Using strong and unique passwords for your banking is one way to deter would-be scammers. Don’t use the same password for multiple online accounts like Amazon and Netflix. Courtesy iStock
A bank with a West Michigan presence is offering tips to consumers for protecting their identity and financial lives during the coronavirus outbreak.
Jude Schramm, executive vice president and chief information officer with Cincinnati-based Fifth Third Bank, which has a large West Michigan presence, spoke to the Business Journal on March 20 with tips to help reduce the instances of identity theft and other risks — especially for older adults who are increasing their digital communications and online and mobile banking during the pandemic but tend to be less digitally savvy.
“During times of uncertainty, it’s natural to seek information and answers through the internet and social media,” said Schramm.
“Unfortunately, criminals will often use that to their advantage. While not Fifth Third-specific, our team has noted the occurrence of phishing — when a data thief impersonates a legitimate person or company via email to bait the recipient into reporting confidential information or gaining unauthorized access to systems — and has seen reports of malware (malicious software) disguised as a coronavirus map.”
He added another common scam to which consumers are falling victim is called “smishing,” or the SMS texting version of phishing.
“There are (fraudsters) that will pose as a bank and (send) a link that says ‘There’s something wrong with your account’ through a text message … and you click on it, and it will take you to a page that looks like your bank login page, but when you login, you’re giving them your credentials and then the bad guys will basically use that information to call you back, act like they’re your bank, and then they’ll get more information and perform fraud on your banking accounts,” Schramm said.
He said online and mobile banking customers can keep themselves safe via three main methods:
1) Only log in to your mobile/online bank account from a device you trust that you have registered with the bank. Fifth Third Bank requires users to select whether they are logging in on a private or public device and then asks for further information to prove their identity before it grants account access, including via two-factor authentication, which is where the software generates a one-time use code and sends it to the user’s phone or email, and then users have to type in the code on their online banking login screen to log on. The recommended approach, however, is logging onto online banking on your own home desktop computer, laptop or mobile device, on private Wi-Fi whenever possible, Schramm said.
2) Be aware that a bank will never contact a customer asking for their information, whether via phone, email or text message. “If you get a call from somebody identifying themselves as from your financial institution, internet provider, anything — they will never call you and ask you for your secure information. The appropriate response is, ‘Thank you, I will hang up and I will call you back,’ and you can then call your bank and verify whether they contacted you, because your bank has IT systems in place so that anybody in their call centers, for example, knows if (the bank is) trying to get in touch with you. … You always want to hang up and initiate the call to the bank yourself, because then you know you’re getting a trusted representative on the other side,” Schramm said.
3) Make sure you’re using strong and unique passwords for your online bank account. “Don’t use your email password as your banking password. Don’t use your Netflix or Amazon password. Make your bank password completely unique from every other password and account that you have.”
Schramm said if consumers suspect they are being phished, smished or otherwise scammed, they can go to 53.com for a FAQ on cybersecurity tips and tricks, or they can visit the U.S. Department of Homeland Security website at dhs.gov.
Schramm shared the following additional best practices to ensure cybersecurity during the COVID-19 pandemic:
Stick to credible resources such as the Centers for Disease Control and Prevention (cdc.gov), National Institutes of Health (nih.gov), World Health Organization (who.int) and well-known local and national news reporting agencies as your sources of information.
Do not click on links or attachments from senders you do not recognize. This applies not only to email, but also to text messages and pop-ups on websites.
Keep your computer “healthy” by applying patches and updates as soon as notified one is needed. Do not push off these updates until later.
Do not share sensitive personal information (such as usernames and passwords) by email, to anyone. Resources such as 1ty.me are available for sending sensitive information over the internet in a secure, one-time, self-destructing link.
Watch for email senders using suspicious or misleading domain names.
Inspect URLs carefully, without clicking on the link, to make sure they’re legitimate and not imposter sites.