Security Center

Cybersecurity Tips in Response to MOVEit Software Compromise

6/28/2023

The security and safety of our customers’ personal and financial information are among Gulf Coast Bank’s highest priorities.

With the recent announcement from the Louisiana Office of Motor Vehicles regarding the Progress Software’s MOVEit File Transfer product breach, we want to remind our customers that Gulf Coast Bank has extensive systems and processes in place to detect anomalous and/or fraudulent activity.

The battle against cyber security attacks is one we take very seriously, and we are constantly learning and adapting to best protect our customers’ in-formation. It’s critical that we continue to work together to keep your per-sonal information and financial accounts secure.

With that in mind, we put together a list of steps you can take to help pro-tect yourself against fraud:

Utilize Online Banking. With our online banking and mobile app, you can routinely review your accounts and even set up alerts, increasing your chances of catching suspicious activity early, when it is easiest to stop.
Update your passwords often and ensure they are strong and unique.
Monitor your credit reports. You may request a free credit report from all three major agencies at https://annualcreditreport.com once every year.
Use caution before opening attachments or clicking links when using email, text messaging, or social media. Especially when from an un-known sender, but even if the sender looks familiar, it’s always best to confirm with a quick phone call.
Secure your home network and use current Virus and Firewall protec-tion for your personal computer. Avoid using public or shared networks to access your personal information or accounts.

Gulf Coast Bank is committed to serving our customers and our community with safe and secure financial solutions you can depend on.

Business Guide to Corporate Account Takeover

What is Corporate Account Takeover?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.

Corporate account takeover is a growing threat for small businesses. It is important that businesses understand and prepare for this risk.

Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.

How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with Community State Bank. Work with Community State Bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.

A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:

Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protection on your computer. Use complex passwords and change them periodically.
Partner with Community State Bank to prevent unauthorized transactions. Talk to your bank about programs that safeguard you from unauthorized transactions. Device authentication, multi-person approval processes, and batch limits help protect you from fraud.
Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your bank if you have any questions about your responsibilities

Additional Resources
We encourage our business customers to use the following resources to create comprehensive cyber security policies and to stay up-to-date on best practices.

Federal Trade Commission Protecting Small Businesses

Federal Communications Commission Cyber Security for Small Businesses

Better Business Bureau Cybersecurity Resources

COVID-19 Information

FDIC Coronavirus FAQ

COVID-19 and Your Financial Health: Keep yourself and your money safe
The Federal Deposit Insurance Corporation (FDIC) is working with federal and state banking agencies and financial institutions to assist customers affected by the coronavirus disease 2019 (COVID-19) global pandemic. The following information is more important than ever during these challenging times. Learn more here.

Information regarding Fake Check Scams

Click here for full article from The FTC

FDIC Consumer News - Oct 2021

When cybersecurity is inadequate, it can lead to stolen identity and financial loss. Most scams and scammers have two main goals--to steal your money and your identity. You should know what to look for, how they work, and what to do, so you can protect yourself and your finances. Read the full newsletter here: FDIC: Avoiding Scams and Scammers

Online Banking Safety and Mobile Banking Fraud

Be cautious of “Fake” online scams such as, “The Sweetheart Scam” or the “Fake Online Payday Lenders”. Contact our Customer Service at (337) 893-7733, should you have questions, or if you have been contacted in any way for some type of online deal. Do not fall prey to these fraudsters.

Create “strong” passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts. Never share your ID and Password information with anyone.

Mobile Device Security Information

Be careful when using smartphones and tablets. Don’t leave your mobile device unattended and use a device password or other method to control access if it’s stolen or lost. It is highly recommended that you do not store/save Bank account as well as other sensitive information, e.g. (statements, transaction images, SS#, etc.) on your mobile device by performing screenshots, etc.

Tips to Keep Your Mobile Device Safe and Secure

Use of mobile anti-malware applications and PIN protection is vitally important in keeping your device safe and secure.
Mobile device users should regularly install operating system and firmware updates.
Using unsecured "public" wireless networks, e.g. (coffee shops, airports, etc.) is highly risky and can put your login credentials at risk. You should never log in to any secured site in an unsecured public wireless network.
Avoid phishing messages in the form of email as well as SMS text messaging. Text message Phishing is becoming more common. Users should practice caution when receiving these messages and acting on them.
You may see a warning that says "Warning: Visiting this website may harm your computer." This warning is a very strong indicator that there is something wrong with the site you are about to visit.
If a download has begun as soon as you enter a site, this may be a sign that there is something fishy going on. If you weren't looking for the application, then don't install it.
If a site redirects to a strange website, it may be compromised.
A rooted or jailbroken device is more susceptible to malware infection and it's easier for a jailbroken device's operating system to be compromised.
Mitigate risk factors for jailbroken devices: Keep mobile devices and apps up to date by enabling auto-update on the device to ensure timely updates are happening. Where practical, configure Android devices to disallow sideloading; install apps from trusted sources such as Apple's App Store, Google Play and Amazon's App store.
Complex passwords to secure the device is highly recommended. Using alphanumeric, special characters, as well as incorporating upper and lower case letters. Mixing the use of characters and not using names or readily available words and number sets. Never share your login credentials with anyone.
Secure apps with passwords if possible.
Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.
Utilize autowipe technology should the device be lost or stolen to remove any sensitive and confidential information.
Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.

More Information from the FDIC: Going Mobile: How To Be Safer When Using a Smartphone or Tablet

Mobile Security Threats

Threat	Dangers
Device Loss or Theft	Loss of sensitive personal and employer information such as contacts, calendars, and photos Breach of your privacy, and in a worst-case scenario, you could become a victim of identity theft Compromised online accounts Payment to replace the device, and/or possible calls or texts charged to your account
Phishing Scams (often delivered via emails, text messages and social media)	Sensitive information revealed such as account numbers and login credentials Unauthorized withdrawals made from your bank account
Malware and Spyware	Compromised personal information—you could even become a victim of identity theft Unauthorized charges Unauthorized access to the information on your devices
Quick Response (QR) Codes	You could accidentally download a malicious application Your personal information could be compromised, or your device could cease to function properly
Wifi Networks	You could connect to an unsecured network, and the data you send, including sensitive information such as passwords and account numbers, could potentially be intercepted

Donation Scams

Donation requests from fraudulent charitable organizations commonly appear after major natural disasters, but they can happen anytime. It is best practice to do your research before you make a donation to any organization. Check the Better Business Bureau (BBB) before making any donations to a cause.

United States Computer Emergency Readiness Team (US-CERT) Tips

Do not follow unsolicited web links or attachments in email messages.
Keep antivirus and other computer software up-to-date.
Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.

Cybersecurity Awareness Month (Resources & Education)

As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, National Cyber Security Awareness Month (in October) was an important reminder of the need to take steps to protect yourself and your family when using the Internet.

Contact the Internet Crime Complaint Center if you’re ever a victim.
Understand the importance of cyber-security skills at your workplace.
Know the risks of the Internet of Things (IOT)

The FBI also provides resources: Click here to learn more.

Cybersecurity Tips for Businesses with Online Banking

Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risks related to their duties.
Update anti-virus and anti-malware programs frequently.
Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices).
Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking.
Adhere to dual control procedures if feasible.
Use separate devices to originate and transmit wire/ACH instructions.
Transmit wire transfer and ACH instructions via a dedicated and isolated device.

Warning Signs of Potentially Compromised Computer Systems

Warning signs that a device, system, or network may have been compromised include:

Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money).
Dramatic loss of computer speed.
Changes in the way things appear on the screen.
Computer locks up so the user is unable to perform any functions.
Unexpected rebooting or restarting of the computer.
Unexpected request for a one time password (or token) in the middle of an online session.
Unusual pop-up messages, especially a message in the middle of a session that says the connection to online banking (or other website/application) is not working (system unavailable, down for maintenance, etc.).
New or unexpected toolbars and/or icons.
Inability to shut down or restart the computer.

Deceptive Ways Criminals Contact Account Holders

The FDIC does not directly contact bank customers (especially related to ACH and Wire transactions, account suspension, or security alerts), nor does the FDIC request bank customers to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.

Messages or inquiries from the Internal Revenue Service, Better Business Bureau, NACHA, and almost any other organization asking the customer to install software, provide account information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed, or information is provided.

Phone calls and text messages requesting sensitive information are likely fraudulent. If in doubt, account holders should contact the organization at the phone number the customer obtained from a different source (such as the number they have on file, that is on their most recent statement, or that is from the organization’s website). Account holders should not call phone numbers (even with local prefixes) that are listed in the suspicious email or text message.

Cybersecurity Checklist

10 things you can do to help protect yourself from online criminals:

Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus/anti-malware software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.
Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don’t have up-to-date security software.
Get to know standard Internet safety features. For example, when banking or shopping online, look for a padlock symbol on a page (that means it is secure) and “https://” at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).
Ignore unsolicited emails asking you to open an attachment or click on a link if you’re not sure it’s who truly sent it and why. Cybercriminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a published email address or telephone number.
Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A safe strategy is to ignore unsolicited requests for information, no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account numbers and passwords.
Use the most secure process you can when logging into financial accounts. Create “strong” passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts. Never share your ID and Password information with anyone.
Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone’s place of birth, mother’s maiden name or a pet’s name, in case those details can help them guess or reset passwords for online accounts.
Be careful when using smartphones and tablets. Don’t leave your mobile device unattended and use a device password or other method to control access if it’s stolen or lost. Do not store/save Bank account information, e.g. (statements, transaction images, etc.) on your mobile device by performing screenshots, etc.
Parents and caregivers should include children in their cybersecurity planning. Talk with your child about being safe online, including the risks of sharing personal information with people they don’t know, and make sure the devices they use to connect to the Internet have up-to-date security.
Small business owners should have policies and training for their employees on topics similar to those provided in this checklist for customers, plus other issues that are specific to the business. For example, consider requiring more information beyond a password to gain access to your business’s network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.