Lifestyle changes made to help curb the spread of the novel coronavirus may also have brought cybersecurity concerns closer to home. Virtual learning, remote work, online shopping and managing personal finances from phones and laptops are not new, but our reliance on these tools has become more important than ever. Staying up to date on the latest risks, learning how to manage them, and remaining vigilant goes a long way toward keeping personal information secure.
The Federal Trade Commission has received over 18,000 complaints related to COVID-19 since January 1, with people reporting losses of more than $13 million dollars to fraud alone. The top complaint categories in these reports? Travel and vacations, online shopping, bogus text messages, and all kinds of imposters.
When personal information falls into the wrong hands, the time and headaches of dealing with the consequences can be compounded by financial impacts. A Javelin Strategy & Research 2019 Identity Fraud Study shows that more than 14 million consumers were victims of identity fraud in 2018, and more victims are personally paying out of pocket for fraud.
Fortunately, there are steps you can take now to protect yourself. Here are answers to some of the most common cybersecurity questions from Sean Murphy, chief information security officer at BECU.
Q: What are new scams amid COVID-19?
Hackers are using social media, fake or spoofed texts and emails to tap into the uncertainty of the COVID-19 pandemic. Scammers have even gone as far as to set up websites selling fake products and trick you into giving them your personal or financial information. These can take the form of an email that looks like it’s from a bank or business, or a social media message that looks like it’s from someone you know.
“Part of the reason scammers can be successful in these attacks is that their behavior is so reprehensible during this time, most of us would not suspect such nastiness,” says Murphy.
During the pandemic, there has also been an uptick in phishing emails to steal login credentials and valuable financial data, and to even gain access to your stimulus payments. Scammers may try to trick you into paying a fee in order to receive your stimulus payment or convince you to give them your Social Security number or other sensitive information.
Q: How can I protect myself against COVID-19 scams?
The first line of defense is to avoid clicking on links from unknown sources. With COVID-19, it’s also become important to watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. “Avoid following hyperlinks and only visit trusted sources like the CDC and the World Health Organization websites for the most updated information about COVID-19,” suggests Murphy.
Keep your computers or mobile devices up to date with manufacturer-provided software updates and antivirus and antimalware protection, as applicable. It’s also a good idea to ignore online ads for vaccinations, prevention, treatment, or cure claims for COVID-19. “However, if you do fall victim to one of these crimes or suspect your information has been compromised, contact your financial institution immediately,” says Murphy. You can also report scammers to the FBI’s Internet Crime Complaint Center and suspicious claims related to COVID-19 to the Federal Trade Commission.
Q: What are some of the most common types of traditional scams?
While keeping an eye out for pandemic-related scams is likely top of mind these days, it’s important to remember that traditional scammers are still at work. It’s a good time to refresh your familiarity with these dangers, and feel confident you’ll know what to do if you encounter them.
Skimmers: Skimmers are concealed devices planted by criminals on ATMs located at gas stations, restaurants/bars and department stores, for example. These devices are often undetectable at first glance, but swiping or inserting your card into a skimmed ATM can lead to dangerous consequences. “The skimming device lets a thief steal the information embedded in your card, whether you’re using the ATM to withdraw cash, make a deposit, or check your balance,” says Murphy.
- Ways to protect yourself: “It’s important to be aware of your surroundings and trust your intuition. If you see or sense something suspicious, do not use the ATM.” Before using any ATM, inspect the area around you as well as the machine itself. Look for loose or suspect attachments on the card slot, such as sticky adhesive or even scratches. These are common signs that scammers leave when attempting to modify an ATM. “Another red flag is when the system does not work or you get an error after inserting your information into an ATM,” explains Murphy.
Robocalls: Have you ever received a phone call from a recorded, robotic voice that lets you know about an urgent, limited-time offer just for you? Chances are it’s an illegal, automated phone call targeting you for theft.
- Ways to protect yourself: “If you get an unwanted call, don’t press buttons to request to speak to someone or be taken off the call list. If you do, the system could identify you as a target that’s willing to engage,” explains Murphy. “Also, if you receive a random text message from a number you don’t recognize, don’t text back or click on links.”
Other common financial scams include fake credit report websites, job scams, copycat websites, “sweetheart” scams and elder financial abuse.
Q: Should I use public Wi-Fi? What are the risks?
Public Wi-Fi networks might be convenient, but if you’re going to use them, it is a good idea to not do anything that involves sensitive information. “Use public Wi-Fi to browse the web or read the news, but avoid logging in to any online banking or financial accounts, unless you have access to a virtual private network (VPN) application,” explains Murphy. From unencrypted networks and possible malware distribution, to cybercriminals using devices to eavesdrop on Wi-Fi signals, there are a variety of associated risks with using public Wi-Fi.
“Also, do not conduct transactions in public places, like a coffee shop,” says Murphy. “People can be looking to view the information you are putting into the system and copy data like your bank card information, SSN or passwords, depending on what details you are sharing.”
Q: How do I protect my online identity from being stolen?
Everyone’s online identity is potentially a target for cybercriminals. “With people of all ages spending more time online, it’s a good idea to make sure everyone is doing what they can to protect themselves,” says Murphy. Take steps to protect yourself.
- Create strong passwords. Passwords are often the key to guarding access to personal information and data stored on computers or sent over email. “Try using the longest possible password you are comfortable with, preferably including a minimum of 16 characters, one uppercase letter, one lowercase letter and a number or special character,” recommends Murphy. Also, don’t use the same account credentials for multiple online accounts because if one is stolen, they potentially have access to all of your accounts.
- Use multifactor authentication. Multifactor authentication requires more than one form of identification to log into the desired account. “For example, consider using your fingerprint in addition to a complex password to log in to online banking with your financial institution,” recommends Murphy. “That way, even if someone does gain access to your password, they won’t be able to access your account without that extra verification step.”
- Look for ‘https.’ When submitting personal information such as your address or payment method, check the website to ensure they begin with ‘https.’ “The ‘s’ indicates the site is using a security certificate to protect your data from third parties,” explains Murphy.
Q: What do I do when my identity is stolen?
While there’s no question that identity theft can leave you feeling vulnerable, there are effective steps you can take to keep your personal and financial information out of the wrong hands. “Recovering from identity theft is possible, but it’s important to remain vigilant,” says Murphy.
- Step 1: Notify any affected financial institutions
As soon as you suspect one of your accounts may have been compromised, contact your financial institution immediately. “If your financial institution detects fraudulent activity, closing the account as quickly as possible can save you from being liable for any unauthorized charges,” explains Murphy.
- Step 2: Change your passwords
Change your passwords immediately, including any accounts that you don’t believe have been affected. “Avoid using obvious passwords, such as those that include your birthdate or portions of your SSN,” suggests Murphy.
- Step 3: File a police report
After shutting down affected accounts, file a police report. “Remember to be as specific as possible,” says Murphy. “List all of your compromised accounts and provide any supporting documents you can.”
- Step 4: Flag your credit report
After you’ve contacted the affected financial institution, call one of the three major credit reporting agencies and request a fraud alert to be placed on your credit file. “This alert will be placed for 90 days and is a great preventative measure to ensure thieves can’t open any fraudulent accounts in your name,” explains Murphy.
- Step 5: Consider a credit freeze
A credit freeze gives you maximum control over who has access to your credit, including lenders and creditors. There are a few pros and cons to this step, so give this serious thought before you take action.
Q: Can hackers access my webcam?
There’s a good reason why so many people put tape over their computer webcams or use a webcam cover to shut them off: webcams can be hacked. “This means hackers can turn them on and record you when they want, usually with a remote administration tool that’s secretly been uploaded,” explains Murphy.
Remember, many webcam hackers use malware to secretly install and run remote desktop software without someone’s knowledge. “You may think you’re downloading one thing when in reality, it may be carrying a hidden virus,” explains Murphy. “Don’t click on unknown attachments or any suspicious links in an email, text or social media message.”
To keep your webcam privacy, it’s imperative to have good antimalware software that includes antivirus, antispyware, a firewall and other tools to keep the bad guys from getting in. Knowing where the risks are, and what steps to take to protect sensitive information, are also important tools to keep at the ready.
As a member-owned credit union, BECU is focused on helping increase the financial well-being of its members and communities by returning profits in the form of better rates, fewer fees, community partnerships and financial education. BECU is federally insured by NCUA.