Phishing Is No “Phun”

Unless you have been living under a rock, you have probably heard about the Data Breach at Target this holiday shopping season. You might even be one of the 40 million customers who unwittingly had their account, debit card, address, and other personal information stolen while shopping for Christmas knick-knacks.

What the Target scammers did is called “phishing.” This type of scam refers to any criminal activity that attempts to obtain sensitive information without the owner’s permission.

We're not talking about the fun kind of fishing here!

We’re not talking about the fun kind of fishing here!

All of the media hype makes it seem like what happened at Target is a unique situation and that Target is a terrible, awful, no-good, greedy corporation that doesn’t care enough about the little people to secure customers’ private information.

However, the idea that what happened at Target is a unique occurrence is both flat out wrong and potentially dangerous.

The truth is, personal financial information is stolen every day. When I worked as a teller I saw countless members who had their debit card number stolen and as a result had fraudulent activity on their account. Just to give you an idea of how frequently this happens, according to IT security vendor Kaspersky Labs 37.3 million internet users faced phishing attacks during the last 12 months. All financial institutions have security measures in place to monitor and prevent unauthorized transactions, but scammers tend to be one step ahead of the game and are constantly discovering new ways to access your private information.

I might have a flare for the dramatic (as evidenced in my most recent post where all I did was yell at my Brother In-Law about the plight of the working man . . . or something like that), I don’t think it’s unreasonable in this day in age to be overly cautious about protecting your private information. You might not need to hunker down in your post-apocalyptic bunker, cut your internet cords, and use only cash from now on, but it is important to be aware of potential scams.

Here’s what you can do:

Be suspicious of any e-mail that includes urgent requests for your private information.

  1. Typically scammers ask for info such as your date of birth, social security number, credit or debit card number, online username/password, etc.
  2. Your financial institution already has this information on file. We would NEVER ask you to verify personal information via an unsecured e-mail.
  3. Scammers may use upsetting or exciting statements to get you to take immediate action, before you have time to fully analyze the situation. Don’t fall for their trap. Example statement: “Your debit card has been compromised. Please confirm the following information immediately to continue using your card.”

DO NOT use links in e-mails, instant messages, or texts to get to a webpage if you are unfamiliar with/ suspicious of the sender. Call the business directly if you have questions or type in the address of a familiar website yourself.

DO NOT fill out forms that come embedded within an e-mail.

  1. You should only give personal information via a secure website or phone.
  2. Some financial institutions, like Casco FCU, may use an online document signing company like Docu-Sign to allow members to complete applications electronically. It is important to remember that you will never be sent one of these electronic forms unless YOU REQUESTED it. If you receive an unsolicited electronic form, contact your financial institution directly by phone.

Just because the URL says https:// DOES NOT mean the site is secure.

  1. Phishers can forge the https:// part of a URL, create a legitimate looking URL address, and forge the lock symbol that pops up next to the web address. Seeing any or all of those features is not a sure sign that the website is secure.
  2. To ensure that you are truly on a secure site, double click on the lock symbol. A security certificate for the site should pop up telling you that it has been verified and is safe to use. Likewise, double clicking the lock symbol will tell you if a site cannot be verified, in which case you should not enter any personal information.

 

This is a screen shot of our online banking page. See the green box/lock symbol at the top? Double clicking that makes a security certificate pop up saying our site has been verified.

(See how the https:// and lock symbol are green? When I double clicked on that it popped up to tell me the site had been verified and was encrypted. An unsecure site comes up in red and when double clicked says that the site cannot be verified.)

Still not feeling secure? Here’s a few everyday things you can do to prevent scammers from phishing successfully for your information:

  1. NEVER e-mail personal information. E-mail is not a secure form of communication.
  2. Use trusted security software and set it up to scan your computer automatically.
  3. Review your account statements (credit card, checking account, etc.) on a regular basis. Put a reminder on your calendar so you don’t forget. Report any unusual or unfamiliar activity to your financial institution ASAP.
  4. Check your credit report annually. You can get one free copy per year at https://www.annualcreditreport.com. Report any errors or issues immediately to the credit bureau.
  5. Invest in some form of Identity Theft Protection that will help you monitor your credit and your accounts. LegalShield, for example, has a very affordable Identity Protection Plan which you can check out here https://sites.legalshield.com/gs/init?grp=cascofcumembers.

 

I hope these tips help you keep your information private and secure!

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s