Q&A: How to Protect Yourself from Online Scams
Elie Hawa thinks about phishing scams every day. As an Information Security Operations Engineer at Old National, his job is to keep the bank safe from cyber attacks and other online scams.
Much of his work involves helping his colleagues avoid scams – any system is only as strong as its weakest link. We asked Elie how individuals can keep themselves safe.
Q: How can I identify a phishing email, text, or call?
A: Some attempts are obvious while others can be difficult to recognize. I always tell people to Stop, Look, and Think. Any of the following should be red flags:
- Unsolicited contact from your bank, or any other financial institution, asking you to provide passwords, account numbers, or other personal details.
- A deal that seems too good to be true.
- Pressure to respond quickly or transfer money immediately.
- Unusual payment methods requested, such as Western Union, Bitcoin, or you’re asked to buy a gift card for the sender.
- Vague contact details.
- You’re asked to keep the offer quiet.
- Obvious or frequent misspellings and grammatical mistakes.
Q: What are some steps I can take to protect myself?
Know who you are talking to. Many scams are premised on social engineering. In other words, fraudsters use psychological tricks to get people to share information or send money when they really shouldn’t. Be alert to suspicious behavior! That means anything that seems oddly time-sensitive, irregular, or too good to be true.
Beyond that, there are several other things you can do:
Make sure your virus protection software is up to date. Most operating systems, like Microsoft Windows, come with a solution that’s strong enough for personal computers. Figure out how to update it regularly, whether that’s turning on the auto-update setting, or manually checking for updates every week.
Use strong passwords. Never use your name, birthday, email address, or “password” as your password. Use special characters and symbols, and have your password be around 16 characters (or more). Attackers have developed very strong computing power; their algorithms can often crack passwords that are 8 or so characters.
Use the security tools that your bank offers. As a bank, we want to keep our clients safe! We have the tools to do so – it’s really about convincing clients to adopt them. The keys are using Online and Mobile Banking, setting up alerts on your debit card, and enrolling in your institution’s identity protection program.
Q: What services does Old National have to keep clients safe?
At Old National, we suggest clients use three different tools to protect themselves:
- Online and Mobile Banking. These tools give our clients access to their accounts 24/7. If you’re looking at your accounts regularly, you’ll spot irregularities much more quickly than if you were to wait for paper statements. We recommend all clients enroll in Online Banking and download our app.
- Debit Card Controls and Alerts. Clients can sign up to receive alerts when their debit card is used. You can even turn off your card with a click of a button, if you notice something suspicious or lose your card. Setting it up is simple.
- Enroll in a Protection Program. We offer our clients Mastercard ID Theft Protection. It’s a FREE service that monitors, tracks and displays your risk score. As part of the program, Mastercard also conducts internet searches that can detect compromised credentials and potentially damaging use of your personal information. If your identity is compromised, a team of identity theft resolution specialists will help resolve your incident and prevent further damage. We recommend all our clients enroll.
Q: Will I get my money back, if I am scammed?
A: In some cases, an unauthorized debit or credit card payment may be refunded. But, if you transferred or sent money to a scammer using another method, you are unlikely to get it back. That’s why it’s so important to recognize the signs of a scam.
Q: What should I do if I have been scammed?
A: Contact your financial institution to report an unauthorized debit or withdrawal. If you bank with First Midwest, our Customer Care Team is at 800.322.3623.
If you wired funds, also contact the wire transfer company and tell them about the fraudulent transfer.
If you gave someone your username and password, make sure you create a new, strong password – and make sure you change it for every account where you use it, even accounts that weren’t directly related to the scam.
For more information, visit the Federal Trade Commission web page on Online Scams.
Q: What if I fall victim to identify theft?
A. You’ll want to report the incident. Many financial institutions have dedicated teams to help with this.
For example, if you bank with First Midwest, and you have enrolled in Mastercard® ID Theft Protection, you have a team of resolution specialists at your disposal. Call them at 800-MC-ASSIST to get started. Enrolling is free to all Old National cardholders, so I highly recommend enrolling now.
If your financial institution does not do it for you, you should report your identity theft to the Federal Trade Commission. They have resources to help victims get back on their feet.
As part of the process, you’ll want to place fraud alerts on your credit reports and tighten security on all your accounts. To get started, you’ll need to call each of the three major bureaus:
- Equifax – 800.685.1111
- Experian – 888.397.3742
- TransUnion – 888.909.8872
Q: Thank you for your time. Any parting thoughts?
A. My pleasure. I’d say this. When I work with people, I tell them identity theft, scams and online fraud can feel very scary. But once you know what to look for – and what steps to take to protect yourself – you can gain some peace of mind.
Better to know what you’re up against, than simply hope it doesn’t happen to you.