Security

The security of your accounts and personal information is Carver Federal Savings Bank’s (“Carver”) highest priority. Regardless of your preferred method of banking— in person, by telephone or online— you need to know that your information is safe and secure. Now more than ever, it is important that you are aware of everything around you and your financial information is no exception.

We encourage you to take a moment to view the information within this Security Center to learn what steps you can implement to better protect your private account information.

If you ever have a security concern, please call us at (718) 230-2900.

I.   Secure Your PC

The Internet provides a convenient method for you to find and use countless products and services. At the same time, it can leave you open to scammers, hackers and identity thieves. Below are some tips on how to protect your information and your computer while online

Give Personal Information Over Encrypted Web Sites Only
If you're shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. Carver’s encryption is accomplished through Extended Validation (EV) SSL, which utilizes an EV certificate-only browser that cues the address bar green.

Ways to determine if a Web site is encrypted: look for https at the beginning of the Web address (the "s" is for secure); a padlock icon in the address bar; and/or green in the address bar or a green bar. Green means trust.

Some Web sites use encryption only on the sign-in page, but if any part of your session isn't encrypted, the entire account could be vulnerable. Look for https on every page of the site you're on, not just where you sign in.

Use Security Software that Updates Automatically
New ways to attack your computer are constantly being developed, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.

Don't buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to "break and enter" your computer.

Use a Personal Firewall
Many Internet service providers offer this feature. A personal firewall protects your home computer against unauthorized access.

Beware of Malware Infection with Drive - by Download
Drive- by downloads may happen when visiting a malicious or vulnerable Web site, viewing an e-mail message or by clicking on a deceptive pop-up window. Malware is malicious software installed on your computer which, has a harmful intent that can, for example, capture your login passwords and other personal data. Examples of malware include software such as spyware, adware, viruses, etc. The best way to protect yourself from malware is to exercise caution before installing programs on your computer or opening email attachments. Here are some precautions that are important to take:

  • Only install applications and software from well-known companies you trust.
  • Make sure your computer is cleansed from viruses/spyware and has up-to-date anti-virus and anti-spyware software installed.
  • Keep your operating system and browser up-to-date with the latest security updates and patches.

Back Up Your Files
No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you will still have access to your files.

II.   Protect Your Passwords

Here are a few principles for creating strong passwords and keeping them safe:

  • The longer the password, the more secure it is. Use at least 10 characters; 12 is ideal for most home users.
  • Mix letters, numbers and special characters. Try to be unpredictable — do not use your name, birthdate or anything else that a fraudster could easily find out.
  • Don't use the same password for multiple accounts. If it's stolen from you — or from one of the companies with which you do business — it can be used to take over all your accounts.
  • Don't share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it's probably a scam.
  • Keep your passwords in a secure place, out of plain sight.
  • Change your password on a regular basis.

III.   Avoid Scams

Cyber Thieves use clever schemes to defraud millions of people around the world each year. Being alert about your online activity can help you maximize the benefits of the Internet while minimizing your chances of becoming a victim.

Hacking
What to Do Before You're Hacked:

Use unique passwords for important sites, like your bank and email
That way, someone who knows one of your passwords won't suddenly have access to all your important accounts. Choose strong passwords that are harder to crack. Some people find password managers — software that stores and remembers your passwords for you — a helpful way to keep things straight. If you use a password manager, make sure to select a unique, strong password for it, too. Many password managers will let you know whether the master password you've created is strong enough.

Safeguard your usernames and passwords
Think twice when you're asked to enter credentials like usernames and passwords. Never provide them in response to an email. If the email or text seems to be from your bank, for example, visit the bank Web site directly rather than clicking on any links or calling any numbers in the message. Scammers impersonate well-known businesses to trick people into giving out personal information.

Turn on two-factor authentication if your service provider offers it
A number of online services offer "two-factor authentication," where getting into your account requires a password plus something else — say, a code sent to your smartphone — to prove it's really you.

Don't click on links or open attachments in emails unless you know who sent them and what they are
That link or attachment could install malware on your computer. Also do your part: don't forward random links.

Download free software only from sites you know and trust
If you're not sure who to trust, do some research before you download any software. Free games, file-sharing programs, and customized toolbars also could contain malware.

Don't treat public computers like your personal computer
If it's not your computer, don't let a Web browser remember your passwords, and make sure to log out of any accounts when you're done. In fact, if you can help it, don't access personal accounts — like email or, especially bank accounts — on public computers at all. (Also, be careful any time you use public Wi-Fi.)

How to Know if You Have Been Hacked

You might have been hacked if:

  • friends and family are getting emails or messages you didn't send
  • your Sent messages folder has messages you didn't send,or it has been emptied
  • your social media accounts have posts you didn't make
  • you can't log into your email or social media account.

In the case of emails with random links, it's possible your email address was “spoofed,” or faked, and hackers don't actually have access to your account. But you'll want to take action, just in case.

Phishing
Phishing (pronounced "fishing") is a type of criminal activity that uses fraudulent techniques to gather sensitive personal information such as passwords, account numbers, Personal Identification Numbers (PINs), Social Security Numbers and other account information. By pretending to be a trustworthy person or business in a seemingly official electronic communication like an email, a scammer can use sophisticated lures to "fish" for users' passwords and personal or account information.

Scammers may also use other contact methods to obtain your personal or account information such as text messages (also known as short message phishing or "smishing") and phone calls (also known as voice phishing or "vishing"). With these methods, you could receive a text message, phone call or voice mail directing you to a fake Web site or phone number that appears to be legitimate, where you would be asked to provide your personal or account information.

For example, you could receive a text message from an unusual number that says your bank account will be closed, frozen or terminated unless you call a telephone number or go to a Web site. Often, these messages will imply or state that there will be negative consequences if you don't respond. This is an attempt to scare you and convince you to provide your personal or account information.

If you are ever unsure about the authenticity of an email, phone call or text message, please call us at (718) 230-2900.

Don't respond or reply to an email, phone call, or text message that:

  • Requires you to supply personal or account information directly in the email
  • Threatens to close or suspend your account if you do not take immediate action
  • Invites you to answer a survey that asks you to enter personal or account information
  • States that your account has been compromised or that there has been third-party activity on your account, then asks you to enter or confirm your personal or account information
  • States that there are unauthorized charges on your account, then asks you to provide your personal or account information
  • Asks you to enter your User ID, password, or account numbers, PIN or card expiration dates into an email, nonsecure Web page or text message.

IV.   Be Smart Online

The Internet makes many everyday tasks faster and more convenient like shopping, researching products, banking, searching for health information and communicating on the go. Get tips for being safe and making the most of your time online.

Only Use Wireless Networks You Trust
Networks in Internet cafes, hotels and libraries are usually not secure and can be easy to tamper with. Even if you are provided with a password to access the network, a secure connection is not guaranteed. You should avoid using any public computers for online banking.

Avoid Using a Public or Shared Computer for Personal Transactions
Anyone who uses the computer after you and visits the same Web sites can sign on to your accounts. After you sign off, select the option to "Remove a user," if that option is available. Also, make sure to clear the Internet history and any cookies stored.

Sign Off When You Are Finished
If you must use a public computer, remember to "sign off" when you have completed your banking, clear the browser's cookies, clear the cached files from the browser and close the browser window. Anyone who uses the computer after you and visits the same Web sites can sign on to your accounts. After you “sign of,” select the option to “Remove a User,” if that option is available.

V.   Protect Yourself While Using Mobile Banking

Carver uses technologies and techniques to help ensure our mobile products and services are secure. We also encourage you to exercise safe practices to protect yourself and your mobile devices.

Take Steps to Help Protect Yourself

  • Avoid sharing your mobile device with others, especially strangers.
  • Ensure no one is looking over your shoulder in congested public areas and reading information from your device’s screen.
  • Log out from your session when you’re finished.
  • Don’t store your password on other apps within your mobile device, such as the Notes app.
  • Avoid jailbreaking or rooting your phone.
  • Always use official app stores to download any app.
  • Keep the Carver Mobile Banking app up-to-date.

Stay alert, stay informed, and stay safe!