Fraud Prevention
It’s not always easy to identify online fraud but cybercrime prevention can be straightforward. When you're armed with a little technical advice and common sense, you can avoid many attacks. Remember that online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can keep your computer and your identity safe. More information can be found at the Cybersecurity & Infrastructure Security Agency:
Choosing and Protecting Passwords
Avoiding Social Engineering and Phishing Attacks
Preventing & Responding to Identity Theft
Safeguard Your Checks
There are many different kinds of check fraud: theft, forgery, counterfeiting, kiting, and washing to name a few. In order to avoid this type of scam, you need to be extra cautious. There are; however, ways in which you can try to reduce your chances of falling victim:
Consider paying your bills online
By limiting the number of checks you send through the mail, your risk of potential fraud is reduced. Secure browser-based online payment streams are more secure than mailing a check to pay your bills each month.
Have new checks mailed to your local branch
When ordering new checks, you’ll reduce your risk of having them stolen if you have them mailed to your bank rather than directly to your home.
Use a gel ink pen
Unlike ballpoint pen ink, which rests on the surface of the paper, gel ink permeates below the surface, making it harder to erase.
Fill out all fields on your checks completely
Make sure not to leave any blank spaces in the Payee or Amount fields. Write using large handwriting and fill as much space as possible to avoid someone else from coming in later and adding something.
Use security envelopes
When you're sending sensitive mail, make sure to use an envelope with security tinting. The patterns on the inside of a security tinted envelope can't be seen with the naked eye- so there's no way for scam artists to see what you've sent without opening the envelope.
Do not mail checks from your home
Mailing checks from the post office is the most secure way to mail outgoing mail. Stolen checks are most commonly taken from residential mailboxes.
Always keep a detailed record of the checks you write
If a check has been cashed by someone other than yourself or for an amount other than what was originally written on the check, you will be able to see it in the transaction log of your checkbook.
Monitor your bank statements closely
Your bank statements will show a record of checks that have been cashed against your account. If you notice any discrepancy in the amount or payee of a check, report it to your bank immediately. You have 30 days to report fraudulent activity.
Safeguard Your Email
Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.
In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. A type of email fraud, phishing occurs when a perpetrator, posing as a legitimate, trustworthy business, attempts to acquire sensitive information like passwords or financial information.
Never open or respond to SPAM (unsolicited bulk email messages).
Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.
Never click on links within an email.
It’s safer to retype the Web address than to click on it from within the body of the email.
Don’t open attachments from strangers.
If you do not know the sender or are not expecting the attachment, delete it.
Don’t open attachments with odd filename extensions.
Most computer files use filename extensions such as “.doc” for documents or “.jpg” for images. If a file has a double extension, like “heythere.doc.pif,” it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.
Never give out your email address or other sensitive or personal information to unknown web sites.
If you don’t know the reputation of a Web site, don’t assume you can trust it. Many Web sites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.
Never provide sensitive information in email.
Forged email purporting to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud. It is also a good idea not to send security passwords or one-time passcodes over email.
Don’t believe the hype.
Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn’t immediately provided, or that important security needs to be updated online. Your financial institution will never use this method to alert you of an account problem.
Be aware of poor design, and/or bad grammar and spelling.
A tell-tale sign of a fraudulent email or Web site includes typos and grammar errors as well as unprofessional design layout and quality. Delete them immediately.
Backup your sensitive data records.
Consider backing up all sensitive files. This will not only help you restore damaged or corrupted data, but it will help protect against fraud attacks and help recover lost files if needed.
Safeguard your identity online.
In addition to protecting your email, there are a number of guidelines to follow that will help safeguard your identity online. Do not allow a Web site to keep sensitive information or credentials for future convenience.
It is a common practice when registering for access to a Web site or making a purchase from a Web site to be asked if you want to keep your access credentials, credit card number or other sensitive information on file as a matter of convenience. This common request is referred to as “remembering” for the future use.
Be selective about where you surf.
Not all Web sites are benign. Sites that are engaged in illegal or questionable activities often host damaging software and make users susceptible to aggressive computer attacks.
Don’t choose “Remember My Password.”
You should never use the “remember password” feature for online banking or transactional Web sites.
Don’t use public computers for sensitive operations.
Since you cannot validate the computer’s integrity, there’s a higher risk of fraud when you log in from a public computer.
Work on a computer you trust.
Firewalls, antivirus, anti-spyware and other protection devices help keep a computer properly monitored and provide peace of mind. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your computer up-to-date with patches to security tools as well as to the operating system and other programs on your computer. Make sure to configure your computer to update all security fixes.
Select a strong password.
A password represents a shared secret between the you and the system you are authenticating. The system cannot differentiate the real user from another user who also knows the password. For this reason, it is essential that you keep your password private. A well-chosen password has two important characteristics; it should be easy to remember, and hard to guess. A password that has to be written down is not strong, no matter how many principles of a “good password” are applied. You should be advised not to write down your password anywhere.
Here is an example of a more secure password: Mpis4y2!
• At least 8 characters in length
• At least one numerical digit
• Use of upper and lower case
• Use of special characters
• Not a word in the dictionary
• Not easily guessed
• Can be easily remembered as an acronym: My password is secure 4 you 2!
Adding another character increases the time required to crack the password by almost 100 times.
Here is an example of a less secure password: Password1
• It is based on a word in the dictionary. “Password1” is among the top 630 most used passwords and can be cracked instantly using a dictionary attack.
Use a secure browser.
Only use secure Web pages when you’re conducting transactions online. Your online banking channel is secured with an Extended Validation SSL Certificate which provides an extra layer of protection to you by requiring third-party Certificate Authorities (CA) to follow a strict issuance and management process for certificate approval and delivery. This secure browser is recognizable because the browser address bar (1) begins with ‘https’, (2) turns green (in high-security browsers) and (3) a special field appears to the right of the URL with a padlock and the name of the legitimate web site owner. If you click on this section, you can view the details of the Certificate.
Update security software often.
When you get notices from software vendors to update your software, do it. Most operating system and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date. Purchase a reputable brand of AntiVirus and be aware of fake anti-virus for “free.”
Avoid clicking on Ads.
Never click on Ads on social network sites. Sure these ads are there to assist in giving the website money, However these are one of the leading causes for Virus infections on systems today.
Sign off, shut down, disconnect.
Always sign off or logout from your online banking session or any other Web site that you’ve logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.
Lock your computer when it is not in use.
This helps protect you from unauthorized user access.
Beware of shoulder surfing.
This is a common tactic that happens in public places such as coffee shops, airports, libraries etc. where an attacker will look over your shoulder when you’re logged in to obtain your sensitive information. Be vigilant and aware of prying eyes.
Set up a timeout.
The Timeout feature is an additional safety check. It can prevent others from continuing your online banking session if you left your PC unattended without logging out. You can set the Timeout period in the User Options screen.
ChecklistProtect your Privacy
|