
As technology has advanced, online scams have become more common and harder to detect. Online scams come in all shapes and sizes: spoofed emails with unsecure links, fraudulent instant messages on social media, illegitimate transactions on sites like eBay, and more. Below, we’ll offer some advice on what personal information you should and should not store online, as well as how to detect, avoid, and report potential financial scams online.
What Information Should You Withhold Online?
You should protect your personal information online the same way you protect it in real life – carefully. Since you wouldn’t offer your account information to just anyone on the street asking for it, be sure not to offer it up so easily online. The best way to keep your information private is to refrain from entering it anywhere online or sending it to anyone unless it is absolutely necessary. Avoid sending photos or text messages with sensitive information like your card numbers, PIN, Social Security number, or passwords, as we are all vulnerable to online hacks via Wi-Fi, the Cloud, and other online databases used to store this information. Other information that you may not want to publicly post online is your birthday, your mother’s maiden name, your first pet’s name, or any other personal information that could be used as an answer to a security question to verify your identity.
Although they’re convenient, try to avoid using auto-fill settings, especially if you’re using a shared computer. While it may feel tedious to manually type in your information each time you make an online purchase, it’s the safer option, because a hacker can access anything that’s stored on your computer. When making an online purchase, you should also try to use a credit card (if you have one) rather than your debit card in case your information ends up in the wrong hands. This way, you can prevent your hard-earned savings from being stolen.
How to Protect Your Financial Identity from Online Scams
- Only use secure sites
Before making any online purchase or entering your financial information online, be sure that you are using a secure site. You can tell if a site is secure if it starts with “https” instead of “http” – the “s” stands for “secure.”
- Never tell anyone your protective PIN
Your PIN is designed to protect others from accessing your account information, so be sure to keep it to yourself. You should try to memorize your PIN rather than writing it down on paper so that no one but you can access it.
- Use strong passwords
Make sure the passwords for your phone, computer, and tablet are strong enough that a hacker can’t guess what they are. While newer password requirements – character counts, capital letters, numbers, and special characters – can seem annoying or too difficult to remember, they are there to protect you! Try to use a different, unique password for each account so that a scammer cannot access more than one account if they do obtain your password. If you have trouble remembering your passwords and have to write them on separate sticky notes, be sure to lock them in a drawer or filing cabinet along with your other sensitive documents so that no one can stumble upon them and use them to access your accounts.
- Choose your hotspots carefully
You should be very careful which Wi-Fi network you’re joining when you’re in public – you never know who else is on the network. Hackers can actually create a new Wi-Fi network named after the building you’re in just by using their phone’s hotspot. So, you could think you’re joining the coffee shop’s Wi-Fi network, but you’re actually using the spoofed network of the hacker sitting in the corner who now has access to your internet activity and communications.
- Always monitor everything
Be sure to keep an eye on your wallet at all times and routinely check that you haven’t misplaced any of your cards, so that you aren’t blindsided by fraudulent spending. The same goes for all of your accounts, especially those with saved financial information. Try to routinely comb through all charges on your bank’s website to make sure you aren’t being charged without your knowledge or approval.
- Protect your paper documents
To protect you and your financial identity, you should keep any financial account statements, medical records, receipts, tax filings, or other printed documents that contain sensitive information in a secure location – like a locked filing cabinet – in your home. Once these printed documents are outdated or you no longer need them, the safest way to discard them is by shredding them. You should also shred your mail rather than throwing it in the trash can, as it contains your name and address, making you vulnerable to anyone who might come across it. For our members’ convenience, PFCU offers a free Paper Shredding Day event at our Operations Center.
- Sign up for mobile alerts from your bank or credit union
These free mobile alerts can warn you of suspicious account activity, so you can contact your bank or credit union as soon as possible to avoid further financial damage. To be safe, don’t reply to the text message in case it’s a spoofed message of some kind. Instead, you should call the number on the back of your card to verify whether the activity was actually fraudulent or just a misunderstanding that can be cleared up.
If you believe that your identity has been stolen or that your personal data has been breached, report it to IdentityTheft.gov and begin to develop a recovery plan to make sure that you and your identity are safe and secure.
How to Avoid Scams
When receiving an email that requests personal information of any kind, you should verify the email address. If you hover your cursor over the sender’s email address and don’t recognize the full email address, do not follow any links or offer any sensitive information – especially your account login information.
Fraudulent links can take you to spoofed webpages that look almost identical to the authentic site. Once a scammer has access to your login information, they can use it to access your other accounts and any private information stored within the account. Similar to determining if a sender’s address is legitimate, hover your cursor over the link to see its true destination rather than the text the sender chose to display. If you do want to login to your account to try to verify the email’s legitimacy, manually type the organization’s authentic URL directly into your internet browser and log in to their official page before entering any other sensitive information.
When shopping or selling items online, you should never leave the host website to finalize the sale, because most sites will not claim responsibility for transactions on third-party sites. Similarly, you should only converse with the buyer/seller on the host website so that the site has access to all contact between both parties should you need the site to intervene. You should also keep digital and printed records of every transaction or communication with an online seller or buyer in case of a discrepancy or in case your account does get hacked.
One of the most vulnerable financial scams online is one that involves your bank or credit union account. You should inquire with your bank or credit union to learn what information they will ask you for so that odd requests in spoofed emails will stick out to you. For example, PFCU will not ask for your card’s PIN or your online banking password, so an email asking for this info is most likely a spoof. If any request seems odd, you can always call the number on the back of your card to verify the legitimacy of the request.
How to Report a Scam
If you do come across a scam, you should report it to prevent others from being targeted by the same scammer. One way you can report a scam is through the official website of the organization being impersonated. Some sites will have a specific email address to which you can report the scam; for example, with PayPal, you can report any suspected fraudulent email to spoof@paypal.com. You can also report suspected fraud to your credit union or bank. If you are a PFCU member, you can contact our Loss Prevention Department directly at 215-934-3504.
You should also alert the appropriate authorities of any suspected scams. USA.gov suggests you first file a report with your local police department and contact your state consumer protection office. If you’re submitting a claim of online fraud (phishing emails, fake sender info, fake messages, spoofed websites, etc.), you can do this through the Internet Crime Complaint Center (IC3). For more information on reporting fraud, visit USA.gov.
It can be difficult to recognize online scams as they have advanced over the years, but with the help of PFCU’s Security Resources, you can keep your sensitive information private.
Erin Ellis
Accredited Financial Counselor ®
Philadelphia Federal Credit Union
eellis@PFCU.COM