Skip to main contentor please stop by one of our convenient locations.

Privacy & Security

Security & Fraud Prevention

Real Facebook Page, Fake Facebook Support

Another great article from our friends on KnowBe4's Security Team

Facebook pages are typically used by organizations and public figures to connect with their community. Anyone can make a Facebook page, even cybercriminals. Using social media, cybercriminals spoof brands and organizations to trick people into trusting them. In this recent scam, cybercriminals use real Facebook pages to impersonate Facebook itself.

The scam starts with a fake email that looks like it’s from Facebook. The email states that your account has been deactivated and will be deleted in 48 hours unless you click a link. If you click the link, you’re taken to a real Facebook post from a page named “Page Support” that uses the Facebook logo. The post directs you to click another suspicious link that takes you to a fake login page. If you enter your login credentials, you’ll give cybercriminals access to your Facebook profile and the ability to scam your friends and family.

Don't be fooled! Follow the tips below to stay safe from similar scams:

    • Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions, so always think before you click.
    • Remember that this type of attack isn't exclusive to Facebook. Cybercriminals could use this technique on any other social media platform.
    • If you receive an urgent notification, verify that it's legitimate. Navigate directly to the organization's website or official app to view details.

    Blank Image Phishing Scams

    Another great article from our friends on KnowBe4's Security Team

    Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.

    The scam starts with a fake email that appears to be from DocuSign. The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.

    Follow the tips below to stay safe from similar scams:

      • Always think before you download an attachment.  This type of cyberattack is designed to trick you in to downloading attachments impulsively.
      • Never click a link or download an attachment in an email that you aren't expecting.  While this attack targets DocuSign users, this scam could be used with any organization that manages electronic agreements. 
      • Enable multi-factor authentication (MFA) on your accounts when it is available.  MFA adds an extra layers of security and lowers the chance of cybercriminals logging in to your account.

          The KnowBe4 Security Team    

        Keeping Your Passwords Squeaky Clean

        Another great article from our friends on KnowBe4's Security Team

        Did you know that the average person uses the same three to seven passwords to log in to over 170 online accounts? In addition to being reused, these passwords are often weak and can be easily guessed by cybercriminals. If cybercriminals guess these passwords, they could access the majority of their victim’s online accounts. Even worse, the victim may not know that their password has been compromised for several months or years. To keep your passwords squeaky clean and safe from cybercriminals, follow the tips below:

        Create Strong Passwords

        Creating strong passwords helps prevent cybercriminals from gaining access to your online accounts. Your passwords should be as long, complex, and random as possible. While many websites only require passwords to be eight characters long, we recommend making your password at least 12 characters long. You should also include a combination of lowercase and uppercase letters, numbers, and symbols in your password. To keep your accounts extra safe, you can use password phrases, or passphrases. However, when you create your password or passphrase, make sure that you don’t use any personal information that a cybercriminal could guess.

        Don't Reuse Passwords

        Reusing passwords for your online accounts may be convenient, but it’s also risky. If you reuse passwords, you could be at risk of having multiple accounts compromised at once. If a cybercriminal guesses your password, they could access multiple accounts instead of just one account. Cybercriminals can also sell passwords or make them available online. Creating a unique password for each online account reduces the risk if one of your passwords is compromised.

        Use a Password Manager

        You’re probably wondering how you are supposed to remember long, complex passwords for all of your online accounts. The answer is a password manager. You can use password managers to securely store all of your passwords. Instead of having to remember passwords for every online account, you only have to remember one password for your password manager. In addition to storing your passwords, many password managers can also generate passwords for you based on specific criteria.

        Use Multi-Factor Authentication

        You can also use multi-factor authentication (MFA) to secure your online accounts, if available. MFA requires multiple forms of authentication, such as a password and a code from your smartphone or a USB smart key. By requiring you to use multiple forms of authentication, cybercriminals will have a harder time gaining access to your account, even if your password is compromised.

        Nobody wants cybercriminals to guess their passwords. To keep your passwords squeaky clean and safe, remember to create strong passwords, avoid reusing passwords, and use a password manager or MFA, if possible.                 

         

        The KnowBe4 Security Team                 

        © Copyright 2023 First Bank, Upper Michigan   Terms and Conditions

        Notice

        You are now leaving the website of First Bank, Upper Michigan.

        Continue
        ×

        Unsecure Email Disclosure

        NOTICE: This information is not encrypted. Please do not include any private, personal information, such as account numbers, balance information, or social security numbers in your message to us.

        Continue
        ×