Fraud is present in every aspect of our lives. To protect yourself, you must take steps to deter, detect then mitigate these activities against you. Below are some best practices along with some Money IQ videos that cover various aspects of fraud and how to protect yourself.
{beginAccordion}
Password Best Practices
Never share a password or personal identification number.
Choose secure passwords. People trying to crack a password will try common information such as telephone number, birthday, address, etc. Passwords that mix random letters, digits, and punctuation are harder for people and programs to crack.
Some characteristics of a strong password are:
- It’s easy to remember. Don’t pick a password that you will have difficulty remembering.
- You don’t have to write it down. Again, if you need to write it down because you have trouble remembering it then you need to choose a different password.
- You can type it quickly.
- It’s a mix of apparently random letters and digits.
An easy way to form a secure password that you can remember is to think of a phrase, song, poem, or sentence and use the first letter from each word.For example:
"I have owned my dog for 5 years" = Ihomdf5y
There are also specific things you should avoid when choosing a password, including the following:
- Words from a dictionary (including foreign language dictionaries) or a word from a dictionary preceded or followed by a single character. For example, "Firecracker2" is not a secure password.
- Names of any kind, including your login name, your first or last name in any form, or your spouse or child’s name. Pets name are a bad choice also, as are names of fictional characters.
- Any kind of easily obtained information. This includes your phone number and your address.
- Simple keyboard patterns such as "12345678". Generic patterns are easily guessed.
- Well-known phrase mnemonics such as "ROYGBIV" (colors of the rainbow) or "WYSIWYG" (what you see is what you get) are easily guessed.
Secure Your Mobile Device
- Keep your device up to date: Make sure your device’s operating system and applications are running the latest versions.
- Use unique, strong passwords and multi-factor authentication
- Only connect to secure Wi-Fi: Avoid public Wi-Fi
- Back up your device regularly
- Use the device provided access of security code, fingerprint, or face recognition to open the device.
Shield Yourself from a Phishing Attack
- Never provide your personal information in response to an unsolicited request. This can come in the form of a phone call, email, internet page, or even a text message.
- Contact the individual/business outside of the message that you receive. Find a valid number through a web search to contact the company.
- Never provide your password or personal information such as your SSN or account number over the phone or in an email.
- Review your account statements for banks and credit cards to verify that all transactions are valid.
- If you fall victim, contact your financial institution or card provider.
Be Aware of PayPal Scams
- Fake emails
Scammers may send emails that appear to be from PayPal, but are actually fraudulent. These emails may claim that your account is locked, suspended, or about to be suspended. They may also claim that you've received a payment, been paid too much, or that there's money waiting for you in your account. - Fake invoices
Scammers may send fake invoices that look like they're from PayPal. - Fake prizes
Scammers may send messages claiming that you've won a prize, but ask you to pay a fee or provide personal information to collect it. - Fake charities
Scammers may use flashy advertisements to trick you into donating to a fake charity. - Fake online shops
Scammers may use flashy advertisements to trick you into making purchases from a fake online shop. - Shipping label scams
Scammers may pose as a legitimate buyer and request that you use their prepaid shipping label. If you agree, they may send the package to an untraceable location.
To avoid PayPal scams, you can:
- Only communicate with PayPal through the official app or website.
- Verify that a message is real by contacting the office that supposedly sent it.
- Never share sensitive information, such as account info, passwords, or validation codes.
- Don't trust Caller ID, as scammers can easily fake it.
- Don't return an automated call.
- Never let an unknown person remote into your phone or computer via app or another program.
ATM Safety Tips
- Be aware of your surroundings, particularly at night. If you observe or sense suspicious activity, do not use the machine at that time. Choose well-lit ATMs and consider having a friend nearby if you visit one at night.
- Have your card ready to use before approaching the ATM. Looking through bags or wallets for your card may distract you from your surroundings.
- Visually inspect the ATM for possible skimming devices. Potential indicators can include sticky residue or adhesive used to affix a skimming device, damaged or crooked pieces, loose or extra attachments on the card slot, or noticeable resistance when pressing the keypad.
- Shield your PIN number entry with your hand or body to prevent others from learning it.
- Do not count or display money at the ATM. Immediately put the money in your pocket or bag and count it in a secure location.
- At drive-up ATMs, be sure passenger windows are rolled up and all doors are locked.
- If you park and walk up to an ATM, be sure to lock your car.
Corporate Account Takeover (CATO)
Corporate account takeover is a type of workforce identity theft where an unauthorized user gains access to a corporate bank account. Once the attacker breaches the account, they have free rein to siphon off funds into their own accounts or steal sensitive customer information for further attacks.
How it happens
Thieves may steal employee credentials or trick an employee into giving them their login information. They may also infect a business's computer with malware, which can be downloaded from an email, website, or even a social networking site.
What they can do
Once they have access, the thief can make unauthorized transactions, steal customer data, or install ransomware.
Consequences
The consequences of a CATO can be severe, including legal repercussions, fines, lawsuits, and damage to the business's reputation.
How to prevent it
Businesses can take steps to prevent a CATO, such as:
- Installing firewalls and routers to prevent unauthorized access
- Changing default passwords on network devices
- Installing security updates for operating systems and applications
- Blocking pop-ups
- Using strong password policies
- Not opening attachments from suspicious emails
- Monitoring and reconciling bank accounts daily
- Reporting suspicious activity to the company and bank
Some signs of a CATO include:
- Inability to log in to online banking
- Computer is slow or locks up
- Screen appears different
- Computer restarts unexpectedly
- Unexpected request for a one-time password
- Unusual pop-up messages
- New or unexpected toolbars or icons
{endAccordion}
Fraud Prevention Videos
{{ cybersecurity }}
{{ fraud-scams }}
{{ identity-theft-prevention }}
{{ identity-theft-education }}
{{ seniors }}
{{ mobile-security }}
Report Fraud