A while back, I received a call from someone claiming to be from a company where a mail order of mine was delayed. They said they had a solution: If I gave them my full credit card number, instead of the final digits they had, they could send my order right away. I wasn’t believing it, so they reassured me that I could call customer service, but that they could save me time. I said “No, thanks” and hung up. When I called customer service, they had no record of anyone contacting me, but fixed the issue with my order and had it to me in no time. I later Googled the number of the person who called, and it had been associated with fraud.
Use my story as a reminder to remain suspicious of calls, emails or texts asking for personal or financial information. There’s no harm in hanging up to find the legitimate customer service number, verifying the organization contacted you and confirming there’s an issue (by the way, your social security number can’t be suspended!).
This same cautious approach will help you protect your information online. Here are some ways to protect your information and prevent cybercrime:
- Shield your credit/debit cards. After I experienced credit card fraud for the third time in a year, the customer service representative said I might want to use radio-frequency identification (RFID) wallets. The chip on credit/debit cards has a frequency used by some point-of-sale devices when making purchases, opening a window for thieves holding a radio frequency scanner within 10 feet of you to skim your account information. For the most part, RFID wallets can shield your cards and I haven’t had further instances of credit card fraud since I started using one. Read more on this and how to prevent other types of credit/debit card fraud.
- Set alerts for your credit/debit cards and bank accounts. Get notified via email, phone or text when transactions exceed a specified amount. Then let your credit card company know when and where you travel so they don’t block your card (thinking it’s a fraudulent charge). This also helps them act faster on any suspicious charges while you’re away.
- Back up your data. Regularly back up data on your devices to a secure cloud service and/or external storage. Nowadays, portable drives are small, can hold lots of data and are reasonably priced. Most ransomware attacks occur when you click on a link in an email or text, which installs ransomware that encrypts your device or data. Having a backup of your data ensures you don’t have to pay the perpetrators to unencrypt your data.
- Protect your devices and internet connections. Install antivirus software on your devices (including your home Wi-Fi) for real-time protection against viruses and malware, and use two-factor authentication for your email and any important accounts that offer the option. Additionally, use a virtual private network (VPN) to encrypt your online connection and protect your private data from prying eyes, especially when using public Wi-Fi.
- Keep your devices updated. Maintain the current operating system on your devices to prevent cybercriminals from exploiting vulnerabilities, which they can use to gain access to your devices and data.
- Use complex passwords. Systems and their passwords can and do get compromised. Apply a strategy of increased password complexity based on the value of the account and data at stake. For those with a high value, make passwords more complex and change them more frequently. Best practice is to create a password of at least 10 characters with a combination of letters, symbols and numbers, while avoiding dictionary words, even if you replace certain letters with numbers or symbols—ideally not using the same password on multiple sites. You may want to try an application that generates random and complex passwords, or a password management application that can securely store your passwords.
- Don’t go phishing. Be careful not to click unsolicited emails. That alone may give a third party access to your contacts, which exposes them to spam and phishing. Clicking a link within the unsolicited email also may install a virus.
- Avoid advertising your information on social media. Cybercriminals may be able to access your accounts with just a few data points. If you share personal information on social media, such as the names of pets or family members, criminals might be able to guess the answers to security questions for your accounts. Also, if you share where you’re vacationing, perpetrators will know your current location and that you’re not home, which makes both locations vulnerable. Use caution and consider announcing where you traveled and posting your photos after you return home.
- Stay alert for security breaches. About 3.5 billion people had their personal data stolen in the two biggest breaches of this century. If you have an account with an organization that experiences a breach, find out what data was stolen and immediately change your password. Take advantage of any free subscriptions to identity protection services offered by the organization and if you can afford it, consider paying for your own subscription—most services will reimburse you for financial loss due to identity theft and provide legal protection.
- Protect your children. Instead of blocking channels, talk to your kids about how to safely use the internet and let them know they can talk to you if they experience online bullying or harassment. Protect their devices as you would your own, and look into applications that protect them from accessing malicious and inappropriate sites.
- Report it. If you think you’ve been a victim of cybercrime, fraud or identity theft, alert the local police, FBI (in some cases) or the Federal Trade Commission. This helps authorities stop criminals from victimizing others in the future. Then notify the organizations where your accounts may have been compromised or stolen. Also, request a copy of your credit report.
Today’s blog comes from Scott Davis, Security Risk & Compliance Senior Analyst