Cybercriminals are becoming increasingly skilled and sophisticated at using technology to steal money and personal identities. While most people recognize that online fraud, or cybercrime, is a potential threat, few know how or why they may be at risk. Fortunately, there are some practical things we can do to make ourselves a harder target against these online adversaries.
Cybercriminals attempt to gain access to financial accounts in several ways, but the first step is trying to get the username and password to your account. To do this, they target the devices we use and attempt to add malicious software, or malware. Once the malware is on the device, it will capture the username and password that was used to log into the account. How does the malware get on your device in the first place? Oftentimes, it is through a phishing email that appears to be from a trusted source and gets you to click on a link or open an attachment that installs the malware. Another method is by compromising websites and getting you to click on advertisements that are infected with malware.
Increasingly, criminals will go after specific victims by identifying a worthwhile target. “Whaling” is a highly personalized form of phishing that targets high-net-worth individuals by sending emails that appear to be from a friend, financial institution, or any organization that you are involved with. The email will contain very specific information about you or your family which may have been obtained from social media, obituaries, corporate biographies, charity donor lists, and other sources. They may also have access to sensitive information that was obtained through data breaches, including dates of birth and social security numbers.
In order to make yourself a difficult target and to protect your wealth and identity, consider taking these steps in the following key areas of personal security:
- Use two-factor authentication whenever possible for extra protection on logins and sensitive transactions. This protects your identity by getting a one-time security code via text or automated call to verify it is you.
- Consider using a dedicated device for financial transactions and accounts you really care about. This device should not be used for email or surfing the web which will keep the device free from malware.
- Always access accounts via a secure network. The convenience of public Wi-Fi is more than offset by the exposure of your login credentials to potential thieves that hijack the network. In other words, resist the urge to hop on a public Wi-Fi network.
- Do not answer texts or calls from any caller not in your contacts; if it is important enough, they will leave a voicemail.
- Never give login information or two-factor authentication codes to any caller. Reputable businesses will never ask you for this information.
- Block spam callers and do not call or text back anyone from an unknown source – if you need to check on any personal or account information, do so through the secure, trusted website.
- Avoid acting directly from emails, text or calls from anyone claiming to be someone they are not (like your bank or the IRS). While your first instinct might be to panic and act, instead, take a moment to pause and think, and if need be, again check any personal or account information through the company’s secure, trusted website.
- Be wary of unsolicited emails, especially those with a link to a website or those which include attachments.
- Install industry-standard systems and software, keep them up to date, and use antivirus software and antispyware.
- Do not open attachments in emails unless you know who sent it and what the attachment is.
- Ensure you are running the latest operating system on your personally owned devices.
- Firewall, virus/malware protection, file encryption, and identity theft monitoring tools can all assist in checking for fraudulent use of your devices.
- Do not help identity thieves pose as you by oversharing personal information on social media (i.e., address, new purchases like a car or home, etc.).
- Help protect yourself by limiting disclosure of unnecessary details, enable security features on social media sites, and ensure family consistency in limiting online information. Consider how much of your private information is public on sites such as Facebook, LinkedIn, Twitter, Instagram, ancestry/genealogy sites, corporate websites, affiliations with boards and charities, and public property records.
- When traveling, it is a good idea to not broadcast travel plans on social media and be aware of posting photos tagged with locations until after your return.
Home Safety and Security:
- Consider hiring a professional consultant to conduct an “all hazards” risk assessment on your home.
- It is important to have some level of emergency preparedness. Do you and your family know what to do in an emergency? Do you have supplies in the event of a crisis?
- Organize personal files and properly store them.
- Invest the effort to properly screen individuals with access to your home, regardless of if you think they would abuse the trust or not.
- Ask individuals with access to consent to a background check. Online searches can also help you conduct basic research and may highlight obvious issues.
- Be sure to research your destination and be aware of common risks and security issues. For international travel, the U.S. State Department website provides up-to-date country information and travel advice.
- Know where to go in the event of a medical problem and consider purchasing travel medical insurance.
- One of the fastest growing areas of fraud is the financial exploitation of our senior population. While criminals take advantage of the elderly, often, it is caretakers and extended family that take advantage of the elderly. The best way to protect against this is to:
- Select a trusted person to have transparency into the elderly person’s financial accounts and monitor activity on a regular basis.
- Set up automatic alerts with financial institutions that trigger when significant transactions are requested.
- If you find yourself exposed or victim of a cyberattack, consider a security freeze at all three credit bureaus – Equifax, TransUnion, and Experian. This will help keep unwanted new accounts from being opened in your name. You can unfreeze your credit as needed to open legitimate accounts.
- Use strong, unique passwords, never use the same password for multiple financial relationships, and change passwords frequently.
- Only engage with encrypted and secure websites – look for addresses starting with “https.”
- Keep old tax returns and related records under lock and key, or encrypted if electronic.
- Review your Social Security Administration records annually.
- Shred documents before tossing them.
- Teach children to recognize and report suspicious email messages and html links to an adult (the FBI offers a free education program for children that teaches cyber safety).
- Consider covering device cameras when they are not in use for school or work.
Protecting yourself from online criminals may seem overwhelming, but these are small, actionable steps that you can take to keep your information protected. Stay alert, remain diligent, and pause before reacting. If you have a suspicious or bad feeling about a particular email, text or phone call, it never hurts to double check that the request is legitimate. This is true all the time, but especially so during tax season. It is always better to be safe than sorry.
Important Disclosure: This content is for informational purposes only. Opinions expressed herein are subject to change without notice. Beacon Pointe has exercised all reasonable professional care in preparing this information. Some information may have been obtained from third-party sources we believe to be reliable; however, Beacon Pointe has not independently verified, or attested to, the accuracy or authenticity of the information. Nothing contained herein should be construed or relied upon as investment, legal or tax advice. Only private legal counsel may recommend the application of this general information to any particular situation or prepare an instrument chosen to implement the design discussed herein. An investor should consult with their financial professional before making any investment decisions.
© Beacon Pointe Advisors. All Rights Reserved.