fbpx

10/05/24 - Online and Mobile Banking issue has been resolved.

Scheduled System Maintenance from 7 p.m. on Saturday, October 12, 2024, to 2 a.m. on Sunday, October 13, 2024. During this period, Online and Mobile Banking will be temporarily unavailable. We apologize for any inconvenience and appreciate your understanding as we work to improve our services.

September 24, 2024 Security

How to Protect Your Data & Report Fraud

Written by:

Each year, scammers, hackers, and data thieves find new ways to steal data or fool people into giving it to them freely. No matter how secure you keep your own data, some pieces of your personal information are stored and protected by a third party.

Phishing

While phishing is certainly not a new tactic, it will continue to be a major threat in 2020 and beyond. When a scammer poses as a legitimate person or business and tricks people into giving away private information, they are “phishing” for that information.

Fortunately, there are ways to protect yourself. However, phishing tactics are becoming more sophisticated and sometimes more targeted, a method known as “spear phishing.”

Spear Phishing

Spear phishing is a more targeted form of phishing. The scammer, instead of casting a wide net, chooses a specific person or group to target with an email attack.

Spear phishers actually research their targets, gathering what information they can to craft emails that will convince people at a company or organization to enter their password in a fake login page created by the scammer.

The best way to protect yourself and your company from spear phishing tactics is to be very suspicious of any emails you receive that ask you to enter personal information, passwords, or other data right away.

Even if a message appears to have come from your own company and takes you to a familiar-looking log-in page, it could be a spoofed version created by the spear phisher. It’s always a good idea to check with your company’s IT department if you’re unsure about an email you have received.

Vishing

Another type of phishing is called “vishing” and the V is for VoIP. Scammers are using Voice over IP (VoIP) phones to connect their digital scams to phone numbers they control. Scammers have posed as banks and sent emails to the bank’s customers asking them to call a phone number to discuss their account.

Phone fraud, typically known as vishing (phishing that happens through a phone call), can be just as deceptive and damaging as email or text fraud. A criminal calls and poses as a legitimate bank or trusted financial service to notify you of a non-existent alert or some sort of urgent matter as a way to trick you. 

In some variations, scammers will use specialized technology to clone a financial institution’s number so it appears on the victim’s caller ID as the company’s correct contact number. Then, when you answer the call, they often pose as a “trusted employee” in order to persuade you to disclose sensitive financial and personal details.

The best advice to beat the scam is simple – never assume that someone is who they say they are just by the number displayed on your phone. Always be suspicious if you’re asked for your four-digit PIN, personal information, or passwords. Remember, your bank will never call and ask you to do any of these things.

Smishing

Smishing is phishing but through SMS text. It is on the rise in 2020, but fortunately you can protect yourself using the same methods for other phishing scams.

Social Media Attacks

Scammers are creating social posts that mimic big brands, companies, or influencers offering giveaways or rewards. Their goal is to gather identifying information from people or even hook them into paying for a fake but expensive service. Be aware of social media ads that make big promises but require you to provide information or sign up for a paid service to get the “rewards.”

Steps You Should Take

Change Passwords

The first step after any breach is to change passwords. Usually, vendors will email you to let you know that a breach has occurred and urge (or even require) you to change your password. Don’t ignore these requests. It’s a good idea to act quickly, and it’s an even better idea to have different passwords for each online service you use.

Otherwise, one compromised account would give a hacker access to every account you have. With a password manager, you can save all your passwords and only remember a single master password to access them.

It’s best to change passwords every six months for high-security accounts, such as your primary email address, credit cards, brokerages, and online banking.

Update Security Questions

Another less examined aspect of the data breach is security questions. Questions and answers used in the password reset process may have been compromised, too. If you use information like your favorite author, book or sports team to secure multiple accounts, that data could also be at risk.

Worse yet, this data is frequently unencrypted, since it represents only one part of the password reset process. This means it may be widely available, especially if it’s something you post publicly about on your social media.

Review Personal Information

If you use the same personal information question(s) at multiple websites, review and change that information. Wherever possible, switch to a two-step authentication method. These processes use your cellphone number as a backup password option.

If you try to reset your password, the service will call or text you with a code to use as a verification method. It puts another step between potential thieves and your information.

Check Credit Score

Finally, this is a good time to check your credit. It’s possible you could already be a victim of identity theft if you haven’t checked your credit score recently. Getting a credit report will let you know if any new accounts have been opened using your personal information.

Similarly, this might be a good time to consider a credit monitoring service. Such services keep an eye on your credit periodically, and can help protect against identity theft.

How To Protect Your Identity With A Security Freeze

1.) Call your bank or credit union to report fraudulent use of your account or credit card if it has been breached.

2.) Call the fraud department of every credit card that is issued in your name. You don’t need to cancel the cards. Report the fraudulent use and announce your plans to set up a security freeze with the credit reporting agencies.

3.) Call each of the three major credit reporting agencies to set up a security freeze. Each has its own process, and there may be a small fee for the service, approximately $10 per agency.

  • Equifax – 1-800-349-9960
  • Experian – 1-888-397-3742
  • TransUnion – 1-888-909-9972

4.) Call each credit reporting agency whenever you want a particular vendor to access your credit report. This is called a “temporary lift” of the credit freeze for one vendor only. The permanent credit freeze remains in place until you choose to remove it entirely. There may be a fee for each temporary lift.

Making the choice to control who can access your credit report (and who cannot) gives you the most security possible, but it requires more work on your part, too. And it may involve occasional but nominal fees.

This article is for educational purposes only. WeStreet Credit Union makes no representations as to the accuracy, completeness, or specific suitability of any information presented. Information provided should not be relied on or interpreted as legal, tax or financial advice. Nor does the information directly relate to our products and/or services terms and conditions.