Cybercrime is a risk that we all face when we use the Internet. Our email, social media and financial accounts are all attractive targets for criminals. Fortunately, there are some things you can do to protect yourself. For some people, the process may seem daunting and can certainly be time consuming. It can be difficult to know where to start. In this article, we highlight the most important steps to take now.
First some background: Know the common tactics used to steal identity and login credentials.
Using malicious software that infects computers or mobile devices, criminals gather sensitive personal information such as Social Security numbers, account credentials, passwords, and more. This can be done by installing “keystroke tracking” on your computer without your knowledge.
How it works: Malware is most commonly inserted into a victim’s computer by tricking an unwary user into clicking a bogus link or opening an infected email.
In this ruse, criminals attempt to acquire your sensitive personal information via email that looks legitimate and often urgent. Phishing is one of the most common scams observed in the financial services industry.
How it works: Masquerading as an entity with which the victim may already have a financial relationship (e.g. a bank, credit card company, brokerage company, or other financial services firm), the criminals solicit sensitive personal data or encourage recipients to click on corrupted links.
Via social media and other electronic channels, or even over the phone, criminals gain the trust of victims over time, manipulating them into divulging confidential information. Criminals can gather extensive personal details from online sources, then craft customized emails from what looks like a trusted source.
How it works: Typically, these scammers leverage personal details like an address or phone number, or information about the victim’s children to gain their confidence and persuade them to share account information that helps the criminal to commit fraud. They might even persuade the victim to wire money to a bogus account.
Okay, you have my attention… Now what?
One of the most effective tools for defending against cybercrime is dual factor authentication logins. We cover this extensively in a separate article, and we recommend you use this extra layer of security wherever it is available. Also known as “multi factor authentication,” this tool requires not only a password and username to access a sensitive account, but also something that only that user can provide. This could include a code sent via text message to your phone, a physical token or a biometric identifier, such as fingerprint, voice sample or facial scan.
Here are some additional strategies for safeguarding your personal accounts and information:
When creating a password, think in terms of sentences or phrases instead of “words”. A catchy phrase is easier to remember and harder to crack. Longer is generally better – consider using a password of 12 characters or more. You might deliberately misspell a word for good measure. Ideally, use words that only make sense together to you, like JerseyBagelCloset. (As in, “When I lived in New Jersey, I ate so many bagels, I had to build a closet to hold them.”) Next, make sure that you are using different passphrases across all of your critical accounts, so that even if one site is compromised, an attacker doesn’t immediately have access to others sharing the same credentials. Use a password manager, such as LastPass or 1Password. These will help you use more complicated and random passwords without having to remember them, since they automatically log you in to sites when you use your regular device or computer. Consider changing your passwords every three months. Lastly, be sure to never share account access information with anyone – sharing could limit any legal protection you may have if you become a victim of fraud.
Review your financial information
It’s important to review your monthly statements for unusual activity in any financial account (bank, credit card, mobile phone, investment accounts) you own. Set up alerts to help you monitor low balances, unauthorized money movement, or unusual activity on your accounts.
Freeze your credit
If you uncover suspicious activity in your accounts, or if you know that your identity has been stolen, consider freezing your credit, which prevents criminals from taking out loans or credit cards in your name. Additionally, consider using a credit monitoring service that will alert you to any credit inquiries in your name.
Use a dedicated device for financial transactions
Criminals often gain access to your computer via fraudulent emails or malicious websites. Consider dedicating a separate device to be used ONLY for financial transactions – no email, no web surfing, no social media. Additionally, NEVER use public computers or pubic wi-fi to access confidential information or accounts, or to perform any financial transactions.
Don’t click on any link in any e-mail. Instead, go to your browser, and access the website directly by entering their address into the address bar. Always log off websites once you’re done using them. And avoid sharing personal information on social media (home address, phone number, birthdate, vacation dates, names of your children and pets, etc.). Use the privacy settings to keep strangers from viewing your posts and photos.
Utilize secure portals
Use our Paracle portal to send and receive documents that include confidential information. Avoid emailing any documents that contain financial or other sensitive information.
Consider cyber fraud insurance
From identity theft to phishing emails, phone scams and more, fraud and cybercrime are on the rise as criminals find new ways to exploit vulnerabilities. Due to their wealth and uniquely complex lives, high net worth individuals are at a greater risk of being targeted. Some insurance companies now offer an endorsement designed to enhance your homeowner’s policy by adding coverage for losses caused by fraud and cybercrime and providing access to resources to help you recover if you become a victim.
Here are a few steps that we at Paracle take to help ensure your security:
■ Ongoing monitoring of your accounts for money movement, unauthorized trading, new accounts, and address changes
■ Requiring two-factor authentication for employees to access client-related data
■ Utilizing email that supports encrypted viewing and transmission
■ Shredding all documents with client information
■ Deploying several layers of firewalls to protect our systems
■ Maintaining confidentiality agreements with all vendors with access to our office
■ Verifying by phone any requests to wire funds
■ Extensive staff training on protecting confidential client information and preventing fraud
The risk of cybercrime is real. But the steps we’ve outlined will go a long way toward reducing your risk. And remember that your own common sense is an important defense — many frauds require the victim to provide information or click on harmful links. Watch for scary or urgent emails or phone calls, and think before you click or reply. And if you have any questions, or you’d like to discuss your options for protecting yourself, your Paracle advisor would be happy to speak with you.