Staying Secure

Tips for Protecting Your Money and Identity


As our world becomes increasingly integrated, we all need to improve our security game. It’s no longer enough to simply shred our old bank statements and lock our doors at night. In the internet age, we need to make sure our digital doors are locked, too.

Here at Mascoma Bank, security is a constant concern and we have implemented scores of procedures and use many products to keep our customers safe. However, we rely on the customers themselves to be part of the best defense. Read on for some tips on the best ways to stay safe with email, passwords, scams, and shopping!

Staying Safe in the Digital Age - Click to download this helpful guide

How To Spot When You’re Being Scammed

It’s a sad fact of modern life: innovations in technology allow scammers from all corners of the world to rip people off. Your best line of defense is to spot when you’re being scammed and nip it in the bed.

Honest people don’t think like con artists, which is what makes them vulnerable to the persuasive lies of fraudsters in the first place. Fortunately, you don’t have to totally change your way of thinking (or living) in order to protect yourself. A little education about the schemes you’re most likely to run into and how to respond to them goes a long way toward keeping you out of harm’s way.

The first thing to remember is this: Scammers do not confine their activities solely to the Internet and your email inbox. Every week, the U.S. Treasury Inspector General receives many thousands of consumer complaints about possible telephone frauds. And unscrupulous people still practice the art of deception with face-to-face encounters. These might start with a smile and a friendly handshake or tears and a plea for assistance.

The second thing to remember is that, for scammers, it’s all about the money. Always. Scammers can get at your money in numerous ways. They can ask for it directly by setting up a fake charity to which you willingly contribute. They can purchase something from you and send a check that is “accidentally” more than the agreed upon price, and ask you to send the difference back to them before you cash their check. They can lure you into a long-distance, virtual love affair and ask you to send money to help them move closer. They can scare you into believing that the personal information on your laptop is dangerously compromised, and only their expensive software will solve the problem.

Regardless of how scammers operate, this is what you need to look out for. And if any of these sound familiar, check out our article on what to do when you think you’ve been scammed.

Be wary of any person who contacts you unexpectedly, even if it’s an old friend or a relative. Now, if your sorority sister who you haven’t spoken to for years suddenly calls and wants to catch up, don’t immediately hang up. But if a breezy conversation turns to money, experts suggest you get off the phone, delete the email, and unlike her on Facebook. If a long-lost relative gets in touch because your nephew needs to make bail or a granddaughter is stranded in a foreign country, check with other family members before you transfer any funds.

The more urgent a situation seems to be, the more you should avoid it. The sky is not falling. If an organization or individual is pressuring you to send money RIGHT NOW, slow down. Take a name and number. Don’t respond to the email that instant. Don’t write checks or give out bank information under duress. If someone is pressuring you, that’s a clear sign that you need time to think before you act.

Use extreme caution when downloading software from unknown sources. Never download software in response to online or telephone warnings that your computer is in danger. There’s money to be made in deliberately infecting people’s computers through software that claims to solve problems. Get advice from your local computer expert.

If the IRS needs to contact you, its first communication will not be in the form of a phone call, email, or text, even if you owe them money. If you receive anything other than a letter allegedly from the IRS, a scammer is hiding behind that official sounding phone call, text, or email.

If you have to pay a fee to collect a prize, whether it’s a new blender or a million dollars, it’s a hoax.

How To Spot Fraud Emails, and How To Handle Them

We all know what phishing means, and, unfortunately, it’s got nothing to do with reeling in a largemouth bass. But knowing what phishing is and actually recognizing it are two different things.

Let’s take a look at how to spot—and stop—those fraudulent “phishy” emails. If an email looks fishy, it probably is. If you’re scrolling through your inbox and stumble upon an email with these characteristics, stay safe by taking note.

  • It’s an email from a person or a company you’ve never heard of before
  • The spelling in the subject heading is really odd
  • Someone is asking you for money
  • The text reads like a bad translation from Chinese to English
  • You’ve won something from a contest you don’t remember entering

Delete these emails without opening them.

If you do open an odd looking email (hey, it happens), do not under any circumstances click on any links leading you to a website. The second you click on a link from a fraudster, you put your computer at risk for a dizzying array of malware. The same goes for attachments. Once your suspicions are aroused, the key to protecting yourself is to not go any deeper inside the deception.

Again, delete the email.

The scary thing about “phishy” emails is that they can be very well camouflaged. They look real. Let’s say you not only opened the email, you also linked to a website or opened an attachment, and now you’re being asked to provide information about your bank account or your credit card. Don’t do it! Asking for personal information is one of several things that a legitimate company will never do online.

Here are some other ways to spot the difference between a real and a fake business lurking inside your inbox and protect against cyber attacks. A little fraud protection goes a long way.

  • Legitimate businesses use your name. If you open an email and find yourself addressed as “Dear Bank Customer,” for example, you’re almost certainly looking at a phishing expedition. The people you normally do business with know and use your name.
  • Real companies provide you with specific information about your accounts, not the other way around. Your bank and credit card companies already know what your account numbers are. In fact, they may include partial account numbers in their communications with you, which is a way for you to know that the email is not part of a scam.
  • A legitimate business will not ask you to verify your password online. To email phishers, passwords are like the keys to a kingdom of illicit opportunities. In addition to not verifying your passwords online, you also need to keep each and every password for each and every site you access a unique, hard-to-crack combination of letters, numbers and special symbols. Should you slip up and give out one password, at least the others will be safe.
  • A sense of urgency and dire consequences are signs of fakery. It’s hard not to panic if you open an email that says you’re going to lose your car insurance or your credit card account is going to be closed if you don’t respond ASAP. But you should never respond to an email communication while you’re feeling unsettled. Calm your nerves. Then, if you feel that you actually need to respond, that’s okay. Just don’t do it via email or by clicking on a link. Get the company’s customer service number off a statement (or the back of a card) and give them a call.

What to Do When You Think You’ve Been Scammed

Even if you take precautions against scammers, sometimes fraud happens. If a scammer manages to break through your defenses, you need to be prepared—mentally and emotionally.

Fear is the scam artist’s greatest weapon. That’s why they send texts demanding ransom for an adult child who has been kidnapped. They send emails purportedly from the IRS threatening you with massive fines or a lawsuit if you don’t send money immediately. They call out of the blue and explain in startling detail how susceptible your computer is to hackers unless you buy their (very expensive) software. They pretend to be the grandson you seldom see, and tell you to send bail money to rescue him from some ridiculous mix-up in another state.

Whatever the scenario may be, its design is meant to scare you so badly that you click off your critical thinking skills and just do whatever the conman tells you to do. When you find yourself on the receiving end of a terrifying communication, the simplest—but hardest—thing to do is to stay calm. That’s easier said than done, of course. But when a scammer leaves you feeling as if your stomach just jumped out of your body, your absolute first line of defense is to not panic.

Once your emotions are under control and you can think straight again, the rest is actually quite easy. You disconnect. Hang up the phone. Delete the text. Close the email. This may require some firmness—the con artist, after all, doesn’t want to let you get away. But you can end the interaction without raising your voice or even being impolite if you have a rehearsed line ready to use. Think of one that suits you and don’t hesitate to use it should the need arise. Try one of these:

“I’m just heading into a meeting. I need to go now.”

“I’m driving. I need to get off the phone.”

If you think a scammer has targeted you, there are steps you can take to protect yourself and alert others. Here’s what to do when you think you’ve been scammed.

  • Report the incident to the local police. Using deceptive practices to separate people from their money is a criminal act. How the police choose to pursue the matter will be out of your hands, but they can’t do anything if the crime is never reported in the first place.
  • Telephone and Internet scams can be reported to the National Fraud Information Center. NFIC is also a source of valuable information, providing links to federal and local agencies, such as your state’s attorney general’s office.
  • File a complaint with the Federal Trade Commission. If the FTC receives enough complains about a scam that’s making the rounds, they may go after the suspected culprits.
  • Contact local news outlets. You’d be surprised how many newspapers, radio, and television news stations follow up on story ideas from their readers and listeners. If the reporters determine your complaint is valid, it may make it into the news and serve as a warning to others.

Teach Kids to be Safe in the Digital Age

Where technology and children intersect, it’s easy for parents to feel fearful about what’s lurking out there in the jungles and dark alleys of the internet.

Teaching kids to be safe in the digital age doesn’t have to be a daunting task, but it’s well worth laying the groundwork for smart habits early. Just talking to them may be enough to get started.

Parents have always wanted to protect their kids. Before the internet and smartphones, there were dangerous people and unsafe places that parents tried to steer their children away from. The same holds true today, whether parents are worried about actual roaming or virtual wandering, verbal attacks or cyber attacks, lunch money theft or identity theft. And while there’s never been a way to 100 percent guarantee the safety of your children, what worked best in the past may work just as well in the present as you teach kids to be safe.

Communication is the key, because you are never going to outrun the pace of technology. There will always be some new thing that takes you by surprise. As soon as your kids start interacting with the virtual world, you need to open up a dialogue—and keep it going—about what they encounter in that alternate universe.

Think of it as a new twist on the old “What did you learn at school today?” In our digital times, the line of inquiry may have to undergo a few modifications. What online games did you play today? Who’d you see on Facebook? Where did you find help for your math homework? What YouTube videos are you watching these days? Let’s watch some together.

If the conversation seems open and honest and carefree, all is probably well. But if the kids seem evasive—if they’re squirming in their seats, blushing, giggling, and hiding their faces behind their hands (you’ll know it when you see it), you might want to take your questions a step further.

Did they see anything that made them uncomfortable? Did they read something that scared them? Did they receive messages from a stranger? Keep them talking. It’s your best chance to understand what’s going on.

Of course, actions can supplement your words. There are some proactive steps parents can take to protect their kids online and teach them to practice good cybersecurity.

Set up computers in the common areas of the home, such as the living room or kitchen. That can get tricky with today’s mobile phone technology, but children—even teenagers—don’t actually need access to their phones 24/7. Ditto for parents!

Limit the amount of time children have to immerse themselves in the online world. This can be done the old-fashioned way, by straight out telling them what the limits are. Or use monitoring software (discussed next) to help set those limits.

Technology can help. A parental control utility, costing anywhere from $20 to $100, offers a variety of features. It can set an online curfew, filter content, track social media use, provide real-time notification of misuse, and allow for remote management. Compare products before you make a purchase (there are numerous sites to help with that) and make sure you get software that covers all the devices your children use.

If your kids are old enough to understand the concept of a contract, work with them to come up with an agreed list of rules that they will pledge to abide by. The rules might include promising to never give out personal information or promising to never post a photo without getting parental permission first.

Stay Safe While Shopping Online

Even if you relish the experience of supporting the independent gift shop in your hometown, nearly everyone does at least some shopping online. You know it. The retailers know it. Unfortunately, the cyber crooks know it, too.

So, even before you pull out your credit card, take the time to ensure your online shopping will be as secure as it can be. Be smart about fraud protection and cybersecurity!

First, your anti-virus software needs to be up-to-date. Also, if you’re visiting a new site, before you provide any personal information, check to make sure it is secure. Back out of a site if you don’t see an “s” in the “http” in the web address, and take a few seconds to find some indication that the site is secured by a company such as VeriSign. If you don’t already use a commercial password manager, now might be the time to find one. If you have been using the same password on multiple sites, a so-called “secure” site is not really secure—be sure to practice wise password management.

A few extra precautions amidst the hustle and bustle of a brick-and-mortar store are in order as well. Play your cards close to your chest—literally! You might not have your credit/debit card number memorized, but if you’re standing in a long checkout line, the person behind you could have a better memory than you do, and they might not be afraid to use it for criminal purposes. Keep your card in your wallet until you’re ready to use it and make sure it goes right back into your wallet when your transaction is complete.

Regardless of where you get your shopping done, there are a few more precautions to take to protect your cards.

Fill out credit/debit card receipts completely. Think about all the services you pay for on credit or debit cards for which you might leave a tip. If you leave a nice tip for your server or hairdresser, be sure to fill in the blanks completely and add it all up. That way, no one can add any extra numbers to the total.

Clean out your purse or wallet and only carry what you need. Choose one card, and stick with it. The more cards you use online, the more you open yourself up for online thieves to steal your information. And the more cluttered your handbag or wallet is, the more likely you are to lose a card or to have one stolen. If you want to rack up reward points, use one—and only one—credit card. Better yet, use your debit card. It’ll help you stick to your budget.

You wouldn’t lend your credit/debit card to a stranger, but don’t hand it out to your friends (or children or spouses), either. This isn’t a matter of trust, but of control. If the card is not in your possession, you have no way to control how it is being used—or misused.

Essential Tips for Better Password Management

You see the headlines all the time. Hackers almost routinely steal private, valuable information from department stores, hospitals, and banks. But one of the most important things you can do to protect yourself is probably the one thing you don’t do—manage your passwords.

It’s a slippery slope. You started out following the experts’ advice, diligently creating a unique, complex password for each and every website you accessed. But then you started shopping online, banking online, taking classes online, working online, looking for work online—face it, you started doing everything online—and your good intentions went the way of the dinosaurs.

By now, you likely use the same password, with minor variations, on nearly every site you visit. That means your personal data is a sitting duck for cyber duck hunters all over the world.

But it doesn’t have to be this way! You can protect yourself from identity theft and cyber attacks with a password manager. And it doesn’t have to cost you a penny to install one.

There are a lot of good, reliable, free password management tools to choose from. LastPass 4.0, LogMeOnce, 1U Password, Symantec Norton Identify Safe, to name just a few. Choosing the one that’s right for you doesn’t have to be a shot in the dark, either. There are many resources (online, of course) to help you rate the various options that are available.

What are the advantages of a password manager?

It’s easier to install a password manager once than it is to keep generating unique passwords every time you access a new site. Almost all password managers install as simple browser plug-ins. You don’t have to be a tech savant to get started.

It creates AND remembers your passwords for you. No more straining your imagination to come up with clever phrases or cryptic sequences of numbers and letters. No more Post-it notes with passwords stuck all over your workspace. The manager can tidy all of that up for you.

Most password managers will auto-fill all those online blanks (name, address, zip code) you have been entering by hand.

For a little extra money, one password manager can keep track of all your passwords on both your phone and your desktop. Those are the “premium” password managers, Dashlane 4 or Sticky Password Premium, for example. They will set you back anywhere from $12 to $40. Or you can opt for the “free” manager, but pay a small monthly fee ($1 to $3) to sync things up between your phone and your computer.

If you still don’t think you need a password manager—free or otherwise—at least take care to avoid some of the worst pitfalls of password security and keep your accounts safe.

  • Do not use a sequence of numbers or letters. No more “12345.” No more “abcdefg.”
  • Do not include any personal information that also appears in a public record. That includes your name, birth date, home address, anniversaries, or license plate numbers.
  • Do not make your password the same as your username.
  • Do not click that button that will allow your browser to remember your password.

Stay safe! And remember: Those “secure” sites are only as secure as your password.

5 Tips To Stay Safe on Vacation

Your travel plans are set. You’ve booked your flight, made hotel reservations, and bought a good pair of walking shoes. But have you done anything to protect your money while you travel or to insure your travel investment itself?

You might be looking forward to relaxing on vacation, but if you haven’t done anything to protect important documents and your money before you lock the door behind you on your way to the airport, your pre-departure work isn’t finished just yet. Cyber thieves have taken the art of pick pocketing to heights that the Artful Dodger never imagined, so there are a few more things you need to do to protect yourself.

First and foremost, make copies of all your important documents. That includes passports, driver’s license, credit cards, insurance cards, airplane tickets, hotel reservations, immunization records . . . the whole shebang. You can go the old-fashioned route, making photocopies of everything—both front and back. Keep these locked up in the hotel safe while you’re out and about or leave them with a friend you can easily reach back home. You can also make electronic copies and email them to yourself. If anything gets lost, stolen, or damaged, they’ll be available in your inbox.

Like it or not, you probably ought to purchase travel insurance. It costs a lot of money to travel overseas or even across the United States, and if your flights get cancelled, or you break an arm on the streets of Paris, or a loved one winds up in the hospital on the eve of your departure, you are going to want to recover that investment. A few dollars up front can save you a lot of loss on the back end of a travel disaster.

As for your money itself, a few simple fraud protection steps can substantially limit your exposure to loss or theft.

  • Notify your credit card or debit card provider about your travel plans. This alerts them ahead of time of your whereabouts, so your card won’t be declined the first time you check into a hotel in a foreign country. It also alerts them to where you are not, so no one else can use your credit card to check into a hotel in yet another foreign country.
  • Better yet, use a prepaid credit card for extra credit card security. This will not only help you stay within your allotted travel budget, it will also set a cap on how much money is available to be lost or stolen.
  • Invest in a chip card sleeve protector. You don’t have to understand how radio frequency identification signals work. You just need to know that a sleeve protector is an easy and inexpensive way to keep electronic pickpockets from skimming your credit card or debit card information while you’re paying for a meal or getting cash from an ATM.
  • On the off chance that you find yourself someplace where credit cards aren’t accepted—cash is king in some parts of the world—arrange ahead of time for your bank to increase your daily cash withdrawal limit. But only make the increase available for the time you’re traveling.
  • Know what the currency exchange rates are before you leave home. And don’t assume a currency exchange office is where you’ll get the best rates. As long as your bank doesn’t charge a large fee, an ATM may be your best bet.

Have a wonderful time and stay safe!

Staying Safe in the Digital Age - Click to download this helpful guide