Cyber Security and Fraud Prevention

Five Common Scams That Target Businesses of All Sizes:

  1. Phishing E-mails: Phishing e-mails specifically target business owners with the goal of hacking into their computer or network. Common examples include e-mails pretending to be from the IRS claiming the company is being audited or phony emails from the Better Business Bureau, saying the company has received a complaint. If you receive a suspicious e-mail like this, don’t click on any links or open any attachments.
  2. Data Breaches: No matter how vigilant your company is, a data breach can still happen. Whether it’s the result of hackers, negligence or a disgruntled employee, a data breach can have a severe impact on the level of trust customers have in your business. Educate employees on the importance of protecting information and practice the ‘need to know policy’ internally.
  3. Directory Scams: Commonly the scammer will call the business claiming they want to update the company’s entry in an online directory, or the scammer might lie about being with the Yellow Pages. The business is later billed hundreds of dollars for listing services they didn’t agree to. Overpayment Scams —If a customer overpays using a check or credit card and then asks you to wire the extra money back to them or to a third party, don’t do it. This is a very popular method to commit fraud. Wait until the original payment clears and then offer the customer a refund by check or credit.
  4. Phony Invoices: The United States Postal Service suspects that the dollar amount paid out to scammers because of phony invoices may be in the billions annually, mostly from small and medium sized businesses. Scrutinize invoices carefully and conduct regular audits of accounts payable transactions.

Safety Tip:

Never go to a login in page through a link in an email or a pop up. Always go to the login page directly by typing the site name or, preferably, through a stored bookmark that you created.

General Rules for Computer Security:

  1. If you were not looking for it, then don’t download it.
  2. Keep your software current with the latest updates.
  3. Don’t click on links in emails from unknown senders. Be cautious when clicking on links in emails from known senders as their account may have been hijacked. Keep your PC protected with Windows Defender or antivirus software from a third party.

Current Threats:

Fake Notification E-mails:

Watch out for fake emails that look like they came from Facebook. These typically include links to phony pages that attempt to steal your login information or prompt you to download malware. Never click on links in suspicious emails. Login to a site directly.

Suspicious Posts and Messages:

Wall posts or messages that appear to come from a friend asking you to click on a link to check out a new photo or video that doesn’t exist. The link is typically for a phony login page or a site that will put a virus on your computer to steal your passwords.

Money Transfer Scams:

Messages that appear to come from friends or others claiming to be stranded and asking for money. These messages are typically from scammers. Ask them a question that only they would be able to answer. Or contact the person by phone to verify the situation, even if they say not to call them.

General Online Safety Rules:

Be wary of strangers: The internet makes it easy for people to misrepresent their identities and motives. If you interact with strangers, be cautious about the amount of information you reveal.

Be skeptical: People may post false or misleading information about various topics, including their own. Try to verify the authenticity of any information before taking any action.

Evaluate your settings: Use privacy settings. The default settings for some sites may allow anyone to see your profile. Even private information could be exposed, so don’t post anything that you wouldn’t want the public to see.

Two Factor Authentication:

Requires you to provide a password and a PIN code (most often sent to your phone) to log in to online accounts. Use this to prevent hijacking of your accounts. In most cases you can set this up in the ‘settings’ section of your account.

Specific Actions to Avoid:

  1. Don’t click on a message that seems weird. If it seems unusual for a friend to post a link, that friend may have gotten their site hijacked.
  2. Don’t enter your password through a link. Just because a page on the Internet looks like Facebook, doesn’t mean it is. It is best to go to the Facebook login page through your browser.
  3. Don’t use the same password on Facebook that you use in other places on the web. If you do this, phishers or hackers who gain access to one of your accounts may be able to access your other accounts as well, including your bank,
  4. Don’t click on links or open attachments in suspicious emails. Fake emails can be very convincing, and hackers can spoof the “From:” address so the email looks like it’s from a social site. If the email looks weird, don’t trust it. Delete it.
  5. Don’t send money anywhere unless you have verified the story of someone who says they are your friend or relative.

Preventing Identity Theft

Protect Your Personal Information:

  • Don’t carry your social security card.
  • Don’t provide your social security number to anyone unless there is a legitimate need for it.
  • Be aware that most Medicare cards use the social security number as the Medicare number. Take steps to protect your card.

Protect Your Documents:

  • Shred your sensitive trash with a cross-cut or micro-cut shredder.
  • Don’t leave outgoing mail with personal information in your mailbox for pickup.

Be Vigilant Against Tricks:

  • Never provide personal information to anyone in response to an unsolicited request.
  • Never reply to unsolicited emails from unknown senders or open their attachments.
  • Don’t click on links in emails from unknown senders.

Protect Your Communications:

  • Keep your computer and security software updated.
  • Don’t conduct sensitive transactions on a computer that is not under your control.
  • Protect your Wi-Fi with a strong password and WPA2 encryption. Protect your home devices.
  • Use strong passwords with at least eight characters, but the longer the stronger. Try random words strung together or phrases.
  • Use different passwords for your various accounts.
  • If you store passwords in a file on your computer, encrypt the file when you save it and assign a strong password to protect that file.
  • This sounds obvious, don’t name the file ‘passwords’. Consider using password management programs.

Social Networking Security:

  1. Login directly, not through links.
  2. Only connect to people you know and trust.
  3. Don’t put your email address, physical address, phone number or other personal information in your profile.

Terms to Understand:

  1. Fraud Alert: Your credit file at all three credit reporting agencies is flagged and a potential lender should take steps to verify that you have authorized the request.
    Inside Scoop: Fraud alerts only work if the merchant pays attention and takes steps to verify the identity of the applicant. They expire in 90 days unless you have been a victim of identity theft, in which case you can file an extended alert – it lasts for seven years.
  2. Credit Monitoring: Your credit files are monitored by a third party – if activity occurs you are notified.
    Inside Scoop: Credit monitoring does not prevent fraud, it only notifies you when your credit reports have been accessed, which is an indication that fraud may have occurred.
  3. Credit Freeze: A total lockdown of new account activity in your name. This requires unfreezing before you can open an account.
    Inside Scoop: A proven way to protect against identity theft. Credit freeze laws vary by state. To check yours, go to your state Attorney General’s website and search for ‘credit report freeze’. Sign out of your account after you use a public computer.

Identity Theft for Tax Related Purposes

If you are the victim of identity theft, or at risk because your information has been breached, go to this site: https://www.irs.gov/identity-theft-central

Credit Reporting Bureaus

The following agencies can be used to freeze your credit reports.

Equifax: (800) 525-6285, (800) 685-1111
Experian: (888) 397-3742, (888) 397-3742
Trans Union: (800) 680-7289, (888) 909-8872

You are allowed 3 free reports each year go to https://www.annualcreditreport.com or (877) 322-8228

To remove your name from Mailing/Call lists:

Mail: www.dmachoice.org
Phone: www.donotcall.gov

To stop preapproved credit card offers:
www.optoutprescreen.com OR (888) 5-OPTOUT (567-8688)

To Report Internet Fraud: