Security Tips / Fraud Prevention

Heartbleed Bug, what you need to know.

How has the bank responded to this concern?

Immediately upon notification we began testing our systems and communicating with our partners and found all systems were not vulnerable.  We have tested our systems and found no known vulnerabilities.   Please be assured that protecting the security of our customers’ information is our highest priority.

What is the Heartbleed bug?

The Heartbleed bug is vulnerability in the OpenSSL cryptographic library that allows an attacker to steal information normally protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is open-source software that is widely used to encrypt web communications. SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs. According to CNET, an attacker can exploit Heartbleed to essentially “get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”

Online Security

Protecting your personal and financial information at Talbot Bank is our number one priority.  In addition to the security features, included in our online banking products and services, there are additional security measures consumers can take to protect personal and financial data.  Take a few minutes to learn about additional security tips, internet and e-mail scams in the information below.   

Protect Your Personal Information Online

  • Do not share ID and passwords.
  • Change your password frequently.
  • Use strong passwords by incorporating characters and using phrases that cannot be easily guessed.
  • Maintain up to date virus protection on your PC.  You could possibly lose important information and incur additional repair expense without this protection.
  • Sharing personal information over the phone or on the Internet should be between businesses you know and trust.  Do not respond to un-solicited e-mails.  If a company you do business with asks you to re-validate personal information, do not respond.  Contact the company directly via phone or by typing in their home URL directly to determine the validity of the e-mail.
  • If you think you provided personal information to a perpetrator, change your password immediately, monitor your account activity and contact us.   
  • Typographical and grammatical errors contained in an e-mail or on a website are often signs of fraud attempts to compromise your personal information.
  • Review account activity and billing statements to be sure there are no unauthorized transactions posted to your account. If you find unauthorized transactions posted to your account contact us immediately. 
  • Always use the logout button to end your browser session. Closing the page does not log you out of your current session.
  • Maintain up to date virus protection on your PC
  • Review account activity and billing statements to be sure there are no unauthorized transactions posted to your account. If you find unauthorized transactions posted to your account, contact us immediately.  
  • Always use the logout button to end your browser session. Closing the page does not log you out of your current session.
  • The Bank will NEVER contact a customer by phone or e-mail and ask for account numbers, passwords or personal information.  If you receive a call or e-mail claiming to be from Talbot Bank contact us immediately and forward any e-mails to our attention.

For additional information on Internet, e-mail and identify theft issues, visit the Federal Reserve Deposit Insurance Corporation (FDIC) at http://www.fdic.gov/consumers and watch the video produced by the FDIC: Don’t Be An Online Victim http://www.youtube.com/watch?v=ANaypUUaeAc

Return to Top

Be Aware of Scams

Bogus Credit Report Solicitations

It has been brought to our attention that some visitors to the Bank’s website have been presented with bogus solicitations to receive a copy of your credit report.  This solicitation is caused by malware, spyware, or adware on the visitor’s computer.  The solicitation is in no way sponsored by or endorsed by the Bank.  It is recommended that anyone receiving this solicitation run a full scan with their antivirus and or antispyware program.  

Phishing Scams Using Phones

In addition to using e-mails to obtain personal information, perpetrators also use phones to collect personal information like your account number, social security number, or your debit and credit card information.  You may receive an automated call stating that your account or card number has been compromised and a request is made to contact a specific number to resolve the issue.  If this occurs, immediately hang up and contact us to report the details of the scam, as this phishing scam is trying to get your account number.  

Return to Top

Pharming

Pharming scams use e-mail solicitations to lure victims to a bogus site.  When the customer clicks on the link provided in the e-mail, malicious software is installed to re-direct the user to a fraudulent site where personal information can be requested by the scammer.  To verify you are visiting a valid website, check for a certificate from a service like VeriSign®.  You can locate this information by clicking on the padlock icon that appears in the URL address to view the sites security certificate. Be sure to verify the name on the certificate matches the name on the site.  

Be sure to run anti-virus and anti-spyware software and update your computer with the latest security patches and firewalls.  

Key Logging

Another scam often used is key logging.  Key logging software is installed on your machine without your knowledge through an unsolicited e-mail or download of software that infects your machine.  The unwanted software is often referred to as “spyware”, “adware” or “key logging software” and records everything you type on your computer, including passwords.  Some symptoms that your machine may be infected by unwanted software include:

  • Slowing of your computer
  • Increase in unsolicited e-mails
  • Strange browser behavior including increased pop-ups and unexplained changes to your home page settings and favorites

To minimize the risk of key logging, make sure you have up-to-date virus software installed and updated and avoid downloading information from sites or sources that are unfamiliar.  

Additional resources available to take action against Identity Theft can be found at the Maryland Attorney General site at http://www.oag.state.md.us/consumer/idtheft.htm

Return to Top