Recently two of our members reported unauthorized charges on their Hanscom Federal Credit Union credit cards. Both members stated their cards had been compromised when they clicked on a pop-up ad that appeared after they’d completed a survey on a third-party web site. The pop-up ads offered a choice of three “free prizes” when the member paid a shipping and handling fee. What neither member realized is they were also signing up for ongoing subscriptions of products, which would be charged to their credit cards each month.
Our members assumed the prizes were from Hanscom FCU, since they had just filled out a survey about the credit union. However, Hanscom FCU does not offer free prizes via pop-up ads, so we assured our members we had no affiliation with the ads or the products. We regularly test and monitor our web assets to ensure they remain secure; we found upon further thorough investigation that our web site was secure and uncompromised. We also confirmed that our third-party vendor conducting the surveys had no data breaches or security issues. This left us with one other possible explanation for the ads – that our members' computers were infected with malware which had tricked them into buying products they didn't want.
Malware is software designed to infiltrate or damage a computer. You may have heard terms like “virus,” “worms,” “Trojan horses,” and “spyware”: they’re all forms of malware, and for the unwary computer user, they can quickly wreak havoc not just to a computer, but to one’s privacy and finances. Your computer can be infected with malware by downloading files from a compromised website, opening a file that’s sent to you by email, or connecting removable media like a USB drive whose firmware has been infected with malware. Some malware, like “adware,” tries to get you to buy products or take advantage of a “free” offer via a pop-up ad; other types of malware like a Trojan horse allow a remote user to capture your keystrokes to steal files and personal information.
Does it mean your computer is infected with malware if you notice a window popping up on your screen? Not necessarily, according to Scott Heinz, Hanscom FCU’s Assistant Vice President of Digital Strategy. “Many legitimate businesses use pop-up windows on their websites, which is why I don’t recommend enabling pop-up blockers.”
Instead, Heinz says there are more effective ways to combat malware, beginning with the adoption of a new mindset when you surf the web.
“If something sounds too good to be true,” he said, “it usually is.” No one is giving away free diet pills or miracle face creams on the Internet: there’s always a cost, and unfortunately, it can be a steep one.
Here are some other strategies you can use to protect your computer and your personal information from the damage caused by malware:
· Check to see if your computer is infected with malware. PCWorld has a good overview of how to check your computer and remove malware if it’s present.
· Install a reputable brand of anti-virus software program on your computer. Despite countless news reports about corporate data breaches and foreign hackers, sales of antivirus software have declined in the U.S., according to Slice Intelligence, a market research company based in Silicon Valley. PC Magazine has an excellent overview of reputable antivirus programs you should check out. These software programs are frequently updated to combat new malware being developed around the clock by bad actors.
· Ditch weekly scans and schedule daily anti-virus scans. “You’re going to be too late if you wait a week to catch malware,” said Heinz. You can set your anti-virus software to run scans while you’re sleeping.
· If you do choose to use a pop-up blocker, proceed with caution. Because legitimate websites use pop-up windows, Heinz advises member to choose a setting that allows them to approve or block pop-ups from specific sites.
· Practice safe surfing. Even if you have anti-virus software running on your computer, malware can infect it. Cybercrooks work 24/7 scheming up new ways to crack security measures so they can spread their malicious code, so occasionally some nasty software does make it through the gate. Use extreme caution when clicking on links within websites with teaser headlines like, “This One Trick Will Flatten Your Stomach Instantly” or that claim a popular celebrity has passed away. And use an email program that includes a built-in spam filter to weed out communications from those who want to do you harm.
· Protect your credit. Lastly, just as you wouldn’t hand over your credit card to someone who approached you randomly in the street selling something that sounds too incredible to be true, don’t give your credit card number to someone who approaches you randomly on the internet with a similar offer, as Heinz warned.
Despite taking these precautions, if you find that your Hanscom FCU credit card includes unauthorized charges, please contact our Member Services Department immediately at 800-656-4328 so we can investigate and take the necessary steps to protect your account.
Others are reading:
- Scam alert: beware of the fake IRS check
- Online dating scams: breaking the heart and the bank
- Owner beware: scammers target small businesses with these schemes
- Facebook scams: how to spot and avoid them
- 5 scams making news
Comment