I Am Empowered - I am the National Urban League

Anna Cuevas is the National Urban League's new Consumer Advocate, as part of our 2015 Financial Empowerment series. Learn more about Anna here.

The Internet has made it very convenient for us to do our banking, connect with family and friends, easily access information, conduct business, and shop from the convenience of our own homes. However, it has also made it more convenient for technologically-inclined criminals to access and steal our personal information, bank accounts, identity, and hard-earned money.

Cybercriminals use a technique called phishing to get this information. Fraudulent websites and emails are created to lure users, where they are required to provide usernames, passwords, bank account numbers, credit cards, Social Security numbers, and other personal and/or financial information.

Cybercriminals have become very diligent in their ploys. They send phone calls and emails to individuals requesting certain information. The emails and websites they use often include hidden software, called malware, that track keystrokes in order to obtain passwords and private information. Cybercriminals attempt to sound legitimate by:

• Using the names and logos of real companies. They might send an email that for all intents and purposes looks like it came from a business or bank. In addition, they include links that appear to be legitimate and create websites that look identical to authentic sites.
• Borrowing names. They sign emails with names of real individuals who do work for the business, so if you attempted to verify the authenticity of the correspondence, it wouldn’t raise any red flags.

How can you tell if an email or website is legitimate? First, always be skeptical of any emails asking you for information, especially if there does not appear to be a reason for them. Emails requesting you to update your contact information or password should always raise a red flag.

• Copycat or unofficial websites are not secure. Therefore, when you look at the URL (the web address at the top of the screen), you might not see the critical “s” after http. Secure website start with https://.
• Don’t access a website through a link in an email. Instead, type the official secure web address in the browser by yourself, making sure it starts with https://.

Unfortunately, cybercriminals go to great lengths to get the information they want. Sometimes they will threaten you or tell you that your account will be at risk if you don’t follow through with their request. A word for the wise: official companies and businesses never threaten their customers or attempt to solicit information in this manner.

Spelling and grammatical errors are very common in illegitimate emails. They should also raise your suspicions.

Always “test” a link before clicking on it. Simply hold your mouse over the link to see the URL. If it does not indicate it is secure (https://), do not click on the link. Doing so could install unwanted software onto your computer and put you at risk.

If you suspect that you have been a victim of phishing or illegal activity:

• Notify the company. Do not reply to the email and do not use any links or phone numbers contained in that email. Go to their official website and find the “contact us” tab to reach them via telephone or other method.
• Balance your bank accountsand review them frequently for signs of fraudulent activity or identity theft.
• Run virus scans regularlyto detect malware and other malicious software programs.
• Update your computer’s firewall.
• Change your passwordsand don’t use passwords that can be easily guessed. If possible, use a different computer to change your account passwords, just in case malware or other programs have already been installed that can detect your keystrokes.

When you know what to look for and what to avoid, you can avoid biting the hook when cybercriminals come phishing for your information.