The Internet has made it easier than ever to conduct business, and manage our finances with greater speed, efficiency and convenience. It also allows us to communicate with friends and family through social networking sites such as Facebook, Twitter and tumblr, and to seek-out and establish virtual communities with others from around the world. And smartphones and tablets allow you to do all that from virtually anywhere.
Unfortunately, criminals also use the Internet to try to gain access to personal information, such as passwords, personal banking and credit card details and social insurance numbers.
Banks and other businesses have sophisticated security systems in place to protect your personal and financial information and provide you with a safe online environment. Criminals know these strong protections are very difficult to overcome, so they try to get your confidential information directly from you. To avoid becoming a victim, it is important to understand what kinds of scams are out there and how you can protect your home computer, laptop, smartphone, tablet and your personal information.
What are Internet criminals after?
Fraudsters want your personal information and they use it to commit identity theft and financial fraud. Disclosure of your personal information, such as your social insurance number (or U.S. social security number) or driver’s license number, can allow a fraudster to assume your identity and use that for their financial advantage by taking out a loan or mortgage or buying expensive items in your name.
It’s a lucrative enterprise, one that is organized and inventive.
What are the threats today?
How do these criminals get at your information? There are many deceptive tactics that they try. The more common ones include:
- Trying to trick you into downloading software or apps that can monitor what you do and where you go online. This software can also steal your log-in user names, passwords and personal and financial information.
- Sending e-mail and text messages and using Internet pop-ups that seem legitimate, but take you to a phony website to try to get you to reveal your personal information.
- Contacting you by phone or leaving voice messages directing you to contact a phony call centre that attempts to trick you into divulging personal information.
- Reaching a large number of people by directing scams at users of popular websites. The scams are often designed to fit in with the theme of the website: like targeting popular social networking sites where friends and family share information.
What do these scams look like and how do I avoid them?
Scams are becoming more sophisticated, but there are ways to recognize them and to avoid the traps.
Criminals may send e-mail or text messages posing as an organization or individual that you recognize. The messages are often designed to provoke an emotional response, inciting anxiety, anger, shame or sympathy. Other messages claim you are the winner of a fantastic prize or lottery, getting you excited and interested in clicking on the link or replying to the message. They are meant to draw your attention and respond to the criminal’s call to action, such as providing personal information or clicking on an attachment or Internet link that actually conceals malicious software.
You should also be wary of e-mail, text messages or phone calls claiming to be from your financial institution or other legitimate organization asking you to provide your passwords or financial or other personal information. Your bank will never send you an e-mail or text message asking you to provide this information. Even though your bank may call you if they suspect fraudulent activity on your bank account or credit card, they will never ask you to provide your passwords or account numbers verbally or via the telephone keypad.
If you receive an e-mail, text message or phone call from your bank and you are unsure whether or not it is legitimate, hang up the phone and/or do not respond to the message. You should then contact your bank yourself using published contact information to see if there are any issues.
For more information on recognizing these scams, visit our sections on e-mail scams (phishing), phone scams (vishing) and text messaging scams (smishing).
Surf with care
Your browsing habits may unknowingly put you in danger of downloading malicious code or viruses to your computer, tablet or smartphone or make your personal information available to strangers. There are a number of simple actions and best practices you can take to counter the threats posed by online fraudsters and reduce the likelihood that your personal and financial information will be exposed to strangers:
- Protect your home computer, tablet and smartphone – make sure that you install anti-virus, anti-spyware and Internet firewall tools purchased from trusted retailers or suppliers. Keep these programs enabled and continuously updated to protect your devices against malicious software.
- Protect your passwords – ensure that you create strong and unique passwords for each Internet log-in identity and for your smartphone and tablet. Pet names, birthdates and simple number combinations (e.g., 1234) are examples of predictable passwords that can be easily ‘cracked’ by criminals. Avoid using the same log-in passwords for multiple websites and devices, especially when they access websites with sensitive personal or financial information. More information on strong passwords can be found on the CBA website or on the Get Cyber Safe website.
- Read privacy policies – before you provide personal information to any website or app provider, read the site’s privacy policies and understand how information you provide may be used and how long it will be retained.
- Be wary of downloading free apps, files, programs, software or screensavers – malicious code, like spyware (that secretly monitors what you do online) and keystroke loggers (that secretly track what you are typing) can be hidden within the downloaded file or app and used to access personal information, such as passwords and financial information.
- Familiarize yourself with your devices’ legitimate warning or security alert messages – do not click anywhere on the screen (including the "Cancel" button in the on-screen dialogue box) if you receive an unfamiliar or suspicious warning message. Instead, use Alt+F4 or Ctrl+Alt+Delete and launch Task Manager to close the window. Alternatively, restart the system and manually scan for malware with your own anti-virus product.
- Ensure that you are in a secure environment when doing financial transactions online – look for the closed-lock or unbroken-key icons on your browser when entering credit card or other sensitive data. Web addresses that start with HTTPS rather than HTTP also mean that the browser you are currently using is secure. If you don’t see these icons, or if you see the broken key or the open padlock, your transaction is not being securely transmitted across the Internet and the website may be a fraudulent one.
- Protect your Internet connection – this is especially important if you are directly connected to the Internet for an extended period of time through a cable modem or digital subscriber line (DSL). Disconnect from the Internet when you’re finished and always log out from your account after banking or making purchases online.
- Be cautious using WiFi hotspots – using free WiFi hotspots may expose you to hackers and identity theft. Tech-savvy thieves may be able to access data, activity and passwords on public WiFi connections. When making purchases or doing your banking wirelessly, make sure you are using a secure WiFi connection.
- Clear your cache – when you visit different websites, the website addresses are stored in the cache, or memory, of your computer. Make sure you clear the cache of your browser after visiting secure sites so that nobody else can view any confidential information you may have transmitted.
- Check your financial and credit card statements regularly – immediately contact your financial institution or creditor if you suspect any unusual or unauthorized activity in your account. Securely dispose of printed statements and any other documents that contain personal information (names, addresses, birthdates, account numbers, transaction histories, Social Insurance and US Social Security numbers, etc.) using a paper shredder.
Social networking sites
Popular websites and forums, like social networking sites, are fertile ground for criminals. Social networking sites promote open communication and encourage the posting and sharing of information. It can be easy to let down your guard and respond to a message requesting personal information. Here are some helpful hints:
- Be careful of what you include in your profile details. Never include phone numbers, addresses, your birth date or other personal information, as that could be used to steal your identity. Never include or post any banking information, not even the name of your bank.
- Exercise caution when adding “friends” to your network. You may not know who is behind some online account: a new “friend” could be a criminal who is out to trick you into divulging your personal or financial information.
- Check the privacy and security settings of the social networking site. Don’t just accept default settings, which generally allow more access than people want or realize. That access could include a very wide audience, where something that you post to a discussion forum could end up accessible to everyone who uses a common online search engine such as Google.
Mobile device and smartphone security
Mobile devices, smartphones and tablets are great to keep in touch for both business and personal use and allow users to be constantly connected to one another, but they also comes with challenges that you should be aware of. Here are some additional helpful tips to help keep you safe while on your mobile device:
- Only purchase apps from reputable app stores and dealers – third party applications may contain malicious software so make sure you trust the source. Also review the permissions required for installation. If the permission seems excessive for what the app is supposed to do it could be malicious.
- Lock your smartphone and tablet – make sure to set your devices to lock after a short period of inactivity and require a password, PIN or pattern to access the device again. Some phones even allow you to set your phone to wipe data with a number (set by you) of unsuccessful password attempts. If your device is lost or stolen, contact your wireless provider immediately to see if they offer a phone finder service or ask them to deactivate or remotely wipe the device. And make sure that you delete all personal data from the mobile device before discarding it.
- Maintain security features – do not remove or circumvent the security features on your smartphone or tablet. They are there to protect you and should be maintained.
- Keep Bluetooth in hidden mode – hackers can take advantage of the default always-on and always discoverable settings.
If you would like more information on how to keep your mobile device safe, visit the Get Cyber Safe Mobile Devices page for great tips.
File sharing networks
File sharing networks, often called “peer-to-peer” (P2P), are popular because they allow users to upload and download music, movies, games, documents and other computer programs across global networks. P2P file sharing software products are freely available on the Internet.
However, using these networks is considered a high-risk activity. We strongly recommend that you do not install P2P file sharing software or use P2P websites. If you do choose to participate, extreme caution must be exercised. Here are precautions and tips to keep in mind:
- Beyond the legal issues relating to copyright infringements, file sharing on peer-to-peer sites is commonly used by criminals to distribute objectionable or illegal files and viruses that are disguised to look like innocent downloads of popular songs, movies, etc. Relying on a recent version of an anti-virus program alone may not be sufficient protection.
- Do not accept a P2P program’s default settings. Doing so will leave you vulnerable to unwelcomed access to your personal information, since default settings typically grant other users broad access to personal folders, which could include access to your entire MyDocuments folder on your home computer.
- Always manually determine which folders and subfolders you will share with your network.