Scam artists use the internet and advanced software to defraud millions of people each year. Scammers trick victims into sending money or giving out personal information. It's important to learn how to stay safe online; knowledge can help protect you and your loved ones. Calvert County Government takes cybersecurity very seriously but it needs you to take action to protect yourself and to report if you fall victim to an online scam.
Top Ten Ways to Protect Yourself from Scams and Hackers
1. Know what a phishing scam looks like
New phishing attack methods are being developed all the time, but they share commonalities that can be identified if you know what to look for. There are many sites online that will keep you informed of the latest phishing attacks and their key identifiers. The earlier you find out about the latest attack methods and share them with your users through regular security awareness training, the more likely you are to avoid a potential attack.
2. Don’t click on that link
It’s generally not advisable to click on a link in an email or instant message, even if you know the sender. The bare minimum you should be doing is hovering over the link to see if the destination is the correct one. Some phishing attacks are fairly sophisticated and the destination URL can look like a carbon copy of the genuine site, set up to record keystrokes or steal login or credit card information. If it’s possible for you to go straight to the site through your search engine, rather than click on the link, then you should do so.
3. Get free anti-phishing add-ons
Most browsers nowadays will enable you to download free add-ons that spot the signs of a malicious website or alert you about known phishing sites. These can be installed on every device in your home or organization.
4. Don’t give your information to an unsecured site
If the URL of the website doesn’t start with “https” or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information or download files from that site. Sites without security certificates may not be intended for phishing scams, but it’s better to be safe than sorry.
5. Rotate passwords regularly
If you’ve got online accounts, you should get into the habit of regularly rotating your passwords so that you prevent an attacker from gaining unlimited access. Your accounts may have been compromised without you knowing, so adding that extra layer of protection through password rotation can prevent ongoing attacks and lock out potential attackers.
6. Don’t ignore those updates
Receiving numerous update messages can be frustrating, and it can be tempting to put them off or ignore them altogether. Don’t do this. Security patches and updates are released for a reason: most commonly, to keep up to date with the latest cyberattack methods. If you don’t update your browser, you could be at risk of phishing attacks through known vulnerabilities that could have been easily avoided.
7. Install firewalls
Firewalls are an effective way to prevent external attacks, acting as a shield between your computer and an attacker. Both desktop firewalls and network firewalls, when used together, can bolster your security and reduce the chances of a hacker infiltrating your environment.
8. Don’t be tempted by those pop-ups
Pop-ups aren’t just irritating; they are often linked to malware as part of attempted phishing attacks. Most browsers now allow you to download and install free ad-blocker software that will automatically block most of the malicious pop-ups. If one does manage to evade the ad-blocker though, don’t be tempted to click! Occasionally pop-ups will try to deceive you with where the “close” button is, so always look for an “x” in one of the corners.
9. Don’t give out important information unless you must
As a general rule of thumb, unless you 100% trust the site you are on, you should not willingly give out your personal or card information. If you have to provide your information, make sure that you verify the website is genuine, that the company is real and that the site itself is secure.
10. Have a data security platform to spot signs of an attack
If you are a small business, consider investing in a data security platform. A data security platform automatically alerts you to anomalous user behavior and unwanted changes to files. If an attacker has access to your sensitive information, data security platforms can help to identify the affected account so that you can take actions to prevent further damage.
What to Do if You are Scammed
If you think you are a victim of crime online, report it to one of these government authorities and they can advise you what to do next:
- Internet Crime Complaint Center (IC3): the IC3 receives complaints and sends them to federal, state, local or international law enforcement. It is also important to contact your credit card company to let them know about any unauthorized charges or if you think your credit card number has been stolen.
- Federal Trade Commission (FTC): the FTC shares complaints and online scams with all levels of law enforcement. The FTC cannot resolve individual complaints, but it can help you decide the next steps to take.
- EConsumer.gov receives complaints about online shopping and eCommerce transactions with foreign companies.
- Department of Justice (DOJ): the DOJ can help report internet or intellectual property crimes.
How can I tell if I have a malware infection?
Things to look for:
- Your computer is very slow or your computer fan is constantly running at full speed. This is typical of a computer that has been hijacked into a botnet.
- Your system crashes or freezes. You might experience a "Blue Screen of Death."
- Your screen is full of pop-up ads. Do not click on links in pop-up ads — they are very likely to install additional malware.
- You notice that your computer has suddenly lost a lot of disk space.
- Your browser settings change. If your homepage has changed or you have new toolbars or plugins that you didn’t install you more than likely have malware on your device.
- Your antivirus program stops running and you can’t turn in back on.
- You lose access to your files or even your entire computer. This is typical of ransomware. You might see a ransomware note on your desktop or your whole desktop wallpaper might be a ransom notice.
How can I tell if my Android device has malware?
- Sudden appearance of pop ups.
- An increase in data usage that you can’t account for. Malware chews up your data plan with pop-up ads and sending out information from your phone.
- Charges on your bill that you can’t account for.
- Your battery runs down quickly.
- Your phone is hot all of the time.
- Your contacts receive strange email and texts from your phone that you didn’t send.
- An app appears on your phone that you didn’t download.
- Wi-fi connections turn themselves on.
Glossary of Terms
Ad-Blocker: Software that you can install in your browser to block online web advertising. There are many free ad blockers on the market. Chrome has an ad blocker and so does Microsoft Edge.
Add-on: A piece of software that runs in a browser in order to add functionality. Some add-ons are useful, but many are a back door for malicious hackers to install malware on your PC or spy on your actions. Some add-ons are added to a user’s browser without their knowledge. If you see something different in your browser that you didn’t add, it is likely malicious and should be uninstalled.
Botnet: Networks of hijacked computers used to carry out various scams and cyberattacks. The user of a hijacked computer rarely will know that they have been hijacked and a part of a botnet.
Browser: The computer program that you use to view web pages and surf the internet. The most popular web browsers include Microsoft Edge, Google Chrome, Mozilla Firefox and Apple Safari.
Firewall: Network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a set of security rules. A firewall is the first line of defense for a network.
Malware: Malware or “malicious software” is an umbrella term that describes any malicious program or code that is harmful to systems. Malware seeks to invade, damage or disable computers, computer system, tablets or mobile devices.
Phishing: Phishing the fraudulent practice of sending emails purporting to be from reputable companies or individuals in order to induce the recipient to reveal personal information, such as passwords and credit card numbers. Phishing emails are the number one cause of ransomware attacks.
Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.
Scareware: Scareware is a form of malware that tries to frighten you into downloading or buying fake security software.
Spyware: Type of malware that infects your PC or mobile device and gathers information about you, including the sites that you visit, the things that you download, your username and passwords, payment and bank information and the emails that you send or receive.
Virus: A computer virus is a program or piece of code designed to damage your computer by corrupting system files, wasting resources or destroying data. It can replicate and spread after a person first runs it on their system. There are many types of viruses and they infect a system in various ways.
Worm: A type of malware that travels and spreads through network connections to find its targets. Worms typically exploit known computer vulnerabilities to get inside of a machine. Worms can steal data, install a backdoor and allow a hacker to gain control over a computer.