Identity Theft, Internet Scams & Phishing
National Cybersecurity Awareness Month
Today’s technology allows us to connect around the world, to bank and shop online, and to control our televisions, homes, and cars from our smartphones. With this added convenience comes an increased risk of identity theft, Internet scams and phishing. #BeCyberSmart on the Internet—at home, at school, at work, on mobile devices, and on the go.
DID YOU KNOW?
- The average cost of a data breach for a US company in 2019 was $8.19 million? That’s an increase of 130% since 2006!
- 7-10% of the U.S. population are victims of identity fraud each year, and 21% of those experience multiple incidents of identity fraud.
COMMON INTERNET SCAMS
As technology continues to evolve, cybercriminals will use more sophisticated techniques to exploit technology to steal your identity, personal information, and money. To protect yourself from online threats, you must know what to look for.
- Scams take the form of emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.
- Imposter Scams occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information.
Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, ecommerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts.
HOW CRIMINALS LURE YOU IN
The following messages from the Federal Trade Commission’s OnGuardOnline are examples of what attackers may email or text when phishing for sensitive information:
- “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
- “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
- “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
- To see examples of actual phishing emails, and steps to take if you believe you received a phishing email, please visit “
- Double your login protection. Click here for a How-To-Guide For Multi-Factor Authentication.
- Shake Up Your Password Protocol. Click here to a guide to Creating a Password.
- Be up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run regular scans.
- Play hard to get with strangers. Using phishing tactics such as links in emails and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate — or if the email looks “phishy,” do not respond. If you are concerned about the legitimacy of an email, call the company directly. When available use the “junk” or “block” option to no longer receive messages from a particular sender.
- Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
- Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
- Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information..
PROTECT YOURSELF FROM ONLINE FRAUD
Stay Protected While Connected: The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you—even in your own home on encrypted Wi-Fi.
- Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar— this signifies a secure connection.
- When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
- If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
- Don’t reveal personally identifiable information such as your bank account number, SSN, or date of birth to unknown sources.
- Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.