News Update: Updates to Customer Verification Process. Read More

SBKO.BANK

In order to provide you with even greater online security, “summitbankonline.com” is now “SBKO.BANK”.

Only our URL has changed, but with this simple change come additional security features designed to keep your personal and financial information safe.

With our transition to SBKO.BANK now complete, Summit Bank customers can be assured that when they visit our website, or communicate with us electronically, enhanced security and verification requirements are in place in order to reduce the risk of cyber threats and enable us to continue to build on our highly-trusted secure environment.

I don’t see many other banks moving to .BANK, why did Summit Bank?
We take the security of our customers’ information very seriously and therefore chose to take this extra step to give Summit Bank customers peace of mind when banking with us online. We believe that the .BANK domain provides an additional layer of security that the other top level domains such as .com do not.

Why is .BANK more secure?
Just about anyone can obtain a “dot com” website address. With that criminals can create ‘spoof’ websites and email addresses that can deceive people into giving away personal information.

A coalition of banks, American Bankers Association, the Financial Services Roundtable and other industry members formed to create the “dot Bank” Domain. Only after completing an extensive verification process can a “dot Bank” domain be purchased.

Summit Bank was one of more than 2,500 United States banks to complete that process and acquire a “dot Bank” address in 2015. We are pleased to be one of the first banks in Oregon to migrate to the new domain.

.BANK domains signify that a company has been verified as legitimate and is committed to implementing the additional and mandatory security requirements that go beyond existing standards. Only verified banks are allowed to use the .BANK domain. Therefore, when you see a domain which ends in .BANK, you can be assured that you are dealing with a legitimate, verified financial institution.

Because of the additional security measures taken in the verification process, cybercriminals can be identified and denied the right to obtain a .BANK domain name. Therefore, the .BANK environment provides an enhanced level of security against imposter sites and peace of mind for our customers and business partners.

What are the enhanced security requirements in .BANK?

  • Mandatory verification of charter/licensure for regulated entities ensures the organization requesting the domain is legitimate, the person requesting the domain name is authorized by the company and that the name requested by the company complies with all policies.
  • Domain Name System Security Extensions (DNSSEC) to ensure that Internet users are landing on participants’ actual websites and not being misdirected to malicious ones;
  • Email authentication to mitigate spoofing, phishing and other malicious activities propagated through emails to unsuspecting users;
  • Multi-factor authentication to ensure that any change to registration data is made only by authorized users of the registered entity;
  • Strong encryption to ensure security of communication over the Internet;
  • Prohibition of Proxy/Privacy Registration Services to ensure full disclosure of domain Registration information so bad actors cannot hide.

Who is responsible for enforcing the enhanced Security Requirements and Policies in .BANK?
fTLD and in some cases its Registry Service Provider, Verisign, will be responsible for monitoring compliance with the relevant requirements. Registrars will play a role in enforcement as they have the direct relationship with the registrant. fTLD always retains the right to take action if the registrar fails to do so.

Does the move to “dot Bank” change my online Banking login?
No. You’ll continue to use the same Username/Access ID and Password.

As a client, what will I notice that is different?
Summit Bank’s new URL and employee email address extensions will be updated to reflect this change.

New URL: SBKO.BANK
Former URL: summitbankonline.com

Employees new email address: jsmith@sbko.bank
Former employee email address: john.smith@summitbankonline.com

What do I need to do?
Our old “summitbankonline.com” URL will continue to redirect to “sbko.bank and you will be re-directed to the new Summit Bank URL at the end of August. If you have saved summitbankonline.com in your “Favorites,” then you should update your “Favorites” to sbko.bank.

Feel free to contact us if you have any questions or concerns about our transition to “sbko.bank”.

IMPROVING YOUR OWN SECURITY

We strive to ensure a safe banking environment, but also understand that it requires our customers to have a safe computing environment in their homes or businesses. Please review the information below to help protect yourself and your business against Identity Theft and fraud. And always remember to review your accounts regularly.


Reporting Online Environment Security Issues
At Summit Bank we go to great lengths to protect your personal information and ensure that Summit Bank’s Online Banking is secure. If you ever doubt the legitimacy of any e-mail claiming to originate from Summit Bank or if you believe you may be the victim of misuse of your personal information in the online environment, please contact us at (541) 684-7500.

Lost or Stolen Debit Cards
Immediately call 800-472-3272 to cancel your card. You can also contact the bank directly 9am to 5pm Monday through Friday. Please do not leave a message after hours, call the 800 number above.


How can you protect yourself and your business?
A good way to help prevent fraud is to recognize and be prepared for the threats you’re facing.

Who wants your personal information?

  • Cyber Criminals
  • Hackers
  • Organized Crime

What information do they want?

  • Names
  • Addresses
  • Phone Numbers
  • Email Addresses
  • Social Security Numbers
  • Account Numbers & Info
  • Passwords and Access Codes

Here are some common threats to watch for along with general tips to help you stay safe:

Phishing Attacks
Phishing (pronounced “fishing”) is a type of criminal activity that uses fraudulent techniques to trick you into providing personal information. An attacker might send an email that appears to be from a reputable company you do business with, such as your bank. The email asks you to reply to the email or go to a website that looks like your bank’s site and then give your user name, password, account number, personal identification number (PIN), Social Security number or other personal information.

Examples of Phishing Messages
You open an email or text, and see a message like one of these:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

The senders are phishing for your information so they can use it to commit fraud.

Phishing may also occur by telephone call or text message. For example, you could get a text message from a phone number you don’t recognize that says your account will be closed, frozen or terminated unless you call a phone number or go to a website listed in the message and then give your personal and account information.

How to Deal with Phishing Scams
Don’t respond to email and text messages that ask you to confirm or provide personal information (debit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don’t ask for this information via email or text. The messages may appear to be from organizations you do business with, and they might threaten to close your account or take other action if you don’t respond.

Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name. Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a “refund.” But a local area code doesn’t guarantee that the caller is local.

If you’re concerned about an unusual email from an individual or organization you do business with, call them at a known/trusted phone number. Locate the phone numbers from on their website, your original contracts/paperwork with the business, on your periodic statements, or on the back of your debit/credit card.

Business E-mail Compromise
CEO Email Fraud or Business Email Compromise is a fast growing scam in which cybercriminals trick employees into transferring large sums of money to them by impersonating CEOs and other company executives in spoofed emails. The FBI has reported billions in losses over the past few years in the United States, affecting businesses in all 50 states.

How does it work?
The fraudsters first study their intended victims. Social media websites, a company’s own website, and news reports can give employees’ names, job titles, email addresses, and telephone numbers, as well as information about the company’s business dealings.

Fraudsters also pose as third parties – perhaps the company’s financial partner, a vendor, or someone legitimately seeking information – in phishing emails and pretexting calls designed to trick employees into disclosing confidential information. With a company’s information, scammers can spoof, or fake, an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it’s coming from an executive officer, regular vendor or other trusted source.

In some cases, hackers break into a company’s email system and send urgent requests for money transfers. Once the money is wired, it can be very difficult or nearly impossible to recover.

These tips can help you guard your company against these scams:

  • Establish a multi-person approval process for transactions above a certain amount.
  • Set up a system that requires a valid purchase order and approvals from a manager and a finance officer to spend money.
  • Verify by phone any changes in vendor payment information and fund transfer requests.
  • Remember –standard email never is a secure way to send financial information. Don’t transmit account information by regular, standard email and question any emailed payment requests that include account information. Utilize a secure e-mail file transfer service or e-mail encryption technology that encrypts and protects the data during transmission.
  • Slow down. Take time to verify any request, even an urgent one. And be suspicious of any request for secrecy.

Corporate Account Takeover
Corporate Account Takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts.

The good news is, if you follow sound business practices, you can protect your company:

  • Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.
  • Use layered system security measures: Create layers of firewalls, anti-malware software and encryption. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep the programs updated.
  • Manage the security of online banking with a single, dedicated computer used exclusively for online banking and cash management. This computer should not be connected to your business network, should not retrieve any e-mail messages, and should not be used for any online purpose except banking.
  • Educate your employees about cybercrimes. Make sure your employees understand that just one infected computer can lead to an account takeover. Make them very conscious of the risk, and teach them to ask the question: “Does this e-mail or phone call make sense?” before they open attachments or provide information.
  • Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking and personal e-mail. Such sites could inject malware into your network.
  • Establish separate user accounts for every employee accessing financial information, and limit administrative rights. Many malware programs require administrative rights to the workstation and network in order to steal credentials. If your user permissions for online banking include administrative rights, don’t use those credentials for day-to-day processing.
  • Use approval tools in cash management to create dual control on payments. Requiring two people to issue a payment – one to set up the transaction and a second to approve the transaction – doubles the chances of stopping a criminal from draining your account. Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.

Malware, Ransomware, and Viruses
Malware includes, viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent.

These programs can cause your device to crash, and can be used to monitor and control your online activity, or log keystrokes to capture anything you have typed, such as usernames, passwords, Social Security Numbers, etc.
Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

Criminals use malware for financial gain and to steal personal information, send spam, and commit fraud.

Some of the ways to protect yourself against Malware and Ransomware:

  • Keep security and operating system software up to date.
  • Back up your data regularly. Whether it’s your taxes, photos, or other documents that are important to you, back up any data that you’d want to keep in case your computer crashes or is held in a ransomware event.
  • Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
  • Think before you click. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site.
  • Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.
  • Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware.
  • Don’t click on popups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.
  • Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like photo printing stations or public computers.

Keep your Systems Updated
The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats.

If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware / ransomware – onto your computer and use it to lock you out of your own files, secretly break into other computers, send spam, or spy on your online activities. Many of the recent malware and ransomware outbreaks have been because systems were not recently patched and were vulnerable to the attacks.

Anti-Virus, Web Browser, and Operating system updates are released on a weekly or even daily basis. Many operating systems and web browsers can be set to update automatically so you are less likely to miss these critical updates.

Back up Important files
No system is completely secure. Create offline backups of important files. That way, if your computer is compromised, you’ll still have access to your files. And, periodically test your ability to recover the files from your backup source(s).

Password Creativity
Password theft is a huge issue for many internet users. From email logins to shopping websites, social media accounts, and online banking systems, we all have passwords that access different parts of our lives.

Unfortunately, many of us create weak or common passwords in an attempt to make logging in to various sites as easy as possible.

Password hackers feast on this lack of security and can obtain your information much easier than you might think. Many people use the name of a family member, pet, common words, or other easy to remember combinations that hackers can easily discover to gain access to personal information.

It’s absolutely critical to use a highly secure password for all of your financial accounts.

How to Improve Password Strength:

  • The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users. Never use your pet’s name, your child’s name or anything else that a fraudster could easily find out.
  • Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam. Keep your passwords in a secure place, out of plain sight.
  • For added security, remember to change your password on a regular basis and again, avoid using the same password for multiple accounts.

ADDITIONAL

Additional Protections
Here are some additional steps you can take:

  • Don’t give out financial information such as checking account and credit card numbers—and especially your Social Security number—on the phone unless you made the call and you know the person or organization you’re dealing with.
  • Report lost or stolen checks immediately.
  • Tell us right away about any suspicious phone inquiries you get, such as those asking for your account information so the caller can “verify a statement” or “award a prize.” Don’t give out any personal or account information.
  • Keep your personal identification numbers (PINs) for your ATM and credit cards safe, and don’t write your PIN on the card itself or store it in the same place you store your card.
  • Be careful to create secure PINs and passwords. Don’t use birth dates, parts of your Social Security or driver’s license numbers, your address or your children’s or spouse’s names, for example.
  • If you get financial offers in the mail that you’re not interested in, tear them up or shred them before throwing them away so thieves can’t use them to steal your identity. Destroy any other financial papers, such as bank statements or invoices, before getting rid of them.
  • Do not send confidential information of any kind by email unless it is encrypted.
  • Change your passwords often. Even if the website doesn’t require it, it is a good practice to change your passwords at least every six months.
  • Never disclose your login credentials to other people or companies.
  • Do not store your ID and Password information where others could gain access to it. It is best not to write the information down at all.
  • Do not use public computers and open wireless networks for sensitive online transactions. Wi-Fi spots in airports, hotels, coffee shops, and other public places can be convenient but they’re often not secure and can leave you at risk. If you’re accessing the Internet through an unsecured network, you should be aware that malicious individuals might be able to eavesdrop on your connection. This could allow them to steal your login credentials, financial information, or other sensitive information. Any public Wi-Fi should be considered unsecure.

Additional Resources
For more information on preventing and reporting Identity Theft, visit http://www.ftc.gov or www.identitytheft.gov. Also visit www.onguardonline.gov for more tips to help you stay safe and secure.

For additional information on Protecting Small Businesses visit:
https://www.ftc.gov/about-ftc/bureaus-offices/bureau-consumer-protection/small-business