Your security is important to us. At Comerica, we want to
provide tools and resources to help prevent Internet fraud and have
assembled a partial list of tips to keep your personal
information out of the wrong hands.
Tips to Prevent
Computer/Internet Based Fraud
How to protect yourself
Make sure that you know the person or entity that you are
giving information to whether it's over the Internet, phone, or fax. Do
not provide your personal information unless you have initiated contact.
What to look for
Be suspicious of requests for personal information. Due to
the increase of phishing and other online scams, financial institutions
have changed their practices and are unlikely to ask you for personal
information in an e-mail. Be especially cautious of "urgent" requests,
as "phishers" try to excite or upset customers so they will react
immediately without time to think it through.
Only do business with Internet companies that use a secure
form to capture private information such as account numbers or credit
card numbers. A secure form will tell you that the site you are about
to view is secure and ask if you wish to proceed.
Avoid purchasing products from merchant or auction sites if
the deal looks "too good to be true". If it looks too good to be true,
it probably is.
Don't click the link. If you are concerned about the
authenticity of a financial institution's e-mail, contact your
financial institution directly by phone beforehand. You may also go
directly to your institution's site by typing the URL in the browser.
If you go directly to the site, check for indicators that the pages are
secure, such as a padlock symbol at the bottom of the page and a URL
(e.g., www.comerica.com) that begins with "https " instead of "http".
Change your passwords periodically, using strong passwords
that could not be easily guessed. For example, do not use names (e.g.,
your mother's maiden name) familiar dates (e.g., your birthday), or
your Social Security number (SSN).
Always log off from your online banking session. Shut off
your computer or disconnect from the Internet when not in use.
Check merchant privacy policies and only shop at those that
publish privacy policies with which you agree.
Some phishing attacks use viruses and/or "Trojan Horses" to
install programs called "key loggers".
Ensure your computer(s) are equipped with a security toolkit
to help keep trespassers out. A security toolkit includes anti-virus
and virus detection software, personal firewalls, Adware and
Update the security toolkit frequently, and periodically
check your firewall settings. Install security patches issued by your
software vendor. Update software applications as well as operating
systems and browsers, and be sure to patch the entire suite of
applications that have the same type of operating system
vulnerabilities. A number of Internet Service Providers (ISPs) offer
toolbars to help identify fraudulent sites. Consider installing a web
browser toolbar to help protect you from known phishing websites.
Contact your Internet Service Provider (ISP) to determine which is best
for you. Many patches may be set to install automatically.
If you use a wireless network, install proper encryption,
password protection and secure firewalls.
Laptops are a target for theft. Consider the
physical security of your laptop, as well as the information you store
on it. The following information summarizes some laptop security best
Before you travel, recognize the risks of storing sensitive
information on the local hard drive.
Maintain and regularly update a list of the laptop's
programs and applications, as well as documents containing sensitive
information that are stored on the hard drive. Also, document the
manufacturer's model and serial number. In the event of a theft, this
information will be useful for filing a police report and insurance
claim, replacing the laptop’s programs and applications and recognizing
what information may be available to the perpetrator.
Extra protection while
Consider using alternative methods to store sensitive
information on the laptop when you travel. A paper copy, disc, flash
drive, etc. that can be stored in a locked device or carried on
yourself is acceptable.
Encrypt sensitive information stored on the local hard drive
if you travel. Encrypting is the process of transforming information
into an unreadable form that only the intended user or receiver can
Keep the laptop with you if you cannot physically secure it.
Lock the laptop out of sight, or use a cable locking device.
Watch out for people looking over your shoulder if you use
the laptop in a public place and work with or enter sensitive
Recognize situations where distractions may decrease your
attention on the laptop. These include airport security checkpoints,
checking in to hotels, taxi cab travel, and dining
venues. Avoid giving the laptop to hotel staff to store or to
Conduct a quick check before moving from one location to the
next to ensure you have all your equipment with you.
Is the website credible?
Nothing is foolproof. However, here are some things you can
look for to help determine if a website is legitimate:
- Verify certificates. If the certificate was issued by an
independent certificate authority, due diligence has been performed on
the business. If someone has cloned a website, the website will
probably not have a certificate. If the certificate name does not match
the website, do not use it and notify the owner of the legitimate site.
To verify a website's certificate, right-click on the website page,
click on Properties and then the Certificates button. A legitimate
company's website will most likely have certificate information
available, while a spoofed website may not.
- Grammar and spelling. Is proper grammar and spelling used
on the website and/or e-mail? Most companies take many precautions to
be sure their websites appear professional. If you notice spelling
and/or grammatical errors, be cautious.
- E-mail notification. Be aware if the company routinely
communicates with its customers via e-mail. If so, would they ask for
personal information? If you are unsure of the answer, never respond to
the e-mail. Rather, contact the company by other means (phone, in
person, going to known website, etc).