Online Security Tips for Consumers

Staying Safe Online: Preventing Fraud and Identity Theft

In today’s world, technology offers us wonderful conveniences! We can do so much with a smart phone, laptop, tablet or desktop computer. However, the technology presents a very tempting target for cybercriminals, who are constantly looking for opportunities to steal information or access that they can use for illegal gain, such as identity theft and fraud. But you can take steps to prevent cybercrime and stay safe on line.

This article will explain how cyber-crooks attack and how you can defend against them.

5 Ways that Hackers Hack

1. Fake emails (called“phishing”), voicemails (called “vishing”) or SMS/text messages (yes, called “smishing”)

Cybercriminals create these fakes to convince you to help them commit a crime --- usually a crime against you! Phishing is by far the most frequently used hacking method, because it so often works. The email or caller may sound very official, but here are some tell-tale signs:

The sender tries to make you feel worried or excited so you act before you think. Then they try to get you to do something unsafe, such as:

  1. Give them information: “I am a Nigerian prince and if you just send me your bank account number I will share two million dollars with you …”

  2. Wire money. For example: “Hi Grandma, I am travelling and my wallet and plane ticket were stolen!!! I hate to worry Mom -- could you wire me some money so I can get home?” Criminals troll social media for information about travel.

  3. Click a hyperlink to a fake website and then enter private information. For example: “Your account has been frozen due to suspicious activity. Click here for login screen to reactivate your account.”

  4. Or download an attachment that installs malware to steal information or passwords, encrypt your computer and demand ransom, or control the computer remotely to commit other crimes. You sometimes download attachments without realizing it! For example, just to display the picture.

2. Fake Websites (“called pharming”)

Cyber crooks sometimes create a fake website with a very similar name and a similar look to one that is legitimate --- a name that someone might access, enter information into, or download malware from. For example:

  • Instead of .gov or .edu, the fake website is .com. Many people automatically type .com.

  • The website might be an easily made spelling error for a legitimate website. For example, to “pharm” for users of a website named “anti-virus.com”, a crook might create a website named “anti-viris.com.” Some people will accidentally go there.

3. Installing malware on public computers

 

4. Intercepting transmissions on public wi-fi or insecure home networks

 

5 Infecting a website with malware that will download when the site is accessed

 

Ten Defenses against Cyber Criminals

Cybercriminals aren’t the only ones who have tools at their disposal. There are numerous ways you can thwart their unwanted intrusions!

  1. Never tell: regardless of how convincing the email or caller sound, never give anyone your account numbers, social security number, user names or passwords. Instead, if you think it might be a legitimate communication, contact the company or person in a way that does not rely on phone numbers, email addresses, or hyperlinks provided in the email. Use official “Contact Us” channels.

  2. Hover before you click: Before you click on a hyperlink, hover over it and read what it says. When you hover over a link in an email, the real hyperlink address will pop up (when browsing the internet, when you hover the real address usually appears at the bottom left of the page.) What pops up should have a company name that you recognize just to the left of the “.com.” So “GoodGuys.BadGuys.com” is actually the “BadGuys” website, because that is the name just before the “.com." If you see a different name than you expect, the link is suspect. Do not click.

  3. Use strong and unique passwords, and secure your phone or tablet with a password. Why unique? When cyber criminals hack into an organization and steal lists of passwords and usernames, they use software to automatically try all those thousands of username/password combinations at other websites. Some of those usernames and passwords will have been reused and will let them in — don’t let that be yours! You can reuse a pattern, but always make the passwords unique. A strong password has at least 10 characters, with upper and lower case and numbers. Never use personal information that could be found on social media.

  4. Never save passwords to your computer or phone in an unencrypted form! A password using the first letter or two of each word in a phrase you can remember is as hard to crack as randomly generated password. Keep in mind that common patterns (such as substituting 3 for e or 1 for l) are known by hackers and are programmed into password cracking programs.

  5. Use layered security software: anti-virus, anti-malware, and online banking security software:

    • Online banking security software: One such product, IBM’s Trusteer Rapport, is available for free download from Fidelity bank website, and delivers extra security when you are signed into any banking websites for which you have activated Trusteer. It is easy to use and lets you know it is protecting a site with green arrow and checkmark near or in the browser address bar.

    • Anti-Malware Software: If an infection gets by the anti-virus software, anti-malware software kicks in. You can install both anti-virus and anti-malware.

    • Anti-virus Software: Antivirus is used to prevent viruses from being downloaded, and tries to prevent it from being activated, if it is downloaded. You should have only one anti-virus program installed.

    • Deploy “updates” as soon as possible (from Java, Adobe, Microsoft, etc.) An update is a “patch” that software companies make available for free to close holes or vulnerabilities that have been discovered in their software and which enable hackers to get in. Hackers constantly look for and find new ways in, and software companies constantly distribute patches to keep them out. Install these updates as soon as you can. They’re free.

  6. Use secure computers and networks for anything that must remain private.

    • Make sure your wireless connection at home is encrypted with WPA or WPA2

    • Never use wi-fi at a hotel, library, coffee house or other public wireless access point for a transactions or email that should be private. Just because a hotel requires a password and username does not mean the connection is secure.

    • Never access your financial institution's website for online banking or to make credit card payments from a public computer. To find out what your security is, click on the Wireless symbol at the right of the task-bar to bring up the available wireless networks. When you hover over your network, information about it will appear, and just beneath “Signal Strength” is “Security Type.” If it says WEP, you have weak protection and should upgrade it.

    • Close out when done. Log off of your computer when not in use and close your browser and sensitive apps on your tablet and phone after use.

  7. Monitor your financial activity frequently

    • Check your credit report at least every 12 months.

    • Review your credit card and debit card activity carefully. Be on the lookout for any suspicious or unauthorized charges, no matter how small. Cybercriminals often test stolen credit card information with a small, easily overlooked transaction.

    • Check your bank account at least a few times a week. Online banking makes this easy and efficient.

  8. Keep physical information secure, as well

    • Don’t carry any unneeded personal documents such as your Social Security Card.

    • Shred any documents that contain personal information of any kind before discarding.

    • Use electronic statements and bills when possible to reduce risk of this private information being removed from your mailbox.

  9. Dispose of devices securely. Before you dispose of a computer, tablet or mobile device, be sure to get rid of all your personal information. Use a wipe utility program to overwrite the entire hard drive. Check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.

  10. If you’re a victim, report it immediately. Despite your best efforts, you could fall victim to a cyber-thief. If that happens, you need to take steps immediately to prevent further damage to your accounts and your identity. If you find any illegal activity involving your accounts:

    • Notify your bank and/or credit card companies immediatelyIf your credit or debit card information is stolen or lost:

    • Notify your bank and/or credit card companies immediatelyIf you have fallen prey to identity theft:

    • Report the theft to your local authorities,

    • Notify the three major credit reporting agencies – Experian, Equifax, and TransUnion Corporation – and request they:

      • Place a fraud alert and a victim's statement in your file.

      • Supply you a free copy of your credit report to check whether any accounts were opened without your consent.


For additional information on how you can keep yourself safe, check out this federal government website:http://www.onguardonline.gov/

And, as always, you can contact Fidelity Bank for more information and advice.