How to Protect Your Data & Report Fraud

Written by:

Each year, scammers, hackers, and data thieves find new ways to steal data or fool people into giving it to them freely. No matter how secure you keep your own data, some pieces of your personal information are stored and protected by a third party.

Phishing

While phishing is not a new tactic, it will continue to be a major threat in 2024 and beyond. When a scammer poses as a legitimate person or business and tricks people into giving away private information, they are “phishing” for that information.

Fortunately, there are ways to protect yourself. However, phishing tactics are becoming more sophisticated and sometimes more targeted, a method known as “spear phishing.”

Spear Phishing

Spear phishing is a more targeted form of phishing. The scammer, instead of casting a wide net, chooses a specific person or group to target with an email attack.

Spear phishers actually research their targets, gathering what information they can to craft emails that will convince people at a company or organization to enter their password in a fake login page created by the scammer.

The best way to protect yourself and your company from spear phishing tactics is to be very suspicious of any emails you receive that ask you to enter personal information, passwords, or other data right away.

Even if a message appears to have come from your own company and takes you to a familiar-looking log-in page, it could be a spoofed version created by the spear phisher. It’s always a good idea to check with your company’s IT department if you’re unsure about an email you have received.

Vishing

Another type of phishing is called “vishing” and the V is for VoIP. Scammers are using Voice over IP (VoIP) phones to connect their digital scams to phone numbers they control. Scammers pose as banks and send emails to the bank’s customers asking them to call a phone number to discuss their accounts.

Phone fraud, typically known as vishing (phishing that happens through a phone call), can be just as deceptive and damaging as email or text fraud. A criminal calls and poses as a legitimate bank or trusted financial service to notify you of a non-existent alert or some sort of urgent matter as a way to trick you. 

In some variations, scammers use specialized technology to clone a financial institution’s number to appear on the victim’s caller ID as the company’s correct contact number. Then, when you answer the call, they often pose as a “trusted employee” to persuade you to disclose sensitive financial and personal details.

The best advice to beat the scam is simple: Never assume that someone is who they say they are just by the number displayed on your phone. Always be suspicious if asked for your four-digit PIN on your debit/credit cards, personal or account information, a one-time code, login information, or passwords. Remember, your financial institution should never call and ask you for these things. When in doubt, hang up and call your financial institution directly.

Smishing

Smishing scams use text messages to establish contact with the intended victim and later access their personal information. The scam begins with a supposedly urgent text appearing to be from the victim’s financial institution. The scammer will warn that immediate action must be taken.

The victim is then instructed to call a specified number and, upon doing so, will be asked to share their financial information. Once they’ve got this info, the scammer can steal the victim’s identity, empty their accounts, or go on a shopping spree on the victim’s dime.

Your financial institution may have fraud protection services that will text you to verify a transaction. This is different from a smishing text. If you receive a suspicious-looking text, do not engage. Jot down the scammer’s number and delete the message.

If you’ve fallen for the scam and your accounts have been compromised, alert the number on the back of your debit or credit card. Then follow up with your financial institution to ensure your accounts are safe and no futher steps need to be taken.

Being proactive can protect you and your accounts from a smishing scam in the future. Be prepared by using two-factor authentication for banking apps and sites, assign strong and different passwords across your accounts and apps, and ignore all text messages from unknown numbers.

Social Media Attacks

Scammers are creating social posts that mimic big brands, companies, or influencers offering giveaways or rewards. They aim to gather information from people or even hook them into paying for a fake but expensive service. Be aware of social media ads that make big promises but require you to provide information or sign up for a paid service to get the “rewards.”

Steps You Should Take

Change Passwords

The first step after any breach is to change passwords. Usually, vendors will email you to let you know that a breach has occurred and urge (or even require) you to change your password. Don’t ignore these requests. It’s a good idea to act quickly, and it’s an even better idea to have different passwords for each online service you use.

Otherwise, one compromised account would give a hacker access to your account. With a password manager, you can save all your passwords and only remember a single master password to access them.

It is best to change passwords every six months for high-security accounts such as your primary email address, credit cards, brokerages, and online banking.

Update Security Questions

Another less examined aspect of the data breach is security questions. Questions and answers used in the password reset process may have been compromised, too. If you use information like your favorite author, book or sports team to secure multiple accounts, that data could also be at risk.

Worse yet, this data is frequently unencrypted, since it represents only one part of the password reset process. This means it may be widely available, especially if it’s something you post publicly about on your social media.

Review Personal Information

Review and change the information if you use the same personal information question(s) on multiple websites. Wherever possible, switch to a two-step authentication method. These processes use your cellphone number as a backup password option.

If you try to reset your password, the service will call or text you with a code to use as a verification method. It puts another step between potential thieves and your information.

Check Credit Score

Finally, this is a good time to check your credit. You could already be a victim of identity theft if you haven’t checked your credit score recently. Getting a credit report will let you know if any new accounts have been opened using your personal information.

Similarly, this might be a good time to consider a credit monitoring service. Such services periodically monitor your credit and can help protect against identity theft.

How To Protect Your Identity With A Security Freeze

1.) Call your bank or credit union to report fraudulent use of your account or credit card if it has been breached.

2.) Call the fraud department of every credit card that is issued in your name. You don’t need to cancel the cards. Report the fraudulent use and announce your plans to set up a security freeze with the credit reporting agencies.

3.) Call each of the three major credit reporting agencies to set up a security freeze. Each has its own process, and there may be a small fee for the service, approximately $10 per agency.

• Equifax – 1-800-349-9960
• Experian – 1-888-397-3742
• TransUnion – 1-888-909-9972

4.) Call each credit reporting agency whenever you want a particular vendor to access your credit report. This is a “temporary lift” of the credit freeze for one vendor only. The permanent credit freeze remains in place until you remove it entirely. There may be a fee for each temporary lift.

Controlling who can access your credit report (and who cannot) gives you the most security possible, but it requires more work on your part, too, and it may involve occasional but nominal fees.

This article is for educational purposes only. WeStreet Credit Union makes no representations as to the accuracy, completeness, or specific suitability of any information presented. Information provided should not be relied on or interpreted as legal, tax or financial advice. Nor does the information directly relate to our products and/or services terms and conditions.