Information Possibly Outdated
The information presented on this page was originally released on October 23, 2015. It may not be outdated, but please search our site for more current information. If you plan to quote or reference this information in a publication, please check with the Extension specialist or author before proceeding.
5 tips help people avoid ID, financial thefts
STARKVILLE, Miss. -- “Phishermen” do not need lures or worms to get their prized catch; the only bait they need is a good scheme.
Anyone can be phished -- tricked through electronic fraud into unknowingly forfeiting sensitive personal and financial information, such as password and credit card details. In many cases, the result of a successful “phishing trip” is an empty bank account for the victim.
In observance of National Cybersecurity Month, the Mississippi State University Extension Service offers five tips to keep from becoming a phishing victim. Cybersecurity encompasses the measures taken to protect computers, networks or smartphones from attacks by viruses, scams or unauthorized access attempts.
Never give out personal information of any kind.
“A phishing email works when someone pretends to be from a legitimate source, such as a credit card company or a bank,” said Mariah Morgan, assistant Extension professor with the MSU Extension Center for Technology Outreach. “They email you under a false premise: ‘Your email account is about to reach its limit’ ... ‘Your credit card has been stolen’ ... ‘You have won a free trip, boat or car.’”
Sometimes, the scammer offers large sums of money or expensive prizes in exchange for only a few pieces of information.
“Typically, they include a web address at the bottom of the email for you to click on,” Morgan said. “Once you click on the email and respond to the questions, your personal information has been compromised.”
This type of message is one of many possible signs of spam, whether it is a junk email or a pop-up window. Another example is an email that addresses account owners as “Dear Customer,” rather than by their names. Note that banks, credit card companies or other legitimate businesses never solicit information via email.
Phishers have many ways of getting email addresses, including buying lists of addresses and names based on demographic information.
“They send out millions of emails and typically guess common usernames to pair with email domain names, such as ‘[email protected],’” Morgan said. “They just keep generating new configurations until they land on someone who responds. Another way is for phishers to use a tool called a bot to scan websites looking for email addresses. If your email address is posted online anywhere, they can find it.”
Don’t click on web links in emails from unfamiliar addresses or pop-up windows.
Phishing is not new to people who frequently rely on email as part of their jobs and come across large amounts of spam every day. But phishers are anything but picky and will go after anyone with an account to get what they want. This includes people who are not up-to-date on the latest schemes the scammers have concocted.
“Everyone’s email inbox is littered with phishing emails,” Morgan said. “When we think about the problem of cybersecurity, we often think of large corporations. In reality, cybersecurity can affect Mississippians of any age, race or gender. Being cybersecure aware means protecting your personal data from being used by criminals. This can mean protecting bank account information, social security numbers, passwords and private emails, among other things.”
Holding down the ALT and F4 keys on the keyboard at the same time deletes pop-up windows on Macs and PCs.
Check financial information and update software frequently.
Any U.S. citizen is entitled to a free credit report from each of the national consumer-reporting companies. Keep track of credit health and examine the bank account and utility bill statements, among other financial reports, at least once a month. Look closely for any irregularities.
“Children are being increasingly targeted for identity theft because their parents often don’t catch it until they are applying for college scholarships and loans,” Morgan said.
Antivirus software will often alert computer and smartphone users of possible viruses or security threats before allowing them to click on links. In the same vein, nearly all email providers have spam folders and other safeguards to separate legitimate emails from spam or identify users of possible spam.
For those safeguards to continue operating properly, all antivirus software and operating systems must be updated regularly.
Create a strong and unique password for each website.
Bobby Goff, assistant manager of computing systems at the MSU Extension Center for Technology Outreach, said using the same password for each website, email address and social media account makes the user’s personal information more vulnerable.
“You should never have the same password for your computer, bank or any other online service,” Goff said. “Passwords should be at least eight characters, contain at least one capital letter, one number and one special character. Smartphones and tablets should always have a password. Also, make sure to turn off geo-tagging. That function allows your smartphone to track everywhere you have taken a photo.”
Be careful on public Wi-Fi.
Free Wi-Fi can be convenient, but it is also usually insecure.
“Avoid sending sensitive information over free Wi-Fi connections,” Goff said. “Use encrypted websites when handling sensitive information online. These are sites that contain ‘https://’ at the beginning of the URL. Your browser will alert you if the connection is not secure.”
Goff added that anyone using electronic devices with Internet connections should be wary of what they stash away in cloud storage. Also, avoid sharing too much information on social media, as it can be used to create a targeted attack.
For more information on cybersecurity, see Extension Publication 2423, “Gone Phishing.”