Privacy & Protection
Security Alerts & Awareness
ALERT! A global wide cyber-attack has been reported affecting unpatched computer systems worldwide. These devices are missing critical Microsoft updates that are allowing the installation of ransomware, a form of malicious software used to lockdown files and systems without any possible way to access them until ransom money is paid to the cyber criminals. This is being described as the "cyber apocalypse" and is the largest attack at one time in the world's history. At this time, there are fewer reports in the United States. For more information about the WannaCry ransomware, please visit https://www.consumer.ftc.gov/blog/ransomware-worries-keep-date.
LBC advises all customers to always perform regular updates on your computers and all electronic devices to protect from malicious software like the ransomware being seen in this attack. Always keep an up to date anti-virus and anti-malware software on your devices as well. When in doubt, we recommend using a local computer vendor to be sure your computer is properly configured to perform updates and has the proper software installed.
Always call the bank if you have been breached, given anyone access to your computer, your e-banking credentials or account information. Please stay safe online and remember we want to be the only bank you will ever want or need at Lewisburg Banking Company!
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party can eavesdrop or tamper with any message.
In order to properly maintain this critical security feature, the bank and its service providers occasionally are required to retire outdated encryption protocols. Due to updated compliance requirements, the bank and its service providers will disable the use of TLS 1.0/1.1 for connections to the bank and its service providers. Therefore, beginning in April 2016, the bank will no longer support TLS 1.0/1.1.
If your computer is running an outdated version of TLS, this may have an effect access to the following electronic banking services: LBC’s website, CSI eSafe for Email Statements, Mobile Banking, Bill Payment and Internet Banking.
Attention Internet Explorer users!!
Microsoft has formally ended support for Internet Explorer versions 8, 9 and 10. This means that Microsoft will not provide any future security updates or other kinds of patches for those browsers. Users who continue to use outdated browsers risk leaving their computers vulnerable to a wide range of potential issues and threats. The discontinuation of support from Microsoft means that effective immediately our website and Digital Banking platforms will only support the most current version of Internet Explorer.
Social Security Administration warns about online look-alikes
Looking for information about Social Security? Make sure you’re going to the right place.
The Social Security Administration (SSA) is warning that it’s found Twitter handles, Facebook pages, websites and apps that look official but aren’t connected to the agency. Sometimes they’re outright scams to steal your personal information.
For official information from the Social Security Administration, go to SocialSecurity.gov or ssa.gov, or follow the Twitter handles @SocialSecurity and @TheSSAOIG. Read SSA’s Office of the Inspector General blog post for more.
We have been made aware of a type of malware known as Dyreza which is beginning to impact Online Banking.
The bank's Online Banking provider Digital Insight has no reason to believe any of their applications have been impacted by Dyreza, they are taking these security issues very seriously.
Below is additional information about Dyreza from our provider. We will continue our research and provide an updates as we have them.
What is Dyreza?
Dyreza or "Dyre" is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site.
Dyreza is spread through spam e-mail messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number]." These messages contain a ".zip" file often hosted on legitimate domains, to minimize suspicion.
Opening this file infects the computer with the malware. Using a technique called "browser hooking" Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures an end user's credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution's legitimate website.
Is my iPhone vulnerable to Dyreza? iPhones and Android devices use different operating systems. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.
How can my end users protect themselves against threats like Dyreza?
Although no financial institutions we serve have been targeted by Dyreza, Digital Insight recommends end users employ security best practices to proactively mitigate this threat including:
- Installing an antivirus and keeping it updated
- Reading the permissions requested by every application before installing
- Protecting devices with a password
- Not viewing or sharing personal information over a public Wi-Fi network
Latest Security Alert - May 2nd, 2014
As you may be aware, Microsoft announced early this week that a vulnerability was discovered affecting multiple versions of Internet Explorer (versions 6 through 11). This vulnerability can give a remote attacker unauthorized access not only to a user's browser and computer but potentially to their entire computer system depending on the system privileges the user is set up with. This is especially crucial for users who may still be using the Windows XP operating system.
The quickest and easiest way to protect yourself from this threat is to refrain from using Internet Explorer as your browser until a patch can be installed. Use an alternate browser such as Firefox or Google Chrome instead.
A patch has been available from Microsoft. We advise you to install this immediately for your safety both in regards to your computer and your identity. If you have any questions or concerns please call us at (270) 726-1270.
Please be aware of a national security breach labeled the "Heartbleed Bug" which is effecting numerous websites and individuals. At this time, we have confirmation from our Internet Banking provider, Bill Pay provider, Check Ordering provider and Computer Services provider that there have been no known breaches and your information remains confidential and secured. Although we are not aware of any breaches concerning your username and/or password for our systems, we do recommend that you frequently change your username and/or password as an added layer of security. If you have any questions or concerns regarding this or any security issue, please contact the bank at 270-726-1270.
End of Support for Windows XP
Microsoft is ending support for their Windows XP operating system after April 8th, 2014. This means that Microsoft will stop providing any security updates, patches, hotfixes, service pack upgrades, or maintenance releases immediately following this date. If you are currently running Windows XP on any computer or device that you use to access your online banking accounts, and you choose not to upgrade to a newer supported operating system by April 8th, there is a greater risk of being targeted by cyber-attacks and a higher potential for compromise of your online banking account. We strongly encourage you to upgrade your home and business computers to a newer supported operating system before April 8, 2014. We also encourage you to confirm that any other computer that you may use to access your online banking accounts after April 8, 2014 does not use Windows XP.
You can find additional information at: http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx