The security of your accounts and personal information is our highest priority. Regardless of your preferred method of banking: in person, by telephone, or online, you need to know that your information is safe and secure. Now, more than ever, it is important that you are aware of everything around you and your financial information is no exception.
We encourage you to take a moment to view the information within this Security Center to learn what steps you can implement to better protect your private account information.
If you ever have a security concern, please contact us at 212-218-8383.
Secure Your PC
The internet provides a convenient method for you to find and use countless products and services. At the same time, it can leave you open to scammers, hackers, and identity thieves. Below are some tips on how to protect your information and your computer while online
- Computer Security
- Securing your Wireless Network
- Laptop Security
- Disposing of Old Computers
Cyber Thieves use clever schemes to defraud millions of people around the world each year. Being alert of your online activity can help you maximize the benefits of the internet while minimizing your chances of becoming a victim.
- Hacked Email
- Money Transfer Scams
- Identity Theft
Be Smart Online
The internet makes many everyday tasks faster and more convenient, like shopping, researching products, banking, searching for health information, and communicating on the go. Get tips for being safe and making the most of your time online.
- Cookies: Leaving a Trail Online
- Understanding Mobile Apps
- Tips for Using Public Wifi's
- Investing Online
Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and protecting your personal information. Protecting your Passwords and backing up your files are a necessary precaution.
Use Security Software That Updates Automatically
The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.
If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware.
Don't buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to "break and enter" your computer.
Give Personal Information Over Encrypted Websites Only
If you're shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the "s" is for secure).
Some websites use encryption only on the sign-in page, but if any part of your session isn't encrypted, the entire account could be vulnerable. Look for https on every page of the site you're on, not just where you sign in.
Protect Your Passwords
Here are a few principles for creating strong passwords and keeping them safe:
- The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users.
- Mix letters, numbers, and special characters. Try to be unpredictable – don't use your name, birthdate, or common words.
- Don't use the same password for many accounts. If it's stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don't share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it's probably a scam.
- Keep your passwords in a secure place, out of plain sight.
Back Up Your Files
No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you'll still have access to your files.
Malware is short for "malicious software". It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don't use adequate security software. To reduce your risk of downloading unwanted malware and spyware:
- Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.
- Don't click on any links or open any attachments in emails unless you know who sent it and what it is. Clicking on links and opening attachments – even in emails that seem to be from friends or family – can install malware on your computer.
- Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
- Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the "medium" setting at a minimum.
- Use a pop-up blocker and don't click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the "X" in the title bar.
- Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers use to spread malware.
- Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
- Back up your data regularly. Whether it's text files or photos that are important to you, back up any data that you'd want to keep in case your computer crashes.
Monitor your computer for unusual behavior. Your computer may be infected with malware if it:
- slows down, crashes, or displays repeated error messages
- won't shut down or restart
- serves up a barrage of pop-ups
- displays web pages you didn't intend to visit, or sends emails you didn't write
Other warning signs of malware include:
- new and unexpected toolbars
- new and unexpected icons in your shortcuts or on your desktop
- a sudden or repeated change in your computer's internet home page
- a laptop battery that drains more quickly than it should
Get Rid of Malware
If you suspect there is malware is on your computer, take these steps:
- Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
- Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
- If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
- Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
- Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.
If you think your computer has malware, the Federal Trade Commission wants to know. File a complaint at www.ftc.gov/complaint.
Securing Your Wireless Network
If you don't secure your wireless network, strangers could use it and gain access to your computer – including the personal and financial information you’ve stored on it. Protect your computer by using WPA encryption.
Understand How a Wireless Network Works
Going wireless generally requires connecting an internet "access point" – like a cable or DSL modem – to a wireless router, which sends a signal through the air, sometimes as far as several hundred feet. Any computer within range with a wireless card can pull the signal from the air and access the internet.
Unless you take certain precautions, anyone nearby with a wireless-ready computer or mobile device can use your network. That means your neighbors – or any hacker nearby – could "piggyback" on your network, or access information on your computer. If an unauthorized person uses your network to commit crime or send spam, the activity could be traced back to your account.
Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others. Using encryption is the most effective way to secure your network from intruders.
Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice. It should protect you against most hackers.
Some older routers use only WEP encryption, which may not protect you from some common hacking programs. Consider buying a new router with WPA2 capability.
Wireless routers often come with the encryption feature turned off. You must turn it on. The directions that come with your router should explain how. If they don't, check the company’s website.
Secure Your Computer and Router
Use anti-virus and anti-spyware software, and a firewall. Use the same basic computer security practices that you would for any computer connected to the internet.
Change the name of your router from the default. The name of your router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something unique that only you know.
Change your router's pre-set password. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. Use passwords that are at least 10 characters long: the longer the password, the tougher it is to crack.
Limit Access to Your Network
Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC addresses, so don't rely on this step alone.
Turn off your wireless network when you know you won't use it. Hackers cannot access a wireless router when it is shut down. If you turn the router off when you're not using it, you limit the amount of time that it is susceptible to a hack.
Don’t Assume That Public Wi-Fi Networks Are Secure
Be cautious about the information you access or send from a public wireless network. Many cafés, hotels, airports, and other public places offer wireless networks for their customers to use. These "hot spots" are convenient, but they may not be secure.
A minor distraction is all it takes for a laptop to vanish. If it goes missing, all the valuable information stored on it may fall into the hands of an identity thief. Keep these tips in mind when you’re out and about with your laptop:
- Treat your laptop like cash.
- Lock your laptop with a security cable.
- Be on guard in airports and hotels.
- Consider an alarm for your laptop.
- Consider carrying your laptop in something less obvious than a laptop case.
- Leave your laptop unattended — even for just a moment.
- Put your laptop on the floor.
- Leave your laptop in the car.
- Keep passwords with your laptop or in its case.
Disposing of Old Computers
Getting rid of your old computer? You can ensure its hard drive doesn’t become a treasure chest for identity thieves. Use a program that overwrites or wipes the hard drive many times. Or remove the hard drive, and physically destroy it.
Understand Your Hard Drive
Computers often hold personal and financial information, including:
- account numbers
- license keys or registration numbers for software programs
- addresses and phone numbers
- medical and prescription information
- tax returns
- files created automatically by browsers and operating systems
When you save a file, especially a large one, it is scattered around the hard drive in bits and pieces. When you open a file, the hard drive gathers the bits and pieces and reconstructs them.
When you delete a file, the links to reconstruct the file disappear. But the bits and pieces of the deleted file stay on your computer until they’re overwritten, and they can be retrieved with a data recovery program. To remove data from a hard drive permanently, the hard drive needs to be wiped clean.
How to Clean a Hard Drive
Before you clean a hard drive, save the files you want to keep to:
- a USB drive
- a CDRom
- an external hard drive
- a new computer
Check your owner’s manual, the manufacturer’s website, or its customer support service for information on how to save data and transfer it to a new computer.
Utility programs to wipe a hard drive are available both online and in stores where computers are sold. These programs generally are inexpensive; some are available on the internet for free. These programs vary:
- Some erase the entire disk, while others allow you to select files or folders to erase.
- Some overwrite or wipe the hard drive many times, while others overwrite it only once.
Consider using a program that overwrites or wipes the hard drive many times; otherwise, the deleted information could be retrieved. Or remove the hard drive, and physically destroy it.
If you use your home or personal computer for business purposes, check with your employer about how to manage the information on your computer that’s business-related. The law requires businesses to follow data security and disposal requirements for certain information that’s related to customers.
How to Dispose of Your Computer
Many computer manufacturers have programs to recycle computers and components. Check their websites or call their toll-free numbers for more information. The Environmental Protection Agency (EPA) has information about electronic product recycling programs. Your local community may have a recycling program, too. Check with your county or local government, including the local landfill office for regulations.
Many organizations collect old computers and donate them to charities.
Some people and organizations buy old computers. Check online.
Remember, most computer equipment contains hazardous materials that don’t belong in a landfill. For example, many computers have heavy metals that can contaminate the earth. The EPA recommends that you check with your local health and sanitation agencies for ways to dispose of electronics safely.
You get a flood of messages from friends and family. They’re getting emails from you with seemingly random links, or messages with urgent pleas to wire you money. It looks like your email or social media account might have been taken over. What do you do? For starters, make sure your security protections are up-to-date, reset your password, and warn your friends.
How You Know You’ve Been Hacked
You might have been hacked if:
- friends and family are getting emails or messages you didn’t send
- your Sent messages folder has messages you didn’t send, or it has been emptied
- your social media accounts have posts you didn’t make
- you can’t log into your email or social media account
In the case of emails with random links, it’s possible your email address was “spoofed,” or faked, and hackers don’t actually have access to your account. But you’ll want to take action, just in case.
What To Do When You’ve Been Hacked
1. Update your system and delete any malware
Make sure your security software is up-to-date
If you don’t have security software, get it. But install security software only from reputable, well-known companies. Then, run it to scan your computer for viruses and spyware (aka malware). Delete any suspicious software and restart your computer.
Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically
Software developers often release updates to patch security vulnerabilities. Keep your security software, your internet browser, and your operating system up-to-date to help your computer keep pace with the latest hack attacks.
2. Change your passwords
That’s IF you’re able to log into your email or social networking account. Someone may have gotten your old password and changed it. If you use similar passwords for other accounts, change them, too. Make sure you create strong passwords that will be hard to guess.
3. Check the advice your email provider or social networking site has about restoring your account
You can find helpful advice specific to the service. If your account has been taken over, you might need to fill out forms to prove it’s really you trying to get back into your account.
4. Check your account settings
Once you’re back in your account, make sure your signature and "away" message don’t contain unfamiliar links, and that messages aren’t being forwarded to someone else’s address. On your social networking service, look for changes to the account since you last logged in — say, a new "friend".
5. Tell your friends
A quick email letting your friends know they might have gotten a malicious link or a fake plea for help can keep them from sending money they won’t get back or installing malware on their computers. Put your friends’ email addresses in the Bcc line to keep them confidential. You could copy and send this article, too.
What to Do Before You're Hacked
Use unique passwords for important sites, like your bank and email
That way, someone who knows one of your passwords won’t suddenly have access to all your important accounts. Choose strong passwords that are harder to crack. Some people find password managers — software that stores and remembers your passwords for you — a helpful way to keep things straight. If you use a password manager, make sure to select a unique, strong password for it, too. Many password managers will let you know whether the master password you’ve created is strong enough.
Safeguard your usernames and passwords
Think twice when you’re asked to enter credentials like usernames and passwords. Never provide them in response to an email. If the email or text seems to be from your bank, for example, visit the bank website directly rather than clicking on any links or calling any numbers in the message. Scammers impersonate well-known businesses to trick people into giving out personal information.
Turn on two-factor authentication if your service provider offers it
A number of online services offer "two-factor authentication", where getting into your account requires a password plus something else — say, a code sent to your smartphone — to prove it’s really you.
Don’t click on links or open attachments in emails unless you know who sent them and what they are
That link or attachment could install malware on your computer. Also do your part: don’t forward random links.
Download free software only from sites you know and trust
If you’re not sure who to trust, do some research before you download any software. Free games, file-sharing programs, and customized toolbars also could contain malware.
Don’t treat public computers like your personal computer
If it’s not your computer, don’t let a web browser remember your passwords, and make sure to log out of any accounts when you’re done. In fact, if you can help it, don’t access personal accounts — like email, or especially bank accounts — on public computers at all. (Also be careful any time you use public Wi-Fi.)
Unwanted commercial email – also known as "spam" – can be annoying. Worse, it can include bogus offers that could cost you time and money. Take steps to limit the amount of spam you get, and treat spam offers the same way you would treat an uninvited telemarketing sales call. Don't believe promises from strangers. Learn to recognize the most common online scams.
How Can I Reduce the Amount of Spam I Get?
Use an email filter.
Check your email account to see if it provides a tool to filter out potential spam or to channel spam into a bulk email folder. You might want to consider these options when you're choosing which Internet Service Provider (ISP) or email service to use.
Limit your exposure.
You might decide to use two email addresses — one for personal messages and one for shopping, newsletters, chat rooms, coupons and other services. You also might consider using a disposable email address service that forwards messages to your permanent account. If one of the disposable addresses begins to receive spam, you can shut it off without affecting your permanent address.
Also, try not to display your email address in public. That includes on blog posts, in chat rooms, on social networking sites, or in online membership directories. Spammers use the web to harvest email addresses.
Check privacy policies and uncheck boxes.
When submitting your email address to a website, look for pre-checked boxes that sign you up for email updates from the company and its partners. Some websites allow you to opt out of receiving these mass emails.
Choose a unique email address.
Your choice of email addresses may affect the amount of spam you receive. Spammers send out millions of messages to probable name combinations at large ISPs and email services, hoping to find a valid address. Thus, a common name such as jdoe may get more spam than a more unique name like j26d0e34. Of course, there is a downside - it's harder to remember an unusual email address.
How Can I Help Reduce Spam for Everyone?
Hackers and spammers troll the internet looking for computers that aren’t protected by up-to-date security software. When they find unprotected computers, they try to install hidden software – called malware – that allows them to control the computers remotely.
Many thousands of these computers linked together make up a "botnet", a network used by spammers to send millions of emails at once. Millions of home computers are part of botnets. In fact, most spam is sent this way.
Don’t let spammers use your computer.
You can help reduce the chances that your computer will become part of a botnet:
- Use good computer security practices and disconnect from the internet when you're away from your computer. Hackers can’t get to your computer when it’s not connected to the internet.
- Be cautious about opening any attachments or downloading files from emails you receive. Don't open an email attachment — even if it looks like it's from a friend or coworker — unless you are expecting it or you know what it is. If you send an email with an attached file, include a message explaining what it is.
- Download free software only from sites you know and trust. It can be appealing to download free software – like games, file-sharing programs, and customized toolbars. But remember that free software programs may contain malware.
Detect and get rid of malware.
It can be difficult to tell if a spammer has installed malware on your computer, but there are some warning signs:
- Your friends may tell you about weird email messages they’ve received from you.
- Your computer may operate more slowly or sluggishly.
- You may find email messages in your sent folder that you didn't send.
If your computer has been hacked or infected by a virus, disconnect from the internet right away. Then take steps to remove malware.
Forward unwanted or deceptive messages to:
- the Federal Trade Commission at email@example.com. Be sure to include the complete spam email.
- your email provider. At the top of the message, state that you're complaining about being spammed. Some email services have buttons that allow you to mark messages as junk mail or report them spam.
- the sender's email provider, if you can tell who it is. Most web mail providers and ISPs want to cut off spammers who abuse their system. Again, make sure to include the entire spam email and say that you're complaining about spam.
If you try to unsubscribe from an email list and your request is not honored, file a complaint with the FTC.
When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
Examples of Phishing Messages
You open an email or text, and see a message like this:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
"Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund."
The senders are phishing for your information so they can use it to commit fraud.
How to Deal with Phishing Scams
Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.
Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." But a local area code doesn’t guarantee that the caller is local.
If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
You can take steps to avoid a phishing attack:
- Use trusted security software and set it to update automatically. In addition, use computer security practices.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
Report Phishing Emails
Forward phishing emails to firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email. You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
If you might have been tricked by a phishing email:
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
- Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
Money Transfer Scams
Wiring money – through companies like MoneyGram and Western Union – is like sending cash. Once it's gone, you can’t get it back. That's one reason scammers often insist that people wire money, especially to addresses overseas. It’s nearly impossible to reverse the transfer, trace the money, or track the recipients.
What’s Risky About Using Money Transfers?
Money transfers can be useful if you want to send money to someone you know and trust. At the same time, they are risky when you send money to someone you don’t know. That’s why many law enforcement agencies caution against it.
The recipient of a money transfer gets the money quickly, so it’s nearly impossible to reverse the transfer if you realize you’ve made a mistake.
How to Avoid Money Transfer Scams
Don't wire money to a stranger or someone you haven’t met in person. That includes:
- anyone who insists on wire transfers for payment
- an online love interest who asks for money
- someone advertising an apartment or vacation rental online
- a potential employer or someone who is hiring you to be a mystery shopper
- someone who claims to be a relative or friend in need. They say they’re in a foreign hospital or jail, and they beg you not to tell the rest of the family.
In a variation, scammers ask you to deposit a check for them, and then wire money back to them. The scam is that the check is fake. It will bounce, and you’ll owe your bank the money you withdrew. By law, banks must make the funds from deposited checks available within a few days, but it can take weeks to uncover a fake check. It may seem that the check has cleared and that the money is in your account. But if a check later turns out to be a fake, you’ll owe the bank any money you withdrew.
Report Money Transfer Scams
If you think you’ve wired money to a scam artist, call the money transfer company immediately to report the fraud and file a complaint. Ask for the money transfer to be reversed. It’s unlikely to happen, but it’s important to ask. Then, file a complaint with the Federal Trade Commission at ftc.gov/complaint.
Identity theft occurs when someone uses your name, your Social Security number, or some other personal, financial, or medical information without your permission to commit fraud or other crimes. Online threats like phishing, malware, or hacking can lead to identity theft.
If your personal information is lost, stolen, or otherwise compromised, you can minimize the potential damage from identity theft.
Put a Fraud Alert on Your Credit Reports
Contact one of the three nationwide credit reporting companies, and ask them to put a fraud alert on your credit report:
- Equifax: 1-800-525-6285
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
The one company you call must contact the others. They also will place fraud alerts on your file.
A fraud alert can make it harder for an identity thief to open any accounts in your name. The alert stays on your credit report for at least 90 days. After you create an Identity Theft Report, you can ask for an extended alert on your file.
Review Your Credit Reports
After you place a fraud alert on your credit reports, you are entitled to one free copy of your credit report from each credit reporting company. Read the reports; check to see if your name, address, Social Security number, accounts, and other information are correct.
If the report shows accounts you did not open or debts that are not yours, contact the credit reporting companies to report the fraud and have them corrected. You may want to contact the security or fraud department of each company where an account was misused or opened without your permission, too. Ask the company to send you proof that they corrected or closed the problem accounts.
Create an Identity Theft Report
An Identity Theft Report will help you resolve problems with credit reporting companies, debt collectors, and businesses that allowed the identity thief to open new accounts in your name. The Report can help you:
- get fraudulent information permanently removed from your credit report
- prevent a company from collecting debts that result from identity theft or selling the debts to others for collection
- get an extended fraud alert put on your credit report
It takes three steps to create an Identity Theft Report:
- File an identity theft complaint with the FTC.
- When you file your complaint with the FTC, get a copy of the FTC affidavit that shows the details of your complaint. The online complaint site explains how to print your completed affidavit. If you file your complaint by phone, ask the counselor how to get a copy of your affidavit.
- Take your completed FTC identity theft affidavit and go to your local police, or the police where the theft occurred, to file a police report. Get a copy of the police report or the report number.
Your FTC identity theft affidavit plus your police report makes an Identity Theft Report. Send copies of the Identity Theft Report to companies where you report fraud. Ask them to remove or correct fraudulent information in your accounts.
Learn more about how to protect your personal information and respond to identity theft at http://ftc.gov/idtheft.
Cookies: Leaving a Trail on the Web
Have you ever wondered why some online ads you see are targeted to your tastes and interests, or how websites remember your preferences from visit to visit? The answer may be in the "cookies".
A cookie is information saved by your web browser, the software program you use to visit the web. Cookies can be used by companies that collect, store and share bits of information about your online activities to track your behavior across sites. Cookies also can be used to customize your browsing experience, or to deliver ads targeted to you.
Freedom Bank wants you to know how cookies are used and how you can control information about your browsing activities. Here are answers to some commonly asked questions about cookies – what they are, what they do, and how you can control them.
What is a cookie?
A cookie is information that a site saves to your computer using your web browser. A cookie allows sites to record your browsing activities – like what pages and content you’ve looked at, when you visited, what you searched for, and whether you clicked on an ad. Data collected by cookies can be combined to create a profile of your online activities.
Who places cookies on the web?
First-party cookies are placed by a site when you visit it. They can make your experience on the web more efficient. For example, they help sites remember:
- items in your shopping cart
- your log-in name
- your preferences, like always showing the weather in your home town
- your high game scores.
Third-party cookies are placed by someone other than the site you are on. These may include an advertising network or a company that helps deliver the ads you see. They may be used to deliver ads tailored to your interests. For example, if you read an article online about running, a cookie may be used to note your interest in running, and add that to a profile. And you may see coupons to save money on running shoes.
How can I control cookies?
Various browsers have different ways to let you delete cookies or limit the kinds of cookies that can be placed on your computer. When you choose your browser, you may want to consider which suits your privacy preferences best.
To check out the settings in a browser, use the ‘Help’ tab or look under ‘Tools’ for settings like ‘Options’ or ‘Privacy.’ From there, you may be able to delete cookies, or control when they can be placed. Some browsers allow add-on software tools to block, delete, or control cookies. And security software often includes options to make cookie control easier.
If you disable cookies entirely, you may limit your browsing experience. For example, you may need to enter information repeatedly, or you might not get personalized content or ads that are meaningful to you. However, most browsers’ settings will allow you to block third-party cookies without also disabling first-party cookies.
Keep your browser up-to-date
No matter which browser you use, it’s important to keep it updated. An out-of-date browser can leave your computer vulnerable to attack by malware, which could intercept sensitive data like your log-ins, passwords, or financial information. Most browsers update automatically, or prompt you to update to the latest version.
What are “opt-out” cookies?
Some websites and advertising networks have cookies that tell them not to use information about what sites you visit to target ads to you.
There are a couple of ways to opt out of certain types of data collection or certain kinds of targeted advertising:
- You can download software – an “add-on” to your browser – that controls whether and how cookies – including opt-out cookies – are stored or deleted. You can find add-ons on sites sponsored by the browser. Look through the settings or “Help” function. Browser companies review most add-ons for security and functionality before making them available for download, but as with any software, don’t download an add-on unless you have checked it out and trust the source.
- Programs from the online advertising industry, including The Network Advertising Initiative and the Digital Advertising Alliance, offer tools for opting out of targeted advertising – often by placing opt-out cookies – offered by their members. You also can opt out by visiting advertising networks and advertiser websites one by one.
Deleting all your cookies will erase any opt-out cookies you’ve downloaded. To restore opt-out cookies, you will have to go through the opt-out procedure again.
What’s “private browsing”?
Many browsers offer private browsing settings that are meant to let you keep your web activities hidden from other people who use the same computer. With private browsing turned on, your browser won't retain cookies, your browsing history, search records, or the files you downloaded. Privacy modes aren’t uniform, though; it’s a good idea to check your browser to see what types of data it stores. Although it won’t keep cookies after the private browsing session ends, cookies used during the private browsing session can communicate information about your browsing behavior to third parties.
What are Flash cookies?
A Flash cookie is a small file stored on your computer by a website that uses Adobe’s Flash player technology. Flash cookies use Adobe’s Flash player to store information about your online browsing activities. Flash cookies can be used to replace cookies used for tracking and advertising, because they also can store your settings and preferences. When you delete or clear cookies from your browser, you won't necessarily delete the Flash cookies stored on your computer.
Can I control Flash cookies?
The latest versions of Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer let you control or delete Flash cookies through the browser’s settings. If you use an older version of one of these browsers, upgrade to the most recent version, and set it to update automatically.
If you use a browser that doesn’t support deleting Flash cookies, look at Adobe’s Website Storage Settings panel. There, you can view and delete Flash cookies, and control whether you’ll allow them on your computer.
Like regular cookies, deleting Flash cookies gets rid of the ones on your computer at that moment. Flash cookies can be placed on your computer the next time you visit a website or view an ad unless you block Flash cookies altogether.
Are there other tracking technologies I should know about?
New technologies are constantly emerging, and some can be used to track your online activities even if you control regular cookies. These are generally referred to as “supercookies.” If companies offer you an opt out, they need to respect your preference, whether they use supercookies or regular cookies.
What is “Do Not Track”?
Do Not Track is a tool that allows you to express your preference not to be tracked across the web. Turning on Do Not Track through your web browser sends a signal to every website you visit that you don’t want to be tracked. Companies then know your preference. If they have committed to respect your preference, they are legally required to do so. Some browsers already support Do Not Track. If you want to use Do Not Track, check to see if the browser you use offers it – or use a browser that does.
Understanding Mobile Apps
If you have a smart phone or other mobile device, you probably use apps – to play games, get turn-by-turn directions, access news, books, weather, and more. Easy to download and often free, mobile apps can be so much fun and so convenient that you might download them without thinking about some key considerations: how they’re paid for, what information they may gather from your device, or who gets that information.
Mobile App Basics
What’s a mobile app?
A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet or music player.
What do I need to download and use an app?
You need a smart phone or another mobile device with internet access. Not all apps work on all mobile devices. Once you buy a device, you’re committed to using the operating system and the type of apps that go with it. The Android, Apple, Microsoft and BlackBerry mobile operating systems have app stores online where you can look for, download, and install apps. Some online retailers also offer app stores. You’ll have to use an app store that works with your device’s operating system. To set up an account, you may have to provide a credit card number, especially if you’re going to download an app that isn’t free.
Data Plans and Wi-Fi: Two ways to access the internet from your phone
You can access the internet using a data plan tied to your phone service, or through a Wi-Fi hotspot. Phone companies generally charge a monthly fee for a data plan that can connect you to the internet.
Wi-Fi connections usually are faster, but you have to be in range of a hotspot to use one. Most public Wi-Fi hotspots – like those in coffee shops, airports, and hotels – don't encrypt the information you send over the internet and are not secure. Get tips for using public Wi-Fi.
To set up a home wireless network, you'll need to pay for internet access and a wireless router, and you’ll want to take steps to secure the network.
Why are some apps free?
Some apps are distributed for free through app stores; the developers make money in a few ways:
- Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
- Some apps offer their basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
- Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases.
- Some apps are offered free to interest you in a company’s other products. These apps are a form of advertising.
Questions About Your Privacy
What types of data can apps access?
When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access:
- your phone and email contacts
- call logs
- internet data
- calendar data
- data about the device’s location
- the device’s unique IDs
- information about how you use the app itself
Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.
If you’re providing information when you’re using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting your data, they may share it with other companies.
How can I tell what information an app will access or share?
It’s not always easy to know what data a specific app will access, or how it will be used. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.
If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them. It’s useful information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read your text messages.
Why do some apps collect location data?
Some apps use specific location data to give you maps, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.
Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself.
Your phone uses general data about its location so your phone carrier can efficiently route calls. Even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.
Questions About Advertising
Why does the app I downloaded have ads in it?
Developers want to provide their apps as inexpensively as possible so lots of people will use them. If they sell advertising space in the app, they can offer the app for a lower cost than if it didn’t have ads. Some developers sell space in their apps to ad networks that, in turn, sell the space to advertisers.
Why do I see the ads I do?
Advertisers believe you’re more likely to click on an ad targeted to your specific interests. So ad networks gather the information apps collect, including your location data, and may combine it with the kind of information you provide when you register for a service or buy something online. The combined information allows the mobile ad network to send you targeted ads – ads that may be relevant to someone with your preferences and in your location.
Malware and Security Concerns
Should I update my apps?
Your phone may indicate when updates are available for your apps. It’s a good idea to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.
Could an app infect my phone with malware?
Some hackers have created apps that can infect phones and mobile devices with malware. If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware.
If you think you have malware on your device, you have a few options: you can contact customer support for the company that made your device; you can contact your mobile phone carrier for help; or you can install a security app to scan and remove apps if it detects malware. Security apps for phones are relatively new; there are only a few on the market, including some with free versions.
Mobile App User Reviews
Can I trust all the user reviews I read about an app?
Most app stores include user reviews that can help you decide whether to download. But some app developers and their marketers have posed as consumers to post positive comments about their own products. In fact, the Federal Trade Commission recently sued a company for posting fake comments about the apps it was paid to promote.
Tips for Using Public Wi-Fi Networks
Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but they’re often not secure. When using a hotspot, it’s best to send information only to websites that are fully encrypted.
You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you're not sure, treat the network as if it were unsecured.
How Encryption Works
Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others. When using wireless networks, it’s best to send personal information only if it’s encrypted – either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.
How to Tell If a Website is Encrypted
If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server – a powerful computer that collects and delivers content. Many websites, such as banking sites, use encryption to protect your information as it travels from your computer to their server.
To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.
Don’t Assume a Wi-Fi Hotspot is Secure
Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure.
If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
An imposter could use your account to impersonate you and scam people you care about. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.
Protect Yourself When Using Public Wi-Fi
So what can you do to protect your information? Here are a few tips:
- When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
- Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
- Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
- If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees.
- Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA encryption protects your information against common hacking programs. WEP may not. WPA2 is the strongest. If you aren’t certain that you are on a WPA network, use the same precautions as on an unsecured network.
Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure.
Investment opportunities that claim to be low risk and high reward almost always are frauds. When researching investments, turn to unbiased sources, like:
It’s important to have updated security software and practice basic computer security on any computer you use to access financial accounts.
Avoid Investment Scams Online
Independently verify claims.
Never ever invest based solely on what you read in an online newsletter, bulletin board posting, or blog — especially if the investment involves a small company that isn't well-known. It's easy for a company or its promoters to make grandiose claims about new product developments, lucrative contracts, or the company's financial health. Before you invest, you must independently verify those claims. Use unbiased sources, such as the U.S. Securities and Exchange Commission (SEC), your state securities regulator, and securities industry self-regulatory organizations (including FINRA, Amex, and Nasdaq).
Do your homework.
Many investment frauds, including online scams, involve unregistered securities — so always investigate before you invest. Offers to sell securities must be registered with the SEC or be eligible for an exemption, otherwise the offering is illegal. To see whether an investment is registered, check the SEC's EDGAR database and call your state securities regulator for more information about the company and the people promoting it.
Be skeptical of references.
Fraudsters falsely assure you that an investment is properly registered with the appropriate agency and then give you a phone number so you can verify that "fact." Sometimes they give you the name of a real agency, and sometimes make one up. But even if the agency does exist, the contact information they provide invariably is false. Instead of speaking with a government official, you'll reach the fraudsters or their colleagues, who will give high marks to the company, the promoter, or the transaction.
Thoroughly Check Out Promoters and Company Officials.
Many fraudsters are repeat offenders. When the SEC sues a person or an organization, the agency issues a "litigation release." For litigation releases going back to 1995, simply run a search for the promoter, his or her company or newsletter, the company being touted, and its officers and directors. You also can check out the person or entity promoting the opportunity by using FINRA 's free BrokerCheck service or by calling your state securities regulator.
Find Out Where the Stock Trades.
Many small companies cannot meet the listing requirements of a national exchange. The securities of these companies trade instead in the "over-the-counter" (OTC) market and are quoted on OTC systems, like the OTC Bulletin Board or the Pink Sheets. Stocks that trade in the OTC market generally are among the most risky and most susceptible to manipulation.
Look out for high-pressure pitches.
Beware of promoters who pressure you to buy before you have a chance to think about and fully investigate an investment opportunity. Don't fall for the line that you'll lose out on a "once-in-a-lifetime" chance to make big money if you don't act quickly.
Consider the source and be skeptical.
Whenever someone offers you a hot stock tip, ask yourself a couple of questions: Why is this person giving me this tip? How might he or she benefit if I trade? The person touting the stock may well be an insider of the company or a paid promoter who stands to profit if you trade.
How to Report Online Investment Fraud
If you have problems with your online investment account — or if you suspect an investment scam:
File a complaint with the SEC using the agency's Online Complaint Center. Include as many details as possible: a summary of the problem and the names, addresses, telephone or fax numbers, and email addresses or websites of any person or firm involved.
For more information on investing wisely and avoiding costly mistakes, visit the SEC's investor website.
If you believe your personal information has been misused: