5 Steps To Take After Being Hacked

Uh oh — you’ve been hacked! Finding out someone has cracked open your accounts and helped themselves to your information can be alarming, but there are ways to mitigate the damage while jump-starting your recovery process.

Here are five steps to take after being hacked.

Step 1: Assess the damage

First, take a step back and determine how much damage was done. Unfortunately, one hacked password can often be the gateway to multiple hacked accounts and even complete identity theft. This is especially true if you use the same password for several accounts, or use the hacked account or device for password recovery on other accounts. So, first things first: Review your credit card and account statements for any suspicious activity.  Also, try accessing your email, social media accounts and mobile devices to see if they’ve been hacked.

Step 2: Change your passwords

Once you know which accounts and devices have been hacked, change the passwords and PINs on these accounts. For an added measure of protection, it’s a good idea to change the passwords on all of your accounts that may hold sensitive information. Remember to choose strong, unique passwords for every account. A strong password uses a combination of letters, numbers and symbols; varies the use of capital letters; and does not use a piece of personal information that can easily be scraped off the internet, such as your date of birth or home address. You may want to use a password service like LastPass  or  StickyPassword to make this step easier.

While completing this step, consider signing up for two-factor authentication for any accounts that do not already have it in place.

Step 3: Protect your credit

Now that you’ve blocked the hacker(s) from your accounts, it’s time for damage control.

First, dispute any fraudulent charges on your compromised account(s). If necessary, have the account(s) locked, or even shut and/or deleted.

Next, place a fraud alert on your credit reports. This serves as a red flag to potential lenders and creditors, making it more difficult for the scammer to open up additional lines of credit or to take out a loan in your name.

Consider a credit freeze as well. This blocks potential lenders from accessing your credit report, making it impossible for the hacker to open new credit accounts in your name. (Note, you will need to lift the freeze for any legitimate credit you are applying for).

Step 4: Alert the authorities

You can alert the Federal Trade Commission (FTC) about a possible or confirmed identity theft at identitytheft.gov.  You’ll also find a detailed recovery plan on the site to help you repair your credit and reclaim your identity.

Hacking is usually done remotely, but it’s still a good idea to let your local law enforcement agencies know about the breach. This way, they can be on the alert if the hacker decides to assume your identity and use your credit cards in stores near your hometown.

Also, if you haven’t already done so, don’t forget to let Destinations Credit Union know what’s happened! Whether it’s a credit card that’s been stolen, a checking account that’s been breached or a social media account that’s been broken into, we’ll do all we can to protect your accounts. If you’ve been hacked, give us a call at 410-663-2500 to see how we can help.

Take additional precautions with your Destinations Credit Union credit and debit cards by using card controls in our mobile app. You can set up an alert to get a message each time your card is used. You can also temporarily or permanently lock your card from the mobile app.

Step 5: Proceed with caution

Once you’ve taken all necessary steps toward damage control and mitigation, you can start thinking about the future.

It’s important to keep a close eye on your accounts for the next month. Look out for any suspicious activity on all accounts, including charges you don’t recall making, large withdrawals of cash and even new loans being opened in your name. If you find any fraudulent activity, be sure to let the account holders know and to follow the steps suggested above.

If you’ve opted to go with a credit freeze, it will generally lapse after 90 days. If your accounts are determined to be safe, consider opening new lines of credit now to jump-start the recovery of your credit health.

If the hacker went all out and stole your identity, it’s best to follow the recovery plan outlined by the FTC . This plan may include replacing your Social Security number, driver’s license and more.

Getting hacked is never fun, but taking immediate and decisive action can help mitigate the damage, as well as speed up the recovery process.

Your Turn: How have you dealt with your accounts being hacked? Tell us about it in the comments.

Sources:
https://www.allthingssecured.com/identity-protection/what-to-do-when-youve-been-hacked-step-by-step-guide/
https://digitalguardian.com/blog/data-breach-experts-share-most-important-next-step-you-should-take-after-data-breach-2014-2015

Beware Of Phishing Scams!

Scammers never take a break! Just when you think they’ve run out of steam, another *scam surfaces in which fraudsters try to quietly take both your money and information.

The Federal Trade Commission (FTC) has warned of a recent upsurge in phishing scams involving credit unions. With just a bit of online digging, scammers lure victims into forking over thousands of dollars or divulging confidential information.

Like all phishing scams, the scammer contacts the victim, posing as a legitimate business or service provider that the victim is familiar with. In this case, the scammers claim to be a representative of your credit union.

The fraudsters use social engineering to trap their victims. This means they take advantage of social norms to inspire trust and manipulate people into clicking on their links or answering their emails. It’s almost impulsive for people to download attachments that look like they’re from friends or a familiar business.

The scammers most commonly reach out via email, but they may also use mediums like phone calls, text messages or social media sites. They convince the victims of their legitimacy by providing some personal details about the victim – which they easily pull off the internet.

Victims are lured into providing information with the promise of compensation for a survey or by claiming the victim needs to verify or update an account. Once the scammer has the information, they can empty the victim’s accounts, track their online activity and/or steal their identity.

Alternately, the scammer may lead a victim to click on links that are embedded with spyware. The links lead to a website that may look just like the credit union’s site, but is actually bogus. In such instances, the victim is probably certain they’re browsing their credit union’s website, and won’t hesitate to share information or input usernames and passwords.

The biggest clue that these transactions are scams is their means of communication. Your credit union will never ask for sensitive information through insecure channels. We also won’t ask you to verify your account number – we already have that information!

Despite this red flag, hundreds of people are falling prey to phishing scams. Don’t be the next victim! Here are four tips to help you protect yourself from phishing scams:

1.) Ignore suspicious emails

When online, be on guard. If you receive an email from an unidentifiable source, ignore it. Don’t reply to the email, click on any embedded links or open attachments. If you suspect an email is from a scammer, delete it and add the domain and email address to your spam filter to prevent a recurrence.

Similarly, never “friend” or otherwise accept communications from a stranger via social media. Facebook and Snapchat are for real buddies only!

As a general rule, it’s best not to share any personal information over the internet. If you do need to provide financial information over the web for completing a transaction, only use a secured site. You can verify a site’s security by looking for a lock icon on the browser’s status bar or by finding a URL that begins with “https.” The “s” signifies that this is a secure site. Remember, though, that these indicators are not foolproof in any way. Even a secure site can be hacked.

2.) Alert Destinations Credit Union

The best way to stop scammers in their tracks is to report every attempt they make. If you have reason to believe you’ve been contacted by a scammer impersonating [credit union], let us know! Send us an email with all the details of the scam attempt so we can catch those crooks. It’s best to forward the exact email you received. If you’ve already deleted the email, report the date, time of day and all other details you can recall. The more we have to work with, the easier our hunt will be.

3.) Report all suspicious activity

While we will do all we can to stop these phishing scams, we can use all the help we can get. That’s why it’s important to file your complaint at www.ftc.gov. You can also visit the FTC’s Identity Theft website at www.consumer.gov/idtheft to learn how to minimize the fallout of a possible identity theft.

4.) Strengthen your computer’s protection

It’s always a good idea to beef up your computer’s border control. Equipping yourself with sufficient antivirus software will protect it from accepting these emails in the first place. If your software doesn’t update automatically, be sure to update it manually on a frequent basis so it will recognize and reject the most current viruses and scams.

A strong firewall will prevent scams and viruses by making you invisible on the internet and blocking all communication from foreign, unauthorized sources. It’s especially prudent to run a firewall if you use a broadband connection.

If you’re a genuine social media junkie, be sure to make your settings as private as possible. Don’t lay out your life for just anyone to see. Having another few hundred “friends” or “likes” is not worth the risk of a stolen identity!

Finally, as mentioned above, all suspicious email addresses should be added to your email’s blacklist as quickly as possible. Remember: Your spam filter is only as strong as you allow it to be.

With precaution, alertness and the proper steps toward prevention, you can keep yourself safe from phishing scams!

Your Turn: Have you ever reported suspicious emails or other messages? What made you flag it as a scam? Share your experience with us in the comments!

SOURCES:
https://www.navyfederal.org/security/phishing-scams.php 

https://www.mycreditunion.gov/protect/fraud/pages/default.aspx 
https://insightcreditunion.com/tools/fraud_prevention/how_not_to_get_hooked_by_a_phishing_scam.aspx 
https://www.mccoyfcu.org/security-center/fraud-and-scams.html