With over 12 years of experience in information technology and cybersecurity, Eric Gilson serves as the Cyber Security Officer at Civista Bank. He leads safeguarding the bank's systems against cyber threats. He is a Certified Information Systems Auditor (CISA) and holds a degree in Systems and Network Support from Terra State Community College.
What Are the Most Common Cybersecurity Threats That Consumers Face Today?
All forms of social engineering with phishing, smishing and vishing being the most prevalent. Business email compromises (BEC) are continuing to increase as well and are often a result of stolen credentials in a phishing, smishing, or vishing campaign.
What Are Phishing Emails, and How Can Customers Recognize and Avoid Them?
Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source.
Here are some phishing red flags:
Here are some phishing red flags:
- There is a sense of urgency to reply, click on a link, or open an attachment.
- The email contains bad grammar and spelling errors.
- The sender is not someone who ordinarily communicates with you.
- The email is unexpected or an unusual email from a known or unknown sender.
- The email address is from a strange or misspelled domain. (Ex. cvista.bank vs civista.bank)
If you receive an email asking you to interact with your online account, the safest way to ensure you don’t become a victim of phishing is to go directly to the website via a trusted link. This will decrease the odds of clicking a link in a phishing email that takes you to a phishing website that looks authentic and tricks you into entering your account credentials.
What is Smishing, and Do You Have Any Tips How to Recognize These?
Smishing is just phishing using text messages and the same general red flags apply to both phishing and smishing. Just like phishing, if you are asked to interact with an account via a link or phone number you should use a trusted link or number, not the one in the text message.
What is Vishing?
Vishing is a social engineering cyberattack where scammers use a phone call or voicemail to trick individuals into divulging confidential information, such as a social security number, an account number, or login credentials.
Common Vishing Techniques
- Scammers pose as bank employees and ask for account information, PINs, or other sensitive information.
- Scammers impersonate IRS agents and claim you’ve been audited and owe back taxes or have other legal issues. They often threaten serious consequences such as arrest or legal action unless you make an immediate payment.
- A scammer impersonates a tech support agent from a reputable company and claims your computer is infected with malware or has other serious issues. They will then attempt to gain remote access to your computer for various malicious purposes.
How to Stay Protected
- Be cautious if you receive unexpected calls asking for personal information or urgent action.
- If unsure about a call's legitimacy, hang up and call the official number for the organization to verify.
- Always confirm the caller's identity, even if they claim to be from a trusted organization
- Do not trust caller ID; Phone numbers can be spoofed to appear as a legitimate business number.
What Steps Can Customers Take to Protect Their Data and Accounts?
There are several steps customers can take to protect their data:
- Use strong passwords and a unique password for every account.
- Use two-factor authentication, when possible.
- Keep your computer and phone software up to date.
- Ensure that you have anti-malware and anti-virus software installed on your computer.
- Do not access your accounts when on public Wi-Fi unless you are using a VPN.
- Enable account activity alerts, when possible.
- Use secure email or secure portals when transferring sensitive information.
- Never disclose your password or any other sensitive information via phone, text, or email.
Can You Share Some Best Practices for Using Public Wi-Fi Safely, Especially When Accessing Banking Information?
It is not safe to access any sensitive information when on public Wi-Fi unless you are connected to a secure VPN. If you need to access your account and do not have a VPN you should disconnect from public Wi-Fi and use your phone’s 4G/5G connection.
What Role Do Customers Play in Their Own Cybersecurity, and How Does Civista Support Them in This Responsibility?
Customers are 100% in charge of their own cybersecurity. Our role is to help educate them on how to avoid cybersecurity threats and offer safeguards for their accounts, but ultimately it is up to the customer to have good cybersecurity practices and awareness.
Can You Explain How Two-Factor Authentication Works and Why It’s Important?
Two-factor authentication requires two distinct forms of identification to access an account. It is often talked about in terms of “something you know and something you have.” Something you know is usually a password or a PIN (personal identification number) and something you have is usually a mobile device. Once you enter your account password, a code is sent to your mobile device, or a code is generated by an authentication app on your mobile device. Once you enter the code you can login to your account.
If a cybercriminal were to steal your password and try to access your account, they will not be able to get in unless they can find a way to access your mobile device as well. While it’s not impossible to steal your two-factor code via social engineering or more sophisticated methods, utilizing two-factor authentication is still a great way to help protect your accounts.
What’s the One Piece of Advice You Would Give to Civista’s Customers to Ensure Their Online Safety and Security?
Never access your accounts via a link in an email or text message.
Are There Any Common Mistakes You See People Make With It Comes Preventing Cybersecurity-Related Fraud?
Ignoring device updates, using weak passwords and reusing passwords are three common offenders.
The Banks Never Ask That Slogan Is a Campaign Many Banks Are Using in October. What Does That Mean? And Why Is This Campaign Important?
It means banks will not ask you for sensitive information via phone, text, or email and sensitive information includes your account number, social security number, username and password! It’s important because honest hard-working people get scammed out of money every day by cybercriminals and with a little bit of cybersecurity awareness you can fight back and keep your money safe.
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
Toggle accordion content
