National Cyber Security Awareness Month was established to strengthen the weakest point of any security solution: humans. As it turns out, WE are the weakest link. And it doesn’t matter how many firewalls or security tools you have on your home or office computer—there’s no way to predict the damage one single careless click can cause.
Just when you think you’re all caught up on the scams out there, a new one emerges. So, what’s the secret to staying one step ahead of the bad guys? For starters, stay informed. Aside from the many resources available to consumers, Tower informs members monthly of the many ways to protect their accounts in TowerLine. You can access any of the previous articles in the Financial Know How section of our website. It’s a great way to draw on a broad range of topics related to cyber security
How hackers do their dirty work
Your credit/debit card numbers can be stolen when you swipe at the register by using a special storage device when processing your card. Be wary of “skimmers” on ATMs, gas station pumps, and other machines with credit card readers. Skimmers are small devices installed over the normal card reading slot. The skimmer reads your credit or debit card’s information, and the crook then returns later to remove the skimmer and retrieve the stored information. And now with chip-enabled cards, thieves have developed a tool for that as well called shimmers—thin credit card-sized devices that are barely detectable.
What can you do?
- Keep an eye on your card at all times, especially at the register.
- Inspect card readers before you swipe or insert a chip card. Skimming devices are not always noticeable, but they will usually stick out an inch or two from the card reader.
- Watch your bank/credit card statements for unauthorized charges.
- Set up text or e-mail alerts on your Tower accounts in Home Banking.
- Try to use ATMs/gas station pumps in well-lit areas, and owned by well-known vendors.
- When at the ATM, cover the PIN pad with your hand as you type.
Phishing & Vishing
Over 90% of successful cyber attacks start as phishing emails. Fraudsters pretend to be financial institutions, companies or government agencies, and send e-mail or pop-up messages to get you to reveal your personal information. Here’s how it works: An email will arrive in your inbox that looks very authentic, matching the style of your bank or credit union—hackers will go to great lengths to ensure that it imitates the real thing. It may ask you for information that isn’t normally requested, like your Social Security Number or bank account number. It also may be designed to make you panic.
Similar to phishing, watch out for vishing as well—scams disguised as voicemail and text messages. These are also tools for identity thieves.
What can you do?
- Don’t click on an e-mail from strange sources or pop-up messages.
- If a message seems suspicious, don’t open it or click links in the e-mail. Instead, your financial institution or the company directly for information or concerns.
Pharming is the next generation of phishing. It’s a more sophisticated way for thieves to fraudulently obtain personal financial information while you’re online. Where phishing works on one person at a time, pharming grabs large groups of victims at once.
Pharming uses DNS address poisoning, which tricks your computer about where the data is coming from. DNS addresses are text-strings —like amazon.com—that your browser translates into an IP address, like 255.255.255.255.)
Pharming corrupts this translation, and gives no indication on your computer that anything is wrong. You think you’re on a legitimate website, but the attack redirects all of your activity—online banking, passwords—to the thief’s computer.
What can you do?
- Only enter personal information in sites that have “https” at the start of their address.
- Pay attention to security warnings from your computer.
- A knowledgeable computer company can assist you with anti-malware software and a personal firewall. Other anti-pharming software is currently under development to work against hackers.
- Check your credit card and financial statements each month for unauthorized or suspicious charges.
- Report suspect e-mail to: antiphishing.org, or to the Internet Fraud Complaint Center. To file a complaint with the Federal Trade Commission (FTC), go to ftc.gov, or call 877-FTC-HELP.
Stay one step ahead of the identity thieves by signing up for free scam alerts from the FTC.
Resources: LPL Marketing, National Cyber Security Alliance, FTC.gov, DST Systems Inc.