. At Univest, we believe awareness is one of the best ways to help protect against online fraud and identity theft.
As your financial partner, we employ a variety of tools and methods to protect the integrity of your confidential information. Regardless of our diligence, fraudsters continue to look for opportunities to steal your identity. This includes non-technical methods such as social engineering. By definition, social engineering is the art of manipulating people into performing actions or divulging confidential information. Examples include:
- Vishing − A scammer will call and ask questions to try to get you to divulge confidential information.
- Phishing − The act of attempting to acquire information such as usernames, passwords and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
- Downloading Malware − When downloading and installing software you may inadvertently infect your computer with malware.
- Shoulder Surfing − When another person stands too close to you when you are viewing or discussing your confidential information.
- Pretexting − The practice of presenting oneself as someone else in order to obtain private information.
Each of these methods can be used alone or in tandem with other methods to get you to divulge information that you would not ordinarily disclose. Read the following tips for helpful ways to minimize your risks.
Tips to Protect Your Identity
Identity theft continues to be one of the fastest growing crimes in the United States. In the U.S., 12.6 million people, or 1 out of every 20 consumers, were victims of identity fraud last year. Univest recommends following these tips to keep your information - and your money - safe.
1. Do not share your secrets. Do not provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
2. Shred sensitive papers. Shred receipts, banks statements and unused credit card offers before throwing them away.
3. Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, do not mail bills from your own mailbox with the flag up.
4. Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
5. Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
6. Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser's padlock or key icon is active. Also look for an "s" after the "http" to be sure the website is secure.
7. Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer's recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
8. Immediately report any suspected fraud to Univest by calling 877.723.5571.
Tips for secure online shopping
Before you click or tap to buy items online, read the tips below to avoid becoming a victim of cybercrime.
1. Secure your mobile device and computer. Make sure the operating system and application software are up-to-date on all of your computers and mobile devices. Additionally, confirm all installed anti-virus/anti-spyware software is running and receiving automatic updates and your firewall is enabled.
2. Know and trust your online shopping merchants. Limit online shopping to merchants you're familiar with and trust. If you have questions about a merchant's credibility, check with the Better Business Bureau or Federal Trade Commission.
3. Look for security symbols in the web address. Before you make an online purchase look for indicators that the site is secure. Make sure the web address begins with "https" and a padlock or key icon is displayed in the address or status bar to ensure the transaction will be encrypted.
4. Create strong passwords. One of the easiest and most important factors in protecting your computer, mobile device and personal accounts is to use unique, complex passwords. A good rule of thumb is to create passwords that consist of at least eight characters containing upper and lower case letters, numbers and symbols.
5. Do not click on pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for PCs and Control + W for Macs.
6. Be wary of unsolicited communications. Cybercriminals attempt to take advantage of your generosity through fake donation requests. Always verify the request by contacting the organization directly and never click on links within unsolicited emails. Information on many current scams can be found on the Internet Crime Complaint Center's website, www.ic3.gov.
7. Avoid using public computers/wireless when shopping online. Public computers may contain malicious software that steals your credit card information when completing a transaction. Additionally, criminals may intercept traffic on public wireless networks and steal your confidential information.
8. Pay by credit card, not debit card. The safest way to shop online is to pay with a credit card rather than a debit card as credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information was used improperly.
9. Print your online transactions. Keep record of your online transactions, including receipts, product description and price, and any emails between you and the seller. Carefully review your credit card statement to confirm that all charges are legitimate. Immediately contact your credit card company if there are unauthorized charges to your account.
10. Review merchant privacy policies. It's important to know what information the merchant is collecting about you, how it will be stored, how it will be used and if it will be shared with others.