Phishing refers to criminals' attempts to steal personal financial information, such as credit card numbers, account usernames/passwords, and Social Security numbers, through fraudulent e-mails and web sites that will be used for identity theft or other fraudulent purposes.
How phishing works:
- You receive an e-mail which appears to originate from a financial institution, government agency, or other well-known or reputable entity.
- The fraudulent email provides a link and an urgent message that directs the user to visit a Web site where they must verify or update personal information, such as passwords, credit card, social security number and bank account numbers which the legitimate organization already has security.
- The Web site, however, is bogus and set up only to steal the user's information.
Phishing Red Flags:
- Requests for sensitive information
- Impersonal title
- Urgent or threatening language
- Misspelling and poor grammar
- Spoofed URL links
- Spoofed From: address
- Lack of phone number or contact information.
How to Avoid Phishing:
- Do not reply to or visit Web sites included in e-mails warning that your account will be shut down unless your information is confirmed.
- Do not send sensitive data in response to an e-mail.
- Do not reveal a personal/financial information or site password to anyone. Your bank has this information
- Do not follow links in an e-mail. Go directly to the company main site.
- Contact the company sited in the e-mail by using a telephone number or Web site address you know to be genuine.
- Be alert to e-mails using non-personalized greetings such as "Valued Customer" or "To Whom It May Concern".
- Before submitting financial information through a Web site, look for the "lock" icon on the browser status bar to ensure your information is secure during transmission.
- Report suspicious activity to the Federal Trade Commission (FTC) at www.ftc.gov.
Did you know that some companies use hidden software to learn more about you? It's called Spyware, and it's becoming an annoying Internet reality.
Spyware is a form of software that collects personal and confidential information from the computer without the user's knowledge or consent. Information that can be collected using spyware includes user IDs and passwords to websites or applications, online purchasing activity information, and e-mail/chat correspondence.
By simply clicking on a pop-up ad, downloading music files, installing free programs, opening e-mail attachments, or simply visiting a particular web site, you could be unwittingly installing Spyware files that track your online activities and report back to the company that created the files.
Often these files are used by legitimate advertising and marketing firms to learn more about online user behavior. However, some criminals are now using Spyware files to vandalize your computer systems or target your personal information. These types of Spyware programs may be used to delete your files or download new software, reformat your hard drive, or even change your default homepage. Criminals have also used them to monitor keystrokes or investigate periphery equipment connected to a computer.
Computer users can detect and possibly prevent Spyware by:
- Installing and periodically updating anti-spyware, virus protection and firewall software.
- Adjusting browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.
- Carefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand.
- Not opening e-mail from untrustworthy sources.
- Not downloading free programs, games, screen savers, etc., especially file/music sharing software.
- Not clicking on ads, offers, security warnings or "you won!" alerts on web pages, especially those that appear in pop-up windows.
- Before installing any software (other than commonly used applications such as Microsoft Office or Quicken), search online (http://www.spywareguide.com) to see if it is considered spyware.
- Use spyware removal programs.
- Noticing the performance of your computer. Spyware often makes a computer run slower.
Social Media Security
Social media sites are a great way to connect with friends, family, and colleagues from all over the world. However, as with any online activity there are certain steps you need to take to ensure that your personal information is protected.
The tips below can help you stay safe while using social media sites.
- Never post sensitive information online. Your social security number, phone number, home address, or financial information such as bank account or credit card numbers should never appear on your social media profile. The smallest pieces of information about you can be put together to steal more information or to steal your identity.
- Make sure that your passwords are unique. This means using a combination of numbers and letters (lower-case and upper-case), as well as avoiding any password information that would be easy for a hacker to guess or search for online (such as your birthday, spouse's name, or hometown). Also, do not use the same password for any social media site that you also use for your e-mail or other important accounts (such as online banking).
- Use caution when installing third-party applications. When you allow these applications to access to your profile, you are allowing the creators of the application to view the personal information on your site. Only install applications from companies that you trust.
- Keep your antivirus software up-to-date. This can help reduce your computer's risk of being infected with malware or spyware. Many antivirus vendors offer free versions of their programs that will remove known viruses without requiring advanced payment.
- Do not allow social media sites to scan your e-mail address book for contacts. By doing so, you could be inadvertently sharing your friends' email addresses, which in turn could be used by companies to send spam or advertising messages.
- Remember that everything you post online is permanent. Even if you delete your profile, the information you previously posted could have already been saved by someone else. Only post photos, videos or other information online that you would be comfortable sharing with a complete stranger.
- Think twice before clicking on links. When you receive links in messages from friends, use the same caution as you would when receiving links in e-mails. (For more information, see our "Phishing"section.)
- Don't judge a profile by its photo. Hackers and identity thieves can easily set up fake profiles, so be cautious when you add new friends.
For additional information, visit the United States Computer Emergency Readiness Team's Cyber Security Tips page.