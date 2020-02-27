With instances of online hacking of personal information on the rise, a local financial institution is offering advice to people on how they can better protect themselves online.
In 2017, 64 percent of Americans had been impacted by a breach in their data security, affecting their credit cards, account numbers, emails and social media, according to the Pew Research Center.
Jimmy Workman, corporate information security officer for Community Trust Bank, said there are three main ways that a person can protect their personal information online. Overall, he said it is important for people to watch out for scams through emails, text messages and phone calls, to keep their computers and mobile devices secure and to own their online presence.
One of the most common ways, Workman said, that a person’s online information can become compromised is through fraudulent emails, which are known as “phishing” scams. He said these scam emails are often made to seem like they come from legitimate sources, like a bank, financial adviser, healthcare provider, tax provider or a school.
The emails often include a link or attachment that they want the person to click on, and if the person clicks the offered link or attachment, the hacker can access the person’s email account or personal information.
“In some cases, they’re trying to get the person to send them private information about themselves,” Workman said. “That could also be part of the phishing attack. They could be trying to get their Social Security number out of them, their birthdate, an account number, PIN number or stuff like that. People would want to be wary of emails that come in asking for private information or that come in asking for them to take immediate action on something, like they’re trying to scare them into responding quickly.”
Scams that have become frequent recently, Workman said, are fraudulent text messages and phone calls, known as “smishing” and “vishing” scams. Similarly to phishing scams, the hacker sending the text or phone call would want the person to act quickly by sending them personal information or, in the case of the text message, to click a link. Workman advised people to not trust texts or phone calls, especially if they were not expecting to receive it.
“Most everyone has a mobile phone these days,” Workman said. “People are used to vetting phishing messages, but maybe not texts. A good rule of thumb is if you receive something you’re not expecting, verify it. Contact the organization with the contact information that they (the person receiving the message) had already.”
Regarding the security of a mobile device or computer, Workman advised for people to use strong, unique passwords. He said this is often required for many websites now, but it is a good rule for anyone looking to protect their personal information online. Another way that a person can do this, he said, is by creating a memorable phrase for the password and replacing certain letters in that phrase with special characters. While not foolproof, he said, it can be helpful for people struggling to create a strong password.
“It’s important because if you don’t do that, the simpler the password, the easier it is for that criminal to hack it,” Workman said. “Whether it’s required or not, they should always set up a strong password. Don’t use the same password for every account you have because people tend to do that. If someone hacks one account and you’ve used that same password for eight other accounts you have, if they’ve done enough research on you, they’re going to get into those eight other accounts pretty easily.”
Workman said that people can look into using password managers, which are digital vaults that store and secure login information for mobile devices, websites and other services.
For many websites today, there is two-factor or multi-factor authentication. It is an authentication method that grants access to a computer user after they confirm their identity through two or multiple forms of authentication. The forms of authentication often includes inserting the person’s password, sending a code through a person’s mobile device or email or placing a person’s fingerprint on their mobile device or laptop computer.
“A lot of systems now offer that additional layer of security,” Workman said. “When it’s available, people should take advantage of it.”
Workman also recommended that people back up their files regularly, and he suggested that they do it in ways that they are comfortable with. Some ways that a person can back up their files, he said, include Apple’s iCloud on Apple devices, a person’s laptop or desktop computer or external hard drives.
Workman said that people be wary of the information that they provide online because it is as valuable as money. While using mobile apps, websites and social media accounts, he said, people should look into their accounts’ security and privacy settings because they can change those settings to designate who has access to their information and what information is being made available to others.
Workman said people should think about what they post about themselves online and what that post might reveal about them.
“Be thoughtful with who gets information on you and what kind of information it is that you’re sharing,” Workman said. “They can go in and set up security or privacy settings on these different social media outlets for their comfort level and what they’re comfortable with sharing their information with others. That’s something they should be aware of and see what their options are. It’s okay to limit it.”
Regarding online financial information, Workman said people should check their credit report at least annually and research what “freezing” and “thawing” their credit means and if it might be right for them. For more information on credit reports and scores, visit, www.usa.gov/credit-reports.
When using a credit or debit card at the ATM, Workman said people should be aware of their surroundings, and when putting in their PIN numbers at the machine, they should cover their PIN number with their other hand.
“If a criminal has installed a camera that’s hidden, that’s gonna help protect from that number being seen,” Workman said. “If a person is looking over their shoulder which does happen sometimes, that’s also gonna help from that number being seen.”
At an ATM machine or gas pump, he said people should be wary of credit card skimmers that might have been placed on a credit/debit card reader. A credit card skimmer is a card reader that can be disguised to look like part of an ATM. The skimmer attachment collects card numbers or PIN codes, which are then replicated into counterfeit cards, according to the Northwest Community Credit Union.
Before inserting a debit or credit card, the person should check if the card reader is loose, crooked or damaged. If it is, he said, the person should inform an employee who works where the ATM machine or gas pump is located and should not use the card reader.
Workman also recommended that people check their bank and credit card accounts and statements often.
“They need to figure out what they’re comfortable with, what’s good for their schedule, what do they feel is often enough, but they should check it regularly, whatever that means to them,” Workman said. “If you have the ability to set up a text or email alert that will be sent to you if your card is used, take advantage of that.”
He recommended that people check their Social Security records at least annually. To learn more, visit, www.ssa.gov.
Lastly, Workman advised for people to talk to their families about online security.
“People should treat these devices like their cash or credit card,” Workman said. “Protect them just like their cash or credit card, and don’t leave them lying around, even if it’s just for a second, especially if they’re in a public place. Bad people are looking to grab that thing quick as soon as they look away. In the world we live in today, we live in a digital society. About any account you can imagine that you could have with whatever organization, you can access that online. It’s your digital thumbprint. It’s everything, and if someone steals that, it can take a long time to get things turned back around to be able to function.”
“The statements and opinions expressed herein are considered best practices and tips in regards to the content,” Community Trust Bank said in a statement. “While these best practices and tips are recommended, we cannot warrant that following these best practices and tips will prevent any and all cybersecurity threats or cybersecurity attacks.”
For additional resources, visit the National Cyber Security Alliance at, https://staysafeonline.org, visit the U.S. Department of Homeland Security Cyber Infrastructure at, https://www.cisa.org, or visit the Federal Trade Commission’s information on privacy, identity and online security at, https://www.consumer.ftc.gov/topics/privacy-identity-online-security.
If you feel that you are the victim of identity theft, visit the Federal Trade Commission at, https://www.identitytheft.gov.
