Cybersecurity | Scam & Fraud Prevention Seminar

November 7, 2019 posted by


As Jack said, my name is Katrina Boyer, I’m from the PA Department of Banking & Securities. I am actually the Investor Education coordinator but I get the privilege of travelling all over the Commonwealth teaching people how to avoid becoming the victims of fraud and scams Cybersecurity is a huge problem! So, what exactly is cybersecurity? Cybersecurity is keeping everything that you do on the internet as safe as you can so that no one can steal your information for their personal use. How many of you use the internet? We’re actually going to see a slide later that shows that the internet and social media and all of that jazz is here to stay. So we need to know how to use it safely. We’re going to talk specifically today about safe web browsing, we will talk about strong passwords— How many of you have maybe three or more password that you use for all of your logins? We’re going to talk about how we can create strong passwords. Online shopping is one of my very favorite things to do but if we don’t do it safely, we’re going to leave our personal information out there to be compromised. And then we’ll talk a little bit about social media. So the first thing that we want to do is we want to start with a clean slate. I am on a cybersecurity task force that
is through the Commonwealth of Pennsylvania, and I never realized how important it was to update the version of my operating system, on my cell phone; all of these things that are computers have to be updated. If we don’t update them we leave ourselves completely
vulnerable to the bad guys. Now, I am NOT a computer genius—I’m far from it. However, I do know that these things happen. So we want to make sure we’re using the most recent version of our web browser and our operating systems. And because they’re all different, I’m not going to tell you how to do it. But it’s easy to go online—go to your favorite search engine; mine happens to be Google— go to Google or whatever search engine you use and type in “how do I update my system?” and it will tell you step by step. You can also look in your system settings and make sure that everything is current and up-to-date. And the other thing that we have to do is we have to keep that antivirus and malware software up-to-date. If we don’t, then viruses can get to our computers and they can really cause a lot of problems for us, so it’s important that we keep that in mind. Now when we’re using the internet, before we put our personal information into any website, we want to make sure that the webpage is encrypted, and one of the ways we can do that is we’re going to look for HTTPS instead of HTTP. That “S” tells us that the website is secure. And then we want to look for that company’s privacy policy. We want to know what they’re doing with our information; how are they protecting it? Because the reality is: our information gets out there, doesn’t it? A lot of companies sell our information—that’s absolutely true— and then we have data breaches. Is there anyone in this room who HASN’T been impacted by a data breach? Yeah, isn’t that sad? It’s terrible that’s the case, but that’s the reality that we live in. So we want to make sure we’re understanding the privacy policy for that page. And then look at the trust seal. Typically in the bottom right-hand
corner of the web page you can find an icon that is clickable and it will bring up and tell you how that webpage is protecting your information. Again, make sure that you’re comfortable with when that certificate expires and understand what’s happening with that. The other thing that I think is really important for us to do, particularly if we’re using a computer that’s not ours; we want to know how to clear the history. Now I will tell you why: so I travel all
over the Commonwealth, and one of the things that I often have to do is I have to get into the hotel’s computer. Not long ago I had to do that in order to pull a document that I needed for the next morning So I go into Yahoo mail to get this document and all of a sudden somebody else’s Yahoo email came up! And that was because when that person logged in there’s a button that was checked that automatically kept them logged into Yahoo mail. Now imagine if I had done that; if I had left that button, and the next person came up and they had access to my email, every last email that I got. Now the problem with that is: if there’s one thing we need to protect especially carefully, it’s our email address. Because if I forget my password to any of the websites that I log into, I can click to have an email sent to me so I can reset my password. If the general public can get to my email, ohhh man! That can cause a lot of problems, right? So we want to make sure that when we leave a device, If it’s a public device, or someone else may come and sit down, clear that history! Again, it’s not difficult to do, just make sure that you go do a web search “how do I clear this history?” It will tell you in about four steps how to do it. Like I said, it’s not difficult. But let’s talk about wi-fi wi-fi is everywhere, right? We have to be really careful about using public wi-fi, but let’s talk about our home wi-fi. My son, who lives in Ohio, trust his neighbor and allowed her to use his wi-fi so she could update her cell phone. Well what he didn’t realize was that person was really good with computers, remember the bad guys I talked about? That woman was able to figure out my son’s login information to his financial institution and she stole money from him. All because he trusted her and he gave his password for his wi-fi. So I would encourage you to have a good, strong password, and we’ll talk about that, but have a strong password for your wi-fi so that it’s nice and secure and don’t give it to just anyone! Make sure that you trust that person, because when you’re using wi-fi, if you’re good, again, I’m not, but if you’re good, you
actually have the ability to see what other people are doing on their devices. And so that brings us to public wi-fi. If I log into the local coffee shop on their public wi-fi, and I log into my financial institution, and somebody else
sees the keystrokes sees what I’m doing they can really wreak a lot of havoc, right? It could have a long-term effect on our financial security. Also it causes a lot of stress when you become a victim of fraud like that. So make sure that you’re aware that using public wi-fi for anything that involves your personal information is a huge risk, okay? So let’s talk about passwords. In my longer version of this this slide is actually a chart of the top ten passwords for the last five years. The word “password” appears in every single year. Isn’t that terrible? But I bet at least a few of you in this room are guilty! I saw one that has appeared over several years is “monkey.” But what about sequential numbers? How tempting is it for us to do these things because we can remember them? But I tell you there are computer programs out there that dedicate their time to figuring out what our passwords are so they can steal our personal information. So we have to be really careful and not do these things and don’t use the same password for multiple accounts. I don’t always practice what I preach and there is one password that I use for those accounts that I don’t consider to be super important. One happens to be a job search account. And I got an email the other day and they told me, “your password matches another one of your passwords for another organization and that organization has been compromised, so you need to change your password.” So that’s the reality, right? We need different passwords. How do we create strong passwords? Well, let me tell ya! The longer your password, the better. You want it to be at least eight characters. You want to use a combination of capital and lowercase. If you can throw in an @ sign or a $ sign instead of an “A” or an “S” or us the number 1 instead of an “L.” Those are all things that make our passwords infinitely stronger and harder for a computer to be able to figure out. Your email password, in my opinion, is probably the most important password for you to have nice and secure. And the other thing is changing your password is kind of important. Because if you’ve got the same password for the same account for the last 10 years you may run into a problem. Now, the reality is I’ve got probably three or four dozen different passwords that I have to remember. I cannot remember that much, so I’m going to be honest, I keep everything on my mobile device, I keep it thumb print protected with a nice long PIN number because that information is critical for me to be able to get to and my work stuff I have to change it every
60 days. And changing it by one character is not secure. I need to create something completely new. So one thing that I like to encourage people to do is how about creating a sentence like “I went on vacation to Aruba in 2017” and then take the first letter of each word and create that as your password throwing in instead of an “I” use a number 1 and then throwing in some of those things again that combination of upper and lower then you just have to remember the statement. It’s a challenge! I will be the first to admit. Another thing that you could do is maybe use initials to a family tree. Again, upper and lower and those types of things, those can all be really helpful. How about those security questions? Every company is starting to require them and they’re very helpful if you forget your passwords you’ve got to answer some security questions, right? If you can write your own questions, that’s your best bet. You don’t want to use your mom’s maiden name, because that’s all over Facebook or Twitter and all the other places, right? It’s easy to find. You want to avoid that can be found on social media. But the other thing is, it doesn’t have to necessarily be a true answer, right? Because they don’t have a database of everybody’s life, So if they ask you for your mother’s maiden name, and that’s the only choice that you have, what if you were to answer with your favorite color? All you have to do is remember the answer, it doesn’t have to be the correct answer. Now, I will tell you I’ve done that, this gets even better, about eight months ago, we got new laptops for work, and I had to have three security questions, and, y’know, I’m in cybersecurity so I’m a smarty-pants, so I created all these answers and I forgot to write them down. [laughter] So they had to completely reformat my computer, because I couldn’t get into it. So you have to remember whatever it is you made that. Just remember the answers! How about email? How many of us get more than fifty emails a day? I mean, seriously, it’s ridiculous, isn’t it? I was standing back here listening to Meg and I deleted like forty-five emails, because I don’t ever open an email. When my financial institution emails me and tells me “hey, Katrina, your statement’s available,” I don’t open that email. I delete it. I go to my financial institution’s website, and I put my personal information in it, because I know I’m at the right site. so before you click on an email, make sure you know who the sender is. If you take your cursor on your mouse and hover it over the email address you will see a pop-up that shows you the actual email address it’s coming from. If the two don’t match, don’t click on it. Don’t open that email, it’s scary! How about grammar and poor spelling? A lot of foreign scam artists use free translation services. And when in doubt, just delete it. I mean, get rid of it. You want to avoid clicking on those links. Again, you can use that hover technique. Make sure that it’s legitimate. If you’re not sure about the legitimacy of a link, go and type it in yourself, then you know it’s done properly, right? Online shopping! I love to shop online. I’m going to tell you another story. So, I have these three rescue pups, and I share on Facebook about my rescue dogs, it’s what I do, so I started getting in my Facebook feed this ad for this really cute t-shirt that talked about being a rescue mom. Well, I really wanted it. But when I researched the name of the company, I couldn’t find a single positive review about the company. So here, we talk about reading reviews from other sites. If there’s not a good one, don’t shop there. Google the name of the company and the word “complaints.” Go to the Better Business Bureau, they have a whole database of complaints. What I did when I wanted that t-shirt is I went to my favorite shopping site and I typed in what was on the t-shirt and I found the t-shirt on my favorite website and I was able to get it. But I didn’t risk putting my personal information on a site that was unsecure and didn’t have positive reviews. So make sure that you keep that in mind. The other thing that I always suggest is that you use a credit card rather than your debit card when you do online purchases. If you use your debit card and the card gets compromised, there could be a time frame where you won’t have access to your money. Just a few weeks ago my husband had $900 wire transferred from his financial institution to a foreign country, I think Jamaica. When he went to use his card, it was declined because it was overdrawn. So we have to make sure that we keep that in mind. If our credit card gets compromised, we may not be able to go shopping, but at least we still have our bank account that we can get money to still do what we need to do. Keep in mind the things that we’ve already talked about: keeping your device updated, making sure that you’re using strong passwords, those things. And, again, use a different password for each site. So Banking & Security is on Facebook, Flickr, LinkedIn, and Twitter. How many of you are using Facebook? I love Facebook, I can keep track of all my grandkids, I can keep track of my kids, I can find all the people that I went to high school with. The reality is sixty-two percent of individuals over 65 are using social
media. So the reality is it’s here to stay, right? So we have to know how to use it carefully. We don’t have to accept every friend request. I delete most of my friend requests, because if I don’t know you personally, I’m certainly not going to give you access to my Facebook feed. Be careful what you put out there and understand your privacy settings for each social media outlet that you’re using. Disable GPS tags. When you take a picture it reports the time and the exact location you were when you took that picture. If I take pictures of my grandkids in daycare and I put them without disabling GPS I can tell anybody and they’re really cute. They’re super cute. So we have to be really careful. It’s not hard to disable that GPS setting in the settings of your phone. I would encourage you absolutely to do that. Keep in mind, if you put it out there, it can be seen. Limit what you put out there. For mobile devices, more than 65% of us have mobile devices, again, it’s hard to find a phone that’s not a smartphone. So we have to keep that in mind. Keep it locked with a PIN or a password. Facial recognition is getting better and better. Don’t text that personal information. My daughter asked me to make a deposit for her she sent me her bank routing number, I was like, “seriously?” So consider what you keep on that phone. And keep it backed up! If you have to remotely wipe it out, make sure that whatever you had on there you have it somewhere else. I have thousands and thousands of
pictures on my phone, if I don’t back it up, and God forbid I would have to remotely wipe it out I, I would lose that. So make sure you keep it on, you want to make sure. And then, make sure that you restore your device to its factory settings before you turn it in. We want to believe that we can trust everybody. but the reality is that we can’t. I actually went to church with a woman in Harrisburg whose full-time job on third shift was to sit in a warehouse and restore Apple devices to their factory settings. That’s how many people leave all of their
information on their devices. That scares me. That absolutely scares me. So I mentioned earlier that I’m on the cybersecurity task force, this is the website for the state agencies that provide this resource. Cybersecurity is changing all the time, right? So we need to make sure we stay on top of it. Go to pa.gov and then if you just search “cybersecurity guide,” It will bring it up and there are some really great resources there. And a lot of them have links to take you to direct sites, and provide you with oodles more information than I could do in this twenty-five minute presentation. So I would encourage you to check that out. If you have questions, I’m happy to answer them. I do want to keep us on schedule, so we’ve got about two minutes for questions. Anyone have any? Yes, ma’am? [AUDIENCE]
Two or three weeks ago, and I’m always very careful about checking for HTTPS, [AUDIENCE]
and I don’t shop on too many places or go to too many places, [AUDIENCE]
but, in the banking institutions, all of a sudden up there all it said up there was HTTP [AUDIENCE]
there was the lock but it said HTTP [AUDIENCE]
and I know I’ve always checked and it’s always had an “S,” [AUDIENCE]
so what I started doing is going in, [AUDIENCE]
because when I go into our email provider it still says HTTPS, [AUDIENCE]
so I go into there and I back up and put it in, [AUDIENCE]
but I don’t understand why suddenly all of mine… Well if you’re not looking at putting your personal information into the website, it doesn’t necessarily have to be the “S.” [AUDIENCE]
But it was, it was a banking site. Oh, okay, so you were going to be logging in? [AUDIENCE]
Yes. Oh, that’s scary. [AUDIENCE]
And I know, I mean, I checked. [AUDIENCE]
So I know it’s always been on there, I would never have logged on without it. [AUDIENCE]
And I have no idea why it’s showing up that way. I even checked the other day. That clearly tells us that we have to be careful and because we’ve gone to that site before doesn’t mean that we can trust it again. Make sure that we check that HTTPS. Yes ma’am? [AUDIENCE]
I got an email from my credit card company, [AUDIENCE]
and it said “we want to update your records” [AUDIENCE]
with all this information, [AUDIENCE]
and I’m thinking, “wait a second, I’m not putting that on the internet!” [AUDIENCE]
And so I just got my credit card out, I called them back [AUDIENCE]
and they said, “Do you have the email in front of you?” And I said, “Yes I do.” [AUDIENCE]
She asked, “Is the last five digits of your credit card number on that email?” [AUDIENCE]
And I said no. [AUDIENCE]
And she asked, “Is it addressed to your first name?” [AUDIENCE]
And I said no. [AUDIENCE]
She said, “It’s fraud. It never came from us.” [AUDIENCE]
She said, “Just so you know, if we send you an email, [AUDIENCE]
the last four or five digits of your credit card number will be on that email [AUDIENCE]
and your first name will be used, not your last name.” Not “dear customer,” right? [AUDIENCE]
Yeah, but I mean that was scary— [AUDIENCE]
had it not been that they were asking all these questions [AUDIENCE]
I thought, “I’m not doing this! I’m just not doing this.” Right! That’s fantastic, thank you for sharing. So clearly, criminals are really good at recreating things that look legitimate so I go back to delete it and go to your financial institution, whatever website it is, go there and make sure the website you put in is the right place. So we’re going to move on, my contact information is on the last slide, I’m happy to answer any questions. I’m going to be here for the rest of the day, I’ll come back in a little bit and we’re going to play consumer fraud bingo. You wanna stick around for that because that’s so much fun. Thank you so much for your time! [applause]

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *