Tech/Security Tips

Fraud and Identity Theft Protection

Your personal information, such as usernames and passwords, account numbers, social security numbers or credit card information, can be stolen or compromised in a variety of ways.  Once obtained, thieves will use this information to steal your identity.  Below is some useful information to make you aware of the threats that exist and how you can prevent becoming a victim of identity theft.

Online Threats

While the techniques online criminals use to fraudulently obtain your personal information is constantly evolving, most online threats will fall into one of the following categories:

Phishing (pronounced “fishing”):   Phishing involves a fraudster impersonating a trustworthy company with the intent of fraudulently acquiring sensitive information.   Impersonations can occur through illegitimate websites and emails using legitimate logos.  Legitimate organizations would never request such information from you via email.  They would already have this information on file.

Smishing:  Smishing is a form of phishing that uses text messages sent to a user falsely claiming to be a legitimate company.  The message will direct the text message recipient to a website or to call a phone number where they are asked for personal information. The website or phone number is bogus and set up only to steal the user’s information.

Vishing:  Vishing typically involves using a telephone in an attempt to acquire sensitive financial information, again masquerading as a legitimate company.  The call may direct the recipient to visit a website or call a number where you are then asked to update your personal information.  The website or phone number is bogus and set up only to steal the user’s information.

Malware (aka malicious software):  Malware is software designed to infiltrate a computer system without the owner’s informed consent.  Malware can include computer viruses, worms, trojan horses, spyware and other malicious and unwanted software.  You can get malware by opening a deceptive email (phishing) or text (smishing) and clicking on the attachment or link provided.   Once malware is downloaded on your computer or mobile device it is often used to collect personal data and spy on your online activities.

Ransomware:  A very fast growing form of malware that targets critical data and systems for purpose of extortion.  Commonly, ransomware is delivered through phishing emails.

Mobile Security

Due to their convenience and usefulness, mobile devices such as smartphones and tablets have become commonplace in today’s world.  Because these devices allow users to go online, they also carry threats of identity theft.  Many of these threats are similar to those of a personal computer (see above).  To stay protected while using a mobile device, the following safeguards are recommended:

  • Protect your mobile device with a password or passcode.
  • Do not share your device’s passwords or login credentials.
  • Do not write down your passwords or login credentials.
  • Do not keep your passwords or login credentials on your device.
  • Set your device to automatically lock after not being used for a period of time.
  • When using apps that utilize sensitive information, such as mobile banking, always “Log out” once you have completed the session.
  • Never send personal information via text message; they are not secure and can be intercepted by hackers.
  • Be careful when surfing the internet. Do not allow your device to connect to unknown wireless networks.
  • Consider adding additional security and antivirus software on your mobile device.
  • Smartphones require periodic updates. If updates are neglected, it increases the risk of having your device hacked or compromised.

Fraud Prevention

There are many steps you can take to protect yourself from becoming a victim of identity thieves:

  • Regularly check your bank and billing statements.
  • Do not carry personal information in your wallet or purse such as social security card, bank and credit card numbers with passwords and PINs.
  • Do not write your social security number or driver’s license number on checks.
  • Use the post office or postal boxes for outgoing mail.
  • Shred or otherwise dispose of receipts and other documents that contain personal information.
  • Regularly order a copy of your credit report to check for unusual items.
  • Use strong and unique passwords (Upper and lower case letters, numbers and special characters) on all devices and every service.
  • Never provide your personal information in response to an unsolicited call, fax, letter, and email or internet advertisement.
  • Do not respond to emails that may demand an immediate response and warn of dire consequences, such as account closure or suspension. Contact the company to confirm the validity of the email using the telephone number you know to be genuine.
  • Never click on a link in an email or text that seems to come from your bank, IRS or any other company. If you think the message could be valid, log into your account directly without using the supplied link.
  • Never open an attachment in an email or files downloaded from the internet unless you are sure they are from a trusted source.
  • Install an antivirus solution on your computer, but never run more than one antivirus tool on your computer at the same time.
  • Make sure you have the latest version of all installed software on all devices.

Help for Victims

If you suspect you have become a victim of identity theft, take charge and take action immediately.  The longer you avoid the problem the worse it will become.  Suggested action steps include:

  • Contact each of the credit reporting agencies to request a fraud alert be placed in your credit file.
  • Contact your local law enforcement agency and file a report. Be sure to get a copy of the report.
  • Notify Bank 1st and any other credit grantors.
  • Contact Government Agencies - The Federal Trade Commission is the federal government’s one-stop resource to help you report and recover from identity theft. Visit them online at https://www.identitytheft.gov.