FDIC Digital Sign, using the official FDIC wordmark. This digital sign indicates the
deposit institution is backed by the full faith and credit of the US government.
April 1, 2025

CyberSecurity Source | Spring 2025

Cyber Security

Don't Fall for Tech Support Scams

You’re browsing the web when a window pops up: Warning! Your computer may be infected!

Or the phone rings, telling you there’s a problem with your computer and you need to take care of it right away. What do you do?

The good news is, there’s no need for alarm. You don’t have to be a computer expert to recognize a tech support scam when you see one.

How can you tell it’s a scam?

First, reputable tech support companies will never make unsolicited phone calls to you or scan your computer without your permission. If you get one of these calls, hang up. Don’t let them talk you into anything, especially sharing passwords or financial information.

Second, if your antivirus software really has detected a problem, it will never prompt you to call a phone number to get help.

While popup windows might imitate your computer’s operating system and warn of danger if you try to close the window or shut down the computer, don’t fall for it. Get rid of the popup by shutting down your browser or doing a hard restart of your computer if necessary. Whatever you do, don’t click it. Doing so could download malware which could compromise your computer.

If there is a problem with your computer, you’ll need to find a reputable repair company. However, a simple web search is not your best option, as many scammers have created online businesses and even created ads to lure people in. Ask a friend for recommendations, read reviews, or search locally, as many stores that sell computer equipment often offer technical support.

By knowing the signs, you can protect yourself from tech support scams. And if you’re ever contacted by a scammer, report it to the Federal Trade Commission at ReportFraud.ftc.gov. The FTC uses this information to track down scammers and put them out of business for good.


Online Account Takeovers and How to Prevent Them

When was the last time you thought about how many accounts you have online? Between digital banking, online shopping, and your various social media accounts, it’s probably a lot. Have you ever thought about what would happen if someone gained access to your accounts?

Online account takeovers are one of the fastest-growing threats in the digital landscape. Read on to learn how online account takeovers happen, their impact, and actionable steps to keep your accounts safe.

How Online Account Takeovers Happen

An account takeover involves cybercriminals gaining unauthorized access to your online accounts. Once inside, they can steal sensitive data, make unauthorized purchases, or use your account for phishing scams. They can gain access to your accounts using a variety of methods.

Credential Stuffing

Oftentimes attackers obtain large numbers of usernames and passwords from data breaches. They then use automated tools to “stuff” these credentials into as many different sites as possible. The success of these attacks is a result of reusing usernames and passwords across accounts.

Phishing Attacks

Phishing schemes trick users into sharing sensitive information like usernames and passwords. These attacks often involve fake emails or websites that look convincingly real, tricking victims into revealing their credentials.

Malware

Malicious software can infect devices and steal personal information, including login credentials. This can be downloaded by clicking on links or files in emails, or by visiting unsafe sites. They then use techniques like keystroke logging to steal your credentials.

The Impact of Account Takeovers for Consumers

Online account takeovers can have serious consequences. Some of the potential impacts are long lasting and hard to fix once the damage has been done.

Financial Loss

Depending on what accounts the hackers gain access to, the financial damage can be severe. If it’s a shopping site, they may use the stolen accounts to make unauthorized purchases using your financial information. This is one of the reasons it’s always a good idea to use credit cards for online purchases, like our CorTrust Bank Visa Credit Card.

If the attackers gain access to your banking information, the damage can be even more severe, and much more difficult to recover from.

Identity Theft

Sensitive personal information, such as social security numbers and addresses, can be compromised. This can lead to further financial loss, damaged credit, and long-lasting financial impact for you.

Preventing Online Account Takeovers

While the consequences of online account takeovers can be severe, the good news is that there are steps you can take to protect your accounts.

Use Strong, Unique Passwords

You’ve probably heard it dozens of times, but that’s because it’s the first, best line of defense when protecting your accounts. Create strong passwords, and don’t repeat them across your accounts.

Here are a few other tips to help you:

  • Create complex passwords that incorporate upper and lowercase letters, numbers, and special symbols.
  • Use a password manager to track and generate secure login credentials.
  • Avoid common phrases, predictable patterns, and reusing passwords across different sites. Some of the most common (and easily guessable) passwords include variations on 1234, qwerty, P@ssw0rd, or other similar overused options.

Enable Multifactor Authentication (MFA)

Whenever possible, enable multifactor authentication. With MFA, even if someone steals your password, they’ll need a secondary authentication factor—like a text message or app-generated code—to access your account, making it much more difficult to gain unauthorized access.

Beware of Phishing Attempts

Be cautious of emails, messages, or phone calls that ask for personal information or want you to click a link or download a file. If you get a message that claims there’s a problem with one of your accounts, type in the address to visit the site and log in from there or call the service number listed on their site.

Use Secure Wi-Fi Networks

The security of your Wi-Fi plays an important role in protecting your accounts. While public Wi-Fi networks are convenient, they often lack robust security measures and can be easily targeted by hackers. For sensitive activities like accessing online accounts, avoid using public Wi-Fi unless you are connecting through a Virtual Private Network (VPN) that encrypts your data. Alternatively, use your mobile data network, as cellular providers encrypt your data and provide a safer connection than an unsecured network.

Set Up Alerts

Many online accounts offer alerts to notify you of unexpected or suspicious activity. Both mobile and online banking offer a variety of alerts to let you know about things like password or contact information changes, or a sign-on from a new device.

Keep Software Updated

Keep your software and operating systems, including mobile devices and apps, up to date to address security vulnerabilities. You can simplify this process by turning on automatic updates whenever possible.

Monitor Account Activity

Regularly review your accounts for any unusual or suspicious activity. Many apps will give you an option to view which locations/devices are signed into your account. Check these lists on a regular basis to look for suspicious activity.

Use Security Software

Install and use reputable antivirus and anti-malware software. You can also add anti-phishing software to protect your browser and email.

What to Do After an Online Account Takeover

Account takeovers can be scary, but by moving quickly to counter the damage, you can limit the impact – and hopefully prevent it from happening again.

Recognize the Signs of an Account Takeover

Look out for signs such as unfamiliar login notifications, unexpected password changes, missing funds, or unauthorized purchases.

Act Quickly

As soon as you realize your account has been compromised, take immediate action to regain control. The longer you wait, the more damage the fraudster can potentially do.

Notify the Account Provider

Contact the provider of the compromised account, whether it's a bank, email service, social media platform, or other online service. Use the provider's official contact information, not any contact details provided by the fraudster.

Change Your Passwords

If possible, change the password for the compromised account immediately. If you reused that password anywhere else, change it for those accounts as well (just remember to use a different strong password!).

Enable Two-Factor Authentication (2FA)

If you haven’t already enabled two-factor authentication for the affected account, do so immediately.

Check for Unauthorized Activity

Review your account activity and transaction history to identify any unauthorized transactions or changes made by the fraudster. Report any suspicious activity to the account provider immediately.

Secure Your Devices

If the account takeover occurred due to malware or a security vulnerability on your device, scan your computer, smartphone, or other devices for malware and take steps to secure them. Update your operating system, antivirus software, and other security programs to the latest versions.

You should also check the account’s list of authorized devices, if available, and revoke access to all other devices. If you share your account between devices or family members, you can always go back later and re-add them where necessary once your account has been secured.

Monitor Your Accounts

Keep a close eye on all of your financial and online accounts for any further signs of unauthorized activity. Regularly review your account statements and set up alerts for unusual transactions or changes.

Report the Incident

If the account takeover involved financial fraud or identity theft, report the incident to the relevant authorities, such as your local law enforcement agency or the Federal Trade Commission (FTC) at www.identitytheft.gov. Provide as much detail as possible about the fraudster's activities and any losses you've incurred.

Alert Your Contacts

If the fraudster used your compromised account to send phishing emails or messages to your contacts, alert them about the situation. Advise them not to interact with any suspicious communications purportedly from you and to be cautious of similar scams.

Educate Yourself

Take this opportunity to educate yourself about common tactics used by fraudsters to take over accounts and how to protect yourself from future attacks. Stay informed about the latest cybersecurity threats and best practices for securing your accounts and personal information.

Safeguard Your Future with Knowledge

Account takeovers can happen to anyone, but with a little preparation and vigilance, you can protect your accounts—and minimize the damage if you ever become a victim. Strong passwords, two-factor authentication, and account alerts are simple ways to boost your account security.

Online safety isn’t a one-time event; it’s an ongoing process. Make account monitoring and security improvements a regular part of your digital habits.

Take the first step toward better protection today—your accounts (and your peace of mind) will thank you.