The following information is intended to address any general concerns clients may have around the security of online enquiries and transactions.
OnePath makes every effort to ensure optimal security of your data and any transactions at all times; clearly, protecting our clients is also good business for us. However, there are still some inherent risks in passing information and transacting online. You also need to take some action to protect yourself. The following information is designed to help you do this.
1. Internet security threats
2. OnePath's standard practices
3. Verifying websites
4. Protecting yourself
5. Contact information
Internet security threats
Phishing refers to the online fraud technique of sending official-looking email messages with return addresses, links and branding, all of which appear to have come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website where account holders are misled into entering their customer names and security details on the pretence that these security details must be updated or changed. Once this information is given, it can then be used on legitimate sites to take your money.
It is important that you are suspicious of any emails asking for your account information and think very carefully before meeting such requests; see more on OnePath's standard email practices below.
Imitation of OnePath websites
OnePath monitors the internet to find imitation websites, which is often the first step made by phishers. We then work with the appropriate authorities to have these websites closed down as quickly as possible.
Advanced fee fraud
You may already have heard of ‘advanced fee fraud’, where emails offering large sums of money are sent to thousands of email addresses, with a modest ‘fee’ required in order to cover legal fees, open an account or pay customs charges. Sometimes the money offered is as a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it. They promise a percentage of the money in return for your help. In both cases, various fees have to be paid.
Do not respond to these emails
. They are a fraudulent and you will not receive any of the promised money.
Spyware and adware
- Spyware is a type of software that covertly collects user information while connected to the Internet.
- Adware is a type of spyware used by marketers to track a user’s internet habits and interests for the purpose of customising future advertising material. Adware can monitor information such as sites visited, articles read, types of pop-ups and banners the user clicks on. The information is then used to customise future advertisements directed to the user, or it can be sold to a third party for the same purpose.
Viruses and worms
- A virus is a software program that is able to replicate itself when a set of conditions have been satisfied. These conditions usually involve human interaction. Once activated, a virus can be very destructive, including overwriting the files of a local hard disk.
- A worm is a self-replicating software program that attempts to spread to other computers. As with a virus, a worm can be very destructive.
Trojans (or Trojan horses)
Trojans are software programs that disguise themselves as an application on an individual’s computer. This type of program does not replicate itself like a virus or worm, but it can be just as harmful. For example, one known Trojan horse promotes the idea it will attempt to remove viruses from a computer. However, instead of removing them, it infects the computer further.
OnePath’s standard practices
OnePath may on occasion communicate with clients by email to the email address last notified to it. So how can you tell if an email is genuinely from us or if it is fraudulent?
- OnePath will address you by name or policy number in any emails.
- OnePath will not embed hyperlinks in emails that take you to sites where you must enter your security information.
- OnePath will never ask for you to confirm your details by email.
- If you have any doubts about any email that is apparently from OnePath, please contact OnePath.
The following are steps you can take to make sure the site you are entering really belongs to OnePath, and is a secure site.
Check that the website is secure
The URL (address) will begin with https://
If https, the secure lock icon, a small padlock, will appear on the lower bar of the browser.
Click on the padlock icon to see the details of the security certificate. The certificate shows who owns the site; it should be OnePath. Check that the details and validity are correct.
We work with well-known certification authorities such as Verisign, GlobalSign and Thawte.
If you have any doubts about a website, please contact OnePath
Take care of your personal information
Your account numbers, customer number, PIN, memorable date and customer identification number are the ‘keys’ to your account. Never write them down, give them to anyone else or include them in an email. Remember that protecting your customer number, PIN and security details is your responsibility.
Take care of your computer
- Update your computer by installing the latest software and patches to prevent hackers or viruses exploiting any known weaknesses in your computer.
- Install and update virus protection to protect against viruses corrupting your computer and to prevent hackers installing Trojan viruses on your computer.
- Install and update anti-spyware tools.
- Install and update personal firewalls.
- Only use programs from a known trusted supplier.
- Be wary of banners, ads and pop-ups while on the Internet. Do not click on them, no matter how enticing they may appear.
- Review terms and conditions when you install free programs or subscribe to services from the Internet.
Beware of spam emails
- Use a spam filter to avoid even seeing these messages.
- Never respond to a spam message; your email address is then recorded as 'live' and the spamming will increase.
- Should you read a spam message, remember – if it sounds too good to be true, it probably is!
The Anti-Phishing Working Group
provides statistics on phishing attacks and advice for individuals and companies.
For more information, please contact OnePath