Are your devices up to date?
- Whether you use a mobile phone, tablet or laptop, make sure your browser, operating system and software is updated, so you can receive any patches or security updates released. This can help protect you against malware. What’s malware? It’s short for “malicious software” and there are numerous types. Some common types include computer viruses, spyware that “spies” on your online, and ransomware that can lock down your computer and files, threatening to erase everything unless you pay a ransom.
Are your devices secure?
- Ensure your devices are protected by some form of password or passcode (numerical, alphabetical, pattern, facial recognition, fingerprint).
- If your device is connected to an available public Wi-Fi network, turn this feature off to avoid connecting to any unsecure networks that may put your personal information at risk. If you frequently must use public Wi-Fi, consider using a Virtual Private Network (VPN).
- If you are charging your mobile device in a public place, do not plug your phone’s USB cable into unfamiliar ports, use your own port and cable. When a port or cable is hacked or compromised, the data on your phone could be stolen.
Are you suspicious of unsolicited emails or texts?
- It can be hard to recognize phishing texts and emails. The best practice, is to avoid clicking on links or attachments in emails that you are not sure about. If the sender is someone you know, verify with them that the email is legitimate before clicking on it (their account could have been hacked).
- Do not send any personal information over email or text.
Let’s talk passwords.
- It is hard to keep up with passwords on multiple websites, hence, why it is common for people to reuse usernames or passwords. However, this is risky, if one of your accounts is compromised, others using those credentials could also be accessed. Consider using a password manager that creates unique passwords and stores them securely.
- You may also want to think about enabling two-factor authentication where possible. This adds an extra layer of security and requires you to take an extra step (such as entering a code texted to you) in order to log in.
Are your social media habits putting you at risk for identity theft?
- Check the privacy settings on your social media accounts to make sure you’re comfortable with them. You can also set up login notifications that will let you know if someone else logs into your accounts. Be cautious about what you share and who can see it; your publicly available information could be used to find answers to security questions or learn your routines and location.
What about your apps?
- Check the privacy permissions on your apps and only grant those that are needed. Apps that can access your photos, location, camera and contacts, for instance, can allow the app owner to access your information. Only download apps from the Apple App Store® or Google Play™ and avoid those from third-party app stores. Also avoid apps that pop up and ask you to download them, as they could contain malware.
You may have heard the term “fraud” before, but you may not know what a fraudulent email or text message looks like. Phishing messages are used by scammers to trick you into clicking a link or an attachment that will provide them access to your information or download malware onto your device. The goal is to snare your personal or financial information. While phishing traditionally has been done through emails or text messages, recently fraud has been detected on communication apps and social media. Phishing messages may look legitimate, they may come in the form of communication that seems to be from your bank, credit card company, a company you do business with or even your employer. Others may seem to come from a social networking site, an online payment website, app, or an online store. These messages may state there is a problem with; your account, payment information, there has been suspicious activity or login attempts have been made, they may also include a fake invoice, asking you to update or confirm personal information.
How to recognize fraud.
Look closely at any messages like this you receive. Ask yourself the following:
- Do you have an account with this business? If so, is the email address the same email address associated with your account? Did you sign up to get email discounts from this company?
- If the message claims to be from an individual, do you know this person?
- Did the email come to your junk or spam folder?
- Does the message greeting address you by name?
- For emails, hover over the sender’s email address and any links in the email to see where they lead. Do they look legitimate?
- Hover over any attachment to see where the link goes. Does it look like a legitimate site?
- Are there misspellings and awkward grammar?
- Are you being asked for a payment you aren’t sure you owe?
- Are you being threatened with lawsuits and penalties if you don’t immediately take action?
- It is best to not click on any links or attachments in messages if you can not verify that they are legitimate. If they claim to be from a company you know and do business with, do not click on a link in the email to log in to your account, instead, go to the company’s website to log in.
- It is also important to know that most financial institutions and government agencies will not request personal information through emails, texts or other messages.
How to help protect yourself from phishing emails.
Your email spam or junk mail filters may keep some phishing emails out of your inbox, but as scammers and hackers constantly try to get past those filters, you might consider some other ways to help protect yourself. These might include:
- Using security software. Install security and anti-virus software on your computer and set it to update automatically as new threats arise. You can also set automatic updates for apps or software updates on your mobile phone.
- Using multi-factor authentication. Some accounts require more than a password to log in. The additional credentials might include a passcode sent to your phone or an authentication app or a scan of your fingerprint or face. This extra step makes it harder for scammers to access your accounts, even if they have your username and password.
- Backing up your data. Copy your computer files and your phone data to an external drive or cloud storage.
Help! I’ve been phished!
If you clicked on a suspicious link or attachment, here are some steps you can take:
- Disconnect your device from the internet as quickly as possible. Unplug the internet cable or disconnect it from your Wi-Fi network. This may help reduce the risk of malware spreading to other connected devices and may prevent a hacker from remotely accessing your device.
- Back up your files. In case you are the victim of a phishing attack, your data can be destroyed or deleted. Use an external hard drive, a USB drive or cloud storage to back up your device.
- Scan your device with anti-virus or security software . You should be able to run the scan even if you aren’t connected to the internet. If you entered any personal information, such as a password, use an uncompromised device to change that password on any accounts.
- If you entered a credit card or bank account number, contact your credit card company or financial institution.