Online Security Tips

Is your computer set to automatically check for software and security updates? Do you type your name in search engines to see what personal information is online? Have you customized your security and personal information settings on social networks?

These are all ways to own your online presence by controlling privacy and security settings.

In the past, online threats were primarily technical in nature, such as viruses or malware on your computer. But now, online threats are evolving and becoming more social, such as phishing ads based on your online searches, stolen passwords, identity theft and cyber bullying.

Small steps, such as monitoring your privacy settings and limiting what personal information you put online, can help you control your online identity.

Don’t send money to someone you don’t know.

Not an online seller you’ve never heard of — nor an online love interest who asks for money. It’s best to do business with sites you know and trust. If you buy items through an online auction, consider using an option that provides protection, like a credit card.

Never pay fees now for the promise of a big pay-off later — whether it’s for a loan, a job, or a so-called prize.

Don’t agree to deposit a check and wire money back.

No matter how convincing the story. By law, banks have to make funds from deposited checks available within days, but uncovering a fake check can take weeks. You’re responsible for the checks you deposit. If a check turns out to be a fake, you’re responsible for paying back the bank.

Don’t reply to messages asking for personal or financial information.

That goes whether the message comes as an email, a phone call, a text message, or an ad. Don’t click on links or call phone numbers included in the message either. It’s called phishing. The crooks behind these messages are trying to trick you into revealing sensitive information. If you got a message like this and you are concerned about your account status, call the number on your credit or debit card — or your statement — and check on it.

Don’t play a foreign lottery.

It’s illegal to play a foreign lottery, and yet messages that tout your chances of winning a foreign lottery, or messages that claim you’ve already won can be so tempting. Inevitably, you’re asked to pay “taxes,” “fees,”, or “customs duties” to collect your prize. If you send money to collect, you haven’t won anything. Indeed, you’ve lost whatever money you sent. You won’t get money back, either, regardless of the promises.

If you think you may have been scammed:

  • File a complaint with the Federal Trade Commission. You may visit their website at ftc.gov for more information or call 1(877) FTC-HELP (1.877.382.4357). The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
  • Visit ftc.gov/idtheft, where you’ll find out how to minimize your risk of identity theft.
  • Report scams to your state Attorney General by visiting their website. In Oklahoma, it is at oag.state.ok.us/ or by calling 1.405.521.3921.
  • If you get what looks like lottery material from a foreign country through the postal mail, give it to your local postmaster.

The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.

If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs — malware — onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware.

Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.

Don’t hand it out to just anyone. Your social security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information — whether in a web form, an email, a text, or a phone message — think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.

When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere.

Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.

If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).

Make it a habit to enter the address of any banking, shopping, auction or financial transaction website yourself and not depend on displayed links in emails or from other sites. If you see the “locked padlock” icon in the browser frame on the top near the address bar or on the bottom of the web browser, double-click it to display the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.

Follow alerts and warnings received by the browser. For example, if your browser reports that the site is a known phishing site, then do not continue to the site and type in your information.

Here are a few principles for creating strong passwords and keeping them safe:

  • The longer the password, the tougher it is to crack.
  • Mix letters, numbers, and special characters. Try to be unpredictable — don’t use your name, birth date, or common words.
  • Don’t use the same password for many accounts. If it’s stolen from you — or from one of the companies with which you do business — it can be used to take over all your accounts.
  • Don’t share passwords. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
  • Keep your passwords in a secure place, out of plain sight.
  • Change passwords at regular intervals for all online sites, such as online banking, merchant sites, and email accounts.
  • Always log off the website after you have submitted an application or concluded a secure online session.

No system is completely secure. Copy important files onto a removable disc/device or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.

Going wireless generally requires connecting an internet “access point” — like a cable or DSL modem — to a wireless router, which sends a signal through the air, sometimes as far as several hundred feet. Any computer within a range with a wireless card can pull the signal from the air and access the internet.

Unless you take precautions, anyone nearby with a wireless-ready computer or mobile device can use your network. That means your neighbors — or any hacker nearby — could “piggyback” on your network, or access information on your computer. If an unauthorized person uses your network to commit crime or send spam, the activity could be traced back to your account.

Wireless routers often come with the encryption feature turned off. You must turn it on. The directions that come with your router should explain how. If they don’t, check the company’s website.

Although the features of social networking sites differ, they allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. While the majority of these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that’s available. Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

Limit the amount of personal information you post — especially items such as your address or information about your schedule or routine.

Remember that the internet is a public resource — only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums.

Be wary of strangers — the internet makes it easy for people to misrepresent their identities and motives. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.

Be skeptical — don’t believe everything you read online. Try to verify the authenticity of any information before taking any action.

Evaluate your settings — take advantage of a site’s privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people. There is still a risk that private information could be exposed despite these restrictions, so don’t post anything that you wouldn’t want the public to see. Sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.

Be wary of third-party applications — third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable. Use strong passwords — protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.

Check privacy policies — some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam.

Keep software, particularly your web browser, up to date — install software updates so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

Use and maintain anti-virus software — anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Children are especially susceptible to the threats that social networking sites present. By teaching children about internet safety, being aware of their online habits, and guiding them to appropriate sites, parents can make sure that the children become safe and responsible users.

Here are a few helpful safety tips to remember when using an Automated Teller Machine (ATM):

  • Scope the area. Make a conscious effort to scope the area immediately adjacent to the ATM machine. Look for suspicious people or situations. If something does not look right, do not make your transaction. Leave the area and use another machine or come back at another time.
  • Limit your time at the machine. Prior to arriving at the ATM site, have your card out to avoid any delay of going through your purse or wallet to find it. At a walk-up ATM, cover your transaction. Use your body to block the keyboard from view. By doing this, you will prevent someone from learning your personal identification number (PIN).
  • Do not publicly show your cash.
  • Always keep your personal identification number a secret. Never give the number to anyone or write it down anywhere. Memorize it or use a secret code if you must write it down.
  • Notify us upon the loss of your card or PIN. Notify us immediately if your ATM card or secret PIN is lost or stolen.
  • Never let anyone use your card or access code.
  • Be on the lookout for ATM “skimming”. ATM skimming is a crime where thieves attach a device to an ATM to capture your card information. Skimming devices can include a small magnetic head used to capture your account information, and a small camera or mirror to view the keypad when you enter your PIN.
  • Be extra careful at night. If you need to access a machine when it’s dark, make sure it’s in a well-lit area and always be aware of your surroundings.
  • Save your receipts and check against your bank statement before destroying.