Awareness and Education for Online Banking Security

Cyber-criminal attacks on individuals are at an all-time high. The perpetrators are gaining in sophistication so it is important to be aware of the threats and approach anything on the internet that involves your identity or account numbers with caution. Cyber criminals have done an impressive job of creating fake websites that mimic legitimate sites such as PayPal, the FDIC, and even the IRS in order to steal confidential information. It is an ugly truth that a large amount of identity theft and fraud is committed by family members and friends or acquaintances of victims who, because of these relationships, have relatively easy access to account numbers and passwords saved on computers.

Sunflower Bank and its divisions employ security measures to help keep customer accounts safe, but there are a few things you should do to help protect yourself. This information is relevant to all online accounts dealing with financial and personal information.

Social Networking Risks

Fraudsters have become adept at breaking into password‐protected accounts by using information that some individuals readily provide to social networking sites such as favorite books, favorite foods, city of birth, etc. in order to fake their way through password reset processes and secondary verification systems. Think carefully before making any personal information publicly available, as most of it is very useful to an identity thief. Choose challenge questions carefully to avoid using information that could be obtained by identity thieves or readily guessed by a person with a basic knowledge about the target they are attempting to impersonate.

Password Security

It is difficult for online systems to differentiate a legitimate user from a malicious user who has obtained a legitimate user's password. For this reason, it is essential that users keep their passwords private and immediately report any suspected security violations. Below is a list of some common password choices to avoid:

  • Your name, or a family member or pet’s name
  • Social Security, account or telephone numbers
  • Any part of your physical address
  • Anybody’s birth date
  • Sequences: “12345678”, or “33333333”, “abcdefgh”
  • A password used on another site
  • A word in the English or any foreign dictionary, even spelled backwards
  • Other information that is easily obtained about the user.

Security Practices to Help You Avoid Identity Theft

  • Verify use of a secure session when entering passwords on the internet.
    A secure session is denoted by https://
    Internet Explorer - Screenshot of https:// behavior for in Internet Explorer
    Google Chrome - Screenshot of https:// behavior for in Google Chrome

    A non-secure session is denoted by http://
    Internet Explorer - Screenshot of https:// behavior for in Internet Explorer
    Google Chrome - Screenshot of http:// behavior for ABC News website in Google Chrome
  • Pay attention to the URL (web address) that you are visiting!
    Fraudulent websites often create misleading web address like to trick users into believing they are visiting a legitimate site. This is a very common trick that scammers use to fool users into divulging passwords to fake copies of real websites!
  • No website or service will ever “lose” a user’s login information and request that the user provide it to the website or company.
  • Avoid saving passwords to any computer.
  • Always use Log Out buttons when you are finished to end your secure sessions.
  • Never leave computers unattended when using online banking services.
  • Never access sensitive computer systems or websites from public computers at a hotel, library, coffee shop or when using your own devices over any public wireless access point.
  • No legitimate business will attempt to move business funds through anyone's personal account.

The best way to combat fraud is to be aware, alert, cautious, and take action when necessary. If you notice suspicious activity on any of your financial accounts or credit cards, reach out to the provider immediately.

Glossary of cybersecurity terms:


The purpose of adware is to display ads. Some adware threats bombard you with so many ads you can hardly use your computer. This can be done to obscure the fact that your computer has been compromised.


A form of spyware, a keylogger captures everything you type including passwords and other sensitive information. Some keyloggers also capture screen shots, log your Internet browsing history, record anything copied to the clipboard, and more.


Technique used by fraudsters to acquire username, password and other sensitive information simply by asking. Phishing often takes the form of fake bank emails or fake commercial websites asking for confidential information.


A seemingly benign program (such as free games downloaded from the Internet or on a cell phone) that does something criminal in secret such as installing packages of other malicious software or hijacking your computer or phone to make expensive phone calls or even to send Phishing spam to other potential victims.


The term malware applies to any software whose purpose is malicious, including all other types described here.