Be cybersmart! Avoid these cybercrimes

There’s no crime scene, no yellow tape or flashing lights from a police cruiser; there may be nothing to indicate that a crime has been committed. Nevertheless, victims of cybercrime suffer many of the same consequences as victims of old-fashioned crime: stolen money, damaged reputation, credit card theft.

If you think you've been a victim of a cybercrime, the first step is to understand what type of crime you’ve been targeted with and the type of information potentially exposed. There are many kinds of cybercrime, but they tend to fall into several of the following categories.

Watch the video | Avoid cybercrimes

Phishing attack

Phishing is a social engineering attack often used to steal personal information, including login credentials and credit card numbers. In a phishing attack, the cybercriminal masquerades as a trusted source and tricks the victim into opening an email, instant message, text message or social media post. The goal is to get you to click on a malicious link or download an attachment. Successful phishing attacks can install malware on your computer that steal your personal information or login credentials, conscript your PC into an army of malware-spreading bots, or even shut down your computer until you pay a ransom to the criminals. The consequences can include unauthorized purchases on your credit card, stolen funds, identity theft and more.

Your best defense against phishing is to learn to recognize and avoid them.

  • Never click on links or download attachments until you verify the sender. Don’t click on online quizzes and contests. Don’t fall for solicitations to verify your email or other personal details. Instead, call the person or company using a valid phone number and validate the request.


Malware is malicious software designed to harm or exploit a programmable device, like your PC, mobile phone or tablet. But malware can also infect some unexpected devices, including your internet router, smart TV, online security camera and even your smart door bell. In fact, the smart devices in your home are just as vulnerable to malware as your computer.

  • Malware is often spread through phishing attacks and malicious advertising on popular sites, but it can also spread through sharing infected USB drives, infected apps and fake software installations. The goal is similar to phishing: to steal your personal information or login credentials, scare you into paying to repair your computer, spread spam, add your PC or device to a growing network of malicious bots, or take your device (and data) hostage and demand a ransom.

  • Common signs that your device has been infected by malware include slow performance, infection warnings accompanied by offers to sell you a “fix,” annoying pop-up ads, unexpected browser redirects and problems shutting down or starting your computer.

The industry closely tracks malware and pushes out frequent software updates to defend against the latest versions. Your first line of defense is to keep your operating systems, programs and apps up to date on all your PCs, mobile devices and smart devices. Whenever possible, enable automatic updates. You should also install anti-virus software, limit what files you share with others, don’t click on links or download attachments, and don’t trust pop-up windows. Don’t click on any part of the pop-up window, not even to close it. Instead, use the task manager or close the window in the taskbar.

Credential stuffing

Credential stuffing is a cybercrime in which credentials (user names, passwords, etc) stolen through a data breach on one service are used to try to log in to another service. The attacker may obtain a list of logins and passwords stolen in the data breach of a department store and use them to try to log in to a financial institution, like a credit union. The attacker is hoping that at least some of those department store users also have an account at the financial institution and use the same login and password for both services.

  • You can limit the damage credential stuffing can do by using unique passwords on all your banking, social media, email and retail accounts. At the very least, use a strong login and password for your online banking and don’t use them for any other service. Never share your passwords with anyone or enter them on a public computer.

Debit or credit card fraud

Debit or credit card fraud is the unauthorized use of a card to fraudulently obtain money or make unauthorized purchases. The introduction of new technology, like EMV chips, has made it difficult for criminals to steal your card information using skimmers at the cash register or ATM, but the rising popularity of online shopping has provided new opportunity for cybercriminals intent on this kind of crime.

You can protect yourself by shopping only with trusted vendors.

  • Look for URLS that begin with “https,” and a padlock in the site’s address bar.

  • Click on the padlock and it will provide you with security information for that site.

  • If you’re uncertain about a website, run the URL through an online verification site. For instance, can provide details about the site, and can tell you if a website is safe.

  • Don’t get to the site by clicking on a link in an email. Instead, type in the URL yourself, or use a web browser to search for the business.

Identity theft

The increasing use of computer networks and electronic data sharing has made stealing personally identifiable information (PII) easier than ever. Cybercriminals can obtain your personal information through a phishing attack, malware, or by purchasing it on the dark web. Being the victim of identity theft is more than an inconvenience. Armed with just your Social Security Number, name and address, a criminal can wreak long-term damage to your financial stability, including the ability to purchase things, open accounts or receive benefits to which you’re entitled.

  • To protect yourself from identity theft, monitor your accounts and credit reports diligently, change your account passwords regularly, and enroll in alerts and notifications to confirm transactions on your accounts are legitimate.

Card Control and Card Management lets you manage your Oregon State Credit Union Visa credit and debit cards. It puts a powerful set of controls at your fingertips, including: real-time alerts, purchase blocking, reporting your card lost or stolen and ordering a replacement card. We also offer free text alerts on your credit and debit cards, and alerts and notifications for a variety of actions on all your accounts, including large withdrawals.

Watch the video | Avoid cybercrimes

« Return to "Financial education articles" Go to main navigation