Identity Theft & Cybersecurity
National Cybersecurity Awareness Month
Did you know 1 in 99 emails is a phishing attack? Know the red flags!
Did you know banks will never ask you for personal information via email, text or incoming call? Always call your bank directly to verify!
Phishing is the most commonly reported cyber scam — we want to change that! Check out these phishing red flags.
Please watch out for fraudulent email scams utilizing the SBA name and logo concerning the CARES Act financing programs. These emails may ask you to click on a link for an application or ask for your personal identifiable information. Do not click the link or respond in any way. As a Preferred Lender for the SBA, Connecticut Community Bank can provide you with the information you need to apply for an SBA loan.
The FBI through a public service announcement is warning of increased and highly anticipated cyber-attacks that can exploit mobile banking apps.
It certainly makes sense that during this pandemic, with a vast majority of Americans working from home, more of us are relying on mobile banking apps. Since the beginning of this year there has been a 50 percent increase in mobile banking activity, and a 200 percent spike in sign-ups for mobile banking since the beginning of April. The bad news is not surprising……the bad guys are well aware of this trend and are capitalizing on it in a big way. Here are the two primary app based attack methods that are being used to steal your credentials and your money and what you can do to protect yourself;
Method 1: Banking Trojans
Banking Trojans have been around for some time but in this case they are typically cloaked or disguised as common mobile apps such as games or tools, (i.e. third party flashlight apps). These apps look innocent enough, but are extremely dangerous. Essentially these Trojan apps lay in a dormant stage until your legitimate mobile banking app is launched. Once launched these Trojans “overlay” a real banking app with a fake login screen that swipes your credentials.
Method 2: Impersonated Apps
These are apps that impersonate a real financial institutions mobile banking app and unfortunately are widely available. If you open one of these, you’ll see what looks like a legitimate login page and of course it’s designed to steal your credentials as well as obtaining security codes that are texted to your mobile devices.
Here’s what you can do:
1. Only download apps from official app stores or directly from a bank website.
2. Avoid loading up your phone with tools and utilities that you never use or use infrequently. It’s just as easy to uninstall an app and reinstall it when you need it.
3. Check the app permissions and only allow those permissions that you are comfortable with. For example, a flashlight app shouldn’t need access to your contacts!
4. Enable two-factor or multi-factor authentication on mobile devices and accounts. Use strong two-factor authentication if possible such as biometrics, hardware tokens, or authentication apps.
5. Phishing campaigns via email or text prompting you to update your mobile banking app should be highly suspect. Many banking apps will notify you within the app to update to a current version and direct you to the proper app store to download it. Get in the habit of not clicking on links in emails or text messages that allegedly come from your financial institution.
6. Don’t share or give two-factor passcodes to ANYONE over the phone or via text or chat!
7. Don’t reuse passwords across multiple sites. It’s a very unsafe practice! If a bad guy gets one of your credentials and you share it with other sites, you’re just making it easier to lose your identity and your money!
8. Use complex passwords that are at least 8 characters and have capital letters, numbers and special characters.
9. When in doubt, contact your financial institution!!!
By: John Longo, Onsite Support Services Corporation
There isn’t a week that goes by that I’m not asked this question and more importantly how to protect your devices, (and your data!), if you absolutely need to join a free Wi-Fi network.
In short, the answer is NO, free unsecure public Wi-Fi, (where no password is required) is not safe. Should you join one? In my opinion NO and NEVER! Do I ever join one?......NOPE!
I realize that there may be a situation that just can’t be avoided where you have to connect to a free hotspot at the airport or hotel for example. I’ve outlined below some Do’s and Don’ts best practices you can use to significantly lower your risks of being compromised.
Current estimates indicate that there are more than 450 million public hotspots in the United States alone. The growth of Wi-Fi hotspots year to year is astounding and is expected to increase by 100 million new hotspots by 2021.
The bottom line….Wi-Fi hotspots are literally everywhere. Cellphone carriers like Verizon, AT&T, etc., offer their customers free WiFi access as do most of the major internet service providers such as Comcast/Xfinity, COX, and others.
Additionally everyone from fast food, coffee shops, airports, airplanes, outdoor venues, home improvement stores, malls, and even your doctor’s office provide Wi-Fi access. Wi-Fi is so prevalent, you can easily find one almost anywhere you go.
The Two Types of Public Wi-Fi
There are basically two kinds of public Wi-Fi networks: secured and unsecured.
An unsecured network can be connected to within range and typically does not require any type of security feature like a password or login. These are commonly referred to as “open” Wi-Fi networks. Conversely, a secured network typically requires a user to agree to legal terms and conditions, register an account, or type in a password before connecting to the network. In some cases it may also require a fee or other purchase to gain access to the password or network.
Regardless of the connection type, you should always use public Wi-Fi with extreme caution. Even “secured” Wi-Fi networks should not be trusted.
Why Public Wi-Fi is inherently unsafe:
- A public Wi-Fi network is far less secure than your home wireless network because you don't know who or how it was set up, what steps are being taken to continuously secure the network, and most importantly, who else is connecting to it.
- Hackers can easily position themselves between you and the free hotspot. You might assume your device is communicating directly with the free hotspot but instead you end up sending your information to the hacker. It is so easy to setup a counterfeit hotspot like AirportFreeWifi which is actually a hackers own hotspot. Once you join the hacker’s hotspot, they can easily penetrate your device, collect data, install malware, keyboard loggers, etc.
- There is a widely held misconception that as long as you’re not accessing your email or bank accounts that you’re okay. It’s simply not true. Anything you do on a public Wi-Fi network is inherently NOT secure. Any information you share or access on these networks might as well be broadcast on a billboard for everyone to see and for the taking.
- Many free hotspots require you to provide information to join it like your name, mobile number, and email address. In addition when you “Agree to the Terms and Conditions”, (which almost nobody reads!), you may be giving the hotspot provider explicit permission to collect browsing information, location data, and tracking information that they can use or resell.
- Use a VPN client. Without question, the most effective method for staying safe on public Wi-Fi is to install a VPN, (Virtual Private Network,) client on all your devices. It will encrypt all data traveling to and from your laptop or phone, and connects you to a secure server. Using this method will make it harder for other people on the Wi-Fi network, (or whoever is operating the network), to see what you're doing, where you’re going, or grab any of your information. Most VPN clients are very inexpensive at 2-4 dollars a month, and are well worth the investment. Avoid “free” VPN client offerings.
- Create your own personal hotspot using your cellphone instead of joining a free Wi-Fi network. Most plans from major carriers have this feature enabled and with today’s unlimited data plans, this is a very secure way to access the internet. Be sure to use a strong password when setting up your mobile hotspot.
- Turn off File Sharing and AirDrop on your devices. On a Windows PC, go to Network and Sharing Center, then Change advanced sharing settings, then Turn off file and printer sharing. For Macs, go to System Preferences, then Sharing, and unselect everything. Then head to Finder, click on AirDrop, and select Allow me to be discovered by: No One. For iOS devices, just find AirDrop in the Control Center and turn it off. By doing the above no one nearby you can either grab your files, or send you one you don't want.
- Browse with HTTPS only. Most browsers these days will inform you if you are visiting an unsecure site, (HTTP), and you should heed those warnings! When you browse over HTTPS, people on the same Wi-Fi network as you can't snoop on the data that travels between you and the website you're connecting to. Over HTTP, it's relatively easy for a hacker to watch what you're doing!
- Update your devices. Make sure your devices are up to date with the latest security patches installed for both your operating system and applications. Remember approximately 70% of all data breaches can be eliminated by keeping your devices up to date!
- Maintain an up to date anti-malware and firewall product on all your devices.
- Turn off automatic connection to Wi-Fi networks. Most smartphones, tablets, and laptops have an automatic connection to Wi-Fi feature. Although this is very convenient, it can also connect your devices to networks you ordinarily would not use.
- Monitor your Bluetooth connectivity and if you don’t need it, turn it off. Bluetooth allows various devices to communicate with each other but a hacker can easily look for open Bluetooth signals to gain access to your devices.
- Use two-factor authentication whenever possible when accessing sensitive sites.
- Never leave your laptop, tablet, phone unattended in a public place. It only takes a minute for someone to get on your device to install snooping software or change your security settings to gain access to your device.
- Don’t access personal bank accounts or other sensitive personal data on unsecured public networks. Even “secured” networks can be risky! Instead, and if you have to, turn off Wi-Fi and just use your cellular connection.
- Don’t shop online when using public Wi-Fi. Making purchases online requires personal information that could include bank account information and login credentials. Again, use your cellular data, VPN client, or personal hotspot, if you must make an online purchase.
Although Wi-Fi security standards and protocols are improving, the inherent risks are still the same. Using “an abundance of caution” approach for accessing public Wi-Fi is your best strategy.
Our articles are designed to provide educational information for you. Our primary goal is to increase awareness about cybersecurity topics and trends and help keep you safe in our digital world. Remember that no one can prevent all identity theft or cybercrime but following the steps above can significantly lower your risks of being compromised.
By: John Longo, Onsite Support Services Corporation
How to Protect Yourself from Coronavirus Scams
In just the past two weeks we have seen a significant increase in malicious emails and robocalls designed to trick you into providing confidential information, clicking on a link, and/or downloading an attachment that will damage your computers and yes, cell phones and tablets. We expect that these threat actors will only become more active in the days and weeks to come.
In many cases these criminals are taking advantage of the fact that you likely;
- Are concerned about your health and that of your family and friends
- Are working from home
- Are concerned/interested in any news about the spread of the virus
- Are concerned about your finances
- Want to help those in need
- Are concerned about your businesses
- Are worried about friends and family members, particularly those that are out of state or out of the country
- Want to be certain that you can communicate with friends and loved ones
Example 1: Government Coronavirus Relief Checks
We have seen emails from cybercriminals purporting to provide you with links to a website to fill out an application to receive your government coronavirus emergency relief check. The forms are a perfect vehicle for these criminals to collect the most personal information on you and your family members. This includes Social Security numbers, driver's license numbers, checking account numbers, dates of birth, etc.
These are all designed for fraudulent purposes and are a perfect foundation for identity theft and financial fraud. In one specific case we've seen a link to a website called the, "U.S. Emergency Grants Federation" which is completely bogus. There are other official looking names that are popping up as well. In some cases, we see the scammers asking for an application or processing fee to complete the application. Don't get tricked!
This scam is also targeting business owners who naturally would be interested in obtaining bridge loans and other low cost government financial assistance relief. Again the real purpose of these scammers is to get you to disclose your personal, private, and financial information.
The primary method has been bogus emails but we have seen examples where social media accounts are spreading these links as well as direct phone calls from an alleged federal government employee asking you to "verify" your information.
Here's the bottom line; the government is not going to contact you via ANY social media platform, doesn't have or use email to communicate with you, and doesn't have your phone number!
Example 2: Coronavirus Local News Alerts
In this example you may receive an email that someone or a group of people in the town you live or work has contracted the virus and asking for your assistance if you have had any contact with a specific individual or group. Again a link is often provided, and as in Example 1 above, is designed to collect personal information about you and your family. You might ask; how does a cybercriminal know what town I live or work in??? Easy, you have your hometown or company you work for listed in your social media profiles!!!
As in the example above, your town or your Governor doesn't have your email address or phone number and even if they did, would not reach out to you individually!
Example 3: Free offers from Netflix, Hulu and others
This one is getting some legs and folks are falling for it. Essentially you get an email that basically states that out of the goodness of their hearts, and the fact that most people are stuck home, a vendor like Netflix, Hulu, Youtube TV, Sling, Dish, is offering a 100% free unlimited subscription for 6 month for just a small processing fee of $10.00. Who could resist? YOU DEFENITLY SHOULD! Again this is designed to get your credit card information and other valuable person information.
Example 4: Email delays for remote workers
We've seen a significant uptick in these types of emails. Here's how it works; you'll get an email in your inbox that incoming emails to you are delayed/waiting in queue to be delivered to you. The email may even include some mention of your company or email provider. The email will include a link to "download" these delayed emails. Essentially you are being redirected to a virus infested website that will infect your device or steal your information, including contacts, logins, passwords, etc.
I could literally and easily write a dozen or more examples like; bogus airline refunds or free travel vouchers, charitable organization donation scams, (including a bogus CDC site asking for donations for supplies, masks, etc.), fake cures, fake testing kits, fake vaccines, class action suits against cruise lines and airlines, utility companies offering free energy plans, holds on your checking or debit accounts, holds on investment accounts, retirement 401k alerts....... And the list goes on and is only expected to get worse.
So what can you do?
Here are some tips to help you keep the scammers away:
- Hang up on robocalls! Don't press any numbers. Scammers are using illegal robocalls to pitch everything from scam Coronavirus treatments to work-at-home schemes. The recording might say that pressing a number will let you speak to a live operator or remove you from their call list, but it might lead to more robocalls, instead.
- Ignore online offers for vaccinations and home test kits. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19) - online or in stores. At this time, there also are no FDA-authorized home test kits for the Coronavirus. Visit the FDA to learn more.
- Fact-check information. Scammers, and sometimes well-meaning people, share information that hasn't been verified. Before you pass on any messages, contact trusted sources. Visit What the U.S. Government is Doing for links to federal, state and local government agencies.
- Know who you're buying from. Online sellers may claim to have in-demand products, like cleaning, household, and health and medical supplies when, in fact, they don't.
- Don't respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer!
- Don't Click on links from sources you don't know.. They could download viruses onto your computer or device.
- Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or World Health Organization, (WHO), experts saying they have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
- Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don't let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don't do it.
- Voice verify!!! Did you get a strange email that just doesn't look right? Don't reply to the email! Instead call the person or the organization using their verified phone number!
- If you're working from home on a company provided device and see something Phishy....notify your IT professionals.
By: John Longo, Onsite Support Services Corporation
Tips If You're Working From Home
With the increased number of people working remotely, kids home from school taking classes online indefinitely, spouses working from home, etc., preserving bandwidth is very important. Here's some easy things you can do to make things run smoother at home!
- Streaming and music services such as YouTube, Netflix, Spotify, Hulu, Pandora, etc. can significantly reduce the capacity of your company's' network, (and your home network as well!). These types of services should not be accessed from your company-owned device and you should consider limiting them on your home devices as well, particularly during peak work and school hours.
- Be aware of other home wireless devices connected to your home internet that may reduce your performance, (Amazon Echo, Google Home, iHome, camera systems, gaming systems, etc.). Consider unplugging those devices when not needed. Shut WiFi off on devices you're not using. Typically you don't need your computer, your phone and your tablet all connected to your WiFi network simultaneously.
- While using company remote software applications from home, do not stay logged into those applications if you're not actively using them. If you're done with an application simply close it. Don't keep multiple spreadsheets, Word documents or PDF's open as well.
- A hard-wired connection is always preferred, (e.g., computer connected directly to your router via an Ethernet cable). If you are wireless and experiencing sluggish performance, moving closer to your wireless router may improve the connection.
- Restart your computer and mobile devices daily; this will ensure the most up-to-date operating environment and refresh your device.
Following these simple steps will help all users receive the best reliability and overall performance.
By: John Longo, OnSite Support Services
Fraud schemes continue to grow, evolve and target legitimate businesses, non profits and government. The FBI monitors schemes like Business Email Compromise, Vendor Impersonation Fraud and Mortgage Closing scams, which typically involve social engineering or computer intrusion techniques. Click here to read more about these scams, and be sure to share with your employees.
Click here for Cybersecurity Tips for Small Businesses
Corporate Account Take Over
An alarming cybercrime now affecting small to medium sized businesses is “corporate account take over.” This involves cyber criminals penetrating the computer network of a business and spreading malicious software, such as a “keylogger” which records the words typed, Web browsing history, passwords and other private information. This in turn allows them access to programs using your log-in credentials.
If they steal your password and breach your online banking system, the cybercriminal can begin an online session to initiate funds transfers, by ACH or wire transfer, to their accomplices. The accomplices withdraw the money almost immediately.
Business Email Compromise
A Business Email Compromise is a type of phishing attack that involves criminals impersonating an employee or executive at an organization or a trusted vendor, such as your bank, in order to gain access to funds or sensitive information. These attacks target small to medium sized businesses, not just large companies.
Review these tips to detect these types of emails:
- It appears to come from the email address of a trusted client, vendor, company executive, or even the CEO; or from your own company employee.
- Stresses unnecessary urgency.
- Asks for a funds transfer, a bank check, sensitive personal data or account data.
- States payment has failed and needs credit card information.
- Asks to change vendor payee or remittance information.
You can follow these important tips at your business to avoid these types of scams:
- Always voice verify any transfer of funds or account/invoice changes directly using information that you already have on file.
- Look closely at the senders email address to determine if it might be fake.
- Use multi-factor authentication for funds transfers and money requests.
- Follow safe password practices – use strong, complex passwords.
- Protect office systems by installing a malware, anti-virus solutions and keeping them up-t0-date.
- Protect email correspondence by using a strong spam filter.
- Require training for all staff on phishing techniques to raise awareness.
- Share this information with other employees and IT staff!!
Click here for an Identity Theft Recovery Plan
Identity is becoming more sophisticated and the number of new victims is growing. A consumer’s identity can be stolen by simply stealing information from your mail or garbage or through sophisticated phone and online schemes. Identity thieves need only to obtain your name, address, an account number and/or your social security number to take over your identity.
As a consumer, you can avoid identity theft by being aware of the various schemes and consciously taking basic precautions.
Common Ways Your Identity Can Be Stolen
- On the Internet – through “phishing” or “spam” emails and leaving personal information on unsecured websites.
- Social Media - Social networking sites are becoming more popular attack avenues for cybercriminals because people trust those they believe to be “friends”. These cybercriminals use that trust to upload malicious software onto your computer and to try and gather personal information. Caution should be used when on these sites.
Using social engineering techniques, these scammers manipulate people into entering fraudulent sites or clicking on links to spread viruses or reveal confidential information.
- “Dumpster Diving” – people that go through your garbage cans or a communal dumpster to obtain copies of your checks, credit card or bank statements.
- Through your mail – be conscience of bank and credit statements and preapproved credit card applications.
"Phishing" is a scam that involves identity thieves “fishing” for your personal and financial information. This is how it works:
- A consumer receives an e-mail which appears to originate from a financial institution, government business, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to be the Web site of the financial institution, government business or other well-known/reputable entity, but in "phishing" scams, the Web site has been spoofed and belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
Other phishing scams include text messages - called "smishing", phone calls or recorded messages requesting verification of your credit card or bank account information and emails that are job offers, surveys, prizes & awards, gift certificates, sponsors or charities or money laundering schemes.
How to Protect Yourself
- Phishing - Be vigilant and look for these warning signs:
- The sender is unknown
- Stresses unnecessary urgency
- Email contains a suspicious URL
- The title of the email doesn’t make sense
- There is improper spelling or grammar
- The offer seems too good to be true
- You didn’t initiate the action
- Message makes unrealistic threats (your account has been compromised, your account will be close, your account will be suspended, etc.)
2. Dumpster Diving – be sure to shred or properly dispose of documents with personal information including account numbers.
Malware is malicious software such as viruses and spyware that are designed to steal personal information and spread spam. Criminals lure you into clicking on links that will spread the malware to your PC gaining access to your computer - giving criminals access to sensitive information or disrupting your computer’s operation. Most times, you won’t even know it’s there.
- Spyware “Spyware” is a type of malicious software installed on your computer without your knowledge. It collects small pieces of personal information including Internet surfing habits and sites visited. It also can redirect web browser activity and change computer settings. Spyware is typically hidden from the user, and can be difficult to detect once installed. Spyware can be installed on computers via fraudulent emails, legitimate software download or pop-up windows. These messages masquerade and try to be as legitimate looking as possible.
- Keystroke Logging As with spyware, keyloggers are installed on your computer without your knowledge. It is the action of tracking (or logging) the keys struck on a keyboard, typically in a hidden manner so that the person using the keyboard is unaware that their actions are being monitored. Keystroke logging can record the words typed, Web browsing history, passwords and other private information. This is extremely dangerous in all aspects of computer usage, especially with financial information.
- Scareware “Scareware” is a term to describe an attempt to scare a person, via pop-ups, into believing their computer was scanned and has a virus. These pop-ups contain frivolous and alarming warnings or threats and are especially designed to look like they come from the user's operating system.
The fake scan concludes that the user's computer has a malware infection and says to fix it the user must download antivirus software and the cost is as much as $50. What the user usually gets is a form of malware that actually does infect the computer. Not to mention being out the fee!
“Ransomware” is an attack carried out using secretly installed malware that encrypts the victim's files and then requests a ransom payment in return for the decryption key that is needed to recover the encrypted files. It is on your computer because you have most likely clicked on an infected popup advertisement or an infected link in an email. The bad guys hold your computer hostage and attempt to extort payment.
The criminals often ask for a small payment, assuming you will be willing to pay to avoid the aggregation of dealing with the virus. They may ask for as little as $10 to be wired through Western Union, paid through a premium text message or sent through a form of online cash. Business are often ask for payment in Bitcoin. Paying the ransom is no guarantee that your computer will be restored. Protect yourself from ransomware by using reputable antivirus software, back up often to an external hard drive or cloud, enable your popup blocker and use common sense when clicking on advertisements or email links.
Please consider the following to keep your computer safe:
- Protect your computers with a strong anti-virus/anti-spyware/anti-spam software program and make sure they are updated on a daily basis at a minimum and note the expiration date. Anti-virus software alone is not sufficient to protect your systems from today’s complicated techniques. Most identity theft problems originate with spyware.
- For Windows users, please be sure the Windows Firewall Service is turned on and your computer is up to date with critical patches. Configure Windows Update to check for these critical updates automatically.
- Strongly consider the use of a hardware based firewall product. These products are designed to protect all your computers from attackers before it reaches your PC. Typically they also provide anti-spyware and anti-virus capability as well. Stopping the intrusion before a threat arrives at your PC is one of the best measures you can take to avoid infecting your computer.
- Don’t trust any email from any source that is asking for or attempting to verify personal information, account numbers, etc.
- If your business utilizes an online banking system, you should consider using an additional layer of security called token-based authentication. The security token, provided by your financial institution, is a small hand held device that generates a unique, random password that is required for certain transactions. These transactions are blocked without the physical possession of the token.
In addition to identity theft, consumers should also be aware of other scams that attempt to trick individuals into giving them money. Many of these include counterfeit cashier’s checks.
- Notification you have won a lottery and once you pay a "processing" fee or transfer charge, you will receive the money. The fraudster takes your money and you never get your "winnings".
- Emails from overseas seeking your help to cash a check - You are instructed to cash the check, keep a portion for yourself and send a check to them for the difference.
- An offer to purchase an item you are selling online and sending a check for more than the purchase price. Then you are asked to cash the check and send them the difference.
- After you’ve sent the money, you learn that the check you cashed is counterfeit and the bank has offset the amount of the check against other funds in your account.
How can you avoid these types of fraud?
- If it sounds too good to be true, it’s not true!!
- Be wary of any offer that requires you to wire money or withdraw cash from your account.
- Contact the issuing bank to attempt to verify the validity of the cashier’s check before depositing the item. Do not use a phone number that is listed on the check in question.
Review your credit report annually. AnnualCreditReport.com provides consumers with the secure means to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies in accordance with the Fair and Accurate Credit Transactions Act (FACT Act). You can also contact each credit bureau separately.
Equifax PO Box 740241 Atlanta, GA 30374 To report Fraud: (800) 525-6285 To order a credit report (800) 685-1111 www.equifax.com
Experian PO Box 2002 Allen, TX 75013 To report Fraud: (888) 397-3742 To order a Credit Report: (888) 397-3742 www.experian.com
TransUnion PO Box 2000 Chester, PA 19022 To report fraud: (800) 680-7289 To order a credit report: (800) 888-4213 www.transunion.com
If You Become a Victim
If you are a victim of identity theft you should contact the proper authorities immediately.
- Contact creditors or financial institutions for any accounts that may have been tampered with or opened fraudulently.
- Contact the fraud departments of each of the three major credit bureaus.
- File a report with your local police.
- File a complaint with the Federal Trade Commission at www.ftc.com or 1-877-IDTHEFT.
- File a complaint with the FBI”s Internet Crime Complaint Center (IC3) at www.ic3.gov.
Cell Phone Safety
If you’ve lost or have had your cell phone stolen and haven't setup any security at all, your contacts, (and who doesn't keep account numbers and the 300 passwords we all need to run our lives!), personal confidential documents, and calendar are free for the viewing. You don't want some criminal knowing you won't be home for the weekend and the rest of your personal business! With identity theft getting worse, here are 15 simple tips that can make having your phone lost or stolen a little easier to deal with and with a lot less stress!
1. Protect your data in case of theft. Because they're so portable, the biggest threat to a mobile device is loss or theft. Several mobile products offer features to locate and recover a lost or stolen phone. Typically they also include the ability to lock the phone, make the phone flash and scream even if the volume is turned off, and wipe out all private data if it can't be recovered. There are also programs available that allow you to remotely lock and wipe the phone by sending a text message. Some are free for locate usage with lock and wipe features paid, but in general are very low cost.
2. Lock your phone. Setup a PIN or complex pattern to gain access to the phone. Use the maximum amount of characters allowed and set the PIN/pattern required timeout to no more than 10 minutes.
3. Encrypt data. Install an encryption app if confidential data must be accessed or stored using a mobile device, but you should avoid using or storing confidential data whenever possible.
4. Use anti-virus/malware programs. Most people run anti-virus programs on their home and work computers but neglect to on their phones. Apps are available that let you scan your phone for malware, provide a safer internet browsing functionality, (i.e. will block known phishing sites that look legit), and backup and restore your data online. These apps scan other apps, settings, media and phone contents in search of suspicious files and as files or apps are being downloaded. Many of them are free and work very well.
5. Connect to secure Wi-Fi networks and disable Wi-Fi when not in use. When you're not using them, it's best to disable features like Bluetooth, infrared or Wi-Fi. By doing so you'll get longer battery life! Avoid joining unknown Wi-Fi networks when you need to connect. If you must, limit your activity to non-commerce usage.
7. Review and set privacy settings. Many apps have privacy settings within the app itself, typically in the "settings" or "privacy" tab. The settings can manage activities like whether the app can access your local information. Check the privacy default settings to make sure you agree with them, if not get rid of them. You can also review the privacy settings for your device's operating system. For example, you can turn off the phone's ability to geo-locate you, (aka location services), or create a password to protect the phone. Delete any app that you consider invasive.
8. Never unlock or "jailbreak" the default security settings. While some sites may promote the use of unauthorized applications, games, etc., the end result is the same - you've left your device open for criminals to abuse with targeted mobile malware. You should never override the security settings in your tablet or phone, especially if you plan to access personal or business email, mobile banking or other sensitive information on the Internet.
9. Replace your phone properly. Many wireless providers offer programs to upgrade your phone every couple of years. If you decide to get the latest model, be sure to delete all information stored in your device before discarding, exchanging or donating it. Perform a "hard reset" of the device which will return your phone to the original factory image and defaults and remove all data and apps. If your device has a removable SD card, be sure it is also erased.
10. Never "root" your phone. Rooting your phone leaves you open to incursion from criminals, eliminates the ability to receive support from the vendor/carrier, and in some cases can damage the phone.
11. Call your provider. If your phone is lost or stolen, call your provider and have them add your phone to the lost and stolen list. By doing this, a criminal can never reactivate the phone.
12. Buy insurance. Most cell phones cost $400-$600 without a contract, insurance is a good buy at roughly $4-6 per month, especially if you are not eligible for an upgrade.
13. Call your cell provider if you are buying a used or reconditioned cell phone from a third party, (i.e. EBay, Craigslist, etc.). If you're not eligible for an upgrade or didn't have insurance on your phone, it is enticing and far more inexpensive to search the web for a used or reconditioned phone from someone other than your carrier. The private seller should have no issue providing you with the EIN, (serial number) of the device they are selling and if they won't....RUN, you're probably buying a stolen phone! With any used or refurbished phone from anyone other than your provider, call your carrier and this way they can tell you if the device is on the lost/stolen list or already activated on someone else's account! I can't tell you how many people unknowingly buy a stolen phone or tablet.
14. Backup, Backup, Backup. There are so many options and it is so much easier to do than even a year ago. Most carriers offer a free to low-cost backup service as well as most anti-malware vendors.
15. Contact your employer. If your phone was configured by your IT department for access to email, custom apps, etc. Let them know you have lost your phone or it's been stolen. They can help you reset other work related passwords to avoid having lost corporate data compromised.