Quick Links
Identity Protection Education Program
Online Security
On an almost daily basis, users of the Internet are warned about the latest hacking or infectious spyware incident perpetrated by criminals who are seeking to profit illegally by obtaining your financial information and/or identity. Fight back against this crime by arming yourself with the knowledge to protect your identity and ensure your Internet security.
The good news? Identity fraud recently fell almost 30 percent according to a recent report. This reflects a continuing progressive trend and signals that the hard work of many businesses and banks working to protect data and prevent fraud is paying off. The bad news? Well, just ask the 8.1 million adults who were victims of fraud in the United States what the experience was like.
Fraud is still a major threat, one Millennial Bank takes seriously.
It is important that you take the appropriate online security steps to protect your computer from unlawful invasions.
There are several manufacturers of firewall and anti-virus software; we encourage you to research what works best for you. In addition, some valuable consumer sites where you can learn more about the benefits of protecting yourself online include www.cnet.com and www.consumerreports.org.
It is equally as important to exercise extreme caution when accessing your internet banking account while at a Wi-Fi hotspot (ex. a hotel, coffee shop, restaurant) on your mobile devices. These networks are often unprotected and are a high security risk.
Remember, it is always best to be on the defense when it comes to protecting your financial security.
Cookies
Cookies are totally invisible to users. Cookies track your browsing habits and personal data and will surely multiply with each passing day. They're used by advertising networks, marketers, and other data profiteers to learn more about who you are—and what you may be interested in buying. Unless legislation imposes legal restraints on Web-browser tracking, your system is likely to accumulate more cookies than you’d find in five gallons of animal crackers.
Marketers say that they keep user data private by viewing it only in aggregate, but the sheer volume of data a cookie can collect about any one person can enable the cookie’s owner to infer a surprising amount about the individuals being tracked.
While cookies appear to be going viral, help may be on the way. In 2012, the Obama Administration proposed a Privacy Bill of Rights that would include Do Not Track legislation, so that consumers could choose whether and when to be tracked. Do-not-track mechanisms are being built into major Web browsers, such as Mozilla’s Firefox.
The Do Not Track concept still has no legal support, however. Marketers, many of whom claim that tracking data is essential to their business, remain free to ignore Do Not Track efforts—or build ways around them.
Ransomware
Harmful software such as CryptoLocker and CryptoWall prey on the uneducated or careless user. Their invisible installation into your system could come from an innocent, legitimate-looking email with an attachment. Oftenthe attachment looks like a harmless .PDF file that you are enticed to view.
For example, 'download this special discount printable coupon for 80% off an iPhone' should immediately raiseyour suspicions.
Once opened, the software silently installs and encrypts your data. The data can be on a local drive or anyshare to which you are mapped. Once encrypted, the culprit advises you this has been done and the ONLY way to recover your encrypted data is to pay the ransom. After payment, you are sent the tool to decrypt your data.
The way to guard against this is safe practice for ANY email. Make sure you know the origin of the email and be sure you are on a specific web site if you intend to download anything from it. If the email comes from American Express and you do not have a history of email with them whereby you can legitimately identify the source, do not open any attachments. Keep reliable backups of your data and if you back up your data to a USB drive, disconnect the drive when not in use. Keep your machine up to date with the latest patches for your operating system.
If you have a good backup regimen and keep it separate from your active system, you can format your hard drive (a few times), re-install the operating system (e.g., Windows 7 or Windows 8), and restore your data. You might have to re-do your configuration and shortcuts but it is a lot less expensive than the ransom you would pay.
Phishing
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Vishing
Phishing emails are not the only way people use to try to fool you into giving up personal information in an effort to steal your identity or commit fraud. The phone is also used to solicit your personal information. This telephone version of phishing is sometimes called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that can be used to access and use your existing financial accounts, and to open new lines of credit.
If you receive an email or phone call asking you to call, be sure of the source. Look up the company or organization’s customer service number and call that number rather than the number you see in the email or hear in the phone call.
Forward email to the customer service or security email address of the organization, asking whether the email is legitimate.
Smishing
Similar to phishing and vishing, smishing uses text messages to accomplish the same end. The text may contain a website link or phone number. The phone number often has an automated voice response system. Again, the smishing message usually asks for your immediate attention.
The smishing message may come from an odd number instead of displaying an actual phone number. It can indicate the SMS message was sent by email to the cell phone, and not sent from another phone.
Do not respond to smishing messages.
Baiting
This scheme might appear as a huge benefit to you because you were not supposed to be the recipient of some fantastic deal or opportunity. An email arrives that gives you something that was not meant for you specifically, but somehow you were included in a deal to beat all deals. If you take the bait (a download, a call to a specified number with a secret code, or something similar), you will undoubtedly find yourself the victim of a virus or pretexting.
Pretexting
Pretexting is the act of creating and using an invented scenario, the pretext, to entice a targeted victim in a way to increase the chance they will give up information or do something they wouldn't under ordinary circumstances. This elaborate lie will often involve some prior research, for example previous innocent sounding calls, in which each provides a bit more non-confidential information. The information is used to set up an impersonation to gain confidential information.
For example, the pretexter makes a call to a main number at a company. They request the name of a person in charge of some department. They then make another call and specifically request that person and they request of that person the individual whom they may contact to discuss a product or service. Several calls might result in their learning something of the structure of the organization of the company. They may then call a likely customer of the company and be able to speak more authoritatively as someone of note in the company.
This technique can be used to fool a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, perhaps to make account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.
Pharming
Pharming is a hacker's attack intended to redirect a website's traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.
The term "pharming" is a neologism based on the words "farming" and "phishing". Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.
Cloud Data
If you use Google, Apple, Microsoft, or any other cloud product it is probably for the convenience and economy of saving your data and making it available to you anywhere. Whether you use a Web-based email service, keep files in Google Drive, or upload photos to Shutterfly, everything you write, upload, or post gets stored in a server that belongs to the online service, not to you.
Because of outdated rules this cloud-based data is vulnerable to a huge privacy loophole. One concern about using the cloud is that your data probably does not have the same Fourth Amendment protections that it would have if it were on paper in your possession.
Data stored on a server for more than 180 days is considered abandoned. This is from a time when servers weren't expected to store data very long before moving it off to a local computer. The language in the law’s definition of such data is vague enough to cover not just email messages but (potentially) other kinds of data stored on servers. Now that so much data resides on servers owned by cloud-based services, and so many people keep content in the cloud for years, a lot of long-stored files that people haven’t abandoned could be fair game for law enforcement.
And for whatever reason, law enforcement is extremely interested in having the ability to access your data.
The only protection for this data is to understand that anything you put in the cloud can be accessed by someone else. If you don't want your data accessed, don’t put it in the cloud.
Location Data
Location data makes it difficult for you to be anywhere at anytime around the world without someone knowing exactly where you are at any given time. Your cell phone is the primary source of location data, but information you post to social networking sites are revealing. Pinpointing your whereabouts will get easier still as other location-beaming devices come online, from smarter cars to smarter watches to Google Glass.
For someone to be able to track where you go and what is at the destination, that’s a lot of information about you.
With this data, advertisers might send you promotions for nearby businesses, wherever you are. The result could be a nice surprise—or not. You might not be pleased if law enforcement officials, your employer, or your ex-spouse’s private detective used location data to keep tabs on you. An employer-owned device lets your employer track you on and off the job. There might be consequences and profile data are based on your geolocation, based on the course of your time in or out of work, where you are, and how late you are. There may not be much you can do about your employer.
Like cloud-based data, legal requirements for obtaining location data from a mobile service provider are not set at a high bar. It is fairly easy for the government to get access to the location data, and very hard for users to prevent that data from being gathered.
Facial Recognition
It's here. Posting and tagging photos online may be part of your regular day with a social site like Facebook. Behind the scenes it helps build a facial recognition database that makes escaping notice difficult for anyone. The largest facial recognition database in the world is Facebook. Over 300 million photos are uploaded to Facebook every day. Facebook uses the tags associated with those photos to build faceprints of you and all of your tagged friends.
Facebook uses this data to help you find other people you know on Facebook. Facebook also sells user data to third parties and photo data may be included. There goes the safety of the data. Facebook says they protect the data, but in the hands of a third party it becomes a bit uncertain.
A similar case exists for online photo sites.
What's the harm? Nothing if you don't mind anyone knowing just about everything you do and who your acquaintances and friends are.
In the Name of Cybersecurity
Your online activity can be scanned for signs of cybercrime, even if you are not a hacker, terrorist, murderer, drug dealer, or other criminal. The federal government has made cybersecurity a high priority, as concerns grow over the vulnerability of the nation’s infrastructure and citizens to attack.
Data is supposed to be scanned only in aggregate (not individuals) but the methodology used in choosing and storing the data raises privacy issues. The aggregate data is supposed to be helpful in establishing protections, but there is no particular reason to believe the companies doing the scanning are abiding by this principle.
Anti-Virus Software
Viruses are simply programs or a piece of code that is downloaded to your computer without your knowledge. Viruses can and normally do replicate themselves and may quickly use up your computer's available memory and bring your operating system to a standstill. Most of these types of viruses are disguised as email attachments. When the attachment is opened the virus attaches itself to your system – many times without your knowledge.
As a result, anti-virus software programs have been created to help protect your system from these unwanted attacks. Your protection against these virus attacks is dependent on maintaining your updates and using precaution when opening email attachments. Should you receive a suspicious email, it is best to delete the email immediately and run a virus check.
Firewalls
Firewalls are the first line of defense in protecting your private information. They are used to prevent unauthorized Internet users from accessing your private computer while it is connected to the Internet. If you have a broadband connection such as cable modem or DSL, it is especially important to maintain a firewall.
The firewall can be set up to filter all traffic entering or leaving through the firewall. By examining each of the messages it can block transactions that do not meet your predetermined security criteria.
There are several manufacturers of firewall software; we encourage you to research what works best for you.
Combating Spyware
The term "spyware" is a generic term for advertising software (also referred to as "adware"). It enables advertising firms to install a tracking program on your computer. In most cases, these are legitimate firms who simply want to track user behavior and promote products.
While in some cases this may be just a nuisance, there are also malicious hackers who have created spyware programs for the purpose of collecting sensitive data from your system as well as installing additional software. Your computer is vulnerable and – more importantly – your privacy is at risk when spyware is used by criminals.
You can combat spyware programs with software designed to find and delete the programs from your computer. In addition, these sorts of programs can protect you from downloading spyware in the future. We recommend you research what is best for you. You can find more information at these sites: Microsoft Security, Spyware Doctor and www.getnetwise.org.
System Updates
Keep your computer "healthy" by properly maintaining your system. Computer manufacturers offer auto-updates or reminders that notify you when a new update or upgrade is available for download. Many times these updates are created to help protect your system from possible security flaws.
By regularly maintaining your operating system, Web browser and software programs, your computer will be at less risk for an attack.
Credit Bureau Reporting
When was the last time you reviewed your credit report? There are three major credit bureau reporting agencies and – depending on where you apply for credit – the credit-issuing company may review reports from one or all of these to determine your credit rating. For a minimal fee, you can request and obtain a copy of your credit report.
Equifax: 1-800-685-1111 or www.equifax.com
Experian: 1-888-397-3742 or www.experian.com
TransUnion: 1-800-916-8800 or www.transunion.com
We recommend you customarily review your reports to review for errors and for credit that may have been obtained through illegally using your identity. Upon obtaining your report, review it carefully and immediately notify the reporting agency of any errors. Each of the agencies provides information on how to correct any errors you may find.