Fraud Prevention

How to Protect Your Money and Accounts Online

Being able to bank or shop online is a great convenience, but you want to be sure you're protecting yourself before you hit “send.” If the wrong people access your accounts, you might find yourself with a lot less in the bank than you thought. Here are six steps you can take to help make sure that doesn't happen.​

  1. Do your online shopping/banking from home

    You've probably taken steps to secure your home network, so it makes sense to do most of your online activity there. Public computers are convenient, but be careful about entering passwords and sensitive account information when using these machines. Many will keep your login data in the web browser history, so after you leave, the next person who uses the computer might be able to see what you typed and access your account.

    If you're on your own laptop or mobile device but using public Wi-Fi to access the Internet, you could run into similar issues. You can't be sure the network you're on is secure, and if it's not, a lurking hacker could see any information you send. When you use public Wi-Fi, consider updating the settings on your device to make sure you don't automatically join networks you won't use regularly.

    If you have to shop or bank online while away from home, consider using a virtual private network, or VPN, service to protect your account information.

  2. Install antivirus software

    Many antivirus companies will send security patches to your computer automatically, so you don't have to be a tech genius to get the most up-to-date protection. In addition to installing an antivirus program, it's a good idea to check your operating system, web browser and mobile devices to make sure they also have the latest software updates.

  3. Be smart with account passwords

    Strong passwords include both uppercase and lowercase letters, numbers and symbols, and they can't easily be guessed. Security experts recommend that you change your passwords at least every few months.

  4. Don't skimp on mobile security

    Sometimes you may need to shop or bank online while you're on the go. When using smartphones, tablets and laptops, you can help protect your accounts by adding a password to lock your device screen. Also, install a “find your phone” tool to help locate your device if it's misplaced. Many such tools give you the ability to disable your device remotely, in case it can't be recovered.

  5. Remember, "secure" starts with an "s"

    Before sending over account numbers or other sensitive information, check to see whether your browser address bar begins with “https” instead of “http”. The extra “s” literally stands for “secure,” because the page is encrypted. In addition to checking for the “s,” you can also look to see whether the webpage has a seal from
    such organizations as the Better Business Bureau, Truste or VeriSign, which means the site is more likely to be trustworthy.

  6. Shop with a credit card, not a debit card

    With a credit card, you'll generally have  better consumer protection. If someone makes unauthorized charges, you're only responsible for up to $50. But with a debit card, you could lose all the money in your account if you don't report unauthorized charges in time. No matter which card you use, regularly check your statements for any charges you don't recognize.

    When you're banking or shopping online, you don't want to leave an open door for hackers. So it's best to secure your accounts and your devices to protect your hard-earned money.

    © Copyright 2016  NerdWallet, Inc. All Rights Reserved

Computer Security

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason. Below is a list of steps you can take.

  1. Use Security Software That Updates Automatically
    The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.

    If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware.

    Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.
  2. Treat Your Personal Information Like Cash
    Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information. 
  3. Check Out Companies to Find out Who You’re Really Dealing With
    When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere. 

    Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it. 
  4. Give Personal Information Over Encrypted Websites Only
    If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).

    Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.
  5. Protect Your Passwords
    Here are a few principles for creating strong passwords and keeping them safe:
    - The longer the password, the tougher it is to crack.  Use at least 10 characters; 12 is ideal for most home users.
    - Mix letters, numbers, and special characters.  Try to be unpredictable – don’t use your name, birthdate, or common words.
    - Don’t use the same password for many accounts.  If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
    - Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.  If you get such a message, it’s probably a scam.
    - Keep your passwords in a secure place, out of plain sight.
  6. Back Up Your Files
    No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.

10 Ways to Avoid Fraud

Scam artists in the U.S. and around the world defraud millions of people each year. They use the phone, email, postal mail, and the internet to trick you into sending money or giving out personal information.

Here are 10 things you can do — or not — to stop a scam.

WHAT TO DO

  1. Know who you’re dealing with.
    Try to find a seller’s physical address (not a P.O. Box) and phone number. With internet phone services and other web-based technologies, it’s tough to tell where someone is calling from. Do an online search for the company name and website, and look for reviews. If people report negative experiences, you’ll have to decide if the offer is worth the risk. After all, a deal is good only if you get a product that actually works as promised.
  2. Know that wiring money is like sending cash.
    Con artists often insist that people wire money, especially overseas, because it’s nearly impossible to reverse the transaction or trace the money. Don’t wire money to strangers, to sellers who insist on wire transfers for payment, or to anyone who claims to be a relative or friend in an emergency and wants to keep the request a secret.
  3. Read your monthly statements.
    Scammers steal account information and then run up charges or commit crimes in your name. Dishonest merchants bill you for monthly “membership fees” and other goods or services without your authorization. If you see charges you don’t recognize or didn’t okay, contact your bank, card issuer, or other creditor immediately.
  4. After a disaster, give only to established charities.
    In the aftermath of a disaster, give to an established charity, rather than one that has sprung up overnight. Pop-up charities probably don’t have the infrastructure to get help to the affected areas or people, and they could be collecting the money to finance illegal activity. For more donating tips, visit ftc.gov/charityfraud.
  5. Talk to your doctor before you buy health products or treatments.
    Ask about research that supports a product’s claims — and possible risks or side effects. In addition, buy prescription drugs only from licensed U.S. pharmacies. Otherwise, you could end up with products that are fake, expired, or mislabeled — in short, products that could be dangerous to your health. Learn more about buying health products online.
  6. Remember there's no sure thing in investing.
    If someone contacts you with low-risk, high-return investment opportunities, stay away. When you hear pitches that insist you act now, that guarantee big profits, that promise little or no financial risk, or that demand that you send cash immediately, report them at ftc.gov.

WHAT NOT TO DO

  1. Don’t send money to someone you don’t know.
    Not to an online seller you’ve never heard of — or an online love interest who asks for money. It’s best to do business with sites you know and trust. If you buy items through an online auction, consider using a payment option that provides protection, like a credit card.

    If you think you’ve found a good deal, but you aren’t familiar with the company, check it out. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” See what comes up — on the first page of results as well as on the later pages.
    Never pay fees first for the promise of a big pay-off later — whether it’s for a loan, a job, a grant or a so-called prize.
  2. Don’t agree to deposit a check and wire money back.
    By law, banks have to make funds from deposited checks available within days, but uncovering a fake check can take weeks. You’re responsible for the checks you deposit: If a check turns out to be a fake, you’re responsible for paying back the bank. No matter how convincing the story, someone who overpays with a check is almost certainly a scam artist.
  3. Don’t reply to messages asking for personal or financial information.
    It doesn't matter whether the message comes as an email, a phone call, a text message, or an ad. Don’t click on links or call phone numbers included in the message, either. It’s called phishing. The crooks behind these messages are trying to trick you into revealing sensitive information. If you got a message like this and you are concerned about your account status, call the number on your credit or debit card — or your statement — and check on it.
  4. Don’t play a foreign lottery.
    It’s illegal to play a foreign lottery. And yet messages that tout your chances of winning a foreign lottery, or messages that claim you’ve already won, can be tempting. Inevitably, you have to pay “taxes,” “fees,” or “customs duties” to collect your prize. If you must send money to collect, you haven’t won anything. And if you send any money, you will lose it. You won’t get any money back, either, regardless of promises or guarantees.

REPORT SCAMS

If you think you may have been scammed:

  • File a complaint with the Federal Trade Commission. If you are outside the U.S., file a complaint at econsumer.gov.
  • Visit ftc.gov/idtheft, where you’ll find out how to minimize your risk of identity theft.
  • Report scams to your state Attorney General.

If you get unsolicited email offers or spam, send the messages to spam@uce.gov.

If you get what looks like lottery material from a foreign country through the postal mail, take it to your local postmaster.

Malware

Malware is short for “malicious software."  It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware

  • Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don't use adequate security software. To reduce your risk of downloading unwanted malware and spyware:
  • Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.
  • Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a spoof site designed to steal your personal information.
  • Don’t open attachments in emails unless you know who sent it and what it is. Opening attachments — even in emails that seem to be from friends or family — can install malware on your computer.
  • Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
  • Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the "medium" setting at a minimum.
  • Use a pop-up blocker and don't click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the "X" in the title bar.
  • Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers use to spread malware.
  • Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
  • Back up your data regularly. Whether it's text files or photos that are important to you, back up any data that you'd want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

  • slows down, crashes, or displays repeated error messages
  • won't shut down or restart
  • serves up a barrage of pop-ups
  • displays web pages you didn't intend to visit, or sends emails you didn't write

Other warning signs of malware include:

  • new and unexpected toolbars
  • new and unexpected icons in your shortcuts or on your desktop
  • a sudden or repeated change in your computer's internet home page
  • a laptop battery that drains more quickly than it should

Get Rid of Malware

If you suspect there is malware is on your computer, take these steps:

  • Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
  • If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
  • Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

Report Malware

If you think your computer has malware, the Federal Trade Commission wants to know. File a complaint at www.ftc.gov/complaint.

Phishing

When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.

Examples of Phishing Messages

You open an email or text, and see a message like this:

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

The senders are phishing for your information so they can use it to commit fraud.

How to Deal with Phishing Scams

  • Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
  • The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.
  • Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
  • Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." But a local area code doesn’t guarantee that the caller is local.

If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Action Steps

You can take steps to avoid a phishing attack.

Use trusted security software and set it to update automatically. In addition, use these computer security practices.

  • Don't email personal or financial information. Email is not a secure method of transmitting personal information.
  • Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.

Report Phishing Emails

Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

If you might have been tricked by a phishing email:

  • File a report with the Federal Trade Commission at www.ftc.gov/complaint.
  • Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.