Internet Fraud and Cyberthreats

Fraud in 2015 appears not to have changed significantly over the previous year, according to the most recent Javelin Strategy Identity Fraud Report. The number of victims remained near the 13 million level, and the financial impact of fraud dropped to $15 billion. But with chip technology becoming the new standard for credit cards and other card types, fraud in storefronts is changing as counterfeit card fraud drops and fraudsters focus on new account fraud instead. Figures like these highlight the need for individuals to be continually on guard against fraud in its various forms, including internet fraud and other types of online threats.

General Online Information
  • Monitor your online account activity for debits, credits, check orders and new payees and accounts that you don’t recognize. If you see anything that looks suspicious, notify your banker immediately.
  • If you use Wi-Fi (wireless) networks, remember that many public hotspots don't have the same security layers as secured networks and therefore may not be as safe. An online search for safety on wireless networks will turn up helpful articles on how to protect your device in public settings.

For more information about specific types of online fraud, select one of the tabs below.

  • Don't respond to unsolicited emails asking for account or credit card numbers, user names or passwords, Social Security number, date of birth or other personal and financial information. Scam emails, also known as "phishing" emails, will often come with an urgent warning and possibly threats that your account will be closed unless you provide the information. (Please note: Regions will not ask for personal information in this manner.) Forward suspicious emails to phishing@regions.com.
  • If a request for information appears to come from a legitimate company but you are suspicious about its authenticity, go to the company's Web site or call the company to provide the information.
  • Any site where you enter personal or financial information should have "https://" in the address line and should include an image of a security padlock somewhere on the screen. However, please be aware that these two items alone do not guarantee that you are at a legitimate, secure site, so follow other precautions described here as well.
  • A variation of phishing is "vishing", in which you receive an email – again, supposedly from a reputable source – with an urgent request for you to call a phone number. You would then be asked to provide sensitive information either by voice or by entering digits.
  • Remember, REGIONS WILL NEVER ASK FOR THIS INFORMATION VIA EMAIL. Click here to view an example of fraudulent email.

Malware contains viruses, Trojan horses or other types of malicious code designed to steal personal information or hijack your computer or other device – without you knowing of its presence. These forms of harmful software can be spread through email, Web sites, text messages, instant messages and more.

  • Make sure your antivirus software is updated and that your firewall is active. Ensure that your antivirus software subscription includes anti-malware software.
  • Don't open emails, attachments or links from a source you don't know and trust.
  • Use your security software to scan attachments before opening.
  • Use complex passwords with letters, numbers and symbols (but not so complex you can't remember them), and change them periodically. And don't write down or share your passwords. Important: Never use your full or partial Social Security number in your user ID or password.
  • Don't use the same user ID on all sites.
  • When you log in to certain Web sites, such as your bank site, it's not uncommon to be asked to answer a challenge question to perform certain tasks. However, even on sites you know are legitimate, beware of unexpected popup boxes asking for other types of personal and account information. Your computer or other device may have been infected with malware by a hacker trying to get you to disclose confidential information.

Social media sites like Facebook and Twitter allow millions of people to stay connected to friends and family like never before. Not surprisingly, the popularity of these sites has made their users attractive targets for identity thieves and hackers.

  • Don't "friend" strangers. Clicking a link in a message from an unreliable source may lead to a malicious site or download harmful software to your computer or device. The condensed web addresses commonly used on social sites may also bypass your spam filters, making it more difficult to tell which links are legitimate.
  • Be careful to whom you provide personal information. Announcing in public forums information like your birthday, email address, phone number and even your child or pet's name may enable an identity thief to track down additional information about you or give them hints to your account and online passwords. So that you don't have to broadcast your email address or phone number to communicate with a friend, most social sites allow you to send and receive private messages; take advantage of that feature.
  • Don't announce upcoming vacations or other trips on a public site.
  • Familiarize yourself with and use the Privacy settings on your social media sites to restrict who can access your page or profile.

Mobile devices today do much more than allow you to make calls. You can surf the Web, text, send and receive email, and more. Unfortunately, these same convenient features can also make you vulnerable to many different types of cyberattacks. Use the same precautions with phone calls made to your mobile phone you would use with your home phone. Likewise, the same rules for protecting yourself from email fraud on your computer would apply if you check email on a mobile device. However, smart phones and other mobile devices also bring with them unique threats.

  • "Smishing" – As a phishing attack would target your email by getting you to click on a link in a message from a supposedly reputable source and provide sensitive information, a smishing attack uses a text message to do the same thing. Don't click on any link or download an application if you have any doubts as to the sender's authenticity, and do not provide personal or financial information in response to an unsolicited message. As many smishing text messages will appear to come from a legitimate source such as your financial institution, make sure you're familiar with the privacy policies and mobile communication safeguards of the sources you allow to send you messages.
  • Mobile app malware – With the market for smart phones and tablet devices exploding, the number of mobile applications that allow you to perform a wide variety of functions on these devices has also grown rapidly. Device manufacturers and software developers have begun to detect and pull an increasing number of apps containing malicious code from app stores. So make sure you only download apps from trusted sources. Also, a growing number of online security providers are now offering anti-malware software for mobile devices that is worth researching.
Tips for your mobile device:
  • Take advantage of any security settings available on your device.
  • Don't store sensitive personal or account information on your device.