Consumers should take steps to protect their identity. These include:
- Don't respond to emails, texts or telephone calls asking for personal or financial information.
- Frequently review account activity and immediately report unauthorized transactions.
- You are entitled to a free copy of your credit report at https://www.annualcreditreport.com/index.action. Take advantage of this opportunity to ensure that the information on all of your credit reports is correct and up to date.
- Place an initial fraud alert with a credit bureau, which is free and will apply to all the credit bureaus.
- Consider the benefits and drawbacks of credit freezes, which are more secure and longer-term than fraud alerts, but more restrictive.
- Always use multi-factor authentication when available.
- Update PINs and passwords, including email passwords, and follow best practices (i.e.: using long and complex phrases, and never re-using passwords).
- Enroll and opt-in for transaction monitoring.
- Use card on/off switches (if available).
- Enroll in Verified by VISA / MasterCard Secure Code.
PHISHING & SPOOFING
WHAT IS "PHISHING"?
Phishing (FISH-ing) is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.History:
Phishing is the term coined by hackers who imitate legitimate companies in email messages to entice people to share passwords or credit-card numbers. Recent victims include Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.
WHAT IS "SPOOFING"?
Spoofing is pretending to be something it is not, whether an email, website, etc.
How to report "Phishing" or "Spoofing"
We suggest reporting "phishing” or "spoofed" emails to the following groups:
- Forward the email to firstname.lastname@example.org
- Forward the email to the Federal Trade Commission at email@example.com
- Forward the email to the "abuse" email address at the company that is being spoofed (e.g. firstname.lastname@example.org)
- When forwarding spoofed messages, always include the entire original email with its original header information intact
- Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: https://www.ifccfbi.gov
HOW TO PRACTICE "SAFE COMPUTING"
The number and sophistication of phishing and spoofing scams sent out to consumers is continuing to Increase dramatically. While online banking is widely considered to be as safe as or safer than in-branch or ATM banking, as a general rule you should be careful about giving out your personal financial Information over the Internet.
Below is a list of recommendations you can use to avoid becoming a victim of these scams:
- Be suspicious of any email with urgent requests for personal financial information.
- Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as usernames, passwords, cred it card numbers, Social Security numbers, etc.
- Phisher emails typically are not as personalized and may contain spelling errors while valid messages from your bank or e-commerce company generally are accurate in the way they spell your name and your financial institution’s name.
- Don't use the links in an email to get to any Web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
- Avoid filling out forms in email messages that ask for personal financial information.
- Only communicate Information such as debit card numbers or account Information via a secure website or the telephone.
- Always ensure that you're using a secure website when submitting debit card or other sensitive Information via your Web browser. A secure Web server designation can be found by checking the beginning of the Web address in your browser's address bar it should be "https://" rather than just "http://".