Cyber criminals are constantly looking for nefarious ways to steal your data and commit fraud. It takes a concerted effort by both consumers and service providers to ensure a safe environment for online activity and transactions.
Being Proactive and Staying Vigilant is Key to Online Safety
Since fraudulent attacks are becoming quite sophisticated, it’s important to understand the three most commonly used methods by attackers: smishing, vishing and phishing.
Smishing – is where an attacker sends a text message to a mobile phone, prompting the recipient to click a link or call a telephone number for more information. If the link is clicked, the user downloads malicious software to their phone.
Vishing – takes place when an attacker uses the telephone to gain access to sensitive information (credit card numbers, employee IDs, etc.) from the public for financial gain. The criminal usually poses as someone they are not, such as another employee or technical support person.
Phishing – comes in the form of a fraudulent email that encourages recipients to click on a link and provide personal data, such as bank information, social security numbers, account numbers, passwords, etc. Often the subject lines are designed to entice the receiver with an interesting headline, timely topic or an “urgent” request.
Cyber criminals continue to evolve new attack methods. Be alert for two emerging tactics used to target unsuspecting victims: quishing and cryptocurrency investment fraud.
Quishing – is a fraud scheme where a cyber criminal creates a fake QR code that is used to redirect victims into visiting a malicious website that prompts them to enter their personal or financial information. QR codes are the latest method cyber criminals are exploiting to trick the recipient into believing they are entering their private information into a legitimate website, when in fact, they are providing their information to the cyber criminal.
Quishing is an appealing scam to cyber criminals because it is easier to generate and distribute a fake QR code rather than to set up a widespread targeted phishing scam. Unlike a phishing scam, most people can't easily differentiate a genuine QR code from a malicious one.
Cryptocurrency investment fraud – a long-term scam with devastating losses.
In cryptocurrency investment fraud, or “pig butchering,” cyber criminals convince victims to invest large sums of money via fake cryptocurrency exchange websites, only to steal the funds from their victims.
Although “pig butchering” may sound off-putting, it's the FBI's official name for cryptocurrency investment fraud. Due to the nature of the scheme — getting victims to invest increasingly large amounts on fake trading platforms before taking off with the money — the scam is likened to the practice of farmers fattening hogs before slaughter.
Where you have the option, enable multi-factor authentication. This adds another layer of security besides just using your password. It may be a one- time use code sent to your phone, fingerprint or facial recognition, or a security question that must be answered. For example, PNC Bank users who log into their online banking from a different computer than usual will automatically be asked a security question. Make sure that your security questions do not have answers that can be easily found online.
Don’t use the same password for all your online accounts. If your password is stolen for one account, it puts all the others at risk, as well. Passwords for your most sensitive information, such as your PNC Bank online account, should be unique to each account.
Instead of a password, consider using a passphrase. Passphrases are longer than passwords and with its added length, it can help increase the complexity making it more difficult to crack.
Learn to Identify Fraudulent Emails, Texts or QR Codes from Phishing, Smishing, Vishing and Quishing
Often the easiest way for a cyber criminal to steal your information is to trick you into sharing it with them.
Huge volumes of fraudulent emails, text messages and phone calls are sent daily in the hope that at least a few of them will reach a cooperative, unsuspecting target. These fraudulent communications will often look official and will appear to have come from a trusted source. However, there are warning signs to watch out for that can indicate if a message is a scam.
Do you know the person who sent you the message? The source of an email or text message can easily be forged, making it seem that a request is coming from someone you know and trust. If something seems off or if the sender is asking for money or personal information, contact them directly (and through a different channel than the original message) to confirm the message came from them.
Does the message create a sense of urgency? Criminals will often try to rush you into making an unwise decision. An example of such a message may read, “confirm your login details in the next 24 hours using the link below or your account will be suspended.” Always take the time necessary to think through your response to a message and confirm the legitimacy of such a request through an official channel.
Does the offer seem too good to be true? If it does, it probably is. Treat any messages announcing you’ve won money, a prize or the opportunity to purchase an item at a significant discount as suspicious.
Does the message ask you to click on a link or open an attachment? Be particularly wary of emails from people or organizations you don’t know urging you to click on a link or open an attachment. Doing so can lead to malware being installed on your device. Proceed with caution.
Does the message ask you to scan a QR code?
As QR codes become more common in daily transactions, utilize these tips when scanning a code:
- When scanning a physical QR code, check to determine that it has not been tampered with, such as a sticker has not been placed on top of the original code.
- Check the URL to make sure the code is sending you to the intended site and that the site looks authentic. Look for typos or misplaced letters in the URL.
- Exercise caution when entering your personal or financial information on a site accessed via a QR code. Avoid making payments through a site provided by a QR code; manually enter a secure URL to complete a payment.
- Do not download an app from a QR code. Instead, search for the app via your device's app store. Additionally, do not download a QR scanner app, as most smartphones are able to scan QR codes via the camera function.
- If you receive a QR code from someone you know, reach out to them through a known number or address to verify that they sent you the code.
Did you received a telephone call asking you for personal and/or financial account information? It’s prudent to remain aware and vigilant. If you receive a call and it just doesn’t feel right, trust your instincts. Hang up and call the customer service line direct from their official company website. Call this known number to confirm the caller’s identity, purpose and/or other credentials.
Taking Action and Staying Vigilant Can Keep You Safe Online
The first step in protecting yourself online is to recognize threats and that you are a potential target. The next step is to follow through on the tips and guidelines in this article. Set up your defenses, then continue to monitor for new dangers and potential security breaches. Finally, be prepared to act if you think your data has been compromised.