Here are some tips from the FBI you can use to avoid becoming a victim of cyber fraud:
- Ensure company policies provide for verification of any changes to existing invoices, bank deposit information, and contact information.
- Consider requiring two parties sign off on payment transfers.
- Contact requestors by phone before complying with e-mail requests for payments or personnel records.
- Ensure that log-in credentials used for payroll purposes are unique.
- Do not give unknown, unverified persons remote access to devices or accounts.
- Do not communicate with unsolicited email senders.
- Do not act in haste. Criminals create a sense of urgency to produce fear and lure the victim into immediate action.
- Do not fill out forms contained in e-mail messages that ask for personal information.
- Do not sign in, if prompted to do so, in order to access an attachment. Businesses do not send attachments requiring you to login without establishing this as a normal protocol in advance. These will be separate accounts with unique credentials, not your windows or webmail login.
- Do not use links to financial institutions you receive via email. Log on directly to the website instead of “linking” to it from an unsolicited e-mail.
- Only open attachments from known senders. Even then be aware that if you are seeming something new it could be illegitimate. Take the time to verify it with the sender.
- Always compare the link in the e-mail to the link you are actually directed to and determine if they match.
- Use strong passwords and do not use the same password for multiple websites.
- Store your passwords in an encrypted file and never in the cloud. Programs like KeePass can help.
- Be aware that fraudulent e-mails requesting your personal information can be made to appear to be legitimate.
- When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon and that the domain is that of the vendor.
- Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
- Be cautious of customer support numbers obtained via open source searching. Phone numbers listed in a “sponsored” results section are likely boosted as a result of Search Engine Advertising.
- When you recognize fraudulent attempts to communicate with you cease all communication with the criminal.
- Ensure all computer anti-virus, security, and malware protection is up to date. If you do not have this on you home PC we can provide it for as little as $2 a month. In most cases your employer will cover the cost.
- Install ad-blocking software that eliminates or reduces pop-ups and malvertising (online advertising to spread malware).
- Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
- Monitor your bank account statements regularly, as well as your credit report at least once a year for any fraudulent activity.
- Request a free credit report every 12 months. Stager the request between the three credit agencies.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- Never provide personal information of any sort via e-mail.
- If it looks too good to be true, it probably is.
- If an opportunity appears too good to be true, it probably is.
- Do not attempt to purchase or invest in an SBLC. Such investments do not exist.
- Independently verify the terms of any investment or purchase you intend to make, including all parties involved (i.e., the bank the funds are originating from).
- Do Not transfer funds overseas or use foreign banks
- Watch for unnecessary secrecy or the signing of a non-disclosure agreement
- Be cautious of items being advertised well below their market value
- Avoid the use of escrow accounts, including attorney escrow accounts