New York Branch
/
About Us
/
Website Statements
/
CMBNY Security Center

CMBNY Security Center


CMBNY takes cybersecurity seriously and endeavors to continuously protect our systems and customer data. While we make every effort to secure your personal information, there's plenty you can do to avoid falling prey to fraud and identity theft.


The official CMBNY's website address is https://us.cmbchina.com/EN/.

If you are not certain of the source of a telephone call, email or letter, you should hang up the telephone, not click on a link in an email and not reply to a letter. Instead, call us at the number set out on our website or contact your relationship manager at the Branch.


Social Engineering: Phishing, Vishing and SMShing

There are three top methodologies of malicious social engineering that you need to recognize: Phishing, Vishing and SMShing.

Phishing involves an email, often using the name and logo of a legitimate company, asking you to click a link and provide account details, which are then used to commit fraud.

Vishing is phishing via phone, where the caller (or recording) warns you of the urgent need to confirm sensitive account information, or to call a number and provide it.

SMShing is essentially phishing via text, directing you to follow a link or call to provide sensitive account information.

These scams often look legitimate but legitimate companies don't use unsolicited communications or pressure tactics. E-mails and calls will ultimately seek sensitive personal and account information, like Social Security numbers, account numbers, passwords or password prompts.


Use these tips to help protect your personal/account information:

  1. 1. Do not open E-mails from unknown sources.

  2. 2. Be suspicious of E-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.

  3. 3. Contact your relationship manager if an E–mail claiming to be from your financial organization seems suspicious.

  4. 4. Update all your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.

  5. 5. Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.

Malware

Malware, short for malicious software, is any program that intentionally harms your computer, including worms, adware, spyware, Trojan horses and viruses, usually installed without your consent when you click a fraudulent advertisement or visit an affected web site. It is used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.


Use these tips to help protect your personal/account information:

  1. 1. Never open attachments or follow links that look suspicious, install firewalls and keep antivirus programs up to date.

  2. 2. Install Malware detection software for computers and mobile devices. It is available for purchase and sometimes included in anti-virus software.

  3. 3. Install security software from a reliable company and set it to update automatically.

  4. 4. Be sure to perform regular backups of your important files and data.



Online Security: Keep Your PINs and Password Private

Use these tips to help protect your personal/account information:

  1. 1. Create device or user account password with at least 8 characters that includes a combination of mixed case letters and numbers and special characters. Always follow your account password setting instruction provided by the financial institution.

  2. 2. Change your banking account's password frequently.

  3. 3. Never share username and password information with anybody.

  4. 4. Avoid using an automatic login feature that saves usernames and passwords.

  5. 5. Do not use public or other unsecured computers for logging into banking account.

  6. 6. Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.

  7. 7. Never leave a computer unattended while using banking account.

Online Security: Pay Close Attention to the Apps You're Using

Download or obtain your apps only from trusted and reputable sources such as the Apple iTunes Store, Google Play, or the Amazon App Store for Android. This helps you avoid malware which is often distributed via illicit channels. For banking account, always download the app from the source that provided by the financial institution.


Online Security: Maintain your network (Public Wi-Fi)

Public WiFi, like the ones in coffee shops, airports, and hotels, are convenient, but they often aren't secure. Many WiFi hotspots have no form of encryption, or they utilize the much weaker encryptiong protocol that is susceptible to cybersecurity breaches.


Use these tips to help protect your personal/account information:

  1. 1. Disable "Auto Join to Wi-Fi Networks" from your devices.

  2. 2. Log in or enter personal information only on secure sites that use encryption. Look for a web address that begins with "https".

  3. 3. Treat all open networks as a security risk. We would recommend not doing any type of banking, online shopping or anything else that would expose your private information while on a Wi-Fi network.

  4. 4. Avoid using your mobile device on an unsecure wireless local area network (WLAN) for banking system. Incidents have occurred where banking credentials have been stolen from an unsecure network.

  5. 5. Never email financial information including credit card, Social Security, and checking account numbers, even if the network and website are secure.



Maintain Your Devices (Jailbroken and Rooted Devices)


Jailbreaking/Rooting is the process of removing the limitations imposed by Apple/Android on devices running the operating system, allowing the phone's owner to gain full access to the root of the operating system and access all the features.


Jailbroken or rooted devices present greater risk than unmodified devices because the process will remove the manufacturer's protection against malware and viruses so do not jailbreak or root your device. Also do not log into your account or access your banking account information using the jailbroken or rooted devices.



Reporting an incident after the fact


If you're worried you might have compromised your account, please contact us immediately. The sooner we know what happened, the sooner we can help you.


Call us at the phone numbers set out on our website if you’ve accidentally given anyone the following types of information:

  • Your bank account number

  • Personal information about you, such as your Social Security number or taxpayer identification number

  • Your CMBNY sign-in information, including your user name and password