6 Basic Tips To Help Keep You Safe from Phishing Scams

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information."

Have you received an email with a similar message? It's a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims. 

Phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. 

TIP #1: If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site. 

TIP #2: Area codes can mislead. Some scammers send an email appearing to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice Over Internet Protocol (VOIP) technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information. 

TIP #3: Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for antivirus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.

TIP #4: Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons. 

TIP #5: Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

Tip #6: Forward spam that is phishing for information to Police and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems. If you believe you’ve been scammed, file your complaint at Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. 

How to Protect Yourself from Online Fraud and Identity Theft

Phishing attacks cast a net wide with generic offers and promises in the hope of luring you into providing personal information before you realize there's a problem. Spear phishing are targeted attacks to try and get additional information from individuals who may be at risk because their account at another organization may have been hacked, their employer suffered a data breach, or some other information is already available about them. In both cases, the most beneficial skill you can learn is a healthy sense of internet skepticism.

As always, give out the minimum amount of information when required and nothing more when asked by companies or businesses that present you with forms to fill out, and never give out information—even if the requester is legit—unless you understand why they need the information and what they'll do with it. Any reputable organization will be able to answer your questions. Trust your instincts, and remember that if it sounds too good to be true, it probably is.

1. Beware Suspicious Emails and Attachments

It should be common knowledge at this stage, but you should never open attachments from untrusted sources, and even if you get one from a trusted source, you should pay attention to the file extension of the attachment before downloading and opening it. If you get an official-looking email from your bank, credit union, or another company you do business with telling you to log in and review your account, be careful. Even if it's legit, it's always safer to visit the business' web site by typing in the URL instead of clicking the link in the email.

Most companies will never email you to say you need to "verify your account information" and beg you to click a link in the message. If your email client supports it, you can hover your mouse over the link in the suspicious email to see where it really leads. Odds are it's not actually your bank's web site. Don't click, and visit your bank's web site manually or call them instead. Remember email addresses can be very easily spoofed, so even if you get a note from a name or business you trust, it could be spoofed and the URL could lead you to an unexpected location.

2. Keep Your Anti-Malware Software Up-To-Date

Even though viruses and trojans don't make headlines as often as they used to doesn't mean you can get away without some anti-malware software installed on your system. Once installed, it's equally important to keep it up to date. Out of date antivirus and anti-malware suites are effectively useless. Besides, with options like Microsoft Security Essentials for Windows and ClamXAV for Mac out there that are free, light on system resources, and both scan and update in the background without your help, there's no reason not to have something installed. If your school, office, or ISP offers an anti-malware package to you for free, make use of it.

3. Use HTTPS Everywhere (Or At Least Everywhere You Can)

While it's not foolproof, making sure you're connected to as many of your favorite sites over SSL is the best way to make sure you're actually talking to the site you think you're talking to, and to make sure your communications with that site are encrypted. You can use the previously mentioned HTTPS Everywhere extension for Firefox to force hundreds of sites to HTTPS, enable HTTPS on Facebook, do the same at Twitter, and check to make sure to look for the lock or the green box next to the URL in your browser's address bar to make sure the version of the site you're on is secure. If it's not, try the site address with https:// in front of it to see if it works.

4. Use Strong, Secure Passwords, and Different Ones On Different Sites

Good password management is a topic we've covered several times but if you're still using the same password on multiple sites or you're still using a dictionary word or your dog's name as your password, there's no time like now to make the change to a strong password that uses letters, numbers, caps, and special characters if possible. Still, even though you have a good strong password it's worthless if you use it on multiple sites and one of them is compromised. Use a service like Keepass, LastPass or another similar password manager to create, keep, and manage multiple strong passwords for all of the sites and services you use on the internet.

5. Be Skeptical, Be Informed, and Be Careful

That sense of internet skepticism we mentioned earlier will serve you well in many regards. It may be more inconvenient to pick up the phone and call a business that just emailed you asking for your credit card number to process a payment than it is to just reply and email it to them, but speaking as someone who used to work in corporate IT, we paid close attention when our network monitors noticed outbound emails with credit card numbers in them. Don't do it—if we could see it, others can as well. When someone asks you for something that just doesn't seem right, set it aside until you can clear up why they need the information.

If you get an message promising something—anything from a multi-million dollar cut from a foreign prince's international investments to a discount code to your favorite online retailer just for filling out a survey—learn to second-guess the offers and promotions you see on the internet and double-check their sources. Often a quick Google search for the sender or the general gist of the message with the word "scam" at the end will reveal what's really going on.

Top 7 email fraud prevention tips for a Cyber Safe Business

Online fraudsters are increasingly targeting small-and medium-sized businesses in India. Their objective may be to access classified business data (yours or your customers'), obtain banking information, commit identity theft, or even stalk employees.

Common tactics include:

• Spam - Email sent without permission of the sender.
• Phishing - Spam that pretends to be from a company, financial institution or government agency.
• Trojan horse - A malicious program hiding within an attractive offer.

Fortunately, there are simple Cyber Safe Business anti-fraud practices that anyone can use:

1. Be suspicious of any phone calls, visits, or emails from strangers asking about employees, their families and sensitive business matters.
2. Always be cautious of emails that: Make offers that sound too good to be true. Request that you click on a link in the message. Ask for your personal information.
3. Always report any suspicious activity to your IT professional.
4. If a suspicious email appears to be from a recognized organization or client, contact them directly (not as a reply) to ask if they sent the email.
5. If your business may have lost or revealed sensitive information, take immediate security action, such as contacting your bank.
6. Report the incident to the police 
7. When in doubt, ask your IT professional or colleague for help.

If you or anybody in your business receives a suspicious email, don't reply or click on any links or attachments in the email. The best thing you can do is delete the email from your inbox. Never forward a suspicious email.

8 tips for safer online banking

Online banking is nice and convenient. But it does come with certain risks. Just as you hear of people being robbed at ATMs, or having their cards cloned, so online accounts are also a point of vulnerability.

Follow these 8 tips and you can minimise the risks to your finances and bank safely online:

1. Choose an account with two factor authentication

Try to get a bank account that offers some form of two factor authentication for online banking.

These days many, but not all, banks offer a small device that can be used to generate a unique code each time you log in. This code is only valid for a very short period of time and is required in addition to your login credentials in order to gain access to your online account.

2. Create a strong password

If your bank requires a user-generated password in order to access online accounts make sure you choose one that is strong. The best way to achieve this is by making it long and a mix of upper and lower case letters, numbers, and special characters.

Always avoid using any common words or phrases and never create a password that contain your name, initials, or your date of birth. If your bank allows it, change your password every few months.

When setting up online banking, if your bank asks you to provide answers to some standard security questions remember that the answer you give doesn’t have to be the real one.

So you don’t have to answer “Thumper” to the name of your first pet – make it something else, as if it was a password. Use a password manager if you are concerned about how to remember everything!

3. Secure your computer and keep it up-to-date

Security software is essential these days, regardless of what you use your computer for.

As a minimum, make sure you have a firewall turned on and are running antivirus software. This will ensure you are protected from Trojans, keyloggers and other forms of malware that could be used to gain access to your financial data.

You’ll also want to keep your operating system and other software up-to-date to ensure that there are no security holes present.

4. Avoid clicking through emails

No financial institution worth their salt will send you an email asking you to provide any of your login details.

If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may well be a phishing attempt to trick you into handing your credentials over.

Phishing. Image courtesy of Shutterstock.Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to ‘your account’ they will steal your username and password and, ultimately, your cash.

It is always safer to access your online bank account by typing the address into your browser directly.

Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PINs (they may ask for certain letters or numbers from them, but never the whole thing).

If in doubt, do not be afraid to hang up and then call your bank back via a telephone number that you have independently confirmed as being valid.

5. Access your accounts from a secure location

It’s always best practice to connect to your bank using computers and networks you know and trust.

But if you need to access your bank online from remote locations you might want to set up a VPN (Virtual Private Network) so that you can establish an encrypted connection to your home or work network and access your bank from there.

Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with ‘https’. Both act as confirmation that you are accessing your account over an encrypted connection.

6. Always log out when you are done

It is good practice to always log out of your online banking session when you have finished your business. This will lessen the chances of falling prey to session hijacking and cross-site scripting exploits.

You may also want to set up the extra precaution of private browsing on your computer or smart phone, and set your browser to clear its cache at the end of each session.

7. Set up account notifications (if available)

Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent.

Such alerts could give quick notice of suspicious activity on your account.

8. Monitor your accounts regularly

Gold coins. Image courtesy of Shutterstock.It should go without saying that monitoring the your bank statement each month is good practice as any unauthorised transactions will be sure to appear there.

But why wait a whole month to discover a discrepancy? With online banking you have access 24/7 so take advantage of that and check your account on a regular basis. Look at every transaction since you last logged in and, if you spot any anomalies, contact your bank immediately.

The above tips should go a long way to ensuring that you enjoy the advantages offered by online banking without experiencing any of the pitfalls.

If you have any more advice to add to this, please do so in the comments below.

Safe banking to you all!

12 WAYS TO PROTECT YOURSELF FROM CYBER CRIME

In a staggering credit card fraud, Bank of Muscat lost $40 million in less than 24 hours last week. This was made possible after hackers breached a heavily secured system of credit card companies in Pune and Bangalore.

Thanks to the sharing culture on social media, it has become as easy to be fall prey to a cyber crime as it is to press the ‘like’ button on Facebook. Phishing emails purportedly from friends, or even from your bank seduce you into clicking on infected links or attachments containing malware, which have the effect of compromising online banking transactions.

While much of the below are technical solutions to prevent you being hacked and scammed, hacking done well is really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of our trust, greed or altruistic impulses. Here is a list of Dos and Don’ts that will protect your online accounts from hackers

Use anti-virus software

Your net-savvy friend may tell you that he doesn’t have anti-virus on his computer because it slows things down. But look at it this way, one wrong click and he may have to make the entire college project from scratch.

If in doubt, block

Just say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you don't know. It's the cyber equivalent of inviting home the guy with an eye-patch who stares at you at the bus stop.

More than one e-mail accounts

A hacker who has cracked your main email password has the keys to your [virtual] kingdom. Passwords from the other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a treasure trove of personal data: from banking to passport details, including your date of birth. A separate account for your bank and other financial accounts, another for shopping and one for social networks is a good idea. If one account is hacked, you won't find everything compromised.

Ignore pop-ups

Pop-ups can contain malicious software which can trick a user into verifying something. "[But if and when you do], a download will be performed in the background, which will install malware. This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on ecommerce sites, as they are sometimes where the malcode is.

Macs are as vulnerable as PCs

Make no mistake, your shiny new Mac-Book Air can be attacked too. It's true that Macs used to be less of a target, simply because criminals used to go after the largest number of users – hat is Windows – but this is changing. Determined attackers are able to find new ways to exploit users on almost any platform.

Two-step verification

If your email or cloud service offers it – Gmail, Dropbox, Apple and Facebook do – take the trouble to set this up. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. So a hacker might crack your password, but without the unique and temporary verification code should not be able to access your account. Keying in a password or code 40-plus times a day might seem like a hassle but it is your first line of defence.

Only shop online on secure sites

Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your browser. Additionally, the beginning of the online retailer's internet address will change from "http" to "https" to indicate a connection is secure. Be wary of sites that change back to http once you've logged on.

Didn’t expect, don’t click

The golden rule: Hackers infect PCs with malware by luring users to click on a link or open an attachment. Social media has helped criminals profile individuals. They can see what you're interested in or what you [post] about and send you crafted messages, inviting you to click on something. Don't.

Different site, different passwords

Keeping a common password for all online accounts is a lot like having the same key for all locks. Only difference being that it is a lot easier to get hold of the online key. Also never reuse your main email password. But most online users own accounts in over a dozen sites. So either try and use clever variations or start doing some really heavy memory-enhancement exercise.

Lock down your FB account 

Keeping a common password for all online accounts is a lot like having the same key for all locks. Only difference being that it is a lot easier to get hold of the online key. Also never reuse your main email password. But most online users own accounts in over a dozen sites. So either try and use clever variations or start doing some really heavy memory-enhancement exercise.

Don't store your card details on websites

Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security breaches (where credit card details are stolen en masse) aren't common, but why take the risk? The extra 90 seconds it takes to key in your details each time is a small price to pay.

8 tips to use internet banking safely

The recent financial breach in the Indian banking system which led to details of over 3.2 million debit cards being compromised, has put a question mark over the security of 'convenient' electronic transactions. Technology has made banking very easy: Many banking functions are now available to you 24X7 and at your finger tips via the mobile. But the flip side of the coin has now shown up. With all the advantages that the world of internet banking offers, there are certain risks involved, which remain huge concerns for the users. 

1. Always use genuine anti-virus software

To protect your computer from phishing, malware, and other security threats always use genuine anti-virus software. Anti-virus helps in detecting and removing spyware that can steal your sensitive information.

2. Avoid Using Public Wi-Fi or Use VPN software

The biggest threat of an open Wi-Fi network is that the hacker can sit in between the end user and the hotspot and can trace all the data without any difficulty. Hackers see unsecured connection as an opportunity to introduce malware into your device. So, usage of public Wi-Fi hotspots for internet or mobile banking and making payments on ecommerce sites should be avoided.

However if you are a regular public Wi-Fi user, consider setting up a VPN software on your computer. It creates a secure tunnel between the computer and the internet and prevents hackers from intercepting the traffic. 

3. Check for latest updates of your Smartphone's operating system

Smartphone users should make sure their operating system is updated with the latest security patches and updates. They should also not remove the security controls from the phone often called 'jail breaking' or 'rooting'. They should always look to restrict access that apps ask for when being installed to only what the app really needs.

4. Change your password regularly and ensure it's a strong one

This might sound clichéd but, it is important to keep your account safe and helps you maintain confidentiality. And needless to say, don't share your details with anyone. Your bank will never ask for your confidential information via phone or email. If you have written your banking passwords in a notepad or a dairy, make sure it remains confidential.

Further, be sure to choose strong and long passwords. For additional security to financial transactions through Internet Banking, create and maintain different passwords for log-in and for transactions. 

5. Subscribe for mobile notifications

If you haven't done it already, do it now. These notifications will alert you quickly of any suspicious transaction. Whether the transaction exceeds the specified limit or is within it, you'll get an alert which will tell you the remaining account balance. Not just the transactions, the bank will alert you of the unsuccessful login attempts to your net-banking account. 

6. Avoid signing-in to your net-banking account via mailers

It is always safer to type the bank URL yourself than getting redirected to it via a promotional mail or any other third party website. As mentioned earlier a bank will never ask you to for the login credentials to your account. So if there's a fraudulent email which offers to redirect you to your bank's website and you enter your personal details on landing page after clicking it, there's a huge risk of your login credentials being stolen. Hence, if you receive an email from a bank asking for login details, treat it with suspicion.