Christie McQuade knows all too well what can happen when database security is breached — both here and overseas.

Christie McQuade knows all too well what can happen when database security is breached — both here and overseas.

Not long ago, the Ashland resident got a call from her bank asking whether she had used her debit card in Beverly Hills. Thanks to quick action by her bank, the matter was resolved and her money was back in her account by day's end. Her daughter encountered similar issues recently while in Afghanistan that remain unresolved.

McQuade and her husband were eager listeners Tuesday when retired FBI special agent Jeff Lanza spelled out ways business owners and individuals can protect themselves from cyber fraud and prevent their accounts from takeovers. The session, sponsored by US Bank, also delved into ways businesses can prevent embezzlement.

Malicious software downloaded onto laptops or home PCs can unleash a pop-up page that looks authentic, asking for vital information. "Banks don't have pop-ups that are generated secretly on your computer that you don't know about," Lanza said. "So always keep your security software updated on a regular basis. Even Macs can be infected now. Technology doesn't make us safe."

While familiar faces and names often are involved in cyber crime, Lanza said there is a loosely knit organization of criminals out there "trying to get our information and ultimately our money."

Criminals using malware, spoofed emails and other tools to penetrate computers and databases to steal passwords and pin numbers have struck for millions of dollars. "We have to do two things to mitigate this," Lanza said. "Because it seems like the bad guys are always one step ahead. We have to change our technology and also change our behavior."

Lanza said identity theft can go on for years — more than two decades in the case of escaped felon Willis Taylor III. Taylor took on the identity of Albuquerque, N.M., nurse Kevin Michael Morrisroe, who discovered the problem 21 years later when the IRS queried him about unreported income in Topeka, Kan. "Most people don't steal information to get jobs, they steal information to get money," he said. "Identity theft isn't when they steal your credit card, it's when they open accounts using your name."

Threats come from many directions, from physical force to altered or phony ATM machines to malicious viruses embedded in emails or social media.

He warned of fake notification emails that look legitimate but often have telltale flaws. The IRS or out-of-state law enforcement agencies won't email you, Lanza said — they don't have your email address.

Don't follow links to log in from suspicious emails; instead go directly to the site, he advised.

Then there are suspicious posts and wall messages that appear to come from a friend asking you to click on a link to check out a new photo or video that doesn't exist. The link typically will put a virus on your computer to steal your passwords.

When online, be wary of strangers and remain cautious about dispensing information. Lanza said to use privacy settings so personal information won't be exposed to the wrong eyes. Passwords with varying cases and non-numeric characters will do a better job of fending off programs attempting to hack accounts than simple ones. He suggested using one set of passwords for social-media sites and another for financial sites.

Hackers connecting user names and passwords from a restaurant struck it rich, he said, emptying financial accounts that used the same combination.

Lanza advised businesses to use a computer for their financial dealings that is not networked with the rest of the firm's system.

Records should be protected by layers of security, and all layers, including outer building, inner office and record-storage areas, should be secured from unauthorized entry. Digital media should be protected with the same safeguards as physical records.

During his years with the FBI, Lanza noted, police and the FBI were often reluctant to pursue cyber crimes unless they were part of a huge operation. "The victims had no recourse," he said.

By speaking at 100 gatherings each year, he's warned potential victims how to protect themselves against the growing risk. While they still are potential targets, he said, "they are a little safer."

Reach reporter Greg Stiles at 541-776-4463 or email business@mailtribune.com.