How you can protect your accounts and identity
Security > How you can protect your accounts and identity
Your account numbers, PINs, passwords and personal information are the keys to your accounts. Remember that you are your own first line of defense when it comes to protecting your accounts and identity. Here are some best practices to help you keep your accounts and personal information safe and secure:
- Fraud prevention
- Username and password requirements
- Password/PIN security
- Monitor your accounts frequently
- Take care of your computer and mobile devices
- Beware of phishing and spam emails
- Be suspicious about emails or telephone calls
- Protect yourself from mail fraud
- Other tips
Keep your accounts S.A.F.E. from the latest fraud threats with these helpful tips.
As making financial transactions through a few easy clicks on a computer becomes second nature, criminals are finding new ways of committing fraud. Scam attempts that play on your emotions and seek to gain your trust are becoming more frequent and more effective.
Keep in mind: Voya will NEVER contact you and ask for personal information by text, email or an unsolicited phone call. This includes unsolicited calls that ask you to obtain or provide a one-time passcode.
Vigilance is your best defense in protecting yourself. Here are some simple tips you can follow to avoid the most common types of fraud.
Voya’s “Top 10 Fraud Prevention Tips”
- Update your software and operating systems. Outdated systems make your personal information and accounts vulnerable.
- Protect your systems with anti-virus software. New threats might expose you to risk.
- Establish unique, long and complex passwords. Passwords that are easily guessed, reused across multiple accounts or shared put you at risk.
- Never share your account passwords, PIN, one-time passcode, Social Security numbers or any other personal information. Sharing personal information increases the risk of fraud.
- Protect your login information. Do not store it on or beside your computer. Unauthorized access to your accounts may occur if this information is not properly secured.
- Enable multi-factor authentication (MFA), preferably to a mobile device. While email is allowed, mobile is safer; and never share your one-time passcode (OTP).
- Be cautious of suspicious emails. Fraudsters are adept at imitating legitimate emails. Never open links or attachments in emails you don’t fully trust.
- Be alert to “spoofed” phone calls. If you don’t recognize the number, think twice about picking up. Scammers can mimic local area codes to get you to answer.
- Be aware of changes to your normal mail delivery activity. Fraudsters are known to submit a change of address or place a mail hold so you do not see important communications.
- Contact Voya immediately if you identify suspicious activity on your account. The faster you act, the faster we can mitigate the effects of fraud.
Username and password requirements
- When you set up online access to your accounts, you are required to create your own unique username and secret password, allowing you safe and secure access to your accounts. We have proprietary monitoring and other protective procedures in place.
- Use a unique password/PIN for each site where you maintain an account and regularly update your passwords/PINs. Never use your date of birth or Social Security number as your username or password/PIN.
- Do not reuse passwords across multiple sites.
- Don’t allow social networking sites to memorize your passwords/PINs.
- Avoid writing down or emailing passwords/PINs.
- Don’t share passwords/PINs or answers to security questions with anyone.
- The strongest passwords/PINS comprise a chain of four unrelated common words.
Monitor your accounts frequently
- Monitor your financial accounts frequently, and be sure to look for suspicious activity, profile changes, withdrawals or loans. Voya’s online account access and mobile app make monitoring your account easy.
- Sign up for electronic delivery of important documents.
- Immediately review your statements and transaction confirmations to verify if the activity is legitimate. If you notice anything suspicious, contact Voya immediately.
Take care of your computer and mobile devices
- Keep your computer up to date by installing the latest operating system, patches, and antivirus and antispyware software to prevent hackers from exploiting any known weaknesses on your computer.
- Install and update personal firewalls to regulate the flow of information from your computer.
- Use only programs from a known, trusted source.
- If you purchase a new device, reset/wipe your old device and transfer authenticator apps to the new device before turning the old one in.
Beware of phishing and spam emails
A phishing attack is an online fraud technique that involves sending official-looking email messages with return addresses and links that appear to originate from legitimate businesses, often times with corporate branding. These emails typically contain a hyperlink to a spoof website. Fraudsters use these techniques to fool participants into revealing personally identifiable information, financial information or login information such as account numbers, PINs, credit card numbers, etc. The stolen information may be used to gain access to financial accounts or make fraudulent purchases.
It is important to be suspicious of emails asking for your confidential information and look out for red flags such as urgent requests, unknown email addresses or discrepancies between actual and displayed hyperlinks. Voya will never ask you for your personal information by email.
Phishing emails often use emotions to create a sense of urgency to act quickly. A few examples of phishing email subjects that play on emotions:
- Your account has been locked!
- You’ve been selected!
- Act now!
- You won!
Tips to identify phishing emails
- Look for misspellings and grammatical errors.
- Signature does not match senders address.
- Email creates a call for action/sense of urgency/emotion.
- Hyperlinks have unknown web address.
- “From” email address is not a standard looking address or is masked to appear to be legitimate. You can right click on the sender to unmask/reveal the email address.
See something suspicious? Act with caution!
- Never enter your username or password into unknown websites.
- Do not click on any links.
- Do not open any attachments.
- Delete the suspicious email from all mailbox folders.
- Go directly to your account website to login and access messages.
- Call the company to confirm the legitimacy of the email.
Spam emails are messages sent simultaneously to thousands of email addresses from an unfamiliar sender
- Use a spam filter to avoid seeing these messages.
- Never respond to a spam message; your email address is then recorded as live and the spam will increase.
- Should you read a spam message remember: If it sounds too good to be true, it probably is. If you received unsolicited email offers or spam, send the messages to firstname.lastname@example.org.
Be suspicious about emails or telephone calls that request the following:
- A numeric security code for a one-time passcode
- Your username
- Your password
- Your PIN
Protect yourself from mail fraud
- Be aware of abrupt changes to your mail service. Fraudsters sometimes initiate an address change or mail hold through USPS.
- Remove posted mail, especially bills, from your home mailbox every day. Signing up for electronic statements and paying bills online can help you reduce the chance of someone stealing information from your home mailbox.
- Know your billing cycles. Follow-up with creditors if bills or new cards don’t arrive on time. An identity thief may have filed a change of address request in your name with the creditor or the post office.
- Shred receipts and mail, especially pre-approved credit card applications.
- Eliminate the receipt of pre-approved offers of credit by calling 1-888-5-OPT-OUT.
- Account for all new checks when you receive them in the mail.
- Remove your name from direct mail lists and write to the companies you do business with and ask them not to sell or rent your name. You can visit the Direct Marketing Association's website to learn about the laws that protect you as a consumer and how to get your name removed from these lists.
- Check your Social Security Earnings and Benefits statement once each year to make sure that no one else is using your Social Security number for employment. You can obtain your statement at https://www.ssa.gov/myaccount/statement.html.
- Securely destroy documents containing personal information and be very cautious about posting personal details on social networking sites or on the internet. Criminals can use this information to guess your security question answers or knowledge-based authentication quiz responses.
- Never carry your Social Security card, financial institution passwords or other sensitive information in your wallet.
Immediately forward any suspicious email bearing Voya's name to: email@example.com
This information is provided by Voya for your education only. Neither Voya nor its representatives offer tax or legal advice. Please consult your tax or legal advisor before making a tax-related investment/insurance decision. Products and services offered through the Voya® family of companies.