Being proactive and staying vigilant is key to online safety

Cybercriminals are constantly looking for ways to steal your data and commit fraud. It takes a concerted effort by both consumers and service providers to ensure a safe environment for online activity and transactions.

Investing in cybercrime prevention to stay one step ahead

Cybercrime attacks come in many forms, from spam emails asking you to send money half-way around the world, to sophisticated efforts to get you to share your passwords or to steal your credit card information at a retail point of sale. The good news is that there is an equally concerted effort on the part of individuals, governments and businesses, including those in the financial services industry, to stay a step ahead of cybercriminals

PNC Bank has invested heavily in the resources, technology and talent needed to mitigate cybercrime risks and protect our clients. These efforts ensure clients have access to safe, secure online banking facilities they can depend on.

Consumers also have a critical role to play in maintaining a strong defense against cybercriminals. There are several precautions that you can take to protect yourself and your assets and create a safe online environment.

Follow these guidelines to minimize the risk of cybercrime and identity theft:


Follow password and passphrase best practices

Passwords are a key point of entry to your online accounts, so choosing one cannot just be an afterthought. Strong passwords must be difficult to guess and should be changed every few months. The longer the password, the stronger it is. Aim for a minimum of eight characters, using a combination of uppercase and lowercase letters, numbers and symbols. Using key life milestones like birthdays or your anniversary is easy for a hacker to figure out, as are favorite sports teams, your children's names, etc.

Where you have the option, enable multi-factor authentication. This means you are adding another layer of security besides just entering your password. It may be a onetime use code sent to your phone, fingerprint or facial recognition, or a security question that has to be answered. For example, PNC Bank users who log into their online banking from a different computer than usual will automatically be asked a security question. Make sure that your security questions do not have answers that can be easily found online.

Don't use the same password for all your online accounts. If your password is stolen for one account, it puts all the others at risk as well. Passwords for your most sensitive information, such as your PNC Bank online account, should be unique to each account.

Instead of a password, consider using a passphrase. Passphrases are longer than passwords and with its added length, it can help increase the complexity making it more difficult to crack.

Keep your devices secure

All of your web-enabled devices should be secured with a password and the latest security software. Web browsers and operating systems should always be updated with the latest versions as these contain the most up-to-date security features—cybercrime tactics are constantly evolving and your defenses need to do the same.

Don't compromise your device's security. Altering your device's operating system can make it easier for criminals to access. For this reason, you should never “jailbreak" or “root" your phone or other devices.

Never leave your devices unattended. Device security also means keeping physical control of your devices and who has access to them. If you're browsing on your laptop at the coffee shop and need to use the bathroom, put your computer in your bag and bring it with you. If you're staying at a hotel and going out for the evening, put any devices you don't bring with you in the room's safe.

Learn to identify fraudulent emails or texts from phishing, smishing and vishing

Often the easiest way for a cybercriminal to steal your information is to trick you into giving it to them. Huge volumes of fraudulent emails, text messages and phone calls are sent out daily in the hope that at least a few of them will reach a cooperative, unsuspecting target. These fraudulent communications will often look official and will appear to have come from a trusted source. However, there are some warning signs to watch out for that can indicate if a message is a scam.

Do you know the person who sent you the message? The source of an email or text message can easily be forged, making it seem that a request is coming from someone you know and trust. If something seems off or if the sender is asking for money or personal information, contact them directly (and through a different channel than the original message) to confirm the message came from them.

Does the message create a sense of urgency? Criminals will often try to rush you into making an unwise decision—for example, “confirm your login details in the next 24 hours using the link below or your account will be suspended." Always take the time necessary to think through your response to a message and confirm the legitimacy of such a request through an official channel.

Does the offer seem too good to be true? If it does, it probably is. Treat any messages announcing you've won money, a prize or the opportunity to purchase an item at a significant discount as suspicious.

Does the message ask you to click on a link or open an attachment? Be particularly wary of emails from people or organizations you don't know urging you to click on a link or open an attachment. Doing so can lead to malware being installed on your device. Proceed with caution.

Keep your PNC banking information safe

PNC will never ask for you to submit personal details or account information via an email or text message. If you suspect that you have received a fraudulent email or text that appears to be from PNC, forward the message to abuse@pnc.com.

If you responded to a suspected fraudulent message or shared personal information, use another computer or device to immediately change your password. Then contact PNC's online banking team at 1-800-762-2035 option 3.

Be careful what you download or send

Tricking you into installing malware on your device is a common cybercrime strategy and can allow criminals to steal your data or take control of your device.

Only install apps and software from reputable providers and platforms. Stick to the likes of Apple's App Store, Google Play, Windows Store and Amazon. Be wary of less well-known suppliers offering free apps—they could be designed to bypass or compromise your device's security and steal your data.

Be wary of unsecured websites. Sending personal information on unsecured sites can see it end up in the wrong hands. Make sure the website's address starts with HTTPS (the 'S' stands for 'Secure') if you are going to send or access any personal information.

Think about what you share online

Social media sites such as Facebook, Twitter, LinkedIn and Instagram are set up to encourage sharing, but you need to be careful about what you share and who you share it with.

Consider setting up closed groups to share certain information. Not everyone should know your travel plans for this summer's family reunion.

Make sure you only connect and share with people that you know. Don't accept invitations or friend requests from strangers. Avoid posting personal details like your address, emails, phone numbers, account numbers or any financial details—all of this information can potentially be used to access your accounts or steal your data.

Offline security matters too

It's important to know that many cybercriminals start their search for your data offline. Stealing mail or gaining access to printed bank or credit card statements are just two of the many ways that they can gather valuable data. Switching to online bank statements will help to minimize this risk and keep all your information safe on PNC Bank's secure website.

Wipe your old devices. Another important consideration is what you do with old devices—phones, tablets, computers, etc. All devices need to be "wiped clean" before you throw out, sell or trade them in, otherwise, they become a treasure trove of personal information.

Wiping your device involves removing all of your personal data and history, including pictures, contacts, messages and files. The steps for removing your data will depend on the type of device you have, but generally involve going into the device's settings and returning to the original factory settings. An online search should provide you with detailed instructions on how to wipe your device.

Be vigilant for fraud and identity theft

It's not enough to simply implement the advice listed above. You need to be constantly monitoring your assets and finances to be sure cybercriminals haven't made it past your defenses.

Check your bills. Cybercrime can often be difficult to detect, so it is important to remain vigilant. Always review your bills, particularly for your credit cards, to make sure you aren't being billed for purchases made by someone who has stolen your card details. Also look at other regular bills—internet, utilities, subscriptions and memberships—to make sure there have been no unauthorized changes to your billing.

Regularly review your credit report. You can place a fraud alert on your report so that lenders must contact you for authorization for any new credit requests. Activating a security freeze is also an option if you suspect fraud has occurred. This blocks all attempts to view your credit history until the issue is resolved.

When identity thieves strike, act fast to minimize the damage

Identity thieves know they usually have a limited window of opportunity to use your stolen data before you realize what has happened and the accounts are secured with new passwords. Acting quickly when you suspect you are the victim of identity theft can help to limit the damage.

Get in touch with PNC. Your first step should always be to contact your PNC Wealth Management® team to report the identity theft. They will then help you secure your accounts, reset passwords and identify any potentially fraudulent payments. It is important to keep a record of all your conversations and correspondence.

To act fast, be prepared. The U.S. government also has several resources to help you deal with identity theft. Visit their www.idtheft.gov website to find out more about creating a comprehensive plan to recover from identity theft.

Taking action and staying vigilant can keep you safe online

The first step in protecting yourself online is to recognize that there are threats and that you are a potential target. The next step is to follow through on the tips and guidelines in this article.

Set up your defenses, then continue to monitor for new dangers and potential security breaches. Finally, be prepared to act if you think your data has been compromised.