Cybersecurity Threats and Best Practices

Cybersecurity Threats and Best Practices

Cybercrime and fraud are serious threats that can compromise your identity, personal property, and assets. This criminal activity committed by hackers targets your computer, computer network or networked device in pursuit of digital information and fraudulent profits.

In a progressively digital age, cybercrime is more prevalent than ever before and new trends are constantly emerging. Cybercriminals exploit new technologies and design their attacks using different tactics.

Taking security measures is vital to prevent malicious cyber activities from harming your connected devices.  You can protect your information and assets by applying caution while sharing information or executing transactions. 

Cybersecurity Threats

1) Identity theft: Identity theft is using a person’s personal or financial data to commit fraud. The targets of this crime are personal information, financial information, and access to online accounts. The personal information frequently targeted includes your name, address, and date of birth, Social Security number, driver’s license number, Passport, or signature. The financial information often pursued are User IDs and passwords, account numbers and ABA numbers, credit card numbers, ATM/Debit cards and checks.

2) Phishing: Phishing, also referred to as pharming, opens the door to identity theft and computer security breaches. Phishing is when someone attempts to steal personal or financial information. It usually starts with an email asking for sensitive information, such as your User ID or username, your password, or your account information.

How to spot phishing?

• Personal information request: This is the ultimate objective of phishers. An email, pop-up window, or fake website will ask you for your username or ID, your passwords, or other sensitive information. Please scrutinize any request for information that you receive.
• Wrong address: Often, the address of the website to which you are misdirected will show one of the telltale signs that it is an imposter.   
• Generic greeting: Instead of addressing you by name, phishing emails often start with, “Welcome Cardmember” or another generic greeting, with no information specific to you.
• Urgent messages: One-way phishers prompt you to respond is by threatening you about your account, for example, by claiming it will be closed or suspended. This sense of urgency is intended to prompt people to act fast without thinking.
• Lost information: Phishers might say that the company has lost your information and needs you to re-enter it.

3) Stock spam: Online investors should be aware of stock spam, part of a common internet fraud involving a “pump and dump” scheme. In other words, a company might be promoted and recommended as the latest hot stock in chat rooms, supposedly unbiased newsletters, or even in its own press releases. Unwitting investors purchase the stock, creating high demand and inflating its price. Then those who are behind the scheme sell their shares at the peak, stop the hype, and the stock price plummets—causing regular investors to lose money.

4) Spyware:  As its name suggests, spyware is software that is used to “spy” on your computer. It poses two problems: invasion of privacy; and can adversely affect your computer’s performance.  Spyware can be used relatively harmlessly by advertisers who track your internet usage and then use that data to target specific ads to you. Or, more dangerously, it can be used by hackers who might monitor your chat sessions, capture keystrokes to figure out the personal information you enter (password or account number) or change your web browser settings.

Recognizable symptoms of spyware include:

• Your computer is spammed with pop-up advertisements or warnings when you’re online.
• Your browser settings have changed (not by you).
• You have a new browser toolbar that you did not install.
• Your computer seems sluggish.
• Your computer crashes frequently.

5) Viruses, worms, and Trojans: Viruses, worms and Trojan horses (often referred to as just Trojans) are programs that can become embedded on your hard drive. They can allow remote access to your computer, send spam, be used to spy on you, log your keystrokes, aid phishers, erase data, and even wipe out your hard drive.

• A virus is computer code that infects your computer when you take a certain action, such as double clicking on an email attachment. A virus typically embeds in your existing software and uses it to reproduce and spread.
• A worm is stand-alone program. They do not embed themselves into another piece of software but spread by duplicating themselves without any intervention from you.
• A Trojan is a stand-alone program that spreads by masquerading as a harmless file or program and tricking the user into installing it on his or her machine. Many Trojans arrive under the guise of a picture, screensaver, or email attachment.  Once a user opens the file, the Trojan installs itself on the computer and may take over the computer’s email program or use its own email program for malicious purposes.

Cybersecurity Best Practices

Basic guidelines:

• Don’t share your User ID or password with anyone, and don’t write it down. If you share your password with a third party, you assume responsibility for their actions. Be extremely cautious about using aggregation services, as you’re sharing your User ID and password with a third party.
• Avoid accessing your account from public computers in Internet cafes, libraries, hotels, etc.—they can be accessed by malicious users who may have installed software in them to record your keystrokes. If you must use a public computer, make sure it is from a reputable provider.
• When you are finished accessing your account, always log off and close your browser.

1) Avoid email fraud: Email can be a source of danger. Many Internet scams today involve email messages that appear to come from a trusted source but are not trustworthy. Additionally, email attachments can be harmful because they can contain viruses.

Indications that an email is fake:

• The email claims to be from a legitimate company requesting that you change your password by clicking on a link. It may even threaten to suspend your account if you do not do this.
• The email claims to be from a person in authority requesting a copy of a password file, User ID, Social Security number, or banking information.
• The email asks you to verify your account information by clicking on a link and filling in a form.
• Right click on the link in the email and select properties. If the section under URL Address contains an ‘@’ symbol or does not appear to be your intended address, then it is likely fraudulent.

Protect yourself from email and text message fraud:

• Do not reply to any email asking for personal information.
• Scan all attachments with an anti-virus software program before downloading.
• Do not visit links sent by email as these can lead to phishing sites.
• Do not open or reply to spam email which can prompt more spam to be sent to your inbox.
• Turn off the “preview pane,” as this allows some viruses to be executed even if you never actually open the email.
• If in doubt, use a browser to search for the phone number of the organization/firm that you suspect is phishing and call that phone number.  Do not use any link or email provided in the email or text message.

2) Create secure passwords: Choosing your password well and keeping it a secret can be key steps to safeguarding all of your online transactions. To create a password that is more difficult to guess, use a combination of letters and numbers for passwords you create.

Secure Password Checklist:

• Don’t base your password on personal information—such as the name of your pet or your company.
• Don’t use a word found in the dictionary as your password.
• Avoid substituting numbers for letters.
• Don’t use your User ID as your password.
• Don’t use simple number sequences like “1234” or a series of duplicate numbers like “1111”.
• Change your password regularly, and don’t “recycle” a password used somewhere else.

3) Check a site’s security setting: Make sure you only access personal information through Websites that use Secure Sockets Layers (SSL). A Secure Socket Layer (SSL) is an additional layer of security that many sites use.

Check whether the site you are on has an SSL in effect:

1. Look at the Website address. If you are on a secure site, the address will include https:// instead of http://. The extra “s” stands for secure.
2. Look at the bottom of your browser or at the top (after the address bar) for a lock or key icon. This indicates a secure connection. Each secure site comes with a digital certificate, establishing its legitimacy. To view the certificate, double click on the lock or key.
3. If you get a pop-up message indicating a problem with a site’s Security Certificate, do not proceed. The website should be secured with a digital certificate, which verifies you’re at a legitimate website and not a “spoofed” site.

4) Protect your computer and network: Protect your computer against new viruses or other attacks with firewalls, anti-virus, anti-spyware, and anti-spam software and configure all software for automatic updates.

1. Firewalls: A firewall controls how information moves between a computer and a network to help ensure that only legitimate traffic takes place. A firewall also disguises and hides the presence of computers behind it, making it more difficult for potential intruders to find and attack them. 
2. Antivirus software: Antivirus software is designed to identify and eliminate viruses from your computer. It does this by monitoring any unusual changes or attempts to copy data from one program to another, and then compares these to known viruses.
3. Anti-spyware software: Spyware can adversely affect your computer’s performance. Anti-spyware software is software that scans your computer to detect and remove spyware.
4. Anti-spam software: Many Internet scams today involve email messages that appear to come from a trusted source but are, in fact, not trustworthy. Additionally, email attachments can be harmful because they can contain viruses. Anti-spam software is software that scans your email to detect and remove spam.

5) Protect your wireless network: Use of a wireless network presents several security concerns. Wired Equivalent Privacy (WEP) is the standard encryption that wireless devices use. If your wireless network supports WPA or WPA2 you should select that option rather than WEP.

Because encryption can be breached, make sure you take these steps:

• Change the administrator password. After you remove your WiFi router out of the box, you’ll be prompted to log into it through a web page using a specified username and password. That username and password is identical for all models of your router—an open invitation to hackers because these common passwords are published by numerous sites.
• Change the default Service Set Identifier (SSID).  The manufacturer of your router sets all their routers to the same SSID, for examples “default” or “LinkSys.” While the SSID doesn’t allow hackers to get it, a default setting often signals them that the owner hasn’t taken the proper security precautions. You can change this setting in the setup page of your router.
• Only access personal information through Web sites that use Secure Sockets Layers (SSL).
• Disable file and printer sharing capabilities when you’re connected to a public wireless network.

If you doubt the security of an open wireless network, don’t use it—shut off wireless connectivity or remove the wireless network card. If you leave your computer unattended, disable the wireless mode to prohibit networks that you didn’t create from using your wireless software.

What should you do if you are compromised?

1) Contact custodians right away: Contact your broker, bank, investment advisor, or other effected institution immediately. 

2) Credit bureaus: If you believe you have been a victim of identity theft you should contact the three credit bureaus listed below to place a fraud alert on your credit. A fraud alert prohibits new credit from being established without your approval. Additionally, request a credit report from each bureau. Review each report carefully for any errors or unexplained items and confirm all personal information. Check back by ordering a new credit report periodically (sometimes problems don’t show up right away).

Equifax

www.equifax.com

Report fraud: 1-800-525-6285

Order a credit report: 1-800-685-1111

P.O. Box 740241

Atlanta, GA 30374-0241

Experian

www.experian.com

Report fraud: 1-888-397-3742

Order a credit report: 1-888-397-3742

P.O. Box 1017

Allen, TX 75013-0949

TransUnion

www.tuc.com

Report fraud: 1-800-680-7289

Order a credit report: 1-800-916-8800

Fraud Victim Assistance Department

P.O. Box 6790

Fullerton, CA 92834

3) Additional Actions, Next Steps, and Resources:

• File a police report: Identity theft is a crime. A police report can act as proof to your creditors that you are not at fault.
• File a complaint with the Federal Trade Commission (FTC): File a complaint form on the FTC’s website. When you file this form, the FTC will investigate your situation and respond. You can also report fraud over the phone by calling the toll-free Identity Theft Hotline at 1-877-ID-THEFT or 1-877-438-4338.
• Fill out an ID Theft Affidavit: Fill out the ID Theft Affidavit, available on the FTC’s website, and send it to your creditors to help ensure that you are not held responsible for fraudulent charges made to your account. Some creditors require their own form, so check with each to find out what they need.
• Close fraudulently accessed or opened accounts and create new ones: Closing these accounts safeguards you from future complications. Speak to the fraud department of each of your creditors to find out how to close any fraudulently accessed accounts.
• Change all passwords: Change every password for financial services accounts first, beginning with your bank accounts and your accounts with us. Then change any other passwords (for email, for example, or retail accounts) that may have been compromised.
• Keep records of everything: Save everything documenting your efforts to repair the damages you incur: e-mails, letters, records of phone calls and the people you speak to, and the results of any contacts.
• Federal Trade Commission (FTC): See the FTC’s site at http://www.ftc.gov/ for a variety of information and resources.
• Social Security Administration: For information about your Social Security number, how it is used, and how to protect it, visit the Social Security Administration Website at http://www.ssa.gov/ or call them at 800-269-0271.
• Mail fraud: If you have been a victim of mail fraud, contact the United States Postal Inspection Service.
• FBI: For information from the Federal Bureau of Investigation, visit www.fbi.gov
• Checks: For problems with checks, contact Telecheck:

Telecheck

www.telecheck.com

1-800-366-2425

International: 1-800-526-5380

Additional Websites

• Identity Theft Resource Center
• Consumer Reports
• National Fraud Information Center
• Annual Credit Report Request