Criminals aren’t always bank robbers, purse snatchers, murderers and car thieves, there is a new kind of criminal introduced by the digital age – the cyber criminals. Below is a list of how these cyber criminals gain access to your personal and financial information, and information on how to prevent this from happening. If you are a victim of a cyber crime, please contact your local police department.

Attempts a cyber criminal uses to lure unaware users to act out a specific task. Usually by acting as a trusted user or source that the targeted user has ties with. In most cases the cyber criminal does not know of the targeted user and has to craft ways to gain the user’s trust to grant them information or click/download and install malicious material.

Things you can do to avoid identity theft:

  • Review monthly statements from your bank(s), credit card(s), and other financial institutions to learn of any incorrect charges.
  • Investing in an inexpensive shredder cuts down on your personal information escaping from you in the trash. This can be found on credit card applications, statements, utility bills, etc.
  • Have a credit monitor in place for quick access on your credit report and/or credit score. This can help you stay alert on data breach news or someone using your identity. You can request a free credit report from each of the three credit reporting agencies (Equifax, Experian, and TransUnion) once every 12 months.
  • Ask your financial institutions to change your issued card number.
  • If you are a part of an identity theft case, seriously consider placing your credit on a freeze by calling one of the major credit bureaus.
  • You should set your privacy settings on all websites and understand what each of them mean in terms of your identity.

More information:

Phishing emails are sent to the public in the mass. They look similar to an organization or user to retrieve private data from an unsuspecting user. Links found in the phishing email do not direct the user to the intended website, instead the user is sent to an alternate address meant to cleverly steal information or make you download malicious software onto your computer.

Webroot Top 10 Phished Websites - Webroot Quarterly Threat Trends Sept 2017

Source: Webroot Top Phished Websites – Webroot Quarterly Threat Trends Sept 2017

  • Never click on a link from a suspected financial institution found in an email, instead open a new browser window or tab and type the URL of the financial institution to go to its website.
  • Use security software like anti-virus and anti-malware software that can filter out known phishing attempts.
  • Update your browser to the most current version.
  • Update your PDF reader to the most current version.
  • Update your operating system to the most current version.

IRS (Internal Revenue Service) warns against fraud that originates from emails, phone calls, text messages or regular mail. Click on the links below to see how to watch out for these types of scams.

More information:

A spoofing email is an email from an attacker who makes a forged email address that looks like it is sent from a known party or organization to a targeted user, so that the user thinks that he/she knows the email sender and clicks on the malicious links/attachments, which can extort information from the targeted user. Crafty criminals make this seem like a normal process and do not intend it to raise any concern. Cyber criminals most often use this technique along with phishing to form a trust with the targeted user.

More information:

Cyber criminals also forge financial institution communication as well. Below you will find some links on how this occurs and how to prevent them.

More information:

According to a study conducted by Symantec, vendor of well known security products, on the ISTR 2017, over 7.1 Billion identities have been exposed in the last 8 years. This is why being aware of company data breaches are important.

2013-16 - DataBreaches - Symantec Internet Security Threat Report Apr 2017

DataBreaches – Symantec Internet Security Threat Report Apr 2017

  • Pay attention to the news in case of reports of data breaches which are common in the digital age.
  • Make it a practice to change your passwords every 3-6 months. Change your passwords directly after a data breach.
  • Make use of free services that monitor your credit. Usually available at your credit card companies. This can assist you in responding to a credit problem before it grows out of control. AAA members also have a credit monitor service included in their package depending on which membership you have.
  • Consider taking advantage of free credit alert services offered by companies or government after a huge data breach. The company will in some cases offer a lookup on their website.
  • If it is with a specific credit or bank issued card, please call your credit or bank and explain to them what happened and tell them to send you another card.

Home Wireless Router

Anything you can do to block hackers from attempting to access your equipment is progress and will benefit you in the long run. So these recommendations are for your home wireless router.

  • Setup a secure password on your WiFi router at home with criteria from the following:
    1. Uppercase letter (A-Z)
    2. Lowercase letter (a-z)
    3. Digit (0-9)
    4. Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.)
  • Change you router’s default admin password with one that is secure in the settings page. Keeping default passwords makes it easier for intruders to take control of your router and all transmission of data across it.
  • Use the most secure setting found on your wireless router, currently being WPA2-PSK.
  • To keep your wireless router invisible. You can choose to “Hide your SSID” through your router’s wireless settings page. This makes your WiFi invisible to devices that are looking to connect to a WiFi connection. Keep in mind, you will have to manually connect to your WiFi on every device to first register the device.

Public WiFi

  • If you ever use public WiFi, for example at a coffee shop, guest access in hotels, libraries, local community provided WiFi spots, to connect to the internet, stop to think if your connection is secure or not. If the public WiFi is insecure, virtually everything you type in online forms is left unencrypted, i.e., password, login information, credit card data, and other personal identifiers, can be seen as plain text to a hacker with the right tools. Even if the website uses, “https://” to transmit data. Remember not to use websites that require payment, login, or other personal information at these locations is key to keeping your personal information secure.

Secure Website Transactions

  • Before you use a website to login or enter your personal information, always make sure that the website address starts with an “https://”. This secures every transaction that occurs between you and the website.
    Paypal using HTTPS to transport data over the internet

    Paypal using HTTPS to transport data over the internet

  • Make sure that you recognize the website address before you complete any transaction.
  • You should always make sure that the website is reputable before performing any transaction on it.

Strong Passwords

  • It should be a practice to use a strong and unique password for each online account you have open with various websites.
  • There are password manager softwares that can associate each account with a password. Some tools even help you create a unique and secure password for you. There are even tools found on your browser that remember the passwords.
  • To setup a secure passwords follow the criteria below:
    1. Uppercase letter (A-Z)
    2. Lowercase letter (a-z)
    3. Digit (0-9)
    4. Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.)

Social Media

Nowadays, it is rare to find a person without at least one social media account. Even employment sites are a form of social media which can encourage identity thieves to put together profiles of their next victim.

  • To keep your identity secure on social media sites, there are usually a preference or settings page for privacy settings. These privacy settings can lower the chances on people looking to gain knowledge of you. Same should apply to any online account you have.
  • Take off your birth date all social media or at least the year.
  • Identity thieves hone in on personal details about you and the access is already public. Next time you enter a security question, think twice if it is one that someone can answer from information on your social media accounts.
  • Make your friends private for others not to see. This discourages that email message from “so and so” (attacker) who knows you from an acquaintance.

Confirm Unexpected Emails

  • Always confirm an email with a phone call if your are not expecting the email from the other party and the email asks of some personal information or money transfer, which should set off a red flag.

Apply All Security and Required Updates

  • All security publications recommend to keep your systems up to date with security patches. This may seem like a waste of time to most people but hackers attack using vulnerabilities found in unpatched systems.
  • Stay current and up to date with web browsers and software applications.

Use Security Software and Hardware

  • Firewall – Firewall is a hardware or software found usually on routers that monitors internet traffic. It protects you from hackers gaining access to your devices.
  • Anti-virus/Anti-Malware Suite – Keep your anti-virus and anti-malware up to date with the latest virus and malware definitions. This will protect you against future outbreaks of known computer infections and outbreaks.
  • Web filters – Found in security software suites, a web filter blocks known content that has malicious links/content associated and blocks it from view.
  • Pop-up blockers – Pop-up blockers block ads and popups that can leak your privacy.
  • Make use of modern, most up to date web browsers. They have a blocking mechanism of flagged known sites that have had malware/phishing attempts in the past.
  • Scripting blockers – For advanced users, scripting blockers are software that run on your browser that blocks scripts that can cause virus or malware infections.