Your security is important to us. At Comerica, we want to provide tools and resources to help prevent Internet fraud and have assembled a partial list of tips to keep your personal information out of the wrong hands.
Tips to Prevent Computer/Internet Based Fraud
How to protect yourself
Make sure that you know the person or entity that you are giving information to whether it's over the Internet, phone, or fax. Do not provide your personal information unless you have initiated contact.
What to look for
Be suspicious of requests for personal information. Due to the increase of phishing and other online scams, financial institutions have changed their practices and are unlikely to ask you for personal information in an e-mail. Be especially cautious of "urgent" requests, as "phishers" try to excite or upset customers so they will react immediately without time to think it through.
Only do business with Internet companies that use a secure form to capture private information such as account numbers or credit card numbers. A secure form will tell you that the site you are about to view is secure and ask if you wish to proceed.
Avoid purchasing products from merchant or auction sites if the deal looks "too good to be true". If it looks too good to be true, it probably is.
Don't click the link. If you are concerned about the authenticity of a financial institution's e-mail, contact your financial institution directly by phone beforehand. You may also go directly to your institution's site by typing the URL in the browser. If you go directly to the site, check for indicators that the pages are secure, such as a padlock symbol at the bottom of the page and a URL (e.g., www.comerica.com) that begins with "https " instead of "http".
Change your passwords periodically, using strong passwords that could not be easily guessed. For example, do not use names (e.g., your mother's maiden name) familiar dates (e.g., your birthday), or your Social Security number (SSN).
Always log off from your online banking session. Shut off your computer or disconnect from the Internet when not in use.
Check merchant privacy policies and only shop at those that publish privacy policies with which you agree.
Some phishing attacks use viruses and/or "Trojan Horses" to install programs called "key loggers".
Ensure your computer(s) are equipped with a security toolkit to help keep trespassers out. A security toolkit includes anti-virus and virus detection software, personal firewalls, Adware and Spyware-blocking software.
Update the security toolkit frequently, and periodically check your firewall settings. Install security patches issued by your software vendor. Update software applications as well as operating systems and browsers, and be sure to patch the entire suite of applications that have the same type of operating system vulnerabilities. A number of Internet Service Providers (ISPs) offer toolbars to help identify fraudulent sites. Consider installing a web browser toolbar to help protect you from known phishing websites. Contact your Internet Service Provider (ISP) to determine which is best for you. Many patches may be set to install automatically.
If you use a wireless network, install proper encryption, password protection and secure firewalls.
Laptops are a target for theft. Consider the physical security of your laptop, as well as the information you store on it. The following information summarizes some laptop security best practices.
Before you travel, recognize the risks of sensitive storing information on the local hard drive.
Maintain and regularly update a list of the laptop's programs and applications, as well as documents containing sensitive information that are stored on the hard drive. Also, document the manufacturer's model and serial number. In the event of a theft, this information will be useful for filing a police report and insurance claim, replacing the laptop’s programs and applications and recognizing what information may be available to the perpetrator.
Extra protection while traveling
Consider using alternative methods to store sensitive information on the laptop when you travel. A paper copy, disc, flash drive, etc. that can be stored in a locked device or carried on yourself is acceptable.
Encrypt sensitive information stored on the local hard drive if you travel. Encrypting is the process of transforming information into an unreadable form that only the intended user or receiver can read.
Keep the laptop with you if you cannot physically secure it.
Lock the laptop out of sight, or use a cable locking device.
Watch out for people looking over your shoulder if you use the laptop in a public place and work with or enter sensitive information.
Recognize situations where distractions may decrease your attention on the laptop. These include airport security checkpoints, checking in to hotels, taxi cab travel, and dining venues. Avoid giving the laptop to hotel staff to store or to transport.
Conduct a quick check before moving from one location to the next to ensure you have all your equipment with you.
Is the website credible?
Nothing is foolproof however; here are some things you can look for to help determine if a website is legitimate:
- Verify certificates. If the certificate was issued by an independent certificate authority, due diligence has been performed on the business. If someone has cloned a website, the website will probably not have a certificate. If the certificate name does not match the website, do not use it and notify the owner of the legitimate site. To verify a website's certificate, right-click on the website page, click on Properties and then the Certificates button. A legitimate company's website will most likely have certificate information available, a spoofed website may not.
- Grammar and spelling. Is proper grammar and spelling used on the website and/or e-mail? Most companies take many precautions to be sure their websites appear professional. If you notice spelling and/or grammatical errors, be cautious.
- E-mail notification. Be aware if the company routinely communicates with its customers via e-mail. If so, would they ask for personal information? If you are unsure of the answer, never respond to the e-mail, rather, contact the company by other means (phone, in person, going to known website, etc).