I recently attended a Cyber Fraud Seminar presented by an ex-FBI agent who spent twenty (20) years in the white collar division. He presented some really great tips about how to better protect yourself from cyber fraud and hackers. In the wake of Target’s security breach last week, I thought it would be helpful to share some of the things I learned.
How to Tell the Difference Between Real and Fake Websites Before You Click
Every website has an address. For example, this website is www.cisnerosfirm.com and the blog you are reading is www.cisnerosfirm.com/blog. What if you received an email from the Law Office of Dana Leigh Ozols that you thought might contain a link to a fake website? How can you tell if the website is real or fake before clicking the link and potentially exposing yourself to a security breach or a hacker?
Read the entire link.
Everything before the first forward slash should appear normal to you. If the link, for example says: www.cisnerosfirm.com87692/blog you might be tempted to think, “that’s probably just some left over coding for this particular blog post.” Indeed, it is not. It is one of the telltale signs that someone is trying to fool you into thinking you are about to link out to a legitimate website.
Hover over a link to see the country code
In an email, you can always hover over a link, even if it says “click here” and you will be able to see the country code for where the website is based.
It is pretty safe to assume that if you are in the United States of America, you will see a “.us” indication on the webaddress. If you want to see a full listing of country codes for the internet, please visit http://goes.gsfc.nasa.gov/text/web_country_codes.html
Bank Account Hacked
If you see site maintenance after clicking a link from your bank, call the bank immediately. There is a pretty decent chance you have been hacked.
Do not pick an obvious password
This seems simple, but I was surprised to learn of the top 5 passwords people use; they are:
123456789
654321
abc123
qwerty (top row of home keys on key board)
password
And, in line with that point, the strongest passwords are 9 characters or more long with numbers and symbols.
If for example, your password is usually your dog Spot’s name followed by your first born child’s birth day, your password might typically look like this: Spot021483. This is pretty secure, but simply changing the password to $pot021483 will increase the security level of your password exponentially.
Protect Your Passwords
Select different passwords for different purposes. The speaker suggested that you select a different password for each of the following:
- Social media
- Financial Institutions
- Everything else (like the gas company, electric company, phone carrier, etc.)
Get a password protector. The one suggested by the FBI agent delivering the seminar was Keeper, which is an app that can be downloaded for $9.95 per year and can be synced across all of your devices, including your personal computer, iPhone, iPad, Android, Windows Phone, Blackberry, Mac, PC and Linux.
Another recommended password protector or password protection software is Dash Lane and it’s FREE! As an added bonus, it also helps you fill in online forms.
Be Aware
The three most common words in phishing emails are
- Notify
- DHL
- Shipment
Did you know that a laptop is stolen every 53 seconds?
Did you know in San Francisco, 50% of all robberies are iPhones.
Did you know that offers sell and ship cars within the United States are 100% fraudulent?
Do not buy a car from a private party over the internet without seeing it first.
Bottom line, be aware of your surroundings and the tricks hackers use in emails to gain access to your personal and sensitive information.
Protect your Social Security Number
Check your credit report for free three times a year. Obtain a report from each of the three credit bureaus (Experian, TransUnion and Equifax) separately so that you can dispute and wait for updates to your credit report in sequence without having to pay later on.
Did you know that in 2012 more than a million Americans had their tax returns rejected because someone else filed under their social security number and received their refund check? If this happens to you, you need to file the IRS Identity Theft Affidavit Form 14039 immediately.
Are You A Business Owner?
If you are a business owner, manager or supervisor, create an environment of security so that the employees are reminded in meetings to not click on certain links. Be connected to the people you need in time of crisis. Have your bank’s fraud reporting phone number stored in your phone so you can contact the bank immediately if you become aware of an issue. If you have a private banker or use the same person each time at your branch, store that person’s contact information in your phone as well.
Do not allow the same person that processes payroll to be the same person who writes the checks as well; the person who reconciles the bank accounts should also be a different person. Make sure that different people collect the mail. This can be accomplished by having different people collect the mail on different days or simply having the duty shift from one person or department to another. This way, if notices are coming to you about potential issues, and the person collecting the mail is involved, you will receive the notice. Moreover, this will diminish the ability of any one person from skimming checks from the mail that comes into the office.
Check the images of the checks through online banking. This will help ensure that the proper amounts are being paid out and that no one other than those persons specifically authorized as signatories on the account are signing the check. A little protection and preventative action goes a long way.
Did you know that bank accounts opened through a personal social security number are protected from identity theft and fraud as long as the claim is made to the bank or financial institution within 60 days? Did you also know that bank accounts opened with a Federal Employer Identification Number, also known as a tax ID number, are considered business accounts and the bank has no obligation to reimburse fraudulently transferred funds or funds stolen through identity theft?
Most financial institutions have their own policy of reimbursement with their cardholders; just make sure to ask your financial institution.