Protecting Yourself Online
Protecting Yourself Online
This guide will connect you with cybersecurity resources and tips for protecting yourself online. Remember: Think before you click!
If somebody has taken drugs and becomes unresponsive, call 911 immediately. These resources are intended for preventive measures only.
Staying Safe Online
Take Action Now
If you believe your computer has been hacked or that your credit card or personal information was stolen, you need to take immediate steps to protect yourself and prevent the thief from exploiting you.
Stop the Loss!
- Call the company or companies where you know the crime occurred. Ask for the account(s) to be locked or closed
- Place a fraud alert and get your free credit report or call 1.877.322.8228
- Change your passwords
Get it on Record
- Contact your local police department to file a report. It’s unlikely they will be able to address the issues directly, but it’s important that the law enforcement community is aware of the incident and to get it on record to help with any future claims
- Federal Bureau of Investigation
- Internet Crime Complaint Center (IC3)
- Report individual instances of cybercrime to the IC3, which accepts Internet crime complaints from both victim and third parties.
- Internet Crime Complaint Center (IC3)
- Federal Trade Commission , 1.877.438.4338
- Identify theft, fraud, scam or bad business practice.
- PA Attorney General, Bureau of Consumer Protection, 1.800.441.2555
- Fraud and deception in the sale, servicing and furnishing of goods and products.
- Internal Revenue Service (IRS) Identity Protection Unit 1.800.908.4490
- Identity Theft
- Pennsylvania Department of Revenue, Fraud Investigation Unit at 717-.772-.9297 or email RA-RVPITFRAUD@pa.gov
- Fraudulent Tax Returns
Monitor Your Credit
Identity theft can have a significant impact on your credit score and, subsequently, your ability to apply for certain jobs, get a credit card, car loan, a mortgage or a rental property, or buy insurance. In addition to regularly monitoring your bank, credit card and insurance statements for fraudulent charges, you should also monitor your credit file, which will give a detailed report of your credit history. Credit reports can be obtained at the three major credit reporting bureaus are Equifax , Experian , and TransUnion .
Get a free copy of your credit report every 12 months from each of the three credit reporting companies by visiting AnnualCreditReport.com or calling 1.877.322.8228. Look for unfamiliar account information in the credit report. If you see incorrect or unfamiliar information, contact the credit bureau that you used to obtain the credit report and contact the creditor involved.
You can restrict or “freeze” your credit file, making it more difficult for identity thieves to open new accounts in your name. Previously, consumers would have paid a fee to freeze their credit but thanks to a new federal law, consumers may freeze their credit file at all three credit reporting bureaus for free, and then temporarily “thaw” the credit files as needed. Parents may request a credit file be created and subsequently frozen for minors under 16.
Freezing and thawing your credit account does not impact your credit score or your ability to get a free credit report.
- Request a freeze at each of the three major credit bureaus:
- Another option is placing a fraud alert on your credit file. If you have a fraud alert a business must verify your identity before it issues credit. Previously, fraud alerts were limited to 90 days but now under federal law, an alert can last up to a year. Identity theft victims can get an extended seven-year alert. Request a fraud alert at each of the three major credit bureaus
Prevent Identity Theft
Identity theft is the act of using someone’s personal identifiable information (such as name, address, account number, driver’s license number, Social Security number, or health insurance number) without that person’s knowledge, and using the assumed identity to commit fraud or theft.
Identity thieves steal bank and tax information, as well as credit card applications and statements. Thieves may use illegal storage devices called “card skimmers” that obtain the name, account number, and expiration date of debit and credit cards when swiped at ATM machines, restaurants, retail stores, etc. Businesses have also fallen victim to identity thieves, and names and personal and financial information have been stolen from their employees and customers. Thieves can even steal personal identifiable information by digging through someone’s garbage.
How can I keep my personal information secure?
Share information carefully
- Pay attention to the website’s web address (URL):
- Look at the website address to ensure you are on a Hypertext Transfer Protocol Secure site (HTTPS) when shopping online
- Malicious websites may look identical to legitimate sites but the URL may use a variation in spelling or a different domain (e.g., .com versus .net)
- Avoid spam and scams by always questioning the legitimacy of phone calls, emails, and social networking messages that ask for personal information. Try to contact the company directly using contact information found on an account statement or other legitimate source
- Don’t reveal personal or financial information in an email, this includes not using the links contained in email
- Use privacy settings when using social networks to ensure personal information such as your birth date, hometown, and employment history do not become public knowledge
- Do not open attachments or links from an unknown source
Store and dispose of your personal information securely
- Shred all sensitive personal information
- Remove (wipe) personal information that may be stored on computers and mobile devices before selling or disposing of them
Ask questions before deciding to share your personal information
- Legitimate businesses will not contact you to verify your account information, so ask for a call back number, ask why your personal information is needed, how it will be used, how it will be protected, and what happens if you do not share itContact your bank or credit card company to confirm the call
Maintain appropriate security on your computers and other electronic devices
- Install antivirus software on all your devices and keep the software updated
- Change your passwords at least every 90 days, use different passwords for different accounts and websites and do not share them with anyone
- Mobile devices and all applications installed on them should be password protected
- Encrypt your data using tools available in Microsoft Office or purchased commercially
- Be cautious with “free” online storage
- Multi-factor verification or two-factor authentication will add an additional layer of protection since it requires users to have an extra credential, beyond just a password
Choose Safe Passwords
Passwords are important because they allow you to protect your financial and personal information. In June 2017, the National Institute for Standards and Technology issued new guidance (PDF) for passwords, changing many old assumptions for choosing passwords.
The Do’s and Don’ts of Passwords
- Choose a password of at least 8 characters that combines letters, words, phrases, or numbers that have a unique connection to you
- Choose a password that is easy to remember, so you will not have to write it down
- Change passwords on a regular basis, but new passwords should not be related to old passwords
- Use names, birthdates, common words, phrases, or other information that might be easily guessed
- Share passwords on the phone, via text, or in emails. Legitimate companies will not send you messages asking for your password
- Use the same password for multiple accounts. If the password is stolen from you, or one of the companies with whom you do business, it can be used to take over all your accounts that use the same password
Don’t rely on your web browser to protect you from malicious websites. Even if you have high security settings and antivirus software, visiting a risky website can result in viruses, spyware or worse. Again, look carefully at the web address to ensure it is taking you to where you want to go.
What steps can I take to help ensure my web browsing is safe and secure?
- Use and regularly update software that protects against viruses, spyware, and malware
- When providing sensitive personal information such as credit card, banking information, or SSNs online, make sure the website is encrypted; Look for the “https” and a padlock icon in the browser status bar of the website.
What activities should I avoid when browsing the web?
- Beware of free content or downloading files or programs from unfamiliar websites: if it seems too good to be true, it probably is —don’t risk it!
- Beware of websites that prompt you to click a link to run software
- Beware of providing personal information to get something free online
How do I keep my computer secure?
If your computer isn’t secure, what you use it for will be insecure. Here is a quick list of items for you to consider to better your overall computer security.
- Install, use, and regularly update software programs to protect you from viruses, malware, and spyware
- Keep your computer’s operating system updated
- Use care when reading email with attachments
- Back up important files and folders
- Use strong passwords
- Only download and install programs from sources you know and trust
- Secure your wireless network with an encrypted password
More details on these topics can be found at DHS CISA, National Cyber Awareness System.
Secure Your Mobile Device
Criminal attacks on mobile phones and tablets typically take advantage of device features that are similar to computers. However, the convenience of mobile devices also makes them vulnerable to a range of other attacks.
For example, mobile devices are easy to steal and that includes data stored on the device, from personal identifiers to financial and corporate data. Additionally, anyone — including criminals — can develop apps for some of the most popular mobile operating systems. Even legitimate smartphone software can be exploited.
How can I protect my mobile phone or tablet?
- Lock your device with a Personal Identification Number (PIN), password or fingerprint sensor
- Configure your device to automatically lock after a certain period
- Never leave your device unattended in public
- Download software updates for your mobile device’s operating system when prompted
- Avoid texting or emailing personal information such as Social Security or account numbers
- Limit the amount of important personal information stored on your device
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots
- Beware of posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks
- Investigate and research before selecting and installing apps
- Delete all information stored in a device prior to selling or discarding it
What should I do if my mobile phone or tablet is lost or stolen?
- If it’s your work device, report the loss/theft to your employer immediately
- If it’s your personal device, report the loss/theft to your service provider as soon as possible to deter malicious use of your device and minimize fraudulent charges
- Report the loss or theft to local law enforcement
- Change your credentials for accounts and social networks accessed by the device
- If necessary, direct your service provider to wipe your device — remotely deleting all data on the phone
Smishing, the fraudulent practice of sending text messages purporting to be from resputable companies in order to induce individuals to reveal personal information such as user names, passwords, or credit card numbers, has also been on the rise.
Protect Your Family
The internet can be a great place for kids to learn, be entertained, and communicate with others. However, there are things to watch out for.
Kids may feel pressure to be active on social media and games. Often, they don’t understand the effectiveness of online marketing.
Help your kids stay safe online:
Kids have many social media options, including being able to publish personal information about themselves and have conversations with strangers.
Learn what’s out there and how the platforms work.
Limit Screen Time
Consider limiting and enforcing the number of hours per day or week your kids use devices, the types of devices they can use, and what activities and programs they can access.
Talk with your kids about media literacy and practicing self-regulation. Schedule a regular screen-free family night.
Monitor What Your Kids are Doing
It is easy for kids to create their own email addresses, social media accounts, and use the internet unsupervised. It’s important to check on what they’re doing.
- Know what games your kids are playing and learn what parental controls the game has. Are they age-appropriate?
- Keep the gaming computer in an open area.
- Let your kids know you’re going to monitor their devices and why. Ask them to share their account passwords with you. Let them know it’s not about snooping, it’s about safety.
- If they run into inappropriate content or behavior, discuss safety and what to do. As your kids have a better grasp on internet safety, you can evaluate monitoring them less frequently.
Install a Filter
Filters prevent access to certain sites. Most filters allow you to choose the degree of filtering based on the child’s age. Install the filter and ensure that it is not being avoided with a technological workaround.
Depending on your child’s age and level of maturity, consider setting up restrictions on websites and the types of downloads you allow.
Filters can be installed on devices and home networking equipment, as well.
Set Social Media Rules
Your child’s needs, age, development, character, and maturity should be considered when you set up computer use guidelines. Some computer safety programs have built-in timers to set limits on a child’s computer time.
Social media can help strengthen teens’ relationships while distracting from in-person communication, causing low self-esteem, and exposing them to cyberbullying.
- Talk with your kids about smart social media habits and the best ways to use their devices.
- Encourage them to pay attention to how they feel before, during, and after social media use.
- Talk with your kids to help them resolve issues, set social media limits, and use privacy features and content filters.
Stay on top of Shared Information
Information is currency online. Children could unintentionally reveal too much if they don’t understand how information is shared. Websites often ask prying questions about personal information by disguising it as a playful game. Avoid letting your kids take these questionnaires.
Get familiar with the websites your kids visit, the social media they use, and the apps they download. Read reviews. Check out the terms and conditions to see what kind of information is tracked and stored.
Keep Gaming Chat Just That
Gaming can be a hot bed for child predators and bad actors attempting to get personal information about your child and family. Children motivated by the number of viewers and followers they have will sometimes do or divulge too much for clicks.
- Talk with your child about the importance of keeping information private and only talking about game play. If a person wants to discuss anything else, exit the game, kick them out of the room, and do not accept them as a follower.
- Routinely search for your name and your children’s names on your preferred search engine. Look for information that should not be exposed to the world.
- Consider a privacy or identity protection service and enroll your kids. If you find your children’s information on the internet, know that it’s a process to remove your personal information. Be patient and don’t expect to complete it in one day.
Learn about What is Safe2Say Something
Safe2Say Something is a youth violence prevention program run by the Pennsylvania Office of Attorney General. The program teaches youth and adults how to recognize warning signs and signals, especially within social media, from individuals who may be a threat to themselves or others and to “say something” BEFORE it is too late. With Safe2Say Something, it’s easy and confidential to report safety concerns to help prevent violence and tragedies.
Here’s how it works:
- Submit an anonymous tip report through the Safe2Say Something system
- Crisis center reviews, assesses and processes all submissions
- Crisis center sends all submissions to school administration and/or law enforcement for intervention
- If needed, crisis center may contact tipster anonymously through the Safe2Say app.
Safe2Say Something: 1-844-SA2SAY (723-2729)
Working from Home
Whether you are working from home temporarily or permanently, it is important to secure yourself online. Follow your employer’s security practices at home regarding storage and transmission of information and contact your IT department for specific questions and guidance.
Here are a few tips to consider:
- Use strong passwords for devices and networks. A mixture of letters (upper and lowercase), numbers and characters is more secure.
- Use a reputable password manager.
- Change all default passwords.
- Make sure your home network is up-to-date, including your router.
- Turn on encryption options (WPA2 or WPA3) so others can’t see your network.
- Avoid using public Wi-Fi, especially if using employer-issued devices.
- Create an inventory of your devices.
- Keep your webcam off and covered when not in use.
- Beware of phishing emails and scams.
- Look out for social media and text message (SMS) scams and routinely check your privacy settings.
- Opt for separate meetings rather than recurring options when scheduling on virtual platforms and require a password when possible.
- Use a virtual private network (VPN) when provided by your employer.
- Activate two-factor authentication options to offer an added layer of protection.
- Update software and patches immediately when pushed out by your IT department.
- Follow all of your employer’s security policies and ask questions if you are unsure.
Cybersecurity and the Wolf Administration
The Wolf Administration put together a team of professionals from all areas of state government to develop online resources to help protect you and your family as you navigate the internet in your daily lives.
Cybercriminals continue to target consumers and businesses, and we must remain ever vigilant in our efforts to protect ourselves from attack. Pennsylvania’s state government continues to work collaboratively with federal authorities and other state agencies to address cybersecurity challenges. We will continue to assist Pennsylvanians by highlighting and providing resources relating to cybersecurity threats and best practices.
For more information, visit related federal and state agencies: