FDIC Consumer News - A Bank Customer's Guide to CyberSecurity: What Consumers Can Do ... and What Banks and Regulators Are Doing ... to Help Prevent Online Fraud and Theft
FTC.gov - Federal Trade Commission
Definitions of Terms
Short for "Malicious Software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, trojan horses, and spyware.
Viruses, for example, can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing. This can include anything from web pages a user visits to personal information, such as credit card numbers.
Consumers can combat malware by installing anti-virus and anti-spyware utilities that will seek and destroy malicious programs. Anti-virus and anti-spyware can be purchased wherever computer products are sold. Learn more.
There is a new type of Internet piracy called "phishing." In a typical case, you will receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. In a "phishing" scam, you could be redirected to a phony website that may look exactly like the real thing. Once inside that website, you may be asked to provide your Social Security Number, account numbers, passwords, or other information used to identify you. When you provide this information, those perpetrating the fraud can begin to access your accounts or assume your identity. Never reply directly or click on a link in response to an e-mail that asks for your personal or financial information. Remember - your bank will never contact you "out of the blue" to ask for personal financial information.
Do not respond to e-mail that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the e-mail's validity using a telephone number or web address you know to be genuine.
When submitting financial information to a website, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with "https." This signals that your information is secure during the transmission.
Use anti-virus software and keep it up to date. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted "key-logger" files. Look for anti-virus software that recognizes current viruses as well as older ones.
Keep your computer's operating system up to date and download security patches. These patches for your operating system close holes that "hackers" or "phishers" could exploit.
Similar to phishing, smishing uses cell phone text messages to deliver the bait to get you to divulge your personal information. The hook (the method used to actually "capture" your information) in the text message may be a website URL, however it has become more common to see a phone number that connects to an automated voice response system.
The smishing message usually contains something that wants your "immediate attention". Some examples include:
1. "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com."
2. "(Name of popular online bank) is confirming that you have purchased a $1500 computer from (name of popular computer company). Visit www.?????.com if you did not make this online purchase."
3. "(Name of a financial institution): Your account has been suspended. Call xxx-xxx-xxxx immediately to reactivate."
The hook may be a legitimate looking web site that asks you to enter your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, email address, and other personal information. If the hook is a phone number, it normally directs to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.
Do not respond to text messages, website addresses or telephone numbers that may warn of dire consequences unless you validate your information immediately. Contact the actual company to confirm the validity of the request using a telephone number or web address that you know to be genuine.