What are the best ways to protect yourself from financial fraud?

Every day, hackers find new ways to try to access your personal data. From phishing to vishing to credit card fraud, you can expect scams at any moment. How can you protect yourself?

Rod Sayegh, Managing Director, Head of Digital Strategy and Programs, recently discussed cybersecurity with Chief Security Officer Dave Cook and Deputy Chief Security Officer Michelle Naylor. Here they answer key questions about what you can do to protect yourself and your confidential information.

What are some simple, overlooked steps people can take to protect their data online?

Michelle: One thing most people don’t realize is that they need to be careful when using public Wi-Fi. Better yet, avoid using it if possible. If you need to access public Wi-Fi, use a VPN to encrypt the connection, which limits access to confidential data. Another option is to use a hotspot with your mobile device.

If you’re on public Wi-Fi, don’t shop online and enter your credit card information. Also pay attention to how your children use your devices publicly, since they are the backdoor to your sensitive data. Even if it’s a small thing, like purchasing a $2 app or coin for a video game, it isn't safe on a public network.

And one of the biggest pieces of advice I would offer is to use multi-factor authentication. Get it on all your apps and your logins. It might feel like a pain because it’s an extra step. But, if you think it's a pain, so do cybercriminals. It’s a little extra step that can keep you very secure.

Dave: The one thing I would add is to make sure your software and your applications are up to date, both on your mobile devices and your home computers. Make sure you're updating your antivirus or malware software on a regular basis, because they protect against the latest risks threats.

Is it a good idea to use a password manager?

Dave: Yes, I recommend using a good password manager and I use one myself. There are a couple reasons I think they are helpful. One is convenience. You can have the password manager record and remember each password you use and auto-fill it on each site. You do have to remember your master password to access the password manager. I like my passwords each to be different and complex, so password managers remember all of that for you. Two is security and awareness. Most password managers will notify you if your email address or user account for one of your accounts sites has been involved in any type of breach.

There are a lot of good password managers available. Choose one that is suited to your lifestyle. Versatility is good, so look for one that works with a Mac, a PC and mobile devices and allows secure access to passwords and secure notes. A password manager is going to be easier to manage in the long run than setting a manual password for every site.

Most websites now ask you to accept cookies. What are they and should we accept them or decline?

Dave: Cookies on websites just collect data from your visit. Typically, if it’s a site that you frequent, the cookies gather information such as where you’re logging in from, your location, what kind of operating system you’re using. If it's a site you’re comfortable with, like a large, reputable shopping site, it’s fine to accept the cookie.

But it’s not a good idea to accept a cookie from a site you’re not comfortable with, or if you know you’re only visiting it one time. Remember, the cookies are gathering data about you. Most are used for marketing purposes, but if you accidentally click a phishing site, for example, it’s going to track data for illegitimate purposes. So if it’s a site you're unsure of, don’t accept the cookies.

We’ve heard a lot lately about “vishing.” What is that and how do you identify it?

Michelle: It’s like a “phishing” email, but it’s a phone call. Since it uses voice, it’s called vishing. But the intent is the same: to urge you to give up confidential personal data. The main tactic is to create a sense of urgency to encourage you to respond. They could say that you’ve won something, or that your data has been compromised, or a loved one is in trouble. Their next step is to ask you for personal information, social security number, bank account number, credit card number, etc., so they can help you with any next step.

The caller may sound credible, but don’t fall for it. Hang up. The alarming thing is that these scammers can spoof a real number, so your caller I.D. might say it’s your bank, but it’s not. Remember, a financial institution will not contact customers by phone for confidential information.

If you have any questions about your accounts, call the number on your statement, not the number they're calling from. All institutions have customer service numbers. Bottom line is don't provide confidential personal information over the phone, especially if that person is reaching out to you directly.

If you are a victim of identity theft, what’s the best way to recover?

Dave: First, notify your creditors and banks if you’ve been a victim of fraud. The sooner you let your financial institution know, the quicker they can help resolve it. Then, put a fraud alert and a credit freeze on your credit report through one of the three major credit reporting agencies.

Next you might visit IdentityTheft.gov, which is a government site that has a step-by-step guide to take you through a recovery plan. That includes things like reporting the identity theft to the FTC and filing a local police report.

If you suspect that your email or your user account for a website has been compromised, immediately change your password. Enable multifactor authentication and then contact the institution to check whether there has been any fraudulent activity.

Always remember, the best steps are preventive steps:

• Review your financial statements for things you don't recognize. Report any inaccurate transactions.
• Protect your identity documents. Don't give out your social security number, your passport, driver's license, birth certificate to anyone you’re not familiar with.

When you trade in or dispose of electronic devices (phone, computer, tablet) make sure you do a factory reset or wipe them of all your data and files.