Personal Security

Protect Your Account

• Use ctrl-alt-del when leaving desk to lock computer
• Do not stay logged in when you are done using Accurint. Be sure to log out.
• Keep your Operating System patches up-to-date (i.e. Windows)
• Install and maintain anti-virus software, firewalls, and email filters; Ensure your security/IT department runs regular Virus & Malware scans on your desktop
• Do not install any programs from the Internet if you do not 100% trust the source i.e. company providing the software

---

Protect Your Credentials

Ultimately, you are responsible for securing data and the applications you access on the computer you use. The use of strong passwords acts as a deterrent against password guessing. The security of each individual user is closely related to the security of the whole system. Creating effective passwords can provide additional means of protecting the information on your computer.

• Never use any easy-to-guess phrases, such as “LetMeIn” or “MyPassword” as your password.
• Avoid using your birth date, your child’s name, your pet’s name, and your spouse’s name.
• Don’t select a password that a hacker could guess simply by looking around your cubicle or office.
• Dictionary-proof it: Hackers run “dictionary hacks” in which they check passwords against every word in the dictionary. Defeat this attack by using a number or a special character in your password.
• Safeguard your User Name and Password. Try to memorize your password so that you do not have to write it down. If must you write down your User Name and Password,  then store them in a locked location.
• Change your password often especially if you feel someone has seen you type your password or you have mistakenly given it to someone.
• Never give out a password over the phone or send it via email.

Tips for creating strong passwords

• Use a combination of numbers, letters and special characters.
• Longer passwords are stronger and more secure.

---

Security tips

What Are Fraudsters and Hackers?

Fraudsters and hackers are constantly thinking of new ways to obtain information and enter a system. Below are some tactics that fraudsters and hackers may use:

• They might call the authorized employee with some kind of urgent problem; as frausters and hackers often rely on the natural helpfulness of people as well as on their weaknesses. Appealing to you vanity, authority, and old-fashioned eavesdropping are typical fraudster and hacker techniques.
• Fraudsters and hackers may rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.
• Fraudsters and hackers will search dumpsters for valuable information. This activity is known as dumpster diving. Make sure that you and your company take appropriate steps to protect confidential and sensitive information.
• Fraudsters and hackers will also memorize access codes by looking over someone's shoulder. This is known as "shoulder surfing". Make sure when entering private codes, whether at your computer or withdrawing money from an ATM that you do not have a shoulder surfer behind you.
• Fraudsters and hackers also take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.

Security experts propose that as our culture becomes more dependent on information, fraudsters and hackers will remain the greatest threat to any security system.

Prevention of fraudsters and hackers includes educating people about the value of information, training them to protect it, and increasing peoples awareness of how fraudsters and hackers operate.

---

How to Spot Fake Emails

• Language and tone. The message you receive may urge you to act quickly by suggesting that your account is threatened or will expire soon. It may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. The wording may also be sloppy and contain misspellings and / or grammatical errors.
• Requests for personal information.  Scam e-mails typically ask for personal or account information such as:
• Account numbers and passwords
• Credit and check card numbers
• Social Security numbers
• Online banking user IDs and passwords
• Mother's maiden name
• Date of birth
• Other confidential information
• E-mailed instructions to download software.  All your online Accurint business web access should be done through our secure Web site, and we will not send you e-mail instructions to download any software to your computer. Do not install software downloads directly from e-mail messages, or from companies or Web sites you do not recognize. When in doubt, contact the company directly.
• Non-secure Web pages. Clever thieves can build a fake Web site that looks nearly identical to an authentic one. They can even alter the URL (the Web address) that appears in your browser window address field on the top. Watch out for non-secure Web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window).

To decrease the risk of being a phishing victim, follow the safety tips below:

• Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate business should not request personal information from you over an unsecured Web site. When in doubt, call the business' customer service number (available on your account statement) to confirm the status of your account. Do not use telephone numbers found on the suspected Web site or email.
• Be cautious of downloads. Installing unknown software on your computer can put your personal information at risk and potentially harm your computer's hard drive. Make sure the software comes from a legitimate Web site, not an e-mail message. If you are not sure whether you should download a program, contact a customer service representative for more information.
• Always type in the URL of the Web page you need. Phishing scams rely on embedded links that take you to fake Web sites. It is safer to type your intended Web address directly into your browser so you know you are visiting the legitimate site.
• Protect your password. Do not write down sensitive personal information such as your login ID, password or Social Security number.
• Keep your computer up-to-date. Industry best practices recommend that you install anti-virus and firewall programs to help keep your computer safe and that you keep updated with the latest Security improvements of your software providers.

Best Practices:

• Never click on links within emails.
• Delete suspicious emails.
• Pay close attention to the URL of a website.
• Never reveal personal or financial information in an email and do not respond to email solicitations for this information.
• Verify email requests for information by contacting the company directly – using contact information from a reliable source.

---

How to Spot Fake Websites

• Pay close attention to the URL of a website.
• When accessing Accurint.com verify the correct URL as http://www.accurint.com
• Always begin the login process by going to http://www.accurint.com
• Make sure the “Account Login” button redirects you to https://secure.accurint.com/app/bps/main but NEVER login by going directly to this page.
• Never send sensitive information over the Internet before checking a website's security
• Verify a website by clicking on the padlock icon at the end of the address bar within your browser window.

---

How to Secure Your Computer

• Implement and maintain anti-virus, anti-malware software and firewalls.  Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable.  Check your anti-virus software and your firewall regularly to update the programs definitions.
• Regularly scan your computers for spyware.  Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data.
• Keep Software up to date.  Hackers will attack known problems or vulnerabilities.  Protect your computer by regularly checking for updates and installing your operating systems automatic updates.
• Create separate user accounts.  The more people that have access to your files the greater the risk that someone else may accidentally access, modify, and/or delete your files.  The best way to protect your data is to have your access and account separate from other users.  Only one (1) account person.
• Follow corporate policies and contractual obligations for handling and storing work-related information. If you use your computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information.  Our policies have been created and are frequently updated to protect proprietary information and customer data.

• Dispose of sensitive information properly.  Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files.

---

Understanding Malware

Malware

Malware is any software program developed for the purpose of causing harm to a computer system, similar to a virus or trojan horse.

Malware can be classified based on how it is executed, how it spreads, and/or what it does. The classification is not STRICTLY DEFINED SINCE groups often overlap and the difference is not always obvious. It is very common for people to use the words adware, spyware, and malware interchangeably. To help protect your systems from Malware it's critical that you install and use anti-virus programs. Most products that call themselves spyware or adware removers will actually remove all types of malware.

Here are a few types of Malware:

Keylogger
A keylogger is software that copies a computer user's keystrokes to a file, which it may send to a hacker at a later time. Often the keylogger will only "awaken" when a computer user connects to a secure website, such as a bank. It then logs the keystrokes, which may include account numbers, PIN numbers and passwords, BEFORE they are encrypted by the secure website.

Spyware
Spyware is a piece of software that collects and sends information (such as browsing patterns in the more benign cases or credit card numbers in more malignant cases) about users or, more precisely, the results of their computer activity, typically without explicit notification. They usually work and spread like Trojan horses. The category of spyware is sometimes taken to include adware of the less-forthcoming sort.

Adware
Adware is the class of programs that place advertisements on your screen. These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, advertisements placed on top of ads in web sites, or any other way the authors can think of showing you an ad. The pop-ups generally will not be stopped by pop-up stoppers, and often are not dependent on your having Internet Explorer open. They may show up when you are playing a game, writing a document, listening to music, or anything else. Should you be surfing, the advertisements will often be related to the web page you are viewing.

Hijackers
Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Toolbars
Toolbars plug into Internet Explorer and provide additional functionality such as search forms or pop-up blockers. The Google and Yahoo! toolbars are probably the most common legitimate examples, and malware toolbars often attempt to emulate their functionality and look. Malware toolbars almost always include characteristics of the other malware categories, which is usually what gets it classified as malware. Any toolbar that is installed through underhanded means falls into the category of malware.

Dialers
Dialers are programs that set up your modem connection to connect to a 1-900 number. This provides the number's owner with revenue while leaving you with a large phone bill. There are some legitimate uses for dialers, such as for people who do not have access to credit cards. Most dialers, however, are installed quietly and attempt to do their dirty work without being detected.

---

Reporting Security Problems

Report Account Theft

As an Accurint user, if you ever think or even suspect that your account has been used for unauthorized usage, you should change your password immediately and call our Product Support Department at 1.866.277.8407.  Our security team will refer the matter to the Investigations team.

---

Report Fake (Phishing) Emails

Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users “click and follow a link” to the false website and respond with the requested information, attackers can use it to gain access to the accounts.

As an Accurint user, if you ever think or even suspect you have become the victim of a phishing attack change your password immediately and email or call our Product Support Department at 1.866.277.8407. Our security team will refer the matter to the Investigations team.

---

Two (2) Factor Authentication (2FA)

What Is It?

Two-factor authentication is a system where two different methods are used to authenticate a user.  The two components of the two-factor authentication system are a combination of “something you know” and “something you have.”  In two factor authentication, your password provides the “something you know” component.  The “something you have” component is commonly provided by a security token.

Accurint has developed a two factor system to use along with its services.  A token can be assigned to be used in your Accurint login process to protect your user information and provide a more secure Accurint work environment.   The security token is a small handheld device that generates and displays a one time passcode (OTP). Users simply push a button on the token to display a passcode. This passcode is used along with other identifiers to login to Accurint. This serves as a secondary level of security.

Security tokens aid in fighting online fraud. Assigned tokens can only be used in conjunction with a specific user ID and password. The token provides another means of authenticating a user’s identity and protecting the user’s account.

---

How Do I Get It?

Tokens can be obtained by contacting your Accurint Company Administrator.  Company Administrators can contact their Account Manager to begin the token fulfillment process.

 

 

---

How Much Does It Cost?

System Administrators should contact their LexisNexis Account Manager for specific information on availability and pricing of security tokens.  Pricing is dependent upon the number of tokens needed and an annual usage fee.

 

 

---

FAQ's

1. What is a security token?
   A security token is a small handheld device that generates and displays a one time passcode (OTP).  Users simply push a button on the token to display a passcode.  This passcode is used along with other identifiers to login to Accurint.  This serves as a secondary level of security.
   
   
2. Why is extra security necessary?
   Security tokens aid in fighting online fraud.  Assigned tokens can only be used in conjunction with a specific user ID and password.  The token provides another means of authenticating a user.s identity, thus adding another layer of security.
   
   
3. Where do I obtain a token?
   Tokens can be obtained by contacting your Internal Accurint Administrator.
   
   
4. How should I store my security token?
   Tokens should be securely stored.  To protect your account, you should not leave your security token unattended.
   
   
5. How does LexisNexis differentiate my token from others?  They all look identical.
   All tokens issued by LexisNexis are labeled with a unique and secure serial identification number.  Therefore every token is different despite the fact they may look alike.
   
   
6. Why is the passcode on the screen unchanged, even after I have pressed the button twice?
   The passcode on the token is expected to expire and disappear every 30 seconds.  Should you encounter any problems with the passcode remaining for more than 30 seconds, please contact your Internal Accurint Administrator.
   
   
7. What happens if I enter the wrong password compared to the one displayed on the token?
   If you enter the incorrect passcode, you will not be able to proceed.  The system will prompt you to re-enter your security token passcode.  However, you will not be able to log in should you exceed the three time maximum.
   
   
8. What will happen if I push the button on the token too many times?
   Pushing the button on the token too many times will result in the token becoming out of sync with the system and the token will not be able to be used to login to Accurint.  If this occurs, please contact your Internal Accurint Administrator.
   
   
9. Can I login to Accurint if I do not have my security token?
   You will still be able to login to your Accurint account, however your account will be limited and certain information will be unavailable.
   
   
10. I have lost the security token; will someone else be able to access my accounts if they find my token?
    Your Accurint security token is an added security feature.  Please note that to access your Accurint account online, the person will need to also have your other personal identifiers.
    
    
11. What happens if I mix my security token up with someone else?
    Your Internal Accurint Administrator has your token serial number on file and will be able to help you in this situation.
    
    
12. How do I turn my security token off?
    The Accurint security token will automatically turn itself off after 30 seconds.  You will know your token is off when nothing is displayed on the token screen.  You do not need to push the button on the display to turn the token off.
    
    
13. Will my token work if I log in while traveling?  From a different IP address?
    Your security token will work if you are traveling and should be used for these types of circumstances as a way to make your account information more secure.

---

Upgrade Your Browser

Why Update My Browser?

Updating your web browser will ensure you are provided with a safer browser.  Updated web browsers, unlike older versions make it easier to spot fake webpages.  Updated Browsers have developed several features which assist a user in protecting their computer.

For example, newer versions of Internet Explorer have a color coded the address bar to alert users on the authentication of a website, as well as anti-phishing filters that should be enabled.  Newer versions of Firefox have protection against websites that are a suspected forgery by actively checking whether the site you are visiting may be an attempt to mislead you into providing personal information. This is often referred to as phishing.

Checking to see what version of a web browser you are currently using is fairly simple.  Open the browser program, go to the toolbar up top, click on "Help," and then click on "About.”

---

Upgrade Internet Explorer

Click here to upgrade

---

Upgrade Firefox

Click here to upgrade

Copyright © LexisNexis Risk Solutions.  Terms & Conditions  |  Privacy Policy  |  Report Security Issues