As more and more consumers rely on their mobile devices to bank, browse and shop on the internet, it is extremely important that they exercise certain measures to protect their devices from online threats. The American Bankers Association is recommending 12 tips to help consumers safeguard their data and protect their mobile devices from fraudsters.
Mobile usage has grown tremendously in recent years and consumers are using their phones to access and transmit very sensitive information,” said Doug Johnson, ABA’s senior vice president of payments and cyber-security policy. “It’s extremely important that consumers avoid doing their banking and shopping on unsecure networks to limit their exposure to online threats.”
ABA recommends that consumers take extra precaution to protect the data on their mobile device by doing the following:
• Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
• Log out completely when you finish a mobile banking session.
• Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
• Download the updates for your phone and mobile apps.
• Use caution when downloading apps. Apps can contain malicious software, worms and viruses. Beware of apps that ask for unnecessary “permissions.”
• Avoid storing sensitive information like passwords or a social security number on your mobile device.
• Tell your financial institution immediately if you change your phone number or lose your mobile device.
• Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
• Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
• Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
Companies of all sizes are being targeted by criminals through Business Email Compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee ¾ often a senior executive or someone who can authorize payments ¾ and instructs others to transfer funds on their behalf. Stock Yards Bank & Trust recommends the following tips to help businesses and employees avoid business email compromise attacks:
- Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
- Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
- Be wary of requests marked “urgent” or “confidential. Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.
If you fall victim to a business email compromise scam:
- Contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent.
- File a complaint, regardless of dollar loss, at www.IC3.gov.
Cybercrime continues to be a growing problem in the U.S. According to the FBI’s Internet Crime Complaint Center, in 2015 the agency received approximately 288,000 complaints from consumers who were exposed to online fraud — up from nearly 270,000 in 2014. In recognition of Cybersecurity Awareness Month, the American Bankers Association is urging online users to take simple steps to safeguard their personal information, protect their networks and stop fraud.
“Fraudsters are using the Internet to facilitate all types of scams,” said Doug Johnson, ABA’s senior vice president of payments and cybersecurity policy. “As a result, it is extremely important that online users secure their Internet connection and install the latest security software to lessen their exposure to online threats.”
ABA recommends the following tips to protect yourself while navigating the web:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Create complic@t3d passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with. Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
Resource information provided by the American Bankers Association