October is Cyber Security Awareness Month, and the Canadian banking industry is participating in this international effort to help consumers protect themselves and their computers from cyber crime. This month we’ll be looking at ways to recognize cyber threats and steps you can take to keep your computer healthy and virus-free.

Recognizing Cyber Threats

As the old adage goes, if it sounds too good to be true, it probably is. Most people know to treat any amazing offer on a website or sent by e-mail with a healthy dose of scepticism and to be careful when downloading files from the Internet and installing programs: some threats can be disguised as popular downloads such as screen savers, music files or jokes. But are you aware of the newest forms of online fraud known as “phishing” and “vishing”?

E-mail fraud, sometimes called “phishing,” uses fraudulent e-mail messages and websites that look like they are from a legitimate organization, such as a bank, credit card provider, retailer or government agency to trick consumers into providing personal information. “Vishing” is short for “voice phishing” and it’s similar to phishing, but instead of using just e-mail, the criminals will use the phone in the hopes of luring you into divulging information such as social insurance numbers, credit card numbers or online banking passwords.

How to Spot a Phishing or Vishing Scam

So how can you spot a scam? There are three important things to look for to help distinguish an e-mail or voice mail message from a legitimate company from a phishing or vishing threat:

• No personalization. E-mails from legitimate companies are usually personalized, such as “Dear Mr. Smith” or “Dear Jane.” Criminals send phishing e-mails to thousands of people randomly. They don’t know who they are and they can’t personalize them. Be wary of e-mails that say “Dear Client” or “Dear Valued Customer.”
• It sounds alarming. Both vishing messages and phishing e-mails will have a sense of urgency, such as “you must reconfirm your information or your account will be closed in 24 hours.” Always check your monthly statement. Make sure the charges are yours.
• The message asks for personal information. No legitimate company would contact you by e-mail to ask you to reconfirm any of your personal information for security purposes or any other reason. They already have it.
  
  With a vishing threat, the phone or e-mail message might warn of a security alert and ask you to call a local or toll-free number where an automated attendant will ask you to disclose or punch in personal information, such as your Social Insurance Number, or account or credit or debit card number along with your banking password or card personal identification number (PIN). After that you will likely be disconnected: you won’t speak to anyone but the criminals will have your information.
  
  It is important to know that in some cases, your bank may contact you by phone or leave you a voicemail message, for example if they suspect fraudulent activity on your debit or credit card or bank account. As part of a legitimate conversation with your financial institution, you may be asked personal verification questions so the bank can ensure that they are speaking to the right person. You will not, however, be asked to verbally provide your Social Insurance Number or any card PIN or banking password or enter them on your telephone keypad.

If you have any doubts about the validity of any promotions or information requests you receive by telephone or e-mail, you may wish to call the organization to verify the legitimacy of the request. Be sure to use a phone number that you know is correct.

If you think you have provided personal information to a phisher or visher, report it to the organization involved immediately and they will give you advice on how you should proceed. For example, if you provide a credit card number, then contact the card issuer. If you reveal your Social Insurance Number, then contact the federal government.

Keeping Your Computer Healthy

While banks work around the clock to protect customers from fraud and assist police in their investigations, consumers have a role to play in protecting themselves as well. There are some simple steps that consumers can take to secure their home computers and educate themselves about the latest fraudulent scams so they don’t fall victim, including:

• Avoid using a public computer when doing financial transactions.
• Always logging out of an online transaction session and clearing the cache of your browser after visiting secure sites. This will ensure that nobody else can view any confidential information you may have transmitted.
• Installing and maintaining a firewall to guard against unwanted access to your computer.
• Installing proven anti-virus, anti-spam and anti-spyware software and keeping them updated.
• Installing patches and updates to your operating system and applications as they become available from the manufacturers.
• Many businesses require that you use 128-bit encryption to access secure websites. Update your Web browser on a frequent basis to ensure you are using the latest browser technology and the highest encryption level.
• Always ensuring that you are in a secure environment. Look for the closed-lock or unbroken-key icons on your browser when entering credit card or other sensitive data. Also make sure that the website address in the address bar begins with https rather than just http. If you don't see these or if you see a broken key or the open padlock, your transaction is not being securely transmitted across the Internet.
• Using common sense and be aware of potential security leaks. You wouldn’t give information to just anyone in the off-line world. Apply the same discretion online.

To find out more about fraud and security and about how banks work to protect you, or to download the CBA’s free booklet, Safeguarding Your Money, visit the Fraud and Security section of the Canadian Bankers Association website.

You can also find more information on the “Microsoft Security at Home” website, which is a good source of instructional videos and updates on how to protect your computer. You can find a link to the Microsoft page here.

Canada’s banks take the issue of privacy, security and fraud prevention very seriously. They work hard to prevent their operations and customers from being used for any kind of financial crime and to raise awareness about the ways that customers can protect themselves.

As a consumer, you also have an important role to play in preventing fraud. October is Cyber Security Awareness Month and we’ll be taking a look at protecting yourself online.