Cybercrime is often in the headlines and every year Americans lose a lot of money to cyber-related scams.
The FBI’s Internet Crime Complaint Center (IC3) said the potential total loss from cybercrime in United States grew from $6.9 billion in 2021 to more than $10.2 billion in 2022.
To mark Cybersecurity Awareness Month, which runs throughout October, TD Stories sat down with two colleagues based in Canada – Zane Brown, Senior Manager, Information Security and Nicole Eshenbaugh, Information Security Specialist – to learn more about how to safely bank and browse online.
Here's what we learned:
Never click on suspicious links
Fraudsters use this tactic to trick you into sharing your personal or financial information, such as passwords, banking, and credit card information.
Phishing can happen via email, text (smishing), or voice message (vishing). No matter the medium, the messages appear to be from a well-known company – such as your bank saying your accounts have been frozen. To unfreeze your accounts, the messages prompt you to click a link and/or share your personal information.
By sharing your information, you put yourself at potential risk of financial loss as well as risk of identity theft. Phishing links can also contain malware or viruses which can damage your devices.
Zane says if you're ever unsure if an email or text is legitimate, be sure to never click on any links included in the email or text and do not respond with personal information.
Use strong passwords and enable multi-factor identification
You've likely heard the advice to use strong passwords, and to never reuse passwords. But in reality, it's easier said than done. So, what does a strong password look like?
"Try not to use words," Zane said. "If it's easy for you to guess or easy for you to think of, it's probably easy for attackers to guess as well."
Zane recommends, where possible, to use passwords that have:
- Capital letters
- Lowercase letters
"It's your first line of defense in protecting your information," Nicole said.
Both Zane and Nicole say that to generate unique, complex passwords for your many online accounts, you can consider a password manager from a reputable organization.
Many apps and platforms allow you to enable two or multi-factor authentication (also known as 2FA or MFA). This adds an additional layer of protection after you enter your password. This could look like: adding a code from an authenticator app (authenticator apps can be downloaded on to your phone and you can set them up in different social media and email platforms) or having a code texted to your cellphone when you login to an app, product, or service.
For MFA, Zane says to be mindful of where you get your login codes if you opt to have them sent to you when you log in to an app, product, or service. If you use your email as part of your login, have your codes sent to your cellphone as a text message.
"If an adversary did steal your credentials, and maybe they got into your email, chances are they don't have access to your cellphone."
Use verified apps
When downloading apps to your mobile phone, make sure the one you're choosing to download is verified. Nicole recommends looking at an app's developer or owner to prevent yourself from downloading lookalike apps, which might contain malware or use your personal information nefariously. When downloading an app, Nicole said there are a few things to watch out for, such as:
- Does the app have a lot of negative reviews?
- What do these reviews say about the app's performance?
- Has anyone in the reviews complained about the app having malware or suspicious behaviour?
- Do any reviews claim the app is a scam?
- If the app has a lot of positive reviews, how similar are they? Fake positive reviews are often short (e.g. "This app is great!"), contain poor grammar and spelling mistakes, and don't highlight specific features.
Try to avoid using public Wi-Fi
Often, public Wi-Fi networks are not secure, meaning you're more vulnerable to malware and personal data theft when on these networks. However, sometimes you may find that you need to use one. If so, you should consider installing a virtual private network, or VPN, to your device as it can add an extra layer of security to help protect your personal information. Nicole stresses that even with a VPN you should stay away from completing certain activities on public Wi-Fi networks that could reveal your sensitive data, such as banking or shopping.
Mindless web browsing is something many of us partake in. But even when you're scrolling after a long day (or while lying in bed), it's important to be mindful of what you choose to click.
"Before you click anything, always just take a minute to think about what you're looking at, especially with domains and websites," Zane said.
Even when using search engines, you can come across suspicious results. For example, Zane said: "If you're looking for TD and you see TD dot and whole bunch of random characters such as "tdb @ nk dot com" or "td dot bankca dot io" then it's most likely that this site is not TD and you should not click on it."
Keep your software up to date
"Adversaries are always looking for vulnerabilities, and a lot of it does come from the older software," Nicole said, noting how her team has weekly meetings to discuss different vulnerabilities that companies have discovered and patched.
If there is a vulnerability, and you're using an older version of an application or operating system, you could potentially be exposed to bugs and malware, which could put your personal and financial information at risk.
On your phone, you can set up automatic updates for apps and your operating system to help keep everything current. You can also check your apps and system settings to see if your software requires an upgrade.
Back up your data
Stuff happens. And if you do find your devices compromised (or even waterlogged, as Nicole personally experienced after her phone unfortunately fell in a sewer grate), it's important to have backups available.
There are many ways to securely backup your information, including important documents and priceless family photos, such as cloud-based services and network-accessed storage systems (NAS). You should consider looking into available options and what might be best for you, to have an added layer of security should anything happen to your data or devices.
If you encounter or believe that you have been the victim of online or mobile fraud (i.e., phishing, fraudulent text messages, etc.), please send an email to firstname.lastname@example.org. Be sure to attach any supporting documentation, such as copies of suspicious emails, text messages and questionable links or URLs.
For more information about banking online safely, visit the Privacy and Security page on TD.com.