Tips, from the FBI, to avoid becoming a victim of cyber fraud:
- Do not give unknown, unverified persons remote access to devices or accounts.
- Do not communicate with unsolicited email senders.
- Do not act in haste. Criminals create a sense of urgency to produce fear and lure the victim into immediate action.
- Do not fill out forms contained in e-mail messages that ask for personal information.
- Do not sign in, if prompted to do so, in order to access an attachment. Businesses do not send attachments requiring you to login without establishing this as a normal protocol in advance. These will be separate accounts with unique credentials, not your Windows, Dropbox or Office 365 logon.
- Do not use links to financial institutions you receive via email. Log on directly to the website instead of “linking” to it from an unsolicited e-mail.
- Do not share online documents by sending a Link or URL. You need to designate a spcific user so that permissions can be revoked going forward.
- Ensure company policies provide for verification of any changes to existing invoices, bank deposit information, and contact information.
- Consider requiring two parties sign off on payment transfers.
- Contact a requestor by phone before complying with e-mail requests for payments or personnel records.
- Ensure that log-in credentials used for payroll purposes are unique.
- Setup Positive Pay with your financial institution to eliminate check fraud.
- Only open attachments from known senders. Even then be aware that if you are seeming something new it could be illegitimate. Take the time to verify it with the sender. Verification should not be done via Email. Hackers can reply from a compromised account.
- Always compare the link in the e-mail to the link you are actually directed to and determine if they match.
- Use strong passwords and do not use the same password for multiple websites.
- Store your passwords in an encrypted file and never in the cloud. Programs like KeePass can help to secure and share them.
- Be aware that fraudulent e-mails requesting your personal information can be made to appear to be legitimate.
- When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon and that the domain is that of the vendor.
- Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
- Be cautious of customer support numbers obtained via open source searching. Phone numbers listed in a “sponsored” results section are likely boosted as a result of Search Engine Advertising.
- When you recognize fraudulent attempts to communicate with you cease all communication with the criminal.
- Never make purchases for the business based on email requests, without direct verbal verification.
- Change passwords immediately if an account is compromised.
- Ensure all computer anti-virus, security, and malware protection is up to date. If you do not have this on your home PC we can provide it for as little as $2 a month. In most cases, your employer will cover the cost.
- Monitor your bank account statements regularly, as well as your credit report at least once a year for any fraudulent activity.
- Request a free credit report every 12 months. Stagger the request between the three credit agencies.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- Never provide personal information of any sort via e-mail.
- If it looks too good to be true, it probably is.
- If an opportunity appears too good to be true, it probably is.
- Do not attempt to purchase or invest in an SBLC. Such investments do not exist.
- Independently verify the terms of any investment or purchase you intend to make, including all parties involved (i.e., the bank the funds are originating from).
- Do Not transfer funds overseas or use foreign banks
- Watch for unnecessary secrecy or the signing of a non-disclosure agreement
- Be cautious of items being advertised well below their market value
- Avoid the use of escrow accounts, including attorney escrow accounts