News & Events

Tips to Avoid Identity Theft or Fraud

Avoid Being a Victim of Social Engineering

The term “Social Engineering” refers to psychological manipulation of people into performing actions or divulging confidential information.

How it works: Manipulation can come in many forms – gaining trust, posing as a legitimate entity, or by creating a false sense of urgency to lure someone into making a hasty decision.

Additional info: Don’t respond to someone asking for information they shouldn’t have access to or should already know. If your instincts are telling you something is amiss, contact the company directly using contact information from a known source, usually the company website, to verify the unsolicited communication is legitimate.

Avoid Being a Victim of Phishing

Phishing is the attempt to acquire sensitive information such as usernames, passwords, or credit card details, by masquerading as a trustworthy entity in an electronic communication.

How to spot a phishing scam:

  • Unsolicited attachments. Do not open unsolicited email attachments. Verify that the sender actually sent the message by picking up the phone and contacting them. You can also save the attachment without opening it and scan it offline using your antivirus software.
  • Urgency. Take note of an email that creates a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The attacker wants to rush you into making a mistake.
  • Generic. Be wary of an email that uses a generic salutation like “Dear Customer,” instead of your name. Most companies or friends contacting you know your name.
  • Prying. The email requests highly sensitive information, such as your credit card number or password.
  • Inconsistent. An email that says it comes from an official organization, but has poor grammar or spelling, or uses a personal email address like @gmail.com, @yahoo.com, or @hotmail.com could be a phishing attempt.
  • Unfamiliar tone. You receive a message from someone you know, but the tone or wording just doesn’t sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cybercriminal to create an email that appears to be from a friend or coworker.
  • Links don’t match. The link in the email looks odd or not official. One tip is to hover your cursor over the link until a pop-up shows you where that link really takes you. If the link in the email and the pop-up don’t match, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up. An even safer step is to copy and then paste the URL from the email into your browser or type the correct link.

Use a Password Manager

A password manager app can help you create strong passwords and help you keep track of them in one secure spot. The key is picking one that is simple to use and from a reputable source.

What to look for: A password manager automatically generates strong passwords and shows you the strength of that password. It can synchronize on all your systems and mobile devices so you can access it whenever you need it. Avoid a password manager that claims to be able to recover your master password for you. This means it knows your master password, which exposes you to much more risk.

A good resource: The best way to find a good password manager is to turn to a reliable source for a review. PC Magazine rates the top 10 password managers in a side by side comparison. LastPass, Dashlane, and 1Password are a few of the top editor picks. Most have free options, while paid versions range in price from $10-$60.

Public Wi-Fi and Device Charging

Most people don’t think twice about using free Wi-Fi and charging ports when they’re on the go, at a restaurant, airport, hotel, or tourist attraction. Although these services are free and everywhere, it doesn’t mean they’re safe to use.

How it works: Connecting to a free Wi-Fi signal puts you at risk of a third party spying on the network. These cybercriminals will wait for victims to conduct personal business and reveal sensitive identifying information over the free network. Once the information is stolen, thieves can use the information to perform multiple nefarious acts.

Similarly, for instance, your rideshare driver may offer a cord to charge your phone or play music in the car. Those cords could be intentionally compromised to steal your data or infect your phone—it’s what experts call “juice jacking.” The same goes for those charging kiosks you see in airports.

Rule of Thumb: Play it safe, avoid using these free services. Although the convenience can be enticing, you can’t ensure there isn’t a bad actor behind the scenes targeting you as their next victim.

Data Destruction

Data destruction is advised when information, whether it is in physical or electronic form, is no longer needed and can be disposed of. Although recycling paper and sending electronics to e-waste are the correct steps to dispose of these items, there are additional steps to take to ensure you do not inadvertently disclose your personal information.

How it works: When disposing of bills or other sensitive information, shred these documents before putting them in the recycle. Similarly, when disposing of electronic devices, you should perform a factory reset and remove the storage device (if possible) before disposing of your electronics. Dumpster divers will scavenge through your trash to collect your information or devices and possibly use it against you.

Additional Info: Once you dispose of your information into the recycle, you have no control if that information will fall into the wrong hands. Performing data destruction on all forms of data limits the amount of risk to you during the process(es) that occur in removing waste from our homes and communities.

Credit Security Freeze

Protect your identity and prevent false accounts from being opened in your name by requesting a Credit Security Freeze from the three major credit reporting agencies — Trans Union, Equifax, and Experian (all three must be done to be effective).

How it works: A credit security freeze will prevent a credit reporting agency from releasing your credit report without your consent. You will be provided a personal identification number or password if/when you want to remove the security freeze from your file or authorize the temporary release of your credit report.

Additional info: As of September 2018, placing or removing a security freeze on any of your credit reports is free of charge. Additionally, you are entitled to one free credit report from each credit agency within a 12-month period.

Resources

Security Freezes

Data Deletion

Password Manager

Social Engineering

Phishing

Public Wi-Fi + Juice Jacking