纽约分行
/
关于我们
/
网站声明
/
安全信息中心

CMBNY Security Center

Protect Yourself from Cyber Threats

In today’s digital age, technology plays an increasingly important role in our life, including how we manage our finances, access banking services, and conduct transactions online. While this brings a lot of convenience and flexibility, it also exposes us to various cyber threats and risks that could compromise the security of our sensitive personal and business information. Cyber attackers are always looking for ways to exploit vulnerabilities in our devices and networks, trick us into revealing sensitive information, or steal our money through various online scams and frauds.


At China Merchants Bank New York Branch (“CMBNY”), we take the security of your information and accounts very seriously. We have put in place a series of countermeasures to protect you, our clients, and our systems, including multi-factor authentication, encrypted communication, data loss prevention, and intrusion detection and prevention, among others. While we work hard every day to strengthen our cyber defense, it is also crucial for you to take proactive steps to protect yourself from cyber threats.


General Security Tips for Protecting Your Accounts, Devices, and Sensitive Information

1. Enhance your password security

• Use different passwords for each account. This is the most important tip. If you use the same password for all of your accounts, and one of those accounts is hacked, then all of your accounts are at risk. 

• Use strong passwords. A strong password should be at least 12 characters long, and it should include a mix of upper and lowercase letters, and numbers. 

• Use passphrases. A good password should be hard to guess but easy to remember. Consider using a passphrase composed of multiple words that only makes sense to you. For example, "J@zz1n7h3P@rk" (JazzInThePark) is a passphrase that is easy to remember but difficult for others to guess. 

• Don't use personal information in your passwords. Your name, birthday, wedding anniversary, and other personal information are easy for hackers to guess or obtain from social media. 

• Don't write your passwords down. If you must write down a password, store it in a safe place that only you can access. 

• Do not share your password. Avoid sharing your passwords with others, including friends, family, or co-workers. Don’t respond to any email, text message, or phone call asking for your password for any reason. 

• Consider a password manager. A password manager is a software program that can help you to create and store strong, unique passwords for all of your accounts. Secure your password manager with a strong master password and 2-factor authentication. 

2.  Enable two-factor (multi-factor) authentication (2FA/MFA)

Enable 2FA/MFA whenever possible, as it adds an extra layer of security by requiring an additional verification step. It helps protect against unauthorized access, even if your password is compromised.

The additional authentication factors can be:

• A one-time password (OTP) sent to you via SMS/email/phone call 

• OTP generated by an authenticator app or physical token 

• A physical security key that need to be connected to your device during authentication 

• Biometrics authentication like face recognition or fingerprint scan  

3. Secure your devices

Protect computer, smartphone, and other devices with a PIN, password, or biometric authentication (such as fingerprint or face recognition) to prevent unauthorized access. Always lock your screen before leaving your computer.

Keep your operating system, software, and antivirus programs up to date to defend against potential vulnerabilities.

4. Secure your Wi-Fi network

Set a strong password for your Wi-Fi network to prevent unauthorized access. Use WPA2 or WPA3 encryption for better security.

5. Be cautious with public Wi-Fi

Avoid using public Wi-Fi networks for sensitive activities like online banking or accessing personal accounts. If you must use public Wi-Fi, consider using a virtual private network (VPN) to encrypt your connection.

6. Practice safe browsing habits

Use secure and reputable web browsers and be cautious when visiting websites. Look for the padlock symbol and "https" in the website URL to ensure encrypted connections. Avoid clicking on pop-up ads or visiting potentially malicious websites. Always log out from your account when you finish your online sessions.

7. Download software from trusted sources

Only download software, apps, and files from reputable sources. Avoid downloading files from unfamiliar websites or unverified sources, as they may contain malware.

8. Be cautious on social media


Stay Vigilant to Phishing Attacks

Phishing is a technique used by cybercriminals to trick individuals into providing sensitive information such as login credentials, credit card details, or personal information. Phishing attacks can occur in various ways:

• Email phishing: The most prevalent form of phishing is through deceptive emails. Attackers send emails that appear to be from legitimate sources, such as banks, social media platforms, or online retailers. These emails often contain urgent or enticing language to create a sense of urgency or curiosity, compelling recipients to click on malicious links or provide their personal information on fake websites. 

• CMBNY’s email practices: In the business emails sent by CMBNY, we include the first digit and the last two digits of the customer ID. We do send emails with links (for your convenience) to features such as online tours and information or promotions about CMBNY products. You can also type in the address (URL) directly, if you prefer. 

• SMS phishing (Smishing): Attackers send fraudulent SMS messages that mimic legitimate organizations, often containing urgent requests or enticing offers. They may include links that redirect to malicious websites or request sensitive information via text. For example, you might receive a text message that appears to be from the IRS, asking you to click a link to claim a “tax rebate” or “refund payment”. If you click on the link, you will expose yourself to identify theft or malware that the scammer could install on your phone. 

• Voice phishing (Vishing): Vishing attacks occur through phone calls, where attackers pose as representatives from trusted organizations. They use social engineering techniques to manipulate victims into revealing sensitive information over the phone, such as account numbers, passwords, or personal details.  For example, they may call you pretending to be a representative from a bank and claim there is an issue with your account, such as unauthorized activity or a security breach, and request your personal information to solve the problem. 

• Social media phishing: Phishing attacks can happen through social media platforms, where attackers create fake profiles or pages impersonating well-known brands, celebrities, or organizations. They may send messages or post content with malicious links or requests for personal information. 

• Search engine phishing: Attackers manipulate search engine results to display malicious websites at the top of search results. When users click on these links, they are directed to fake websites designed to steal their information. 

Spear phishing

Most phishing attacks are "bulk attacks" that are not targeted and are instead sent in bulk to a wide audience. Spear Phishing is a more targeted form of phishing that focuses on specific individuals or organizations. The attacker conducts extensive research to gather information about the target. This information could include their name, job title, email address, or even personal details obtained from social media profiles or other sources. The attacker then uses this information to craft a highly customized and convincing phishing attempt.

How to recognize and avoid phishing attacks?

Recognizing and avoiding phishing attacks is crucial to maintaining your online security. In addition to the general security tips mentioned above, here are some important tips to help you identify and steer clear of phishing attempts:

• Be cautious of unsolicited communications: Be skeptical of emails, text messages, or phone calls from unknown senders or sources, especially those that request personal information or have a sense of urgency. 

• Verify the sender's identity: Double-check the email address, domain, or phone number of the sender to ensure it matches the legitimate organization they claim to represent. 

• Look for spelling and grammar errors: Phishing emails often contain spelling mistakes, grammatical errors, or awkward language usage. 

• Think before you click: Avoid clicking on links or downloading attachments in suspicious emails, text messages, or social media messages. Hover over links to preview the URL and check for misspellings or suspicious domains. 

• Use official channels: Instead of clicking on links in emails, manually type the URL of a website or use bookmarks to access trusted websites directly. 

• Do not share personal information: Legitimate organizations will not ask you to provide sensitive information like passwords, social security numbers, or credit card details via email or text. Avoid sharing such information unless you have verified the authenticity of the request through a trusted source. 

• Defend against unwanted calls using call-blocking or call-labeling technologies: Use built-in call blocking features of your phone, get a reputable call-blocking app, or check with your phone service provider to find out what call-blocking or call-labeling services they can provide. 

• Trust your instincts: If something feels suspicious or too good to be true, trust your gut instinct. When in doubt, contact the organization directly through their official website or phone number to verify the authenticity of the communication. 


Protect Yourself against Malware and Ransomware Attacks

Malware refers to malicious software that is designed to infect a user's device without their knowledge or consent. Malware can take the form of viruses, trojans, spyware, or ransomware, and it can be used to steal sensitive information, corrupt data, disrupt business operations, or take control of the device.

Malware attacks can occur through various means, such as email attachments, infected websites, malicious downloads, or removable storage devices. Once the malware infiltrates a system, it can execute its malicious activities, which may include:

• Data Theft: Malware can be designed to steal sensitive information such as passwords, financial data, personal information, or intellectual property. This stolen data can then be used for identity theft, financial fraud, or other malicious purposes. 

• System Disruption: Some malware is designed to disrupt the normal operation of a computer system, causing it to slow down, crash, or become unresponsive. This can lead to significant productivity losses for individuals or organizations. 

• Unauthorized Access: Certain types of malware, such as backdoors or remote access Trojans (RATs), aim to provide remote control or unauthorized access to the compromised system. This can allow the attacker to gain control over the system, monitor activities, or launch further attacks. 

Ransomware is a specific type of malware that encrypts the victim's files or locks them out of their own system, demanding a ransom payment in exchange for restoring access. This can cause significant disruption to individuals and organizations, potentially resulting in data loss or financial damages.

Protecting yourself from malware and ransomware attacks requires a combination of proactive measures and good cybersecurity practices. In addition to the general security tips mentioned above, here are some key steps to enhance your protection:

• Use reputable antivirus and anti-malware software: Install reputable security software on all your devices and keep it up to date. These programs can detect and remove various types of malware, including ransomware. Enable automatic updates to ensure you have the latest protection. 

• Be wary of phishing attempts: Be cautious of unsolicited emails or messages. Avoid clicking on links or downloading attachments from unfamiliar or suspicious sources. 

• Exercise caution with removable media: Be cautious when using USB drives or other external storage devices. Scan them for malware before accessing any files, as these devices can be a common vector for spreading malware. 

• Backup your data regularly: back up your important files and data to an external storage device or cloud storage regularly. In the event of a ransomware attack, having secure backups will allow you to restore your files without paying the ransom. 


Protect Yourself from Identity Theft

Identity theft occurs when someone uses your personal or financial information, such as your name and address, Social Security number, credit card details, or bank account numbers without your consent, typically for fraudulent purposes. For example, they can use your identity to open fraudulent accounts, make unauthorized purchases, apply for loans or credit cards, file false tax returns, or engage in other criminal activities.

Identity theft can happen in various ways, including:

• Data breaches: When a company's computer systems are hacked, hackers may be able to steal personal information, such as names, addresses, Social Security numbers, and credit card numbers. 

• Phishing and social engineering: Identity thieves may send you emails, messages, or make phone calls impersonating legitimate entities, such as banks or government agencies, to trick you into providing your personal information or login credentials or downloading malicious software that steals their information.  

• Skimming: Skimmers can capture credit or debit card information by installing malicious devices on ATMs, gas pumps, or other payment terminals. These devices record card details, which can then be used to create counterfeit cards or conduct unauthorized transactions. 

• Dumpster diving: Identity thieves may rummage through trash or recycling bins looking for discarded documents containing personal information, such as bank statements, credit card bills, or utility bills. 

• Lost or stolen documents: If documents with sensitive personal information, such as bank statements, credit card offers, tax document, driver's licenses, passports, or Social Security cards, are lost or stolen, they can be used to assume someone's identity. 

• Use of unsecure public WiFi: Using unsecured public Wi-Fi networks can expose your personal information to hackers. They may intercept the data you transmit over the network, including login credentials and financial details. 

In addition to the general security tips mentioned above, here are some important steps you can take to safeguard your personal information and minimize the risk of identity theft:

• Be cautious of phishing attempts: Be skeptical of unsolicited emails, messages, or phone calls asking for personal information. Do not click on suspicious links or download attachments from unknown sources. Only provide personal details to trusted sources and verify the legitimacy of any requests before sharing information. 

• Securely store and dispose of financial documents: Safely store your financial statements, bank cards, and other sensitive documents in a secure location. Shred or destroy any documents containing personal or financial information before disposing of them. 

• Monitor your financial accounts: Regularly review your bank and credit card statements for any suspicious activity. Report any unauthorized transactions or discrepancies immediately to your financial institution. 

• Monitor your credit report:   Regularly check your credit reports to identify any unauthorized accounts or suspicious activities. You can get a free copy of your credit report from major credit bureaus (Equifax, Experian, and TransUnion) once a year at https://www.annualcreditreport.com. Consider using a credit monitoring service to receive alerts about changes in your credit report. 

Report Identity Theft

If you suspect your identity has been stolen, report your case to the Federal Trade Commission (FTC) at https://www.identitytheft.gov/ or call 1-877-438-4338 and get a recovery plan.


Additional Resources

Learn more about cyber scams and how to avoid being a victim:

https://consumer.ftc.gov/

https://www.cisa.gov/be-cyber-smart/common-scams

Report fraud and scams to the FTC:

https://reportfraud.ftc.gov/


CMBNY Contact

You can always contact us at cserv@ny.cmbchina.com or contact your relationship manager if the matter is urgent - and you should do so immediately if you’ve responded to a potentially fraudulent email, text message, or phone call with your personal information.