Best Practices to Protect Yourself Online
Over the past few years, there has been an uptick in cyber attacks across the world. Here are some ways you can stay safe online:
- Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update.
- Use a password manager tool, or at least strong passwords. Never share or reuse the same password for multiple accounts.
- Use Multi-Factor Authentication whenever possible. This adds a second layer of security to your important accounts by requiring an additional step to verify your identity, such as receiving a code through text message or email.
- Protect your Personal Identifiable Information (PII). Never give your information over the phone or in an email. Legitimate companies will never ask for it.
- Secure your mobile device by using passwords and keeping it locked when not in use. Only connect to secure wi-fi, and be cautious of downloads.
- Backup your data regularly to protect it in the event of a system crash or failure. This will also ensure you have access to your information in the event your mobile device is stolen.
- Be cautious of using public wi-fi. Never access your bank accounts, personal information, or go shopping while using public wi-fi. Turn off automatic connectivity, especially when traveling in unfamiliar places.
Common Scams and How to Avoid Them
Social engineering is the art of manipulating people so they give up confidential information. The type of information can vary, but criminals are usually trying to trick you into giving them personally identifiable data, your passwords or bank information. Exposing this information can lead to identity theft.
Below here are the most common methods involving social engineering techniques.
Phishing
Phishing attacks are emails designed to deceive and trick recipients into taking an action such as clicking a malicious link, or opening an attachment with a virus.
Common themes include:
- Presenting a problem that requires you to “verify” your information.
- Posing as a boss, coworker, or trusted company.
- Urgently asking you for help.
- Ask you to donate to a charity or fundraiser.
- Notifying you that you are a “winner”.
Protect Yourself:
- Slow Down- Criminals want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics, be skeptical.
- Never provide personally identifiable information. Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look at your settings options, and set these to high–just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ’spam filters’.
- Protect your Personal Identifiable Information (PII). Never give your information over the phone or in an email. Legitimate companies will never ask for it.
Vishing
Vishing is a form of attack that attempts to trick people into giving up sensitive personal information over the phone. In most cases, the attacker strategically manipulates human emotions, such as fear, sympathy, and greed in order to accomplish their goals.
Common themes include:
- Government impersonations, including the IRS, Medicare, the Social Security Administration, or local law enforcement.
- Telemarketing fraud - a too good to be true situation, where you’ve won a contest, or you’re being offered a free vacation.
- Tech support fraud - a call from tech support, pretending to answer your questions or trying to get you to verify information.
- Bank account scams - a call from someone pretending to be from your bank following up on potentially fraudulent charges.
Protect Yourself:
- One thing that every vishing scam has in common is an attempt to create a false sense of urgency, making you think you're in trouble or about to miss an opportunity and need to act right now. It never hurts to take a moment to pause, write down information about the caller without offering any of your own, and then call back after doing research.
- Be suspicious of a call claiming to be from a government agency or asking for money or information. When in doubt, hang up, independently seek out the real number for the agency, and call them to find out if they're trying to reach you.
- Never pay for anything with a gift card or a wire transfer. That's a strong sign of a scam.
- Legitimate callers will be happy to work with you. Illegitimate callers may quickly move on to finding an easier target.
Smishing
Smishing is a cyberattack that uses misleading text messages. The goal is to trick the recipient into believing that a message has arrived from a trusted person or organization, and then convincing them to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access to the mobile device.
Common themes include:
- Attempts to trick you into sharing credentials. Smishers may try to convince you into giving up a username / password combo or other confidential info that they can use to log into one of your online accounts. Banking schemes and Amazon schemes are very common.
- Attempts to trick you into downloading malware. Smishers send vague messages with links or push recipients to download apps. Like phishing, these links or downloads could have malicious intents, such as stealing credit card information or giving access to your mobile device.
Protect Yourself:
- Be wary of texts using unnatural or ungrammatical language.
- Offers that seem too good to be true usually are.
- Don't click embedded links or download apps directly from a text message.
- The IRS and Social Security Administration don't communicate via text.
How to recover from a social engineering attack
Recovering from a social engineering attack depends on the nature of the attack and what was compromised. Ensure your anti-virus is up to date and change your passwords. If you mistakenly gave the attacker any personal information, contact any impacted institution for guidance on how to protect your data. If you suspect your credit information has been compromised, immediately contact the credit bureaus to freeze your credit or request their guidance on recovery steps.
How to Report Fraud
Aflac is an organization with strong values of responsibility and integrity. If you suspect fraudulent activity you are encouraged to visit Reporting Fraud on the Aflac home page for details on how to submit a report.
Additional Resources
We recommend the following sites for additional information about how to protect yourself against identity theft and respond if it happens.
Federal Trade Commission (FTC): Privacy, Identity & Online Security
Federal Trade Commission (FTC): Tips to Help You Stay Safe and Secure Online
National Cyber Security Alliance (NCSA): Stay Safe Online
Federal Bureau of Investigation (FBI): Cyber Crime
Cellular Telecommunications Industry Association (CTIA): Protecting Your Data
How We Protect Your Information
- We maintain physical, electronic and procedural safeguards that comply with applicable legal standards to secure such information from unauthorized access and use, accidental or unlawful alteration and destruction, and other unlawful or unauthorized forms of Processing.
- We hold our employees accountable for complying with relevant policies, procedures, rules and regulations concerning the privacy and confidentiality of information.
- Our Global Security team continuously evaluates and enhances how we protect our information using industry best practices.
New messages from Aflac |
