You can help protect yourself against online fraud and identity theft by following these guidelines:

Email
Online Security
Virus Protection
What is "Phishing?"
Who Are Cyber-Criminals?
How Cyber-Criminals Operate
Security Commitment

Email

• Be alert for fraudulent (sometimes called "phishing") emails. They may appear to come from a reputable business or a trusted friend but are actually designed to trick you into downloading a virus to your computer or directing you to a Web site to disclose sensitive or personal information.



• Immediately delete any email that requests your personal information; do not reply to it. Reputable businesses never request personal information (Social Security or credit card numbers, for example) via email.



• Never send your personal information via unsecured email. Unsecure email is more like sending an online postcard. If Iowa State Bank needs information beyond your name, address, email address and phone number, we will provide you with a secure email form.



• If an email from an unknown - or unsolicited - sender contains an attachment of any kind, do not open it. Delete the email immediately.



• Be cautious when clicking on a link in an email that you receive. It may be fraudulent, even though the URL may be identical to the actual company's Web site. To check the ownership of the destination page, open a new browser window (Internet Explorer or Netscape) and manually type in the URL provided in the email. If they don't match, immediately delete the email with the suspicious link.



• Large numbers of recipients are being "spammed," without actual knowledge of their banking affiliation, with fraudulent emails. They request and collect email addresses and other confidential information like financial account numbers, IDs and passwords. The cyber-criminals have copied the logos and the content styles of widely known and respected financial institutions in an attempt to elicit a response from a recipient who may or may not be a customer of that financial institution.

Online Security

• If you suspect a Web site is not what it claims to be, leave it immediately. Do not follow any of the instructions it presents.



• Only do business with the companies you know and trust.



• Be aware! Phony "look-alike" Web sites are designed to trick consumers and collect their personal information. Make sure the sites you transact business on post their privacy and security statements. Review the statements carefully.



• Provide sensitive personal or financial information only when you have initiated it and only if the page is secure.



• Make sure the Web site is certified with a digital security certificate by clicking on the "closed lock" or "solid key" image located in the bottom bar of your browser window. A small frame with site security information will appear. Click the word 'Subject' for Internet Explorer to verify you are on the correct Web site, and make sure the registered owner matches the site. To verify the site certification authority, click the 'Issuer' tab. For Netscape, click on "View Certificate" to view subject and issuer details.



• Choose passwords or Personal Identification Numbers (PINs) that are difficult for others to guess (NOT your birthday or street address or the last four digits of your Social Security number), and use a different password for each of your Internet accounts. Change these passwords frequently. Use both letters and numbers and a combination of lower- and upper-case letters if the passwords are case-sensitive.

Virus Protection

• Maintain current versions of your computer's operating system and Internet browsers.



• When you're not online, always disconnect from the Internet.



• Always back up the files on your computer.



• Install a personal firewall to help prevent unauthorized access to your home computer, especially if you connect to the Internet via a cable modem or a digital subscriber line (DSL) modem.



• Keep your anti-virus software up-to-date. Anti-virus software needs frequent updates to guard against new viruses. Download the anti-virus updates as soon as you're notified that a download is available. Some antivirus programs offer an "auto-update" feature, where regular updates are made automatically for you.

What Is "Phishing?"

"Phishing" refers to a person or a group of cyber-criminals who create an imitation or copy of an existing legitimate Web page to trick users into providing sensitive personal information. Responding to "phishing" emails put your accounts at risk.

Who Are Cyber-Criminals?

"Phishing" cyber-criminals solicit personal data from unsuspecting victims via the internet - like personal IDs, passwords, card numbers and PINs - and sell this information to other criminals who use it for financial gain. They can also access a customer's accounts through online banking and set up false bill payments that send checks to the criminal or a conspirator. In other cases, criminals transfer funds from all available customer accounts, including credit cards, savings accounts and home equity loans into their checking account. A copy of the customer's credit card or check card is then used with their PIN at ATMs around the world to withdraw cash from their checking account.

How Cyber-Criminals Operate

To increase the number of responses, cyber-criminals include upsetting or exciting statements in their emails. They want people to react immediately and respond with the desired information without thinking. To protect yourself, take the time to examine the claims made in the email. If you receive an email requesting sensitive information, check its authenticity by contacting the company that appears to be the originator of the email.

Iowa State Bank Security Commitment

At Iowa State Bank, we're committed to protecting your privacy and security. We will never initiate a request for sensitive information from you via email (ie., Social Security Number, Personal ID, Password, PIN or account number). We strongly suggest that you do not share your Personal ID, Password, PIN or account number with anyone, ever.