Security Tips and Alerts
Click here to learn more about information security and how you can help protect your information.
Web Security Alert - Heartbleed Bug
Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web -- the one that keeps your email, banking, shopping, passwords and communications private. It's called the Heartbleed bug, and it is essentially an information leak.
Level One Bank Online Banking service provider has reviewed all systems and determined that the vulnerability would not have applied for the vast majority of our solutions. For the limited number of clients utilizing systems with the OpenSSL flaw, patches have been implemented to remediate the issue.
Please refer to the following FAQs. If you have any questions or concerns regarding Level One Online Banking, please contact us at 248-737-0300 or send us an email at email@example.com.
What is the Heartbleed Bug?
Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in encryption technology – called Open SSL – used by most Web servers to secure users’ personal or financial information. It is behind many “https” sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online. Experts discovered the bug recently and warned that cybercriminals could exploit it to access visitors' personal data or to impersonate a website and collect even more information.
Am I affected?
Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Most sites with an address beginning with “https” are vulnerable until the website operator fixes the bug and users change their passwords.
Is my bank account safe?
Yes, consumers are always protected from any unauthorized transactions. Let the bank know immediately if you suspect any unusual activity.
Banks are monitoring your accounts. They use many different systems to protect customers’ information including rigorous security standards, encryption, and fraud detection software.
What can I do?
Log out of all websites: email, social media, banking -- everything. But beyond that, it's a waiting game. The websites themselves need to update to a new version of the encryption software to fix the bug. That's why changing all your passwords right away isn't a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable.
As always, it is a good idea to update your bank password every few months. Also, monitor your account regularly and report suspicious transactions to the bank immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you.
What are banks doing?
Banks are researching the possible impact of the Heartbeat Bug and are taking appropriate actions to ensure that it has no impact on their customers. Most Internet banking applications are not impacted by this bug. Most financial institutions have a special layer of security that prevents this type of exploit and some don’t use Open SSL at all.
Following link lists some of the affected sites and their status on security updates:
- Conducting Your Transactions Online
- DDOS Education
- Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams
- Fake Website
- Fraud Protection for ATM and Debit Cards
- Funds Transfer Risk: Awareness and Mitigation
- How Not to Get Hooked by a 'Phishing' Scam
- Identity Theft
- Malware Targets Bank Accounts ‘Gameover’ Delivered Via Phishing E-Mails
- Michigan Child Protection Registry
- Online Security Tips
- Phishing Alert - Subject Line: ACH Transfer Rejected
- Protect Yourself from Identity Theft
- Security Alert - The fraudulent IRS e-mail