- Don't share your secrets. Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers. Shred receipts, banks statements and unused credit card offers before throwing them away.
- Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
- Use online banking and mobile banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
- Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.
- Report any suspected fraud to your bank immediately.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
You can also visit the following websites to learn more about how to protect your small business:
- U.S. Chamber of Commerce: Internet Security Essentials for Business
- Federal Communications Commission: Small Biz Cyber Planner
- Federal Communications Commission: 10 Cybersecurity Strategies for Small Business
- Better Business Bureau: Data Security Made Simpler
- NACHA – The Electronic Payments Association Corporate Account Takeover Resource Center
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you do not recognize. Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
- Change your password if you have a commonly used password. The top 25 most commonly used passwords are listed below. If you use any of the passwords listed, change them immediately! You do not want to be a victim of any type of fraudulent act.
- Use passwords with eight characters or more with mixed types of characters. One way to create a more secure password is to use short words that are easy to remember, separating them with characters. For example, 8_lunch@2.
- Avoid using the same password for multiple websites. The issue here is that if you use the same password and you are hacked, all of your personal information is then at risk. You are especially at risk if you use the same password for a social media site and a site used to access your financial information.
- Don’t write down your passwords. While it may be difficult to remember all your passwords, you should avoid writing them down. If you have to, you may want to consider locking them in a safe or using some sort of coded language to remember them.
Top 25 Most Used Passwords:
This list is composed annually by SplashData and is compiled from files containing millions of stolen passwords posted online by hackers.
What is Smishing?
"Company XYZ Alert: Your account has been suspended. Call 866-223-1129 immediately to reactivate." This is one example of a text you could receive through your cell phone in a smishing scam. “Smishing” is a fraudulent action, similar to phishing, using SMS (text) messages rather than e-mail message to send messages to people asking them to provide personal information. Much like a phishing email message, a smishing text message may appear to be from a legitimate source.
In addition to the example given above, a smishing message may tell you that a suspicious purchase has appeared on your credit card, or that your account has been the subject of a security breach that has been in the news. Or, you may even receive a message stating that you have been chosen to win cash or prizes. In all cases, you will be encouraged to respond by either calling a telephone number or clicking on a URL link. Once you do that, you will usually be connected to an automated voice message or a phony website prompting you to provide one or more of the following pieces of personal information: your credit card number, PIN, Social Security number, or your mother’s maiden name.
The following are some helpful tips to help you avoid becoming a victim of a smishing scam:
- Do not reply to the text message. Instead of responding, contact the company or financial institution directly if there is any question regarding your accounts. We can assure you that at the Bank of Washington, we will never ask for you to provide this type of personal financial information through a text message or through a URL link. We would encourage you to call one of our representatives immediately at 636-239-7831 if you receive any message from what appears to be our bank asking you to do so.
- Do not follow any website links given in the text message. Again, it is better to call the company or financial institution directly to discuss anything given in a text message.
- Look for suspicious features of the message. If the message has a sense of urgency about responding, it is more than likely a smishing attempt. You will know what alerts you have established for your phone; don’t be fooled by something that looks different.
- If it appears to be “too good to be true,” it probably is. Be cautious of any text stating that you have one a great prize, especially if you do not remember entering into a contest. The best way to counter these types of offers is to call the company directly about the text. Ask the right questions, and check with the Better Business Bureau before doing anything. Nine times out of 10, you will find that these are all scams. Don’t fall into the trap of thinking you can receive something for nothing. It is not worth it!
Remember, once your personal information is in the hands of a thief, he/she is going to use it maliciously, causing you all sorts of problems in the future. If you uncover that the message is a scam, you should report it immediately to the Federal Trade Commission (FTC) at 877-FTC-HELP (382-4357). To prevent further smishing attempts on your phone, you can also ask your cell phone provider to block the number.
The next time you receive an unsolicited text, resist the urge to respond. By doing so, you stop a scammer and protect your assets in the process, which is a win-win situation for you.