It's not always easy to identify online fraud. Understanding how fraudulent activity takes place helps with prevention, and helps keep you safe.
Safeguard your email
Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.
In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. A type of email fraud, phishing occurs when a perpetrator, posing as a legitimate, trustworthy business, attempts to acquire sensitive information like passwords or financial information.
To safeguard your email:
Never open or respond to SPAM (unsolicited bulk email messages).
Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.
Never click on links within an email.
It's safer to retype the web address than to click on it from within the body of the email.
Don't open attachments from strangers.
If you do not know the sender or are not expecting the attachment, delete it.
Don't open attachments with odd filename extensions.
Most computer files use filename extensions such as ".doc" for documents or ".jpg" for images. If a file has a double extension, like "heythere.doc.pif," it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.
Never give out your email address or other sensitive or personal information to unknown web sites.
If you don't know the reputation of a web site, don't assume you can trust it. Many web sites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.
Never provide sensitive information in email.
Forged email purporting to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud.
Don't believe the hype.
Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn't immediately provided, or that important security needs to be updated online. Your financial institution will never use this method to alert you of an account problem.
Be aware of poor design, and/or bad grammar and spelling.
A tell-tale sign of a fraudulent email or web site includes typos and grammar errors as well as unprofessional design layout and quality. Delete them immediately.
Backup your sensitive data records.
Consider backing up all sensitive files. This will not only help you restore damaged or corrupted data, but it will help protect against fraud attacks and help recover lost files if needed.
Safeguard your identity online
In addition to protecting your email, there are a number of guidelines to follow that will help safeguard your identity online.
Do not allow a web site to keep sensitive information or credentials for future convenience.
It is a common practice when registering for access to a web site or making a purchase from a web site to be asked if you want to keep your access credentials, credit card number or other sensitive information on file as a matter of convenience. This common request is referred to as "remembering" for future use.
Be selective about where you surf.
Not all web sites are benign. Sites that are engaged in illegal or questionable activities often host damaging software and make users susceptible to aggressive computer attacks.
Don't choose "Remember My Password."
You should never use the "remember password" feature for online banking or transactional web sites.
Don't use public computers for sensitive operations.
Since you cannot validate the computer's integrity, there's a higher risk of fraud when you log in from a public computer.
Work on a computer you trust.
Firewalls, antivirus, anti-spyware and other protection devices help keep a computer properly monitored and provide peace of mind. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your computer up-to-date with patches to security tools as well as to the operating system and other programs on your computer. Make sure to configure your computer to update all security fixes.
Select a strong password.
The best password is an undetectable one. Never use birth dates, first names, pet names, addresses, phone numbers, or Social Security numbers. Use a combination of letters, numbers and symbols. Be sure to change your passwords regularly.
Use a secure browser.
Only use secure web pages when you're conducting transactions online (a web page is secure if there is a locked padlock in the lower left-hand corner of your browser).
Sign off, shut down, disconnect.
Always sign off or logout from your online banking session or any other web site that you've logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.
Lock you computer when it is not in use.
This helps protect you from unauthorized user access.
Beware of shoulder surfing.
This is a common tactic that happens in public places such as coffee shops, airports, libraries etc. where an attacker will look over your shoulder when you're logged in to obtain your sensitive information. Be vigilant and aware of prying eyes.
Set up a timeout.
The Timeout feature is an additional safety check. It can prevent others from continuing your online banking session if you left your PC unattended without logging out. You can set the Timeout period in the User Options screen.
Safeguard your cards
Protect your credit, debit and ATM cards and your Personal Identification Numbers (PINs) by following these simple guidelines:
- Keep your PIN a secret and do not disclose it to others.
- Don’t write your PIN down and store it in the same place as you store your card (e.g., in your wallet or purse).
- Check the activity in the account linked to your card for unauthorized transactions regularly.
- Report unusual account activity to the card issuer immediately.
- Be leery if you receive a call claiming to be from your card issuer asking you to divulge your card information (e.g., card number, expiration date, security code, and/or PIN), which it should already know.
- You can verify the authenticity of such a call by hanging up the phone and calling your card issuer using the phone number on the back of the card (and never the phone number given to you by the caller).
- If you believe that you may have been targeted by a phone fraudster, please report the call to your card issuer’s security or fraud team so they can investigate.
ATMs, Gas Pumps, and Point of Sale Terminals
- Familiarize yourself with the appearance of the ATMs, gas pumps, and point of sale terminals you normally utilize and look for signs of tampering (e.g., loose components) before use.
- To defeat PIN hole cameras, cover the key pad with your other hand when entering your PIN.
- Report anything out of the ordinary with an ATM, gas pump, or point of sale terminal to its owner so that it will be investigated.