Online Safety Tips
Watch Out for Fraudulent E-mails
The emails and texts you receive may look official but they could be fake. Never click on a link or respond to an email or text with personal information — credit card numbers Social Security numbers or other banking details instead contact the company directly or visit online by typing the company web address into your Internet browser.
Turn on MFA
MFA is an authentication method that requires the user to provide two or more verification factors to gain access to an account. Enabling Multi-factor Authentication (MFA) can make you significantly less likely to get hacked on all of your online accounts.
Choose Passwords Carefully
Create passwords that are easy to remember, but difficult for others to guess, and change them every few months. The best passwords are a minimum of eight characters, contain a mix of letters, numbers, spaces, and symbols, and use words that are not common. Never use the same password for banking as you do for other sites, such as social media or email.
Update Your Security Questions
Security questions can be used as a method of multi-factor authentication (MFA), in addition to your username and password. They can also be used to verify your identity if you have forgotten your password. Updating the answers to your security questions on a regular basis is a good practice, though seldom required.
Honest answers to many security questions are based on publicly discoverable facts. Questions such as your mother’s maiden name and where you went on your honeymoon may be known to others or easily found on social media. Ask yourself how hard it would be for someone to locate this information about you. If you choose these types of questions, consider providing a fictitious answer or typing your answer in a complete sentence.
A strong security answer is something about you that is not well-known or discoverable. Security phrases are even better than simple answers. Create your security answer with the same level of complexity that you would use for a secure password.
Be Careful About What You Share Online
Personal information shared on social networking sites like Facebook, Twitter, and LinkedIn can be used by criminals to commit fraud. Never post key information such as where you bank, how you invest your money, physical addresses, emails, cell phone numbers, account numbers, or passwords.
Guard Your Mobile Device
Protect your device with a strong password or thumbprint and keep it locked when not in use. Keep your mobile security software, web browser, operating system, and apps up-to-date. Enable automatic updates, if possible.
Download apps only from the official app store for your device, such as the Apple Store or Google Play.
Install a security application or enable your smartphone’s capability to remotely locate or wipe your device in the event that it is lost or stolen.
Be careful of scanning QR codes, as they may direct you to a fraudulent site, always verify that a site is legitimate before providing information.
Disable Bluetooth when not in use
Do not open attachments or click on links in emails or text messages if you are unsure of the source. If in doubt, verify with the sender before opening or clicking. Exercise caution, even if it appears to be legitimate.
Look for “https://” when banking, shopping, or transmitting sensitive personal information online. “Http://” is not secure.
You can add your mobile phone to the “Do Not Call” list at www.donotcall.gov.
Avoid Banking from Public Wi-Fi Hotspots
The Wi-Fi available at many public locations may not be secure. Be cautious about the sites you visit and the information you release.
Keep Security Software up to Date
PCs, laptops, smartphones, tablets, and other web-enabled devices need the most current protection from viruses, malware, and other online threats. Maintaining the latest security software, web browser, and operating system is your best defense.
Extra Tips
Social Media
Never use the same password for banking as you do for social media or email. Be careful what you share online. Information shared on social networking sites like this one can be used by criminals to commit fraud or other crimes. Never post information about where and how you bank or when you are away on vacation.
How to know if you are being Phished or Pharmed, both attacks are attempts to get your user names and passwords, but they are not the same.
How to Spot Phishing
- Getting asked for personal information via email.
- Receiving an email that offers something too good to be true.
- Do you see misspelled words or words in ALL CAPS?
- Or it just doesn’t look like normal company correspondence.
- Does the email contain an attachment?
How Pharming Works
In a pharming scam, traffic intended for one website is redirected to a fraudulent online address. You can unknowingly become part of a pharming fraud in one of two ways:
- You can be “pharmed” by visiting unfamiliar websites where hackers alter the host files on your computer while you’re visiting.
- You can also be pharmed if a server connected to your computer is compromised and allows your personal online account information to be hacked.