As a review of best practices, this week we focus on the pitfalls of phishing. It’s nothing new, but sometimes it helps to have a reminder. If you open an email or text, and see a message like:
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
The senders are phishing for your information so they can use it to commit fraud.
The best course of action is to delete the email and text right away. Legitimate companies don’t ask for personal information via email or text.

The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.
Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
To avoid a phishing attack:
• Use trusted security software and set it to update automatically.
• Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.

For more useful tips on information safety, please visit www.hvshred.com

One of our newest favorite blogs to follow is Staysafeonline.org.  In a recent post by Emily Eckland, Director of Digital Strategy & Awareness Campaigns, she shared valuable tips for using Wi-Fi spot while vacationing this summer.  It’s a great convenience to be able to use our devices in airports, hotels, train stations, coffee shops and other public places, but be aware they’re often not secure.

Be cautious when connecting to Wi-Fi hotspots and mindful that you’re likely online through an unsecured or unprotected network.

Tips she advises:

•Keep a clean machine. Having the latest security software, operating system, web browser and apps is the best way to protect yourself from the malware and other threats you may encounter when using public Wi-Fi.

•Be wary of the sites you visit and the information you share while doing so.  When entering personal information over the Internet (logging into email or social networking sites or banking or shopping), make sure the website is encrypted. Encrypted websites use https://.  Look for https:// on every page, not just the login or welcome page.  You can force a website to https:// by adding the “s” in front of URL.

•Avoid connecting to hotspots that don’t seem legitimate or are misspelled.  It’s not uncommon for cybercriminals to set up Wi-Fi hotspots called “free Wi-Fi” in airports and hotels.

•Be wary of pop-up windows that prompt you to accept and install software updates when using hotel Internet connections. Last year, the FBI and the Internet Crime Complaint Center issued a warning about a rise in malware being installed on travelers’ laptops.

•Remember, a 3G/4G connection is safer than an unsecured Wi-Fi connection when shopping, banking and using other websites that access personal information.

•Consider turning off features on your computer or mobile devices that allow you to automatically connect to Wi-Fi.

•Turn off Bluetooth when you’re not using it. Bluetooth-enabled devices like headsets and wireless keyboards are great accessories for traveling, but can leave you and your personal information at risk. When these devices are not in use, turn off the Bluetooth setting on your phone or tablet. If you leave the functionality on, cybercriminals can pair with your device’s open connection and steal personal information.

For more on ways to protect your personal information and stay safe from ID Theft, please visit www.hvshred.com

The new movie “Identity Thief” makes for a good laugh; unfortunately, experiencing Identity Theft is anything but funny.  We often use this blog to pass along good hints and tips from the Identity Theft Resource Council.  One of our favorites of course is their acronym: SHRED.

S: Strengthen passwords online. Don’t use the same password on multiple sites.

H: Handle personally identifying information with care.   In particular, do not carry your Social Security card on your person and be wary of your child’s social security number too.  Especially on social media, be wary of the information you are sharing. 

R: Read your credit report annually.

Consumers are entitled to one free credit report per year from each of the three major credit reporting bureaus through the website AnnualCreditReport.com.

E: Empty your purse or wallet.  Travel with only what you absolutely need in terms of id and credit cards.

D: Discuss these tips with family and friends.

Identity theft isn’t on everyone’s radar, but it should be. Make sure friends and family know that they should protect their identity the same way they would protect other valuables.

For more hints and tips visit www.hvshred.com

In the wake of the “truth is stranger than fiction” Manti T’eo story and the upcoming Valentine’s holiday, it seems like an opportune time to review some basic online safety precautions.  Not to mention, MTV’s “Catfish” show chronicles stories of people falling in love online and being fooled when they discover the person they’ve been talking to  for months –even  years – isn’t the person they thought it was.

These stories show just how easy it is to create a persona online: Pick a name. Find a photo of an attractive person online. Create an account on a social networking site.

The first lesson when doing anything on line is: STOP. THINK. CONNECT. Take a moment to really process the information and think things through before you jump headfirst into a relationship.

Here are some other tips:

• Own your online presence.  Set the privacy and security settings on websites to your comfort level for information sharing. It’s okay to limit how people can find you or communicate with you.  If someone you don’t recognize wants to connect with you, think twice before hitting the “accept” button.

• If something seems too good to be true, it probably is. Often it pays to be the skeptic. If an attractive person contacts you out of the blue on a social networking site and starts professing their love for you within days of meeting, this should raise a red flag. Chances are the person doesn’t look a thing like they do in photos and in extreme cases, may be trying to con you.

• Think before you act. If they tell you a sob story about losing their job or a sick relative, this should also raise a red flag. They could be trying to get you to wire them money or give them access to your bank account.

• Protect your personal information. You wouldn’t tell a stranger on the street your home address, ATM pin number, or social security number, would you? The same rule applies online. Even if you have been talking to someone for a while and don’t think of them as a “stranger,” you still need to be wary, especially if you’ve never met in person.

• Do your own research.  Pretend you’re a private investigator and do some digging.  Type the person’s name into a search engine and see what comes up. Drag their photo into Google image search. The results could surprise you.

• Be a good online citizen. What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.

• Post only about others as you have them post about you.

In the unfortunate (and rare) situation that you become the victim of fraud, you can learn how to get your life back on track with our Victims of Cybercrime Tip Sheet.

For more on identity theft precautions visit www.hvshred.com

In another installment of keeping identities safe, this week we review some of the best practices for safe password selection and management. Surprisingly, even in today’s security-conscious environment, the word “password” and the sequence “123456” remain some of the most common passwords!  That makes for funny movie moments (Spaceballs is one of my favorites), but could lead to heartache in the real world.

Here are some basic guidelines to take into account when selecting a password.  Different services may have different requirements, but we always recommend choosing a unique password that is as strong as possible, whether it is for a social media account, e-mail address, or network login.

DO

• Select passwords that include a combination of upper and lowercase alphabetic characters, symbols, and numbers.
• Rotate your passwords regularly. Best is to change passwords every sixty days, but rotating them every six months will put you way ahead of most others.
• Develop a difficult-to-guess but easy-to-remember password that incorporates memory devices.

DO NOT

• Use all or part of your name in your password.
• Use a password of all numbers or a single, repeated letter.
• Use a word contained in any dictionary.
• Use a password with a length under six characters.
• Reuse or recycle passwords.

One of the best defenses to password attacks is to select an appropriate length. If an attacker is working to gain access and the dictionary attack method has failed (where words from a dictionary are automatically attempted), a brute force attack will likely be the next step. Brute forces attacks involve cycling through all possible password combinations until the correct one is found. For this reason, the longer the password, the longer it will take a cracking algorithm to successfully guess your password.

But even if we follow all the recommended guidelines and best practices (i.e. selecting an unpredictable password with a length greater than 6 characters and a combination of upper and lowercase letters, numbers, and symbols) we are still missing a premise: a password should be easy to remember.

Writing down your password is highly discouraged, and something like “H$%^j1@” is not going to be easily remembered. One solution to this issue might be to turn a sentence into a password, also called a “pass phrase”. For example if your favorite song is “Glory Days” the password might be “G10reD@z” It’s certainly a complex password, and it is one that can be remembered.

Data security isn’t just something we focus on once a year – it’s something that we need to keep in mind every day. 

For more tips and best practices, please visit www.hvshred.com

We regularly check in with the latest tips from the Identity Theft Resource Center and share what we learn in this blog.  According to “Solution #25”, what follows is some great advice on detecting scams.

According to ITRC, thieves are coming up with more and more devious ways to try and trick you into giving them your personal information. What’s so important about your personal information? A crook can open up a new line of credit in your name, rent an apartment, purchase cars, homes, and other goods, get a job, get out of criminal acts, or take over your bank account. In other words, the instant you give up certain personal information to a thief, you are in jeopardy.

What information do thieves want?

• Social Security Number
• Bank account or credit card numbers
• Driver’s license number
• Insurance policy numbers (medical and auto)
• Date of birth
• State or employee identification number.

Here are some universal rules to keep in mind when trying to determine if something is a scam or not.

• If it’s too good to be true, it probably is.
• When in doubt, check it out.
• A bank, credit card company, or utility company will never ask for your personal information by email, whether you have an account or not, period.

For more information on identity theft protection, please visit www.hvshred.com

Thanks to a recent post on Fraud Avengers.com, we would like to share information to help our community look after what appears to be among our most vulnerable population: our senior citizens. According to the FBI Internet Crime Complaint Center, seniors are targets for countless forms of fraud, ranging from simple home repair scams, to more complex investment and insurance fraud. Perpetrators include family, friends, neighbors, caregivers, financial advisors and strangers.

Opportunists see the “golden years” as primetime to rob all the savings and good credit seniors spent a lifetime accumulating. Make sure the seniors in your life are made of aware of the following top scams:
• Work from Home – Jobs listed in newspapers, online job sites, emails and social networking sites, promising jobs to seniors as “money transfer agents” abroad.
• Government Official Impersonation – Scams range from fraudsters purporting to be from the FBI, Social Security, Medicare or other federal agencies all demanding money.
• Loan Intimidation – Phone calls or emails threatening arrest or legal action for delinquent loans. These often target personal information used to commit identity theft.
• Romance – Taking advantage of lonely hearts, scammers will claim personal hardship and the need for financial help.
• Auto Auctions – Fraudsters advertise vehicles at “too good to be true” prices. This scam uses a “must sell quickly” tactic and demands full or partial payment through a third party.

If you or an older adult you know is being subjected to financial elder abuse, visit the National Center on Elder Abuse (NCEA) for a list of state reporting telephone numbers to get help. Contact your financial institution to report the fraud. File a police report, especially if personal and confidential details were provided, such as social security numbers, which could be used to commit identity theft. If you believe there is immediate physical danger, contact 911.

For more id theft resources, please visit www.hvshred.com