Cybersecurity Pro Tips: Preventing Identity Theft and Fraud

October is Cybersecurity Awareness Month. As part of our month-long series on cybersecurity, this week we’re delivering pro tips for protecting yourself and your family from identity theft, online fraud, and scams.

Imagine you’re checking your email over morning coffee when you see what appears to be an urgent message from your bank about suspicious activity on your account. You click the link, enter your login credentials, and within hours, your bank account is drained. It’s a common scam that most victims, in retrospect, never imagined they could fall victim to.

Cybercrime can happen to anyone. In today’s digital world, cybersecurity isn’t just for big corporations, it’s something every Utah resident and business owner needs to understand. As technology continues to advance, so does cybercrime, and the attacks are getting more sophisticated than ever.

You might be looking for a job, a place to rent, or simply selling something through an online marketplace, and find yourself targeted by a scammer. From retired grandparents to small business owners, cybercriminals are going after everyone with increasingly complex schemes. You don’t have to be careless or even naive to become a victim. You just have to be human and live in our connected world.

What Is Cybersecurity?

Cybersecurity is a catch-all term that refers to the practices, technologies and measures designed to protect your digital devices, networks, and data from cyberattacks. Think of it as a comprehensive security system for your digital life, similar to how you might install locks on your doors and an alarm system in your home.

In 2024, nearly 7,000 Utah residents reported cybercrime losses to the FBI, totaling over $129 million. That’s more than $18,800 per victim on average. Even if you live in a rural part of the state where you might not feel the need to lock your front door, you’re not immune to these threats. And the financial impact can be devastating.

Today’s cybercriminals are more savvy than ever, and they include organized crime syndicates, nation-state actors, and, unfortunately, desperate individuals who turn to cybercrime out of financial need. Regardless of their motives, cybercriminals have industrialized their operations in recent years, making cyberattacks more frequent, sophisticated, and profitable than ever before.

Types of Cybercrime

Understanding the different types of cybercrimes is your first line of defense. These are the most common threats you’re likely to encounter:

Phishing: This remains the most common form of cyberattack, and it’s currently the top cybercrime by number of complaints. Phishing involves fake emails or messages that appear to come from legitimate, trustworthy sources—like your bank, a popular retailer, or even a friend. The goal is to trick you into revealing confidential information such as passwords, social security numbers, or credit card details. These emails often create a sense of urgency, claiming your account will be closed or that you need to verify information immediately.

Vishing and Smishing: These are variations of phishing that use voice calls and SMS text messages. Scammers might call your phone impersonating bank representatives, tech support, or government agencies to try and get sensitive information from you. Smishing uses text messages with similar tactics, often including links to fake websites designed to steal your information.

Spoofing: Spoofing takes things a step further by forging emails or websites to appear as if they come from a trusted source. This might include fake websites that look identical to your bank’s login page or emails that appear to come from legitimate companies but are actually controlled by cybercriminals.

Ransomware: Possibly one of the most financially devastating forms of cybercrime, this malicious software encrypts your files or locks you out of your computer system entirely. The average ransom payment for organizations attacked by ransomware last year reached $2 million; though paying doesn’t guarantee you’ll get your data back.

Social Engineering: The most insidious form of cybercrime, social engineering exploits human psychology. Social engineers use deception and manipulation to convince their victims to voluntarily provide information or access. They might pose as IT support staff, executives, or friends and colleagues to gain your trust. Social engineering often combines elements of all the other attack types above, making it incredibly effective and difficult to spot.

Social Media Scams: Social media scams have exploded in recent years with fake investment opportunities, romance scams, fraudulent online marketplaces, and impersonation of friends and family members. They also include malicious apps that you might willingly download onto your phone. In 2022, Meta found more than 400 iOS and Android apps designed specifically to steal Facebook login credentials, with nearly 43 percent disguised as innocent photo editing apps.

How to Protect Yourself

Most cyber attacks can be prevented with the right knowledge and tools. Here’s how you can build a strong defense against cyber threats:

Strong passwords: These are your first line of defense, but they need to be very strong. Use a different, unique password for every account. Combine uppercase and lowercase letters, numbers and special characters. Avoid personal information like birthdays or names of people close to you. If a password is easy for you to remember, it’s probably easy for a cybercriminal to guess.

Keep passwords secret. Never share your passwords with anyone. Those are for you, and you alone. Instead, if trusted individuals need access to services such as subscriptions, the family Wi-Fi router login, or online store accounts, use a family password manager. Password managers are software applications that generate, store, and autofill strong, unique passwords for your online accounts. Each family member should have their own login credentials to the password manager–and they should only have the level of access they need.

Never share access to your financial accounts. If someone—even a family member whom you believe is trustworthy—asks for access to your bank account, speak with your banker directly, either in person or over the phone. They can advise you on best practices to keep your account and your money safe.

Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA): This is one of the easiest ways to add extra security to your accounts beyond just your password. Even if a cybercriminal steals your password, they’ll still need access to your phone or another device to complete the login process. Enable 2FA wherever possible, especially for banking, email and social media accounts.

Keep your software up to date: Cybercriminals often exploit known vulnerabilities in outdated software. Enable automatic updates for your operating system, web browsers and apps. Install antivirus software and keep it current. This simple step can prevent many common attacks, especially ransomware.

Learn to recognize suspicious activity: Even though cybercriminals have become increasingly elaborate, there are still warning signs you can watch out for. Be wary of emails with urgent language, poor grammar or spelling, requests for sensitive information, or unexpected attachments or links. When in doubt, contact the supposed sender through a different method to verify their legitimacy. Organizations like your bank will never ask for sensitive information via email or text, and they won’t mind if you reach out for verification.

Use encrypted devices and secure websites: Look for “https://” in web addresses (the “s” stands for secure), especially when submitting personal or financial information.

Make sure your devices are encrypted so that even if they’re lost or stolen, your data remains protected.

Be careful about where and how you log in to your accounts: You should avoid logging into sensitive accounts over public Wi-Fi because attackers can intercept your data through man-in-the-middle (MitM) and evil twin attacks on unsecured or fake networks. Instead, log in only from trusted networks or set up a Virtual Private Network (VPN) for encryption. But what if a VPN isn’t an option? If you’re away from home and need to log in to an important account, turning off Wi-Fi on your phone and using your phone’s cellular data is usually a better way to go. This is because most cellular networks use built-in, robust encryption protocols and authentication, making them much more difficult for attackers to intercept your data.

Never use others’ devices (phone or computer) to log in to important accounts. It’s challenging enough to keep your own devices protected. Using another person’s device to log in to important accounts can be risky, as that person’s device may be compromised by malicious software or poor security practices, without the device owner even knowing it. Logging in to your accounts using that device could, in turn, compromise the safety of your accounts. Never log in to any of your accounts (even social media accounts) over a publicly-shared computer or device.

Be careful what you click: Cybercriminals often use malicious links and downloads to gain access to your system. Avoid clicking on links that have been sent to you through suspicious emails or texts, and be cautious about downloading software from unfamiliar sources. When possible, navigate to websites directly by typing in the URL instead of clicking links in emails.

Use spam filters: Most email providers offer spam filtering, but you might want to think about additional security software for even more protection. Keep these tools regularly updated.

Awareness is the Best Defense

Ninety percent of all cyber incidents result from human error or behavior, which means you have the power to prevent most attacks. By staying informed, using strong security practices, and maintaining a healthy amount of skepticism about unsolicited communications, you can greatly reduce your personal risk of becoming a victim.

Your digital security is worth the investment of a little time and attention. In a world where cyber attacks happen every 39 seconds, the question isn’t whether cybercriminals will try to target you, it’s whether you’ll be ready when they do. Stay vigilant, stay informed, and don’t hesitate to reach out to us if you have questions about protecting your financial accounts or suspect fraudulent activity.

At First Utah Bank, we’re committed to helping our community stay safe, which is why we regularly update our security measures and provide resources to help our customers protect their financial information.

We will never ask for your login credentials, and if you receive a call from someone who asks for this information, please notify us immediately by calling our main branch at 801-308-2265.