cyberSafety Tips

Cybercrime, online scams and identity theft are on the rise. Every year millions of Americans fall victim to these crimes, resulting in billions of dollars lost. Learn how to protect yourself in cyberspace with these helpful articles and tips.

Be on the lookout for spyware

Spyware is malicious software that collects information about users without their knowledge.

Your computer might be infected with spyware if it's responding significantly slower than usual, if you see dozens of pop-ups every time you go online, or if there are suddenly several new icons on your desktop for programs you've never heard of before.

If you think your computer is infected, download and run a free spyware removal program such as Spyware Blaster, Super Anti-Spyware or Spybot Search & Destroy.

Beware of online employment scams

Cyber crooks prey on job seekers by posting bogus online job listings that are actually elaborate identity theft scams. Be wary of listings that promise wages in cash, or large sums of money for few duties and responsibilities. Red flags include misspellings, grammatical errors, and missing words or sentences. The contact person may request that you send information to a private, not company, e-mail. The area code of the phone number, if provided, often does not match the company's physical address.

Avoid any company—even if they seem legitimate—that requests your date of birth, or other personal information like your Social Security number, credit card or bank account numbers as part of the interview process or for a "routine background check."

Teach your kids to be safe while online

The perceived anonymity of the Internet often lulls children into a false sense of security online. It’s important to talk to your child regularly about the potential dangers of the Internet, particularly on social media sites. Help keep your child safe online by following these safety tips.

• Make sure your child uses privacy settings on social networking sites.
• Pre-approve the pictures and videos your child posts online.
• Remind your child never to post e-mail addresses or cell phone numbers.
• Tell your child that passwords are only shared with parents and guardians.
• Teach your child not to respond to any e-mails requesting personal information and to delete e-mails from unknown senders.
• Discuss how to keep screen names and e-mail addresses gender-neutral and free of information that could reveal their identity.

Get familiar with "tabnapping"

It may sound like a new breed of cat or another word for an afternoon snooze, but "Tabnapping" is actually a new form of phishing that hackers use to capture your personal and financial information. Tabnapping happens when an open browser tab gets "kidnapped" by a clever hacker, who makes the tabbed page appear to have timed out, prompting you to enter your login information again. When you do, the hacker captures your user name and password.

To help prevent Tabnapping, if you are using multiple tabs for long periods of time or you time out on a Web site, don't re-enter your login information. Instead, close the browser tab, open a new one, and go directly to the Web site by typing the URL address in your browser.

Always check the URL address to make sure you are on a legitimate site. Hackers create Web pages that mirror the look and feel of an actual Web site, and will often switch just one letter in the name hoping you won't notice (i.e., towrefcu.org). Once you enter your user name and password on the phony site, the crook has access to your login information for the real one.

Beware of ATM Skimming

Enterprising thieves have found a new way to steal account numbers—by using skimming devices on ATMs. The skimming device is attached to the card slot and records the card's magnetic strip and PIN. Thieves also often attach small, wireless cameras to the outside of the ATM, over a small mirror or on a brochure holder. The cameras capture your PIN as you enter it into the keypad.

To protect yourself from skimming, before you insert your card, run your finger over the card slot. If you can pull something off, it's likely a skimming device. You can also protect yourself by covering your PIN as you enter it.

E-mail "Phishing"

While many people enjoy fishing on lakes and rivers, crooks are "phishing" for new victims. "Phishers" use spam—unwanted e-mail—to trick you into visiting fake Web sites. The e-mails contain authentic-looking logos, graphics and language. They direct you to "spoof" Web sites where you’re asked to give account information, usernames, passwords and Social Security numbers.

To protect yourself against "phishing," install a firewall and anti-virus software. Never use links within e-mail to visit a Web site. Instead, open a new browser window and type the URL (e.g., www.towerfcu.org) in the address bar. Be wary of emails requesting personal information. Monitor your accounts closely and report unauthorized transactions. Change passwords frequently.

Clear Your Cookies

Every time you visit a Web page, information is stored on your computer in files called "cookies." Cookies are stored whether you're shopping online, checking movie listings, or accessing your accounts.

While cookies can make using the Internet faster and more convenient, they can also be a threat to your privacy. Often cookies store sensitive information like your name, login passwords and account information, leaving you vulnerable to identity theft.

It's good practice to clear your cookies often. Most popular browsers (i.e., Internet Explorer, Firefox, Safari) let users view and delete cookies. Methods vary by browser. Major browsers also let you accept some cookies and block others. Blocking "third party" cookies allows you to keep logins and settings for sites you visit regularly, like towerfcu.org.

Tips for Going Paperless

Many of us are going paperless—it's better for the environment and there's less paper to file. If you're trying to reduce the amount of paper clutter in your home, first sign up for Tower's online Bill Payment and FREE eStatements at towerfcu.org. Then, take the following precautions to protect your personal and financial information.

• Back up your hard drive and keep a copy of your files in a secure location other than your computer in case of a fire or flood.
• Download the latest antispyware programs to protect against viruses and hackers.
• Download your online bills and statements and save to your computer for future reference.
• Record scheduled payments in your checkbook or accounting software to avoid overdrafts.
• Save copies of your confirmations when paying bills or transferring money as proof of the transaction.
• Notify businesses if you change your e-mail address so you don’t miss bills or other important notices.
• Check your junk e-mail folder regularly in case a document or bill ends up there by mistake.

Play It Safe When Shopping Online

Many of us avoid crowded malls and do our shopping online. While buying gifts online is convenient, it's important to take precautions. For starters, make sure you’re on a secure Web site. Look for the locked padlock symbol in the lower right-hand corner of your browser and/or a Web address that starts with https://. New browsers also use colorcoding in the address bar to indicate the security level of the site. If the site requires you to login, make sure to logout—not just close the page—when you're finished placing your order.

Be wary of unsolicited e-mails from unfamiliar senders and merchants and e-mails with spelling errors. These e-mails are often scams seeking personal or financial information. Don't click on links within the e-mail or cut and paste Web site addresses—type them in your browser instead.

Smart Social Networking

Social networking sites like Facebook and MySpace are a fun way to stay connected to friends and family. However, many users are unwittingly exposing their identities and potentially critical financial information on these sites, according to a recent survey by ID Analytics.

The survey found that more than 24 million Americans leave their social network profiles public, which means anyone can view their personal information. Nearly 70 million share their birthplace, one of the most common "security questions" asked by financial institutions to verify identity.

Other popular security questions include a pet’s name, favorite book or music, or car color. Men are twice as likely as women to share their current address and photos of their car. Women are twice as likely to share pet names.

To protect yourself, first make your profile private, so only people within your network can view your information and photos. Only accept "friend" requests from people you know. Don't list your birthplace or birth date on your profile, or other personal information commonly used as passwords or security questions. Never put your address or phone number on your profile.

Do Your Homework Before You Give

Before you donate to a charity, make sure you're giving to one that uses your money wisely and safeguards your personal information.

Visit the Charities Review Council's Web site (www.smartgivers.org) to confirm the charity is legitimate. Find out about the organization's mission and what your donation supports. Make sure you're on the charity's official site. Scammers use Web addresses similar to legitimate charities to get financial or personal information from donors. Look for "https" in the browser address to make sure you're on a secure site. Find out how your personal and financial information is used by the charity and how it's protected.

Don't click on links in unsolicited e-mail appeals, especially if they ask for passwords or credit card numbers. Don't open attachments to the e-mail. If you opt not to donate online, make sure your check is made payable to the charity, not an individual. Never send cash.

Charities appeal to emotion, not logic. Most charities are worthy organizations, but it's important to do your research before you open your heart—and your wallet.

Text Message "Smishing"

Beware of "smishing"—an identity theft scam involving fraudulent text messages. The message appears to come from your financial institution saying there is something wrong with your account. You are asked to call a number to verify your account information. When you call, the person on the other end is actually a crook looking to capture your bank account, credit card or Social Security number.

Look For "$1" Charges

It's easy to dismiss that $1 charge you don't remember making on your debit or credit card. But you should pay attention: Scam artists often make $1 "test" charges to see if you'll notice. If not, crooks know it's safe to use your card, sometimes spending hundreds of dollars in a short time period.

It's important to check your accounts often for suspicious activity. (Tip: You can monitor your Tower accounts anytime, anywhere in Home Banking.) If you think you may be a victim of fraud, contact your debit or credit card issuer immediately. You can also file a complaint with the Federal Trade Commission. Go to www.ftccomplaintassistant.gov.

Do Your Research Before You Download

Most cell phone users carry a large amount of personal information on their phones, including contacts, e-mails, passwords, photos, and even financial information. Cybercriminals try to capture that data through malware and online scams. Cell phone users often unwittingly put malware on their phone when they download free, legitimate-looking apps and games.

Before downloading apps, carefully read reviews and ratings. Always verify that the software comes from a trustworthy source and visit the developer's Web site. Do an online search to see if there is any information or news about the app.

Many cell phone companies offer security apps that protect your phone from malware and harmful Web sites. For example, Android offers an app called "Webroot," which enables you to lock your phone remotely and remove your personal data if your phone is lost or stolen. Check with your cell phone manufacturer to see if similar apps are available for your phone.

E-mail "Spims" and Spoofs

Beware of a new identity theft scam called "spim." Spim is unsolicited bulk e-mail, similar to spam, delivered by Instant Messaging (IM). It can be especially useful for crooks since recipients are more likely to click on links in an IM message, bypassing virus software available on computers. Your best defense is to block messages from anyone not on your buddy list. And don't click on links within a message.

Another "s" word—spoof—continues to fool Internet users. Spoofing involves forging an e-mail header to make it appear as if it came from someone else other than the real source. Spammers "trick" your Web browser into talking to a different Web server designed to capture your personal information.

To protect against spoofing, hover your cursor over the link and the corresponding URL will appear. If the URL is different from what you think you should see, for example "towrefcu.org" instead of "towerfcu.org," don't click on the link. It's always best to type the correct URL into your browser instead of clicking links within an e-mail.

Be Wary of Free Wi-Fi

Many hotels, airports and restaurants offer free Wi-Fi as a convenient perk, but be wary of what information you provide while using a public network. Free Wi-Fi is open to pretty much anyone, and there are few if any security measures provided. Computer-savvy cyber-thieves can easily hack into unsecured wireless networks.

Hackers can steal credit card numbers, bank account numbers, passwords, and other personal information. While it's fine to look up Web sites that offer fun activities at your destination, or get directions to your favorite restaurant, it's not a good idea to access your bank accounts, or give your credit card number while using free Wi-Fi. Also, be mindful when checking your e-mail on a public network. Don't open e-mails that may contain any financial or personal information.

Don't Tell People Where You Are

GPS apps on smartphones make it easy to share your whereabouts with friends using geo-location services like FourSquare, Gowalla and Facebook Places. Unfortunately, you may also be sharing your information with hackers. If criminals gain access to your location, they can figure out when you're out and burglarize your home.

To be safe, skip geo-location services and don't post your location on social media sites like Facebook or Twitter. For extra security, disable your phone's location services entirely. Look in your phone's "Settings" folder for instructions.

Password Tips & Safety

Your passwords hold the key for identity thieves to unlock your accounts and financial information, and ultimately, take your money. You are responsible for unauthorized transactions made on your accounts with your PIN and password, so it's important to protect yourself. Create passwords that are difficult for cyber thieves to "crack," and change them regularly.

Choose cryptic passwords with random characters, numbers and uppercase and lowercase letters. Don't use your birthday, Social Security number, spouse or children's names or birth dates, pets' names, etc. In fact, it's best not to use real words.

Don't use the same password for every site. Change your passwords every three months or so. Keep a list of your passwords somewhere other than your computer, and update it regularly. Put a master password on your computer so thieves can't easily access your files if it is stolen. Also, password protect your mobile phone so crooks can't access your contacts and personal information if your phone is lost or stolen. Never enter user names or passwords on a public Wi-Fi network, or on a public computer.