Tag Archives: Phishing

Online Banking Safety

Leave a reply

The Internet can be terrifying.  It’s often frightening how your information travels so quickly.  For example, last week I traveled to Ohio.  And ever since I’ve been receiving emails full of political ads for the Ohio Senate race.  How does that even happen?  I wasn’t receiving Ohio political ads before my trip, but now I am.  How do they know?!?!?!

But the one area where I generally don’t fear my information being snagged up by the wrong party is with my banking information.  Which probably sounds strange to many.  For years I’ve been trying to convince my Dad to do his income tax online, but he just doesn’t see it as safe.  I can’t convince him otherwise. But I’ve been doing my taxes and all of my banking online for many years.  The reality is that banks use high level encryption in addition to multifactor authentication.  When I’m logging into a bank account, it’s nearly as difficult as logging into LionPath (but not near as difficult as Department of Education systems).  If it is that hard for me to get in, with all the proper info at hand, how hard would it be for an outsider?  And if worse comes to worst, my money is protected by the FDIC.

You do have to be careful with the Internet though.  When doing banking online, you should always make sure you are working through a website that starts with HTTPS rather than just HTTP.  That S stands for secure, and that is important.  Make sure you change your passwords now and then.  Use passwords that are complicated (easy for you to remember, but hard for others to guess).  And always watch out for phishing emails and texts.  If you get an email that looks like it came from your bank, don’t just click on the link in the email.  Log into the bank website on your own, just to be safe.  If it’s a real message, you’ll find it on the bank’s website.  And set up alerts with your bank.  If I have a large or unusual transaction my bank sends me a text message about it.  They let me confirm that it was me, or send the red flag that my account has been compromised.  It’s a good idea to review your financial accounts online every few days.  That way if something is weird, you’ll see it and be able to notify the bank right away, without waiting for the next monthly statement.

The Internet can be a scary place.  But I’m pretty confident that it is safe to bank online.  Your mileage may vary.  This is definitely a personal decision.  But it’s one that I feel ok about.

 

A Moneywise Twofer–Protect Yourself

Leave a reply

Sometimes it’s just way too hard to choose only one topic for my weekly writing adventure.  This week there are two things that both seem to need urgent attention, so the Moneywise Tip is going to be a twofer.

First up, September 4 is the last day for students to purchase the Penn State Student Health Insurance Policy (SHIP) for fall semester.  And while you are young and healthy it’s easy to think you can get away with not having insurance.  But you really shouldn’t.  One broken bone.  One bad case of the flu.  One inflamed appendix.  Any one of these can happen at any time, and without health insurance it can easily set you on the path to a lifetime of medical debt. You can read more about that here.  But know that the choice to skip insurance is a game of Russian roulette you really shouldn’t play.

And for the second topic of the day, a student came to me last week to discuss something that scared both of us.  She came in to say, “I came to give you the information you called me about this morning.”  She went on to tell me that she had received a phone call from me asking for her birthdate and Social Security number for a student job she was applying for.  One big problem:  I hadn’t called her.  The caller had used my name, but I didn’t place the call.  It was a scammer. The reality is, anyone with access to the internet would be able to figure out that she is a student at Penn State Law, and I am the Financial Aid Director at Penn State Law.  I’m actually kind of stunned that someone would do this level of research to try to run a phone phishing scam.  But it happened.  So how do you protect yourself against this kind of thing?  My rule of thumb is that I never give out personal information on a phone call that I did not initiate.  No date of birth.  No Social Security numbers.  No credit card numbers.  If I didn’t place the call, no one is getting that kind of info out of me over the phone. Period.  And thankfully, this student was smart and didn’t share that info on the phone, even though she thought it was me on the other end of the phone.  WHEW!  (Just so you know—I would never ask for that kind of info on the phone.  I would always ask for you to bring physical documentation of these things.) Scammers are still everywhere, so make sure to protect yourself!

Is this for real? It might not be!

Leave a reply

This afternoon I received a text message from my sister.  We use the same credit union for our banking and she and her husband had just received the same text, supposedly from this credit union, notifying her of an “alert” on her account.  My sister is smart.  She was suspicious of this text.  She sent me a text message to see if I had received anything similar.  I had not.  Then I checked my account online to see if there were any alerts there.  Still nothing.  So then my sister called the credit union directly….not at the number that came in the text, but instead on a number she found on the credit union’s web site.  My sister’s suspicions were confirmed.  This was a phishing scam.

Crooks have gotten pretty clever with their attempts at identity theft.  Phishing scams are everywhere.  It could be a text from “your bank.”  Or an email from “your student loan servicer.”  A phone call from “Microsoft.”  A phone call from “the IRS.”  It’s everywhere.  Protect yourself.  Be suspicious.  Never just click on the link in the text or email.  Find a genuine phone number for follow up.  Never give out your personal information on a phone call that you didn’t make.  Never let someone who called you have remote access to your computer.  Be smart.  Be suspicious.  Don’t be scammed.

Scams: How to Avoid Being a Victim

Leave a reply

?????????????????????????????????????????????????????????????????????????

I really haven’t paid attention to the idea of scammers for a while.  PhishingSmishing.  Phone scams.  Everybody knows about that, right?  Do we have to still think about it?  Apparently the answer is yes.

I have elderly parents.  And last week they received a phone call from someone claiming to be from Microsoft.  The man on the phone said he knew that my folks had been having trouble with their computer and he wanted to help.  My father, who always struggles with his computer (I blame Windows 8), was ready to listen.  Luckily my father never gave out his credit card information (which is how this scam usually ends), but he did direct his computer to several websites.  I haven’t been able to get to their house to examine the damage yet, but I’m fairly certain that viruses and malware have been released.  I have my folks carefully checking their credit card activity every day to watch for fraudulent charges, as I know they have used their card for online purchases and that number is likely stored in their computer’s memory somewhere.

So fraud is out there.  I guess it always will be. How do you protect yourself against it?

Here are some things you SHOULD do:

  • Check your banking/credit card statements regularly to make sure every transaction is one you remember making.
  • Check your credit report at least once a year (http://www.annualcreditreport.com).
  • Change your online passwords regularly—to something complicated that includes letters, numbers, and symbols.

Here are some things you SHOULD NEVER do:

  • Give your credit card number out on a telephone call that you did not initiate
  • Click on a link in an email or text from someone you don’t know/trust
  • Email sensitive information such as your Social Security number
  • Call back the number of a missed call from someone you don’t know who did not leave a message identifying themselves
  • Wire money to a stranger (yes….people still do this!!!)

I could probably go on and on.  But instead I’ll leave you with this helpful information from the Federal Trade Commission.

Watch yourself!  Scammers are still out there, and likely always will be.

Phishing (a classic tip from 10/14/2013)

Leave a reply

I recently came across this article about how a scammer posing as Sallie Mae was trying to steal private information by claiming the federal government was offering student loan forgiveness during the government shutdown.  This reminded me that phishing is alive and well in the world, and is something we should all be thinking about.

Imagine it’s 1996.  You are enjoying the Internet through America Online when an instant message pops up.  Someone masquerading as an AOL employee asks you to verify your password.  This was the birth of the Internet scam called phishing.

From its early start as attempted AOL password harvesting (thus the “ph” replacing the “f” in the word fishing) scam, phishing has evolved into the practice of sending out e-mails that appear to be from banks or other reputable organizations with the intent of luring the recipient to reveal sensitive information such as Social Security number, usernames, passwords, credit card information or bank account details.

The scam artists who run phishing schemes are quite clever.  They have made an art form out of creating e-mails and web sites so like those of the organizations they are impersonating that it can be near impossible to tell the difference.  Usually they are asking for the intended victim to “update” or “validate” their account information.  Often they will try to incite fear with threats such as “your account will be canceled” if you don’t provide the requested information.  The phishing e-mail then provides a link to a web site where the intended victim will be asked to provide the private information the phisher seeks.

You can learn to identify phishing scams by looking for these clues:

  • Watch for address spoofs.  The original e-mail may appear to be from a legitimate address, such as eBay.com, but this is really just concealing the scammer’s actual address.  The enclosed link will lead to a look-alike web site at a similar but fake address such as eBayverifysite.com.
  • Phishing e-mails almost always link to a web site that is not secure.  It’s very simple for you to tell the difference between a secure and a non-secure site.  A secure site will always start with “https://”.  A non-secure site lacks the “s” for secure and will start with “http://.”
  • A genuine e-mail from a financial institution you work with will likely include your name or a partial account number.  A phishing e-mail will likely start with a more generic “Dear Customer.”
  • Phishing e-mails almost always use scare tactics such as threat of account cancellation.

You can further protect yourself from phishing by doing the following:

  • If you get an e-mail asking for personal information, do not click on the link in the message.  If you are concerned that it may be a legitimate request from a company you work with, you should go to that company’s web site directly to confirm your account information there.
  • Do not e-mail personal or financial information.  E-mail is not secure, so you should only send confidential information through secure sites.
  • Regularly review your bank account and credit card statements to ensure that all transactions were initiated by you.
  • Install anti-virus software on your computer and keep it updated.  Some phishing e-mails will contain software to track your Internet activities without your knowledge.  Anti-virus software and firewalls can protect you from this.
  • Always be cautious about opening attachments in e-mails—even from people you know.
  • If you receive an e-mail you are certain is phishing, you should report it to the Anti-Phishing Working Group at http://www.antiphishing.org.

If you have given out personal information, here is what you should do to limit the damage:

  • Report the theft of your information to the holder of your account as soon as possible.  This will limit your liability.
  • Cancel the account and open a new one as soon as possible.
  • Monitor the stolen account for fraudulent use.
  • If you have downloaded a virus, you should install or update anti-virus software and run a full scan.
  • If you have given out personal identification information such as your Social Security number, you could be a target for identity theft.  You should contact the three major credit reporting agencies (Experian, Equifax and TransUnion) to place a fraud alert and a victim’s statement in your file.  You should regularly monitor your credit reports to watch for any fraudulent activity.

The Internet is a powerful tool.  It has drastically changed the way we do just about everything.  But the Internet is also a dangerous place.  It is important for us to keep this at the forefront of our minds and exercise caution in your Internet use.