John Whalen, Director-Information Security
Willie Sutton, the 20th-century bank robber, famously said, “I rob banks because that’s where the money is.” Today, thieves would put it differently: the easiest way to get money is to get into online bank accounts. How do they do that? By fooling others in some way.
There’s an easy way to get into other people’s online accounts. Send out a bunch of emails that attempt to fool people into responding in some way, either by clicking on a link, opening an attachment, or verifying a user name and password. Increasingly, as we all do more and more online, internet-based scammers evolve their techniques to stay ahead of us.
Take these concrete steps, adapted from the Federal Trade Commission, to minimize your risk:
Be careful of emails.
Don’t reply to unsolicited emails. Don’t click on links or open attachments in emails you are not expecting. Instead, use your browser to go to the URL (internet address) of the organization. Never share your user name or password with anyone else. If an email contains a link that, upon opening, asks for your user name and password, close that link and use your browser to go to the URL of the organization.
Be careful with your passwords.
Change your passwords every 90 or 180 days. Use two-factor authentication in any account for which it is available. Examples of two-factor authentication are: the use of a password plus a question or series of questions, or a password and a PIN number.
Don’t send money or give out personal information.
Don’t share personal information or send money to someone you don’t know. Scammers pretend to be someone you trust: a government official, a family member in need, a charity seeking help after a disaster. If someone calls asking for money or personal information, hang up. The name and phone number you see aren’t always real. If you think the caller might be telling the truth, call back to a number you know is genuine.
Consider how you pay.
Credit cards have significant fraud protection built in, but some payment methods don’t. Wiring money is potentially risky because it’s nearly impossible to get your money back. Government offices and honest companies won’t require you to use risky payment methods.
Take the time to be skeptical and verify. Before you give up your money or personal information, talk to someone you trust. Scammers ratchet up the pressure so you can’t think straight. They want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search, consult an expert — or just tell a friend.
Hang up on robocalls.
If you answer the phone and hear a recorded sales pitch, hang up. These calls are illegal, and more often than not the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to even more calls.
Don’t believe free trial offers from companies you’re not familiar with.
Scammers use free trials to sign you up for products, so they can bill you every month until you cancel. Before you agree to a free trial, research the company and read the cancellation policy. Review your monthly statements for charges you don’t recognize.
Sign up for free scam alerts from the Federal Trade Commission (FTC) at ftc.gov/scams. If you spot a scam, report it at ftc.gov/complaint. Your reports help the FTC and other law enforcement agencies investigate scams and bring scammers to justice.