All branches and Contact Center will be closing at 1pm on Tuesday, December 24th and closed on Wednesday, December 25th.

FRAUD UPDATE: Some members are receiving fraudulent text messages and phone calls, acting as Charter Oak asking to verify fraud charges. DO NOT CLICK any links and DO NOT give out your information. If you are unsure, please contact us directly or stop into a branch.

Alerts

My Branch:

Switch Branch

Loading...

Protect Yourself From Phishing Scams: 8 Steps To Better Security

Published On: August 12th, 2024Categories: Fraud Literacy

Since the mid 1990’s, email phishing scams have been on the rise. Like most cybercrimes, hackers have improved and refined their phishing methods over time. Now, there’s been a massive increase in targets due to the continuing coronavirus epidemic. Email phishing continues to be the method of choice for many cybercriminals to enter your device, steal your data, identity, finances, and more. A study by Tessian finds that 96% of phishing attacks arrive via email, showing the threat is very real.

There are ways to prevent phishing. Just keep these 8 things in mind:

  1. Red Flags Flying

Phishing emails use many tactics to grab our attention, but no matter the subject line, there are phishy mistakes that many have in common. Poor grammar and bad spelling, generic greetings, and visuals like brand logos that don’t look quite right. Motivating users to open the email and act is key for hackers to succeed, so many of the subjects and content tugs at our heartstrings, elicit emotional reactions, needs an urgent response, or says you’ve won a contest or gift card, should all raise red flags.

  1. Think Before You Click

Once the email is opened, hacker’s urge you to download a file, open an attachment, or follow a link. If you aren’t expecting a link or attachment, suspect a red flag, or don’t absolutely know and trust the sender (you can always verify the email sender), DO NOT follow instructions to act in any way. It’s best to assume any attached or downloaded file is chock full of malware and the link is to a scam website. These can launch ransomware, spyware, identity and finance theft, and many other viruses on your device.

  1. Protect Your PII

Your personally identifiable information (PII) can give a hacker the key to your identity. Never provide your Social Security number, bank and other financial details, or any other sensitive information an email asks for. Reputable companies don’t ask for these in an email, but rather send you to a secure portal or contact you via snail mail. Provide this info over a phone call only if you’re the one who initiated the call and are confident in the person on the other end of the line.

  1. Truth in Websites

You can check if a business truly needs you to provide or verify PII by typing in the true website yourself. That way you’ll know for certain if the request for your PII is for real. Always verify a website is real and trusted before moving forward. Carefully check the website spelling for odd or additional characters because they always signal a fake website. Always best to type the URL yourself or create bookmarks for easy access to your most used and trusted websites.

  1. Password-Pallooza

Always make passwords long, strong, use numbers and special characters, and never reuse them for other accounts. In particular, especially those used for personal, financial, and work accounts. Change those passwords periodically. Scary Stats: 65% of people reuse passwords across multiple or all accounts; the average person reuses the same password up to fourteen times; 91% say they understand the risks of password reuse across multiple accounts, but 59% admit they do it anyway.

To create a strong and unique password for every account:

  • Create a strong base password that will be used with each password.
    • Example: 7*dLeiK#
  • Use part of the account URL to add to the beginning or end of the base password.
    • Examples for Facebook: 7*dLeiK#FB or FB7*dLeiK#
  • Apply this rule to all your current and future accounts and you will have a strong, unique and easy to remember password.
  1. Enable Authentication

Two-factor authentication (2FA) should always be used whenever possible. 2FA adds a layer of authentication to logins that verify you are the account owner, and that it’s really you signing-in and not a bad actor.

  1. The Right Email Provider

Email services differ and some are better at screening out phishing and other spam emails than others. Make sure your choice enables 2FA, offers strong phishing and spam settings, and sends alerts if they are detected. Choose a provider that keeps your email safety a priority.

  1. Look for Phishy Clues

If you suspect you’ve been caught in a phishing scam, act quickly. Check your email logs for any phishy logins and be sure to log out of the account. Check bank or credit records for any unusual activity and make sure any transfers you made went to the right account. If anything is out of order, contact your financial institution immediately. While you’re at it, change passwords and enable 2FA right away too.

Go to Top