Online security: What you need to know to be safe
Your best defense against online fraud and computer viruses is education and discipline.
Email and online security
What is phishing?
"Phishing" (pronounced "fishing") is a scheme used to lure consumers into providing personal and financial information online. Individuals or groups create email messages that masquerade as messages from reputable banks, credit card companies, online auctions, and department stores. The email messages include a link to a fraudulent site known as a "spoof" site that’s crafted to look just like the reputable company’s site. The spoof site then asks consumers to provide or update their personal information. When consumers provide the requested information to the spoof site, the consumer is phished and becomes at risk for account theft, identity theft and computer infection.
If you believe you've received a fraudulent email from someone posing as a Union Plus benefits provider, please forward it directly to us at firstname.lastname@example.org. We will research the issue, let you know if it's legitimate and, as appropriate, take steps to protect other Union Plus benefits users.
If you think that you’ve been a victim of phishing, contact the major credit bureaus:
- Equifax: http://www.equifax.com/
- Experian: http://www.experian.com/
- TransUnion: http://www.transunion.com/
Be wary of suspicious emails.
Carefully review any email requesting or including your username or password information, particularly if the email urges you to provide additional personal information to restore a deactivated account, verify a financial statement, or obtain some kind of reward.
Typical phishing requests are not personalized. Unlike your bank or credit card company that may include your name and/or an account identifier or type, phishing requests typically keep the salutation and information about you generic.
Avoid opening any questionable emails. If you have opened an email that seems suspicious or is from an unknown source, do not open any attachments or links it may contain, and delete it.
Know who you’re dealing with.
Don’t interact with unsolicited email from organizations with whom you do not have a relationship. Be suspicious of numerical Web addresses or URLS. Typically, a company’s Web address or URL includes part or a portion of the company name followed by .com, .org, or .net. A spoof site that uses a numerical Web address (or an IP address) or includes an "@" sign within the address could be a tip-off that the site is fraudulent.
Remember: credit card issuers and financial institutions would not ask you to send or verify your password, Social Security number, or PIN within an email message. Again, only provide information that you initiate through an application, an online transaction, or through normal log-in/sign-up process.
Become familiar with the Web sites that you frequently visit and bookmark these sites. Phony emails or Web sites may try to fool you by looking official.
Protect your personal information.
Only provide credit card or other sensitive personal information to organizations you know and trust. You should never provide your Social Security number or financial information in an email or on any Web site you haven’t confirmed as legitimate.
Never input personal or banking information online without checking that the Web site is in a "secured" environment. Look for an https:// in the Web site address line (URL) at the top of your browser. The "s" in https:// denotes that the Internet session is secured by encryption to keep the information you transmit online protected from unauthorized users. In addition, a locked padlock symbol in the bottom right hand corner of your Internet browser window also indicates that an Internet session is secured through encryption. But be aware that even secure sites can be spoofed to include the https:// prefix and locked padlock.
Pay attention to security warnings provided by your browser or email program.
If your browser alerts you that a site you are attempting to visit is unsafe, avoid that site. If your email program flags a message as suspicious because its sender cannot be verified, do not interact with the email.
Union Plus Credit Card
If you use the Union Plus Credit Card, you benefit from 100% fraud protection. For more on the Union Plus Credit Card site's security and privacy policies, click here.
Credit cards are generally the best way to pay because you have legal rights to dispute the charges if the product or service is misrepresented or never delivered.
You also have limited liability if your card number is stolen or misused. You don't necessarily have the same protection when you are billed through other third parties, such as your telephone company.
And your legal dispute rights are not the same when you pay with a debit card as with a credit card, though most debit card issuers voluntarily offer similar protection. If you pay by check or money order, by the time you realize there is a problem your money will probably be gone.
When dealing with individuals or companies that can't accept payment by credit card, escrow services can provide protection. They hold your money until you have confirmed that you received the product or service and then release the payment to the seller. There is a small fee, but the peace of mind is worth it.
General online and computer security tips
Protect your passwords.
Memorize your passwords. Do not write them down or share them with anyone. Change them regularly and use combinations of letters, numbers, and "special characters" such as @, %, &, and #.
Do not use your Social Security number as a username or password.
Keep your computer operating system up to date.
If your computer is more than five years old, its operating system (e.g. Windows 98, OS 7, etc.) may not offer the same level of protection as newer systems. System manufacturers provide frequent updates to help make your system more secure, possibly automatically through email or via your Internet connection. For more information, visit:
Use a current Web browser.
The latest Web browsers have the latest encryption technology and other security implements that can help keep your data safe. Some sites are implementing new security technologies that are not compatible with older Web browsers.
Install a personal firewall.
Though most office networks include firewall protection, your home computer may benefit from this added level of security. Check to see if your operating system already includes a firewall prior to purchasing a separate one.
Install, run, and keep anti-virus software updated.
Commercially available virus protection software helps reduce the risk of contracting computer viruses that can compromise your security. These programs offer continuous upgrades in response to the latest threats.
Avoid downloading programs from unknown sources.
Downloads from unfamiliar sources may contain hidden programs or viruses that can compromise your computer’s security.
Disconnect from the Internet when not in use.
Dedicated services such as DSL or high-speed cable provide a constant connection between your computer and the Internet. Even if you have a firewall installed, as an additional step to help protect yourself, disconnect from the Internet when not in use to avoid unwanted access to your computer data.
For more information on online security and fraud, visit these sites:
- OnGuard Online: http://onguardonline.gov/
- Hoax Busters: http://hoaxbusters.org/
- National Consumer League’s Fraud Center: http://www.fraud.org/
- Symantec: http://www.symantec.com/norton/security_response/index.jsp
- McAfee: http://us.mcafee.com/root/identitytheft.asp?cid=23903