Bank ABC, or any other legitimate institution will never ask you to provide passwords, credit card details, bank account details, personal information, or ask you to transfer cash through the email or SMS, therefore always remember to:
- Use a strong, unique password and change it every 3 months.
- Check your online bank account every day.
- Sign up for email or text message alerts.
- Type your internet banking URL.
- Do not trust sites with certificate warnings or errors.
- Ensure you log off properly.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting sensitive information.
- Only do online banking on a secure, private computer.
- Don’t download files from unknown sources
- Lock your computer when you aren’t using it.
- Use anti-virus software.
- Patch and update on a regular basis.
- Backup important files on a regular basis.
What is Identity Theft?
Identity theft happens when someone uses information such as your Name, Address, Credit Card and Bank Account Numbers, Social Security Number, etc.) without your permission. Such theft can be used to buy things with your credit cards, get new credit cards, open a phone, electricity, account, steal your tax refund and basically pretending to be you if needed.
How to protect yourself from Identity Theft
Protect your personal information. That helps you protect your identity:
- Keep your financial records, Social Security and Medicare cards in a safe place.
- Shred papers that have your personal or medical information.
- Take mail out of your mailbox as soon as you can.
- Do not give your personal information to someone who calls you or emails you.
- Use passwords that are not easy to guess. Use numbers and symbols when you can.
- Do not respond to emails or other messages that ask for personal information.
- Do not put personal information on a computer in a public place, like the library.
What is Social Engineering?
A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering you’re banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true-if you aren't suspicious, you likely will end up paying
NEVER give or share personal information with anyone, or perform actions you would not usually do because someone asked you to. Always challenge them.
Phishing & Spear Phishing
What is Phishing & How to identify phishing emails?
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organizational ready has. The Website however, is bogus and setup only to steal the users information.
How to identify Phishing Emails?
- Phishing emails will appear to come from a friend, your boss, family member, bank, or government organization.
- Phishing emails might include text like "Verify your account ",”You have won the lottery”, or "If you don't respond within 48 hours, your account will be closed", “urgent response”.
- Phishing emails might ask you to click on a link or open a file.
- Phishing emails might include official-looking logos, wordings, and other identifying information taken directly from legitimate Web sites.
- Phishing emails might include links to spoofed Web sites where you are asked to enter personal information.
What is Spear Phishing?
Spear phishing is highly targeted phishing attack. Spear phishers send email that appears genuine and come from a trusted source like a work colleague, boss, friend, family, your bank, or government organization. The aim of the spear phishing is to trick the victim in to performing actions he/she will not usually do.
How Spear Phishing Works?
First, Criminals gather information about the target victim / and or organization. They often obtain it through websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need the information.
Finally, the victims are asked to either reply to the message, click on a link inside the e-mail, or open a file
NEVER click on a link or open a file coming from unsolicited email. Delete all unsolicited emails.
If a message looks or sounds suspicious it is most likely a phishing email. Delete all phishing emails. If you are not sure, use your contact information (not provided by the email) and call the person to verify the request.
- Don’t open unknown or unexpected email attachments.
- Don’t send confidential information via email
- Don’t reply to unsolicited email messages (SPAM).
- Turn off the message preview pane in Outlook or Outlook Express
- Don’t be an unintentional Spammer
- Don't follow links in spam messages
- Remember that the internet is a public resource
- Keep software, particularly your web browser, up to date
- Use and maintain anti-virus software
- Use strong passwords
- Don't use only letters or only numbers.
- Don't use names of spouses, children, girlfriends/boyfriends or pets.
- Don't use phone numbers, Social Security numbers or birthdates.
- Don't use the same word as your log-in, or any variation of it.
- Don't use any word that can be found in the dictionary —even foreign words.
- Don't use passwords with double letters or numbers.
- Passwords must be at least 10 character long.
- Include one capital letter -A to Z.
- Include one small letter –a to z.
- Include one digit –0 to 9.
- Include one special character - ( !@#$% ^&* )