Learn How to Protect Your Information

It is our top priority to protect your information. We encourage you to take an active role in safeguarding your information. Learn how to start by reading our quick tips below on how to spot phishing, spyware, malware attacks. We’ve included additional topics with simple steps and suggestions that may help you prevent issues and detect if you’re being targeted.

  • If something looks suspicious, it probably is.
    Contact the company by using contact information you already have that does not appear on the suspicious email or website.
  • Read carefully.
    Website and email addresses can easily be manipulated to look like an authentic website or email.
  • Don’t Click.
    If you were not expecting an email from someone and it has links and/or attachments, don’t click on anything.
  • Stay Updated.
    Make sure your computer is updated regularly when updates are available.
  • Install a firewall.
    A firewall limits the potential for unauthorized access to your network and computers.
  • Under Maintenance
    You should not see a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching a website and before entering login credentials.
  • Pop-up Windows
    These may indicate an issue. If a pop-up window displays a login message or error this is a sign of a potential threat. Error messages related to logins are typically displayed directly on the login screen. Also, you should not receive pop-up messages that indicate you cannot use your current browser.
  • Error Message
    Error messages should not include an amount of time to wait before trying to login again.
  • Harmful Activity
    Repeatedly being asked to enter your user ID, password, or security questions are signs of potentially harmful activity.

  • What To Do If You Suspect Fraud

    Take the following steps immediately if you think your personal information has been compromised.

    •  Call your bank and credit card issuers immediately so that the necessary steps can be taken to protect your accounts.
    •  File a police report and call the fraud unit of the three credit-reporting companies.
    •  Consider placing a victim statement in your credit report and a fraud alert on your account.
    •  Keep a log of all the contacts you make with authorities regarding the matter. Write down names, titles, and phone numbers in case you need to re-contact them or refer to them in future correspondence.
    • Contact the FTC’s ID Theft Consumer Response Center at 1-877-ID THEFT (1-877-438-4338) or gov/idtheft.

  • 7 Steps to Safeguard Your Information

    1. Create complicated passwords
      Avoid using birthdays, social security numbers, pet names, other personal information, and simple passwords like ‘12345’. Use capital letters, numbers, and symbols to make your password strong. For example, take the word ‘complicated’. Rather than using that word exactly how it appears, incorporate our tips to create ‘c0mPlic@t3d’.
    2. Change your passwords
      It is recommended that you change your passwords regularly. Set a reminder to notify you to create new passwords at least three times a year.
    1. Keep your confidential information confidential
      Friendly theft—theft by someone the victim knows—is the most common type of identity theft or fraud. Do not share your passwords with family members, friends, or colleagues. Be mindful of who has access to your personal information. Additionally, you should avoid using automatic sign-in features that remember your login credentials. That way, no one can access your information if your device is stolen or lost.
    1. Review your accounts
      Check your account activity and online statements often instead of waiting for the monthly statement. You’re the best person to detect fraudulent transactions because you’ll be able to recognize a charge you didn’t make. If you notice unusual or unauthorized activity, notify your bank right away. When a customer reports an unauthorized transaction in a timely manner, the bank will cover the loss and take measures to protect the account. Take advantage of account alert features that notify you of changes and/or transactions.
    1. Stay alert online
      Be sure your computers and mobile devices are equipped with up-to-date anti-virus and malware protection. Never give out your personal financial information in response to an unsolicited email no matter how official it may seem. We will never ask for your passwords, PIN, or account information via email. Only open links and attachments from trusted sources. When submitting financial information on a website, look for the padlock or key icon at the top or bottom of your browser. Before submitting information make sure the Internet address begins with “https.” This signals that your information is secure during transmission. If making changes or transactions online, close unnecessary browser windows. Also, do not use public or other unsecured computers and devices to access your personal information. Never leave a computer or device unattended while accessing your data. Check your web browser security and privacy settings to select and confirm the appropriate level of safety. Clear your cached web history before logging in to your accounts.
    1. Mobilize your defenses.
      Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell, or trade your mobile device; be sure to clear or wipe the data from the device by using specialized software or using the manufacturer’s recommended technique. Purchase software and/or apps that allow you to wipe your device remotely if it is lost or stolen. Use caution when downloading data. Never download data from a source you do not recognize as secure.
    2. Create Online Alerts
      Set-up custom alerts that notify you when your account is accessed from a new device or if your account information is changed or updated.
  • Creating Account Alerts

    Customizing your alerts specifically to your preferences can be accomplished quickly. Start by logging in to your online banking account and selecting ‘Customer Service’ from the dashboard menu. Under this menu, you can manage a variety of options and review your account information. To change your alert notifications, select ‘Manage Alerts’ under ‘Contact Options’.

    Following is a list of the types of alerts that you can set.

    Account Maintenance

    Change password Manage Contact Information
    Change User ID Manage Mobile Banking Settings
    Change Address Change Statement Delivery Method
    Customize Accounts Change ATM/Debit Card Overdraft

    Account Services

    Stop a Check View Stopped Checks
    Order Checks

    Contact Options

    View Messages Contact Us
    Manage Alerts

    Disclosures

    Service Agreement Privacy Statement

    Currently, your default alert settings are set to notify you when the following actions take place:

    Password Change
    Password Locked
    Email Change
    User ID Change
    External Account Added
    New Payee Added
    Phone Number Change

  • Online Banking Best Practices

    Whenever possible…

    • Download and use our Mobile Banking App to review transactions.
    • Use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
    • Register your computer or mobile device to avoid having to re-enter challenge questions and other authentication information with each login.
  • Email Best Practices

    Most security breaches result from malware introduced into a computer or network, or by using personal, confidential information (e.g., passwords, tax identification numbers, bank account information) gleaned using social engineering techniques. Since fraud perpetrators frequently use email for these purposes, email best practices represent a critical first line of defense. Following are best practices all email users should follow:

    • Do not assume an email is legitimate based on the sender information. This information is easily copied and embedded in documents.
    • Be careful of email addresses received from public email addresses (e.g., gmail.com, yahoo.com). Most large organizations do not use public email addresses.
    • Corporate logos can also be easily copied and embedded in documents. Do not assume an email is legitimate just because you recognize a logo.
    • If you question the validity of an email, contact the sender through another channel, such as a phone number, that is from another source. Never verify a sender with other contact information contained within the same email.
    • Offers that appear in the subject line or body of the email that appear to be too good to be true are likely fraudulent.
    • Offers that are time sensitive, asking for you to respond immediately or suggest penalties for not doing so, are likely fraudulent.
    • Consider twice before clicking on embedded links in emails. These are sometimes used to download malware onto your computer. See “Understanding internet addresses” below for details on identifying potentially dangerous links.
    • Attachments are another way that malware can be downloaded onto your computer. Do not open attachments in emails that you are not expecting.
    • Spelling and grammatical errors are usually another indication that an email may not be legitimate.
    • Never respond to an email requesting confidential information, or through a phone number provided within the email. Reputable companies will never ask for this type of information through email.
    • Forms embedded in an email are never secure. Do not fill out a form embedded in an email.
  • Understanding Internet Addresses (URLs)

    Understanding Internet addresses (URLs)

    Internet addresses, or URLs, identify the website where you will be taken when you click on it. Before clicking on any link embedded in an email it’s a best practice to hover or long press over the link to view the address behind the link. You should not click on the link if the address cannot be viewed. Also be careful to make sure the address is correct even if you think you recognize it. Perpetrators often create a slight misspelling in the URL that misleads you to believe it is legitimate.

    Here’s how Internet addresses are formatted:

    • The part of the URL between the “https://” and the next “/” is known as the domain.
      Example: https://www.rbankchicago.com/
      This controls where the link takes you.
    • A domain can consist of multiple sections:
      Example: https://rbankchicago.fakelogin.net/user_test
      The area immediately proceeding the first “/” (fakelogin.net), represents the actual domain name. The area appearing before this section (rbankchicago.), is referred to as the sub-domain. If you click on the link you would be taken to fakelogin.net, not rbankchicago. Therefore you must make sure the URL is accurate and that it is located properly in the URL.
    • Sometimes recognizable information will appear to the right of the first “/”, however, as always, the domain is indicated by the information preceding the first “/”.
      Example: https://fakelogin.net/www.rbankchicago.com

    If you are ever in doubt about the validity of a URL, enter the domain name associated with the site you wish to validate into an Internet search engine, such as Google or Yahoo. When you view the search results, the first result should precisely match the domain name you entered. If this is not the case, you should not click on the link. Also consider the following:

    • If the domain consists of a series of numbers, then it is not easily identifiable. Avoid these domains.
    • If you doubt the legitimacy of a domain name, contact the sender through another channel, not listed within the email.
    • Utilize information system professionals to help you safeguard your computer and network.

Have a Question?

  • Speak to a Personal Banker
    630.908.1832
    Monday – Friday 9am – 5pm
  • Email Us
    Please note, this is an unsecured message. Do not include account numbers, social security numbers, date of birth or other sensitive information.