Security Awareness

Welcome to the Quest Security Page. Our intention is to provide you relevant information about cybersecurity that will help you keep your Quest Trust account, and your personal information, safe.

How Quest Trust Protects Your Account

How does Quest Trust Protect my information?

Quest Trust Company takes information security very seriously. Our knowledgeable staff has assembled this section of our website to clarify what we do, and what you can do, to build a solid method of protecting your information. Neither of us can do this alone; but together we can keep your information safe.

Client Portal

One of the methods we use to protect your information is the client portal.  By signing in to the portal, https://portal.questtrustcompany.com, your information is only available to you and those you have authorized.

Multiple Authentication Checks

When you sign into the client portal for the very first time, you will be asked for your username, password, and security information to confirm your identity. Once your identity has been confirmed, you’ll be able to set up your security information. Once completed, you’ll be signed into your account securely.

Suspicious Activity Monitoring

We monitor your Quest Trust Company.com profile to help us detect fraud as early as possible. We might call you if we notice a change in your online activity, but we’ll never ask you for personal information over the phone, such as your mother’s maiden name or Social Security Number.

Temporary Holds

If we can’t reach you, we might place a temporary hold on your online activity to make sure it’s you and not someone else using your account. If that happens, call us right away using one of numbers on How to Report Fraud to confirm your account activity, and you can start using your online and mobile access again.

We Protect Your Communications

Secure messages you send us (or we send you) on Quest Trust Company.com are protected, but messages you send to us outside of Quest Trust Company.com might not be secure. If you need to send us Social Security numbers, account numbers or other confidential information, please only send it in a secure message via the portal https://portal.questtrustcompany.com. You can also call us.

Why We Need Your Social Security Number

When we set up or manage your account information, we’re required by law to have your Social Security number on file. We use internal policies to protect and limit access to your Social Security number and make sure it isn’t used inappropriately.

Our Employees

Our corporate code of conduct is our commitment to supporting the integrity and ethical standards we expect from our employees. The code includes specific guidelines about how we expect employees to protect confidential information (including your account and personal information), as well as guidelines to limit our employees’ access to your confidential information and restrict how we use and share information for certain processes and transactions.

Our Business Practices

We regularly review our business practices to make sure they follow the policies and procedures we created to protect your confidential information. Please call us if you think we’ve given you incorrect information according to the U.S. Consumer Privacy Notice or our Online Privacy Policy.

Industry Security Controls

Quest Trust has industry security controls in place to protect your information. These include:

  • Encryption technology – We use 128-bit encryption technology to protect your username, password and other personal account information when you’re using our site or apps. You’ll know your information is encrypted when the Quest Trust Company.com page you’re on starts with “https://” and you see a lock symbol in your web browser.
  • Authentication technology – Quest Trust has implemented authentication methods on our interfaces to validate that only the right person authenticates to each specific system.
  • Antivirus / Anti-malware – We have implemented appropriate controls to limit the ability for virus / malware software to reach our computers, and if they do to be able to detect and quarantine the malicious software if it does come in.
  • Keeping software current (patch management) – Quest Trust has recurring processes in place to validate all workstations and servers have current software levels in place.
  • Incident management – We have built and continue to improve incident response programs to handle scenarios that could arise.
  • Third party risk management – Quest Trust utilizes the services of key third parties to provide our services to you. Part of that outsourced relationship includes validating the third party before and during the use of their services.
  • Training program for Quest Trust staff – We train our staff on how to best protect your information through a variety of methods including policies, procedures and reinforcement with training and awareness programs.
Strong Oversight Program
Continuous Improvement

What Can I Do To Protect My Information and Money?

What Can I Do To Protect My Information and Money?

We regularly review our business practices to make sure they follow the policies and procedures we created to protect your confidential information. Please call us if you think we’ve given you incorrect information according to the U.S. Consumer Privacy Notice or our Online Privacy Policy.

Keeping your computer up to date

Similar to our practices of keeping software up to date on our workstations and servers, you should too. In the event that you happen to surf to a location of the internet that malware waiting, or you receive an email with malware in it, you will have a better chance of not being infected if you have properly maintained your system. Modern operating systems like Windows will automatically perform updates for you if the settings are correct. The same is true for anti-virus and anti-malware solution.

Keeping your mobile device up to date

Some basic recommendations include:

  • Keep your phone locked when you are not using it by maintaining a PIN to access it.
  • Don’t download apps unless you know they are safe; some app-store applications have been known to be malicious.
  • Maintain the software on your phone. Most phones will alert you to updates if they need your assistance.
Maintain a secure password for Quest Trust’s portal

This is one of the most important tips. Why? If you use the same password on each internet site, and one of those sites is compromised in a way that the hackers have the passwords, then they would have the password for Quest Trust as well (if they were all the same).

Key points:

  • Don’t reuse user names and passwords on multiple sites
  • Use a password manager; specifically, to keep all of the complex individual passwords stored
  • Use a complex master password for the password manager
  • Don’t write your passwords down, especially electronically where a hacker could access them
Learning about social engineering and the defenses
The hackers/criminals have a variety of ways that they target consumers or companies.
• Phishing – Where an email is sent to you in a way that you may be inclined to act without thinking. That email may contain a link or attachment that lead you to unknowingly download malware to your computer. And/or the link may take you to a page where you are asked for sensitive information that can be used to take over your accounts.
• Vishing / Pretexting – The criminal/hacker calls you on the phone, or leaves you a voice mail
• SMSishing – Text based attacks similar to the above

Knowing about the challenges with social networking sites
It’s better to be cautious about the information you share on social media. Criminals may use your social networking site as a method to learn more about you, to guess passwords, or send a phishing email that could be used to compromise your computer or accounts.

Be especially cautious about those quizzes that ask you about your favorite color, first pet, etc. that seem just like the answers to security questions – because they are!

Don’t use information from your social media account for your password.

Finally, make sure that sites like Facebook that contain detailed information about your life are only available to friends, not the public.

Don’t be pressured…
Criminals / hackers may lure you with different scenarios to get you to act. Be cautious if you are asked to send money. Or or are threatened with law enforcement action. These are just two situations that they could email / text / call you to see if you are willing to take the bait.

Check your credit report
We recommend checking your credit report regularly with each of the 3 major credit bureaus. You’re entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order online from annualcreditreport.com,
For your free annual report, go to AnnualCreditReport.com or call 1-877-FACTACT (1-877-322-8228). Or, request the reports directly from each agency:
• Equifax: 1-800-525-6285
• Experian: 1-888-397-3742
• TransUnion: 1-800-680-7289
Look out for credit inquiries from unfamiliar companies, accounts you never opened and unexplained debts. This can be a warning sign of fraud or identity theft.

Examples

Phishing Email Example 1
Subject: IMPORTANT – New Quest Trust Company Documents
From: Quest Trust Company Documents

Note: This is a service message with information related to your Quest Trust Company account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message.

We’re writing to let you know the “New Documents” are available. Please view and complete the attached forms and documents in order to complete your request.

Phishing Email Example 2
Subject: Notification of limited account access
From: smcss@Quest Trust Companyonline.Quest Trust Company.com
Date: Mon, 2 Jan 2012 20:27:56 -0500

Note: This is a service message with information related to your Quest Trust Company online account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message.

Dear Quest Trust Company account holder,

Due to concerns, for the safety and integrity of your Quest Trust Company online account we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports.

We ask you to visit the following link to start the procedure of confirmation on customer data.

To get started, please click HERE.

Please don’t reply directly to this automatically-generated email message.

Sincerely,

Quest Trust Company Online Services

Phishing Email Example 3
Subject: Quest Trust Company Online Bank Security Alert
From: account_onlinebanking@Quest Trust Companyonline.com
Date: Mon, 2 Jan 2012 16:19:45 -0500

Dear Quest Trust Company OnlineSM Customer:

We’re writing to let you know that your account is having problem we require you to verify your account immediately by clicking on the verification link below.

To verify your account, log on to www.Quest Trust Company.com.

If you aren’t Quest Trust Company bank customer and think you’ve received this message in error, please call our Customer Support team immediately, using the phone number on the “Contact Us” page on Quest Trust Company Online.

Please don’t reply directly to this automatically-generated email message.

Sincerely,

Online Banking Team

Phishing Email Example 4
From: Quest Trust Company Quest Trust Company@securesuite.net
Subject: Customers Support Service : This instruction has been sent to all bank customers
Date: January 2, 2012 6:42:23 PM EST

Dear client of Quest Trust Company Bank,

Technical services of the Quest Trust Company Bank are carrying out a planned software upgrade. We earnestly ask you to visit the following link to start the procedure of confirmation on customer data.

To get started, please click the link below:

http://www.Quest Trust Company.com/cmserver/users/default/confirm.cfm

This instruction has been sent to all bank customers and is obligatory to follow.

Thank you,

Customers Support Service

Information from Quest Trust Company

Did you receive a suspicious phone call, email, or text?

If you receive a suspicious phone call

When in doubt, do not provide the caller any information and end the call.
If you provided a caller with information related to your account, contact us if you think the inquiry was suspicious.

If you receive a suspicious email

If you received a suspicious email that claims to be from Quest Trust Company, do not click any links contained in the message and forward the entire email with the original subject line to feedback@questtrust.com.
You may also want to sign in to your online account or call us to ensure that there are no issues with your account.
If you receive a suspicious text message claiming to be from Quest Trust Company

If you received an email confirming changes you didn’t make (such as a change in your email address, user name, or password), please contact us immediately at the appropriate number.

How to report fraud

Reporting an incident after the fact.
If you’re worried you might have compromised your Quest Trust Company account:
Please contact us immediately. The sooner we know what happened, the sooner we can help you.

If you’ve accidentally given anyone the following types of information, call us at one of the phone numbers listed in the chart below:

  • Your credit or debit card number that is used for one of your Quest Trust Company accounts.
  • Personal information about you, such as your Social Security number or taxpayer identification number
  • Your Quest Trust Company.com sign-in information, including your user name and password

Reporting a suspicious email.
You can forward a suspicious email message to us at feedback@questtrust.com We’ll send you an automated response to let you know we got the message.

See examples of fraudulent email messages some of our customers have received.

Contact us electronically to report fraud.
We strongly urge you to call us right away if you think your Quest Trust Company account is at risk, because that’s the fastest way for us to help you. But if you’d rather contact us electronically, please email feedback@questtrust.com.

  • Don’t give your account numbers or any personal or financial information on the phone unless you initiate the conversation and you know the person or organization.
  • Don’t give personal information to any stranger, even someone claiming to be from Quest Trust Company.
  • Tell us right away if you get any suspicious phone inquiries asking for your personal or account information, or if you see anything suspicious in your account activity or on your statement.
  • To help keep thieves from stealing your identity, destroy or store financial information securely (including Quest Trust Company statements, invoices, and receipts)
  • Guard your PINs and passwords (hint: Don’t store them on your phone or write them on your card).
  • Create secure PINs and passwords. Don’t use birth dates, your Social Security or driver’s license numbers, your address or any family names. Someone trying to steal your identity may have this information.
  • If you use Quest Trust Company’s client portal in public or shared computer, make sure you sign out when you’re done, and delete all cookies.
  • Be careful when you use your device in public areas. Watch out for anyone looking to see what you’re doing.
  • Don’t be fooled. Phishing is when an imposter tries to trick you into providing your personal information. They might impersonate us in an email, phone call or text, asking you to confirm your information or saying you’ve won something—and it might look legitimate.
    • A few examples:You get an email that appears to be from a reputable company you know or do business with, like us. The email asks you to reply or go to a website that looks like QuestTrustCompany.com, where you’ll be asked to give your username, password, account number, personal identification number (PIN), Social Security number or other personal information.You get a voice mail or text message telling you your account will be closed, frozen or terminated unless you call or go to a website, where you’ll be asked to give personal information.

Scams often try to create a feeling of urgency or alarm, by threatening to close off an account, or offering a security update—as soon as you provide your personal information. A few more common culprits are emails, phone calls or text messages that:

  • Require you to give personal or account information directly on the email or on a website; some fraudsters use pop-up windows to ask for confidential information.
  • Threaten to close or suspend your account if you don’t take immediate action.
  • Invite you to answer a survey that asks for personal or account information.
  • Say your account has been hacked, then asks for personal or account information.
  • Tell you there are unauthorized charges on your account, then asks for personal or account information.
  • Ask you to confirm, verify or update your account or billing information.
  • Ask you to provide account information because someone wants to send you money.
  • Claim you’re getting a refund.
  • Say you’ve won a contest.

If you think you’ve received a suspicious email but you haven’t acted on it, please forward it to feedback@questtrust.com.

Learn how to spot suspicious e-mails

Think before youopen
Don’t open an email attachment, even if it appears to be from a friend or co-worker, unless you’re expecting it or you’re absolutely sure you know what it contains.

Watch out for email subject lines or emails with a generic message like “check this out” or “thought you’d be interested in this.” Make sure you know who sent the email before you open an attachment or click any links.

Get paperless statements
Paperless statements are an easy way to stay clutter-free and avoid losing statements in the mail. If you go paperless, you’ll get an email alerting you that a new statement is available on Quest Trust Company’s client portal. You can see these statements anytime, from virtually anywhere. Go paperless now

Look over your credit report
At least once a year, read through your credit reports carefully.

Protect your equipment
Install anti-virus and firewall software on your computer and keep it up to date.

Be cautious about offers for free anti-virus software; make sure you get your software from a reputable company. Look for anti-virus software that scans incoming communications and files for viruses, removes or quarantines viruses and updates automatically.

A firewall is software or hardware designed to block unauthorized access to your computer. It’s especially important to run a firewall if you have a cable modem or DSL line or other broadband connection, because they’re targeted often. Many current operating systems come with a built-in firewall, which you have to turn on.

Safeguard your business
If you own a business, it’s important to:

Maintain appropriate internal controls, including separation of duties. For example, be sure that the people who reconcile accounts are different than the people who make payments.
Periodically assess your risk and evaluate your internal controls, including reviewing your users and the permissions you give them.
Regularly check your transactions and statements for any unauthorized activity. We post your transaction details on Quest Trust Company’s client portal so you can monitor and control them—including transactions that originate online.