Know Best Practices for Security
We see the protection of your personal information and assets as a joint responsibility. Though we have systems in place that are quite accurate in determining what is “normal” for you, only you know definitively what is valid and what is not. As a best practice, you should monitor activity in your accounts, review your credit report periodically, deploy industry standard anti-virus and anti-malware on your computers and devices and stay alert for scammers over email, telephone or text. Staying informed on fraud trends will give you the tools to spot a scam when you see it.
Strong passwords are every user’s first line of defense. Strong passwords usually have the following characteristics:
- A mix of letters, numbers and special characters
- Do not contain personal information or common words
- Do not contain sequential information like abcd1234 or keyboard patterns like qwerty
- At least 8 characters in length
Personal firewalls and security software packages that contain anti-virus, anti-spam and spyware detection should be deployed on all computers that are used to perform online financial transactions. You should also ensure that software patches are up-to-date so that programs on your computer do not have any vulnerabilities.
Social Engineering is a technique that fraudsters use to manipulate a person that causes them to divulge confidential information. Since people want to automatically trust another person it is easy to see how humans can be the weakest link in the fight against identity theft. Consumers must have a level of skepticism when online or when unsolicited communication is received.
Phishing is a commonly used fraud scheme where a fraudster impersonates an entity or person that you trust and attempts to obtain sensitive information from you such as usernames, passwords, debit/credit card numbers, etc. These fraud schemes can present themselves in the form of an email, text message, pop-up message or phone call.
To avoid becoming a victim of a phishing scam, do not reply to emails asking for personal information. Legitimate businesses will never ask for this information. In addition, do not click on links contained in emails that are not solicited or are asking you to confirm information. As a best practice, always use a phone number for a business that is found on a statement or in a phone book.
Website spoofing is when a fake website is created with the intention of misleading the users of the site. Forged websites can sometimes be difficult to detect, but users can use the following tools to avoid becoming victim to a spoofed website:
- Pay attention to website URLs – spoofed websites often will be slightly different
- Type in URLs directly or use your Favorites to ensure you’re using the correct URL
- When entering a secure site, ensure the certificate is authenticated