Fraud Prevention

What do cyber attackers want from you? Your personal information and your money.

One of the methods that they use to get to you is through impersonation. Attackers use impersonation to make you believe that they are a person or organization that you know or trust in an effort to steal information or money from you.

How do they get to you? They may use phone calls, email, and websites as a way to make contact.

Phone calls: You may receive a phone call where the caller says that they are from Microsoft, telling you that your PC notified them that it was infected with a virus. They need you to allow them remote access to fix the issue. While they are connected, they harvest the data that exists on your computer.

Email: An attacker can send you an email that appears to come from someone you know or trust, but is not sent from them. This is called 'spoofing'. Their goal is for you to open the email and then click on a malicious link or open an infected attachment. You have been told to not open email from people you do not know, but now you have to be just as suspicious of email from people you do know.

Website: Hackers register a domain name that is similar to a legitimate website. They may omit a character, replace a letter with a number, change the order of the characters, etc. If characters are reversed or omitted, your brain can unwittingly 'see' them the way you think they should be, rather than the way that they really are presented. You may click on a link thinking it is going to the real site, and you are taken to a website that can install malware on your computer or ask you for personal  information. If you try to log in to this site, the hacker now has your correct ID and password to the real site.

What can you do?

  • Keep your devices up to date with software and operating system patching. This includes computers, tablets, phones, and any other smart device that communicate over the Internet.
  • Use generally accepted anti-malware solutions to help prevent infection of your device.
  • Encrypt your sensitive data at rest. This can be done on your computer hard drive or on a USB storage device, making your data unreadable without a password or key.
  • Don't use your email as a file system. If the attacker obtains your email password, they have access to everything stored in your mailbox and can send email as you. Any sensitive data in your email should be saved to your encrypted storage and then removed from your mailbox.
  • Don't store your passwords on your computer unless you are using a legitimate password manager. Storing your password in clear text on your computer is asking for trouble.
  • When surfing the web, never log into a site or enter information if the page is not 'https://' and presents a valid certificate. This can give you a higher level of confidence that the owner of the website is who you think they are and that your data is encrypted when sent over the Internet.
  • Finally, always be aware of the warning signs. Bad grammar or spelling can be an indication that an email or website is not legitimate. Check for certificates, review the URL in the address line of your browser, and hover over links to see where they will take you before clicking. Your awareness is the first line of defense in safely interacting with the world through technology.

 

Learn more about Identity Theft Protection