You’re browsing the web when a window pops up: Warning! Your computer may be infected!
Or the phone rings, telling you there’s a problem with your computer and you need to take care of it right away. What do you do?
The good news is, there’s no need for alarm. You don’t have to be a computer expert to recognize a tech support scam when you see one.
First, reputable tech support companies will never make unsolicited phone calls to you or scan your computer without your permission. If you get one of these calls, hang up. Don’t let them talk you into anything, especially sharing passwords or financial information.
Second, if your antivirus software really has detected a problem, it will never prompt you to call a phone number to get help.
While popup windows might imitate your computer’s operating system and warn of danger if you try to close the window or shut down the computer, don’t fall for it. Get rid of the popup by shutting down your browser or doing a hard restart of your computer if necessary. Whatever you do, don’t click it. Doing so could download malware which could compromise your computer.
If there is a problem with your computer, you’ll need to find a reputable repair company. However, a simple web search is not your best option, as many scammers have created online businesses and even created ads to lure people in. Ask a friend for recommendations, read reviews, or search locally, as many stores that sell computer equipment often offer technical support.
By knowing the signs, you can protect yourself from tech support scams. And if you’re ever contacted by a scammer, report it to the Federal Trade Commission at ReportFraud.ftc.gov. The FTC uses this information to track down scammers and put them out of business for good.
When was the last time you thought about how many accounts you have online? Between digital banking, online shopping, and your various social media accounts, it’s probably a lot. Have you ever thought about what would happen if someone gained access to your accounts?
Online account takeovers are one of the fastest-growing threats in the digital landscape. Read on to learn how online account takeovers happen, their impact, and actionable steps to keep your accounts safe.
An account takeover involves cybercriminals gaining unauthorized access to your online accounts. Once inside, they can steal sensitive data, make unauthorized purchases, or use your account for phishing scams. They can gain access to your accounts using a variety of methods.
Oftentimes attackers obtain large numbers of usernames and passwords from data breaches. They then use automated tools to “stuff” these credentials into as many different sites as possible. The success of these attacks is a result of reusing usernames and passwords across accounts.
Phishing schemes trick users into sharing sensitive information like usernames and passwords. These attacks often involve fake emails or websites that look convincingly real, tricking victims into revealing their credentials.
Malicious software can infect devices and steal personal information, including login credentials. This can be downloaded by clicking on links or files in emails, or by visiting unsafe sites. They then use techniques like keystroke logging to steal your credentials.
Online account takeovers can have serious consequences. Some of the potential impacts are long lasting and hard to fix once the damage has been done.
Depending on what accounts the hackers gain access to, the financial damage can be severe. If it’s a shopping site, they may use the stolen accounts to make unauthorized purchases using your financial information. This is one of the reasons it’s always a good idea to use credit cards for online purchases, like our CorTrust Bank Visa Credit Card.
If the attackers gain access to your banking information, the damage can be even more severe, and much more difficult to recover from.
Sensitive personal information, such as social security numbers and addresses, can be compromised. This can lead to further financial loss, damaged credit, and long-lasting financial impact for you.
While the consequences of online account takeovers can be severe, the good news is that there are steps you can take to protect your accounts.
You’ve probably heard it dozens of times, but that’s because it’s the first, best line of defense when protecting your accounts. Create strong passwords, and don’t repeat them across your accounts.
Here are a few other tips to help you:
Whenever possible, enable multifactor authentication. With MFA, even if someone steals your password, they’ll need a secondary authentication factor—like a text message or app-generated code—to access your account, making it much more difficult to gain unauthorized access.
Be cautious of emails, messages, or phone calls that ask for personal information or want you to click a link or download a file. If you get a message that claims there’s a problem with one of your accounts, type in the address to visit the site and log in from there or call the service number listed on their site.
The security of your Wi-Fi plays an important role in protecting your accounts. While public Wi-Fi networks are convenient, they often lack robust security measures and can be easily targeted by hackers. For sensitive activities like accessing online accounts, avoid using public Wi-Fi unless you are connecting through a Virtual Private Network (VPN) that encrypts your data. Alternatively, use your mobile data network, as cellular providers encrypt your data and provide a safer connection than an unsecured network.
Many online accounts offer alerts to notify you of unexpected or suspicious activity. Both mobile and online banking offer a variety of alerts to let you know about things like password or contact information changes, or a sign-on from a new device.
Keep your software and operating systems, including mobile devices and apps, up to date to address security vulnerabilities. You can simplify this process by turning on automatic updates whenever possible.
Regularly review your accounts for any unusual or suspicious activity. Many apps will give you an option to view which locations/devices are signed into your account. Check these lists on a regular basis to look for suspicious activity.
Install and use reputable antivirus and anti-malware software. You can also add anti-phishing software to protect your browser and email.
Account takeovers can be scary, but by moving quickly to counter the damage, you can limit the impact – and hopefully prevent it from happening again.
Look out for signs such as unfamiliar login notifications, unexpected password changes, missing funds, or unauthorized purchases.
As soon as you realize your account has been compromised, take immediate action to regain control. The longer you wait, the more damage the fraudster can potentially do.
Contact the provider of the compromised account, whether it's a bank, email service, social media platform, or other online service. Use the provider's official contact information, not any contact details provided by the fraudster.
If possible, change the password for the compromised account immediately. If you reused that password anywhere else, change it for those accounts as well (just remember to use a different strong password!).
If you haven’t already enabled two-factor authentication for the affected account, do so immediately.
Review your account activity and transaction history to identify any unauthorized transactions or changes made by the fraudster. Report any suspicious activity to the account provider immediately.
If the account takeover occurred due to malware or a security vulnerability on your device, scan your computer, smartphone, or other devices for malware and take steps to secure them. Update your operating system, antivirus software, and other security programs to the latest versions.
You should also check the account’s list of authorized devices, if available, and revoke access to all other devices. If you share your account between devices or family members, you can always go back later and re-add them where necessary once your account has been secured.
Keep a close eye on all of your financial and online accounts for any further signs of unauthorized activity. Regularly review your account statements and set up alerts for unusual transactions or changes.
If the account takeover involved financial fraud or identity theft, report the incident to the relevant authorities, such as your local law enforcement agency or the Federal Trade Commission (FTC) at www.identitytheft.gov. Provide as much detail as possible about the fraudster's activities and any losses you've incurred.
If the fraudster used your compromised account to send phishing emails or messages to your contacts, alert them about the situation. Advise them not to interact with any suspicious communications purportedly from you and to be cautious of similar scams.
Take this opportunity to educate yourself about common tactics used by fraudsters to take over accounts and how to protect yourself from future attacks. Stay informed about the latest cybersecurity threats and best practices for securing your accounts and personal information.
Account takeovers can happen to anyone, but with a little preparation and vigilance, you can protect your accounts—and minimize the damage if you ever become a victim. Strong passwords, two-factor authentication, and account alerts are simple ways to boost your account security.
Online safety isn’t a one-time event; it’s an ongoing process. Make account monitoring and security improvements a regular part of your digital habits.
Take the first step toward better protection today—your accounts (and your peace of mind) will thank you.