The next time you’re about to go online — whether at work or home — stop, think and then connect. We wanted to take a moment to remind everyone of the ongoing danger of cyber criminals and how to prevent the most recent threats involving identity theft, cyber fraud, social networking scams, and payment fraud. Remember, the strongest line of defense against these criminals is to be aware and well-informed. At HFG, we take a highly proactive and defensive approach with the security of our client’s data and work extremely hard to ensure client data is safe under our management. For this reason, we wanted to share 10 best practices to help you stay safe online as well as countermeasures you can take to be more cyber secure. We hope this blog post both informs and inspires you to keep your defenses up and take action if needed.
1. Protect Your Information & Documents
- Don’t carry your social security card
- Be wary of “check washing” – the process of a crook erasing a check and writing it out themselves – always check your bank statements
- Always write your full name on checks
- Sign the backs of your credit cards
- Shred confidential trash with a cross-cut shredder
- Don’t leave outgoing mail with personal information in your mail box for pickup – take it to the post office instead
TIP – If you are the victim of identity theft for tax related purposes, or at risk because your information has been breached, go to: www.irs.gov and follow the instructions to fill out form 14039.
TIP - Key Numbers for Identity Theft:
FBI- (202) 324-3000 or your local field office
FTC – 1-877-IDTHEFT
Postal Inspection Service – 1-877-876-2455
IRS – 1-800-829-0433
Social Security Administration – 1-800-269-0271
TIP – If a loved one dies:
- Send a copy of the death certificate to the three credit reporting agencies
- Notify the Social Security Administration immediately
- Don’t mention a woman’s maiden name or exact birth date in the obituary
2. Be Vigilant Against Tricks
- Never provide personal information to anyone in response to an unsolicited request. HFG Clients - Please Note, if you ever receive a suspicious email from anyone at our firm or any other entity and you are unsure if it is legitimate, please call FIRST before taking any action. Any emails coming from our firm will come from “employeefirstname”@hfgllc.com
- Never reply to unsolicited emails from unknown senders, open their attachments or click on any links
TIP – To remove your name from lists: Mail – www.dmachoice.org; Phone – www.donotcall.gov
3. Protect Your Communications
- Keep your computer and security software updated – understand that sometimes technology breaks down or doesn’t work - our backup is our vigilance
- Don’t conduct sensitive transactions on a computer that is not under your control
- Protect your Wi-Fi with a password and WPA (Wi-Fi Protected Access) encryption
- Make sure you use a passcode on your mobile phone to prevent anyone stealing information from it
- Transact securely – don’t put information or credit card numbers online unless you have the “https” – the “s” stands for secure
TIP – To Report Internet Fraud: www.ic3.gov
TIP– When on your computer, if you didn’t look for it to begin with – DON’T DOWNLOAD IT.
4. Check Your Credit Report
- Order your free credit report 3 times per year
- Check financial accounts often for any unusual activity
TIP – To stop preapproved credit card offers:
www.optoutprescreen.com or 1-888-5-OPTOUT (567-8688)
TIP– Credit Reporting Bureaus
Equifax: (800) 525-6285
P.O. Box 740241 Atlanta, GA 30374
Experian: (888) 397-3742
P.O. Box 9530 Allen, TX 75013
Trans Union: (800) 680-7289
P.O. Box 6790 Fullerton, CA 92834
TIP– To place a fraud alert on your account with all three credit reporting agencies: www.fraudalerts.equifax.com
TIP - You are allowed 3 free reports each year; to order:
On Web: www.annualcreditreport.com
On Phone: 1-877-322-8228
5. Be on Alert for “Phishing” to Prevent Account Takeovers
Cyber criminals will often “phish” for victims using mass emails, pop-up messages that appear on your computer, and/or the use of social networking and internet career sites. For example, cyber criminals often send unsolicited emails that:
- Ask for personal or account information
- Direct you to click on a malicious link provided in an email
- Contain attachments that are infected with malware
They use various methods to trick people into opening the attachment or clicking on the link, sometimes making the email appear to provide information regarding current events, natural disasters, major sporting events, and celebrity news to lure people to open and click. Criminals may also disguise the email to look as though it is from a legitimate business. Often, they employ some type of scare tactic to entice you to open it and/or provide account information. Cyber criminals have sent emails claiming to be from:
- UPS – “There has been a problem with your shipment”
- Financial Institutions – “There is a problem with your banking account”
- Better Business Bureau – “A complaint has been filed against you”
- Court Systems – “You have been served a subpoena”
Please note, these criminals use email addresses and other credentials stolen from company websites, relatives and friends to make it look like it is from a trusted source.
HFG Clients – again, if you ever receive an email from an address related to our company name or with a variation of our email domain name that seems suspicious, please call us FIRST at 248.648.8598 to verify we sent it.
TIP– Educate yourself and everyone you know on this type of fraud scheme.
TIP- Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem, as it could actually be malicious software that allows the fraudster to remotely access and control your computer.
6. Be Aware and Prevent Wire Transfer/ACH Fraud
- Conduct online banking and payment activity from one dedicated computer that is not used for other online activity
- Use all bank provided wire transfer controls
- Restrict the bank accounts from which a wire transfer can be made
- Review daily bank account activity on a regular basis
For Business Owners
- Require two persons to consummate all wire transfers to external parties
- Use unique passwords or a bank supplied token to access wire-transfer software
- Require sufficient documentation and have a second person review all wire transfer journal entries
- Establish positive pay and block for ACH transactions
7. Look Out for Fake Notification Emails from Social Media Sites
These typically include links to phony pages that attempt to steal your login information or prompt you to download malware. Never click on links in suspicious emails – instead, log into the site directly.
TIP - Security Information for Social Networking Sites
TIP – Don’t enter your password through a link. Just because a page on the Internet looks like Facebook, doesn’t mean it is.
8. Be Wary of Suspicious Posts, Messages and Games on Your Social Media Sites
Wall posts or messages that appear to come from a friend asking you to click on a link to check out a new photo or video that doesn’t actually exist - the link is typically for a phony login page or site that will steal your passwords.
TIP – Don’t click on a message that seems weird. If it seems unusual for a friend to write on your wall and post a link, that friend may have gotten phished.
TIP – Don’t provide your cell phone number to verify the results of a Facebook game or survey without reading the terms and conditions – if may result in recurring charges on your cell phone bill.
9. Manage Your Passwords Wisely
- Have strong passwords – crooks can use password crackers to guess passwords
- Have at least 8 characters including upper and lower case and special characters
- Don’t use the same password on social media sites that you use in other places on the web - if you do this, phishers or hackers who gain access to one of your accounts will easily be able to access your others as well, including your bank
- Don’t share your passwords with anyone
- Don’t store passwords on a computer hard drive or post them near the computer
- Change your passwords every 90 days
TIP - Password Managers
For Smartphone: Keeper
For Computer: Last Pass, Dashlane
10. Practice General Online Safety Rules at All Times
- Be wary of strangers – the internet makes it easy for people to mispresent their identities and their motives. If you interact with strangers, be cautious about the amount of information you reveal or agreeing to meet in person.
- Be skeptical – people may post false or misleading information about various topics, including their own. Try to verify the authenticity of any information before taking any action.
- Evaluate your settings – use privacy settings. The default settings for some sites may allow anyone to see your profile and information. Even private information could be exposed, so don’t post anything that you wouldn’t want the public to see.