With the rapid advances in technology, criminals always seem to be the first to catch on and then rely on our lack of knowledge about the new technology, or our trust in our financial institutions to exploit us and make themselves rich at our expense.
So, as a consumer, how do you protect yourself when the criminals always seem to be one step ahead. Here are a few tips to help (click the title to view more information):
- 1. Be suspicious of any messages (texts, emails, phone calls) you get claiming to be from your financial institution.
- Has your credit union or bank told you they offer text message alerts, and if so did you sign up? If no, chances are 100% the text message is a scam. If you did sign up for text alerts, examine the alert carefully.
Make sure the phone number you call to confirm is the one listed on your credit union or bank’s website, or better yet on any written information you received from your financial institution.
When in doubt call the published number and ask. Currently, 121 Financial offers “eLerts” through Private PC, which are email alerts you sign up for. They only alert you – they do not ask you to call and confirm anything.
For example, if you sign up for an eLert in the event of a withdrawal from your account in excess of $200 and this occurs. You will receive an email from the credit union stating, “A withdrawal of over $200 was made from your account ” If you did not make this withdrawal, you would initiate a call to the credit union.
- 2. Check your account daily.
- The faster fraud is spotted the less everyone including you and the credit union may lose. It’s easier than ever with online and mobile banking. We also offer a mobile app for smart phones to make it even easier!
- 3. Carry only the cards you need and leave the others at home.
- Ladies, keep your purses closed and don’t walk away from them in a shopping cart. Men, keep a check on your wallet to make sure it's not working its way out of your back pocket.
- 4. Phone numbers can be faked on Caller I.D.
- Don’t rely on Caller ID to show you who is calling. If you receive a call claiming to be from your credit union or bank out of the blue, ask for the caller's name then hang up and call back. If the call was real, the rep will not mind that you took this precaution. If it was fake, you’ll know and you may have helped others by raising the alert.
- 5. Even when you’re careful you can still be a victim.
- 121 Financial offers FREE Identity Theft Protection and Restoration Service when you enroll in Benefits Plus® our exclusive members-only discount and special benefits program. While there is a small monthly membership fee of $6.50/month (or $4.50 for Senior Set, CUPlus and members with ecoChecking), Identity Theft Protection alone is valued from $12 to $18/month.
If you have any questions, have experienced any other scams you think we should know about, please give us a call or email firstname.lastname@example.org.
Visit the Federal Trade Commission’s website: www.onguardonline.gov where you can take interactive quizzes to see just how savvy you are when it comes to protecting your personal information.
If you have entered your information in response to any situation that you believe may be a scam, please contact your Member Service Representative immediately.
121 Financial Credit Union will never send you an email that asks you to click on a link to “update” or “confirm” personal information such as your social security number, passwords or account numbers.
More Helpful Tips
- 1. Avoiding Viruses and Other Malware
Most malicious software (malware) enters a computer through some action taken by that computer’s user. The user clicked on something in an email, downloaded an infected file, or visited an infected website. The tips below will help prevent most malware infections.
Never click on a link or attachment in an email that you are not expecting, even if you know the person that it says it is from.
Most malware arrives as an attachment to an email or as a link to a malicious website in an email. Faking the “From” address in an email is very easy to do so always be wary of unexpected attachments and links. If you’re not positive it is legitimate – don’t click on it.
Do not download music, video, games or other software from pirate websites or peer – to – peer services. These sites are loaded with malicious software.
Anybody who has a teenager at home knows that they don’t like to pay for things. There are numerous ways to download music, movies, games and almost any software you can think of from the Internet for free. Peer-‐to-‐peer services are simply large networks of people’s home computers. There is no control over the security of those computers, and no one checking to see if the files on them are safe for people to download. Most of these services and swamped with malicious software and using them opens your computer to other people and the infected files that may be on their computers.
There are also “Pirate” websites on the Internet that allow people to download copyrighted material such as games or movies. These sites are also loaded with infected files. Remember, anybody who is OK with breaking copyright laws will have no problem infecting your computer so they can steal from you.
Many malicious programs are imbedded in images. Set your email software to not download images automatically. This will allow you to decide if the image is safe to download.
Often the images that you see in email or websites are actually hosted on other servers and the website you are visiting has little or no control over those images. It is possible to include small programs called scripts in an image that will direct your computer to download malicious software without your knowledge. Sometimes you don’t even have to click on the image, just dragging your mouse across it is enough to infect your computer.
Set your email software to not automatically download images, this will allow you to decide if an email is legitimate before allowing the images to download to your computer.
Be wary of files with a double extension such as .txt.vb or .jpg.exe.
The file extension is the three characters after the dot in a file name. It tells the computer what kind of file this is so it knows how to process it. By default, Windows hides common file extensions, so that a program like notepad will display as just “notepad” rather than notepad.exe. Because the computer looks for the extension at the far right of the file name, a hacker may create a malicious program and name it statement.pdf.vbs, for example. To you it will look like statement.pdf which is a simple readable file. But if you click on it the computer sees statement.pdf.vbs, which is an executable script. The script will execute and infect your computer. Most hackers will also embed the correct icon for the file they are faking so it looks normal to the user.
If a common file type whose extension you never normally see suddenly becomes visible for no apparent reason, right-‐click on it, select Properties, and look for the complete file name. You may be surprised to find out what kind of extension it really has. To make you file extensions visible, find Folder Options in your Control Panel. (Note that it may be tucked away in Appearance and Personalization or something to that effect.) Under the View tab, scroll down to Hide Extensions for Known File Types and make sure it is unselected.
Beware of other people’s USB Drives and SD Cards.
USB Drives, also known as thumb drives or flash drives are an easy way to transfer a lot of data. Many people like to share pictures form their camera by taking the SD card from it and plugging it into a computer through a built in reader. These devices are also an easy way to spread malicious software. If a USB Drive or SD card is placed in an infected computer, the infection can spread to the drive and then be spread to every computer that the drive or card is placed in afterwards.
Make sure that your anti-‐virus software is set to scan USB devices when they are plugged in and before any files are accessed.
Beware of pop‐ups
Pop-‐ups are a hallmark of something known as “Scareware”. They are designed to frighten the user into taking some action to correct the perceived problem. It may direct the user to a website that will sell them software.
These programs take advantage of a module in the operating systems used by administrators to send alerts to computers in a network. This makes the pop-‐ups look like they are originating from the user’s computer. Any pop-‐up that warns of a critical error with dire consequences should be looked at with suspicion. If it looks like a virus warning, close the pop-‐up and open your anti-‐virus software. See if the problem is listed in the AV software’s control panel. Either way, run a full system scan to clean your computer.
Other programs report false errors and then offer to fix them if you purchase their software. If you see a new type of anti-‐virus pop-‐up that you have not seen before, or if it appears to be from an anti-‐virus program that you did not install, it is fake. Close the pop up, update your anti-‐ virus program, and run a full scan. Many of these browser-‐related apps keep temporary files on your computer and can store a virus there. To keep this risk low, make sure you clear your browser’s cache regularly. Many Internet security companies offer free tools to remove these Fake AV programs.
Watch out for strange emails from your financial institution, government agencies, or other companies you do business with.
As a rule, reputable organizations do not ask for personal information via email because email is not secure. These emails are attempts to get the user to either click on an infected link or attachment, or divulge personal information such as usernames and passwords.
Look for things in the email that don’t make sense such as the return address for the company going to a gmail, Yahoo, or other free email account. A message warning you that there is fraud on your account, but addressed to “Account Holder” or other generic salutation is an indicator that the email is being sent to random people. Also, as a general rule, if Homeland Security, the FBI, the IRS or any other enforcement agency thinks you are doing something wrong, they are not going to notify you about it in an email.
When in doubt, call the alleged sender to verify the email before clicking on anything or revealing any personal information.
Install an Internet security suite that includes a firewall and keep it up to date. In addition install a separate anti-‐spyware program and run regular scans to make sure your computer remains clean.
The firewall is really your first line of defense. It may not keep your computer form getting infected, but it can prevent that malware form transmitting data outside of your computer without your knowledge. A comprehensive Internet security suite should include Anti-‐Virus, Firewall, anti-‐spyware, and a safe search tool. The safe search tool can help prevent accidentally going to websites that are known to host malicious software.
Set up your Windows Update to automatically download patches and upgrades.
Nothing is more important than keeping your computer up to date. Criminals are constantly searching for exploits in software and the providers are constantly closing these exploits. This will allow your computer to automatically download any updates to both Windows and Internet Explorer. These updates fix security problems and block many spyware programs and viruses. Updates are usually sent out on the second Tuesday of each month, so on Wednesday when the user starts the computer there may be a message stating that updates are available. Users should answer yes when asked if they would like to get the updates.
Other common software such as Java, Adobe Reader, and Adobe Flash are also regularly updated. These programs should be set to receive automatic updates as well.
Consider switching to another Internet Browser
Internet Explorer is the most popular Internet browser so it is also the most popular target. Consider switching to another browser such as Chrome, or FireFox to reduce your exposure to browser exploits.
- Never click on a link or attachment in an email that you are not expecting, even if you know the person that it says it is from.
- 2. Internet Banking Safety Tips
Select a strong password, don’t make it a common word or phrase, or anything that a person would be able to figure out based on other personal knowledge about you. Passwords should be at least eight character long, have both upper, and lower case letters, numbers and special characters.
The best method for creating a strong password is to use a phrase that means something to you such as:
“My dog spot is a good dog.”
Take the first letter of each word of the phrase and that will be the base of your password, such as:
Alternate upper and lower case:
You can substitute numbers for letters:
MdS1AgD (The one looks kind of like an “I”) Add a special character or two…
Md$1AgD! (a dollar sign for an S)
…and you have a password that is easy to remember but nearly impossible to guess.
Keep your Computer up to Date
Second only to a strong password, nothing is more important than keeping your computer updated. Microsoft sends out updates on the second Tuesday of each month so when you start your computer on Wednesday there will usually be a message that tells you updates are available and asking if you want to install them. You should install the updates as they are made available. Apple does not update their software as often but they do periodically send out patches and revisions. Mac users should keep abreast of when these are available and get them. Also common software such as Java, Adobe Flash and Adobe Reader should also be updated regularly.
Do Not Use the Save Password Function
Many Internet browsers enable the user to save their password for convenience. Using it for Banking websites defeats the purpose of having a password. You should never save the password for an online banking site.
Get an Internet Security Suite that Includes a Firewall
A comprehensive security suite should include a firewall, anti‐virus and Anti‐Spyware modules and it should be regularly updated. The firewall is really your first line of defense. It may not stop your computer from getting infected, but it can prevent that malware from transmitting data out of your computer. Always choose a program that is recommended by several trusted sources. Never purchase a program by clicking on a pop-‐up indicating that there is a problem with your computer.
Be wary of your email
Never click on links or attachments in email that you are not expecting, even if it says it is from someone you know. If something in the email doesn’t seem quite right, respect that feeling. If you have questions about an email form your bank or credit union, call them to verify the email before clicking on any links. Remember, no financial institution will send you an email reporting a problem with your account that includes a link for you to click on to log in.
Avoid Unsecured Wireless Access Points
Wireless computing allows us to use mobile devices such as smartphones or laptops wherever we happen to be, but the traffic between your device and the access point must be secure. In an open access point a third person can intercept your traffic and collect your valuable information for later use. Additionally make sure the access points are using strong encryption such as WPA or WPA2. The older method, called WEP, is easily cracked.
Pay Attention to Your Accounts
Check your accounts regularly and question any transactions that seem unusual, even if they are small. Often criminals will try a small transaction on a card to verify that it is good. These “pings” are often a prelude to much larger transactions later.
Log Out When You Are Done
If more than one person is using the same computer, always make sure you have logged out when you are finished. This will prevent someone from coming in behind you and using your session.
- 3. What is Phishing?
- Phishing attacks use ‘spoofed’ emails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security Numbers, etc. By hijacking the trusted brands of well-known financial institutions, online retailers and credit card companies, phishers are able to convince many recipients to provide personal and financial information.