Protecting your accounts from online crooks - Scotiabank outlines techniques for Cyber Security Awareness Month
Technology has significantly changed the way persons do business across the world.
Look at banking, for example. Some years ago, you would never have imagined that banking could have become so efficient and convenient.
No need any more to wait in lines or to run to the bank before it closes.
Now, thanks to the digital offerings through the Internet and mobile phones, banking can be done whenever you want, with 24/7 access to accounts and the ability to transfer funds, pay bills, or check account balances as the need arises.
But this shift in technology has not been limited to businesses. The criminals and con artistes are also using high-tech tactics in an effort to capture customer information for ill gain.
As part of the activities for Cyber Security Awareness Month, Scotiabank is utilising a number of avenues to sensitise Jamaicans and educate them on how to protect themselves in this new age. One activity is the hosting of a series of educational forums titled 'Securing Your Finances in the Digital Age', the first of which was held recently at the Scotiabank Centre.
Leighton Mitchell, Scotiabank's manager, forensics, took the opportunity to highlight a number of issues that are now being noticed as Jamaicans embrace the new technologies. Terms such as phishing, malware, and identify theft are more and more familiar as we become exposed to these online threats.
So how do you protect yourself in this digital age? Below are pointers highlighted by Mitchell as he encourages Jamaicans to protect themselves and take better control of their personal information.
The term malware is derived from the words "malicious" and "software". The expression is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software or programme code.
All computers are vulnerable to malicious software, particularly those that are exposed to the Internet (e.g., desktop PCs, laptops, servers, and mobile devices). Examples of malicious software include viruses, botnets, worms, logic bombs, keystroke loggers, trojan horses, and remote access trojans (RATS).
Malware can be used to record audio files, capture the screen, and capture key strokes while you work, which makes it easy for them to capture your banking information as well.
Computers can be infected with malware through various means often involving a user who:
o opens an affected email,
o browses a compromised website, or
o opens an unknown file on a removable storage media (e.g., USB drive).
o If you suspect that your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information.
o Use security software and/or professional help to find and remove malware.
o Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
o Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g., PCs, smartphones, and tablets).
o Require a password to gain access. Log off or lock your computer when not in use.
o Take immediate action if you see signs of spyware on your PC. This includes pop-up ads, icons on your desktop, error messages, sluggish/slow PC performance.
o Scotiabank offers FREE downloads of the Trusteer Rapport security software, which protects online banking communication from being stolen by criminals. It is highly recommended and offered as an extra layer of security to any antivirus or security software you already use.
"Phishing" is a type of identity theft where criminals use email to try to bait you into fake websites.
This kind of identity theft scam attempts to persuade its victims to fill out a form with details of their bank accounts, credit card numbers and other personal information.
o Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a website other than the one indicated by the labels. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
o Only submit sensitive information to websites using encryption to ensure your information is protected. Verify that the web address begins with "https://" (the "s" is for secure) rather than just "http://". Some browsers also display a closed padlock.
o Banks will never send you unsolicited emails asking for confidential information such as your password, PIN, access code, credit card, and account numbers.
o We will never ask you to validate or restore your account access through email or pop-up windows.
o Never respond to emails, open attachments, or click on suspicious links asking for personal or financial information, even if they appear to be from a reputable institution.
o You should never respond to or action any email that:
o Asks you to enter your card number, password, access code, or account numbers into an email, pop-up window, form, or non-secure webpage.
o Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information.
o Requires you to enter personal information directly into the e-mail or submit that information online.
o Threatens to close or suspend your accounts if you do not provide or verify personal information.
o Claims that your account has been compromised or that there has been fraudulent activity on your account and requests you to enter, validate, or verify your account information.
Please don't change or retype the subject line as this hinders our ability to properly investigate it. After forwarding the e-mail, you should delete it from your inbox. We will send you an automated response.
o Identity theft is the use of someone's personal identifying information like their name, tax registration number, credit card number, or bank account, without their knowledge or consent, to commit a crime such as fraud or theft.
To become a victim of identity theft, criminals will have to get access to your personally identifiable information (PII). That can include information such as:
o Name - full name, maiden name, mother's maiden name, or alias
o Personal identification number such as passport number, driver's licence number, tax registration number, patient identification number, and financial account or credit/debit card number
o Address information such as street address or email address
o Telephone numbers, including mobile, business, and personal numbers
o Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), X-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry)
o Information identifying personally owned property, such as vehicle registration number or title number and related information
o Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information).
What to do if it happens to you?
o Contact each financial institution, credit card issuer, or other company that provided the identity thief with unauthorised credit, money, goods, or services.
Report the incident to your local police department.
o Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
o Sign up for Internet banking so you can check your account activity from your PC or mobile device at any time.
o Don't write your PIN anywhere on your debit card, or keep your PIN in your wallet or purse.
o Create a unique password for all the different systems/websites you use. Otherwise, one breach leaves all your accounts vulnerable.
o Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
o The longer the password, the tougher it is to crack. Use a password with at least eight characters. Every additional character exponentially strengthens a password. Passphrases are most effective. A passphrase is a short sentence and generally easier to remember.
Avoid using obvious passwords such as:
o Names (your name, family member names, business name, user name, etc)
o Dates (birthdays, anniversaries, etc)
o Dictionary words
o Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
o Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it's probably a scam.
BE AWARE - Learn the information security risks related to your jobs. Gain an appreciation of the potential impact of your actions on our company.
BE ALERT - Pause and think before acting. Be vigilant for the security threats that you may encounter in your work every day.
BE SECURE - Make the right choice - the choice to be secure.
And always remember security is not complete without you.
• If you believe that you are a victim of identity theft and you are a Scotiabank customer, please contact your branch or call 1-888-4-SCOTIA (1-888-472-6842) immediately. Forward fraudulent emails or information to email@example.com.