Fraud Prevention & Online Security
How To Recognize a Phishing, Mishing, or Vishing Scam
Genuine banks and organizations will NOT contact you by e-mail to request confidential and personal information. If a bank or organization sends you a genuine request for some information, they should address you by name and not refer to you as 'account holder' or 'customer'.
A genuine bank or organization should take good care to ensure that any e-mail or message they send to you does not contain typing errors and grammatical mistakes—many scammers make silly mistakes.
How To Respond to a Phishing, Mishing, or Vishing Scam
There are things you can do if you receive a suspicious message. If you receive an e-mail, phone call or other message supposedly from your bank or another organization requesting your personal details, delete the message or hang up your phone. Even if the e-mail or message urges you to act quickly, do not panic—this is just a trick to make you respond immediately without giving you a chance to talk to others or to check if it is a scam.
If you receive a suspicious call or message that you think might be genuine, do not divulge your details until you have made some extra checks to satisfy yourself that it is not a scam.
Ring your bank or the company yourself to find out if it is a genuine message but never use the number provided in the e-mail or message—a scammer will not give you the correct number!
How to Reduce the Damage if You Have Fallen for a Scam
Report the scam - You should telephone your bank or financial institution if you are suspicious of an e-mail, letter or phone call that claims to be from them, or if you think someone may have access to your accounts. They can advise you on what to do next. Make sure the telephone number you use is from the phone book or your account statement, ATM card or credit card.
Protect your computer - If you were using your computer when you got scammed, it is possible that a virus of other malicious software may have infected your computer. Run a full system check using reliable security software. If you do not have security software (such as virus scanners and a firewall) installed on your computer, a computer professional can help you choose what you need.
Change your passwords - Scammers may have also gained access to your online passwords. Change your passwords using a secure computer.
- Create secure passwords. Keep them private. Change them regularly. The strongest passwords look like a random string of characters to attackers. Use a combination of letters, numbers and symbols.
- Update your firewall, virus protection, and browser software regularly. Use e-mail software with built-in spam filtering. Keep filters current. Don't open e-mails or attachments if you don't know the sender. Limit sharing e-mail or instant message addresses.
- When doing your online banking and shopping only deal with known, reputable vendors. Before doing business, look for and verify the company’s physical address, not a Post Office box. Request a catalog by mail. Speak with a company representative over the phone.
- Don't fall for phishing, mishing, vishing, or other social engineering schemes.
- Back up all your valuable data and keep the backups under lock and key. Back up anything you cannot replace easily. The following are some storage devices and locations to consider: external hard drive, CD, DVD, USB flash drive, Online backup and storage service.
- Eradicate personal data from your computer before donating or disposing of it. Remember, manually deleted computer files, may still be recovered by an identity thief. To remove files, search for "file shredder" or "secure file deletion" to find a program that is compatible with your version of Windows and other software. Call the computer manufacturer's technical services department and ask how to delete personal files. A third option is to have a reputable computer engineer safely overwrite your files from your hard drive.
Mobile Device Security
To maintain the security of your mobile device, you should take steps including password-enabling your device or require a thumbprint to access the device. Remote deletion software can be enabled that will allow you to delete your device’s memory in the event it is lost or stolen. You should regularly install operating system updates. Only download applications from reputable sources such as the iTunes and Google Play stores. Be cautious when using unsecured public wireless networks as your data can be intercepted. Use anti-malware software regularly.
Many easy to read safety and security articles can be found at www.microsoft.com/protect
Here are suggested actions recommended by the Federal Trade Commission and Equifax that you should take immediately if you suspect you are a victim of identity theft. Keep a detailed record with the details of your conversations and copies of all correspondence. Full details can be found on their websites at https://www.ftc.gov/ and https://www.equifax.com.
Call The Police
Call the police. Report the crime to the police or sheriff's department that has jurisdiction in your case and request a police report. Though the authorities are often unable to assist you, a police report may be necessary to help convince creditors that someone else has opened an account in your name. You also can check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number or check www.naag.org for a list of state Attorneys General.
Contact the Federal Trade Commission
Contact the Federal Trade Commission. You can file a complaint with the FTC using the online complaint form; or call the FTC's Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261; or write Identity Theft Clearing house, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Be sure to call the Hotline to update your complaint if you have any additional information or problems. The FTC does not resolve individual consumer problems itself, but your complaint may lead to law enforcement action.
Contact the three Credit Reporting Agencies.
Contact the three Credit Reporting Agencies. Have one of the agencies put a fraud alert on your file, which will aid in preventing new credit accounts from being opened without your express permission.
Once you place the fraud alert in your file, you're entitled to order one free copy of your credit report from each of the three consumer reporting companies, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports. Once you get your credit reports, review them carefully. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.
Close Your Accounts That Have Been Tampered With
Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
Call and speak with someone in the security or fraud department of each company. Follow up in writing, and include copies (NOT originals) of supporting documents. It's important to notify credit card companies and banks in writing. Send your letters by certified mail, return receipt requested, so you can document what the company received and when. Keep a file of your correspondence and enclosures.
Read More About Identity Theft and Credit Fraud
If you want to know more about identity theft and credit fraud, the following nonprofit Web sites are excellent sources of information and additional contact information.
US Government's Web site for identity theft
FTC Consumer Complaint Form
US Department of Justice
Social Security Administration/Office of the Inspector General fraud Web site
US Secret Service: What to do if you're a victim of identity theft