Cybersecurity threats are all around us though we may not be paying attention to them. This free guide can help you learn how to protect yourself from the latest scams
Fraudsters are crafting even more creative ways to scam people out of money. Because of this, we created this guide to help you reduce your risk of being duped and to help you keep your personal information safe.
REMEMBER: You’re not too old or too young to be scammed by criminals, and you shouldn’t be ashamed if it happens. Always let your financial advisor know if you’ve been scammed, as soon as you can. They can help you make changes to your financial accounts and potentially unravel or mitigate further damage.
Here are a few recent examples that happened to GWA staff and their families:
Bank Text. A staff member received a text from what looked like her credit union asking to confirm a payment from her account. While it looked completely legitimate, she does not use that account and knew there would be no activity needing approval.
Employer Email. A staff member’s young son works for a local city. He received an email that looked like it came from the human resources department stating that they changed their payroll system. It provided a link asking him to upload his bank account and routing number so his paycheck would not be delayed. He asked his boss about the email.
Legitimate Business activity. Another staff member paid a tollway bill online with a credit card and then later received an email asking to verify ACH bank details. Except she remembered that it was paid by credit card.
Impersonation. One staff member received a text from an unknown phone number claiming to be another staff member. The sender asked her to run down to the nearest drugstore (likely to buy gift cards and provide the numbers).
Password Update. Another staff member received a message from what looked like LinkedIn, providing a link to update her password.
Had any of these staff members been too busy to pay close attention, they could easily have clicked on links that downloaded viruses or revealed their personal details to these scammers.
No account is completely hack-proof, but applying some common sense security measures can substantially reduce the risk that your information will be compromised.
Two-Factor Authentication. Where possible, set up two-factor authentication (2FA) to require a second identification method for you to log in to your account such as login codes, tokens, and fingerprints or other biometrics.
Authenticators Apps. Google, Microsoft, and other authenticators allow you to use the app to access passcodes for participating websites. They keep the codes in one place and even work when you’re offline. Note that if you buy or upgrade to a new device, you will have to set it up again to “remember” the new device.
Artificial Intelligence. You may wish to set up fingerprint and facial or eye scan technology on your devices. There is also work being done with behavioral biometrics. These systems can measure the rate at which you input data using your keyboard, eye-hand coordination, voice, and even the pressure with which you type or tap.
Keep Software Updated. Even if you use two-factor and authenticators, when you use an outside source for a code, you can open yourself up for hackers to take advantage of backdoor vulnerabilities. Therefore, you must keep your device software updated and maintain current antivirus and antimalware programs on all your devices.
Stop Creating Spam for Yourself. You may unwittingly create even more spam for yourself and increase your risk of falling prey to scams. Never respond to a spam email and think twice before unsubscribing and letting the spammer know they reached an active account. If you do not know the sender or do business with them, delete the email. Reducing the amount of spam and junk emails that you receive will help you sort through emails faster.
Stop Recycling Passwords. With password apps, you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access your app and all your passwords.
A successful “hook” uses social engineering in the form of headlines designed to lure you into taking some sort of action. Cybercriminals often send emails with heartfelt requests, shocking headlines, or legitimate-looking offers. If you click, you may be sent to web pages that install malicious software on your device.
Here are several types of social engineering scams:
Phishing and Spear Phishing. As we saw in the real-life examples earlier in this guide, familiarity and lack of attention can be catastrophic. To protect yourself, question the legitimacy of every email you receive, to help you avoid unwittingly giving up private information.
To protect yourself from phishing and spear phishing:
Ransomware. This is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails that are “booby-trapped” with attachments they open, or they click malicious links while browsing.
The three types of ransomware are scareware, screen locks, and encrypting ransomware:
Scareware. This usually takes the form of pop-ups that claim your computer is infected and you must purchase the hacker’s software to remove it. Your files are usually safe, but if you back out or pay, you’ll continue to get the annoying pop-ups.
Lock-screen ransomware. This will lock you out of your computer, often with an official-looking seal that says illegal activity has been detected and you must pay a fine.
Encrypted ransomware. This means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. Still, there is no guarantee the files will be returned to you if you decide to pay.
To protect yourself from ransomware:
Pharming. This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, social security numbers, and account numbers. This can occur when you inadvertently click a link that installs a virus on your computer that changes the addresses of sites you wish to visit.
To protect yourself from pharming:
Botnets. Like pharming, botnets can use your computer to create a network by sending you messages that are generally out of character. They often arrive by way of a strange email or private message from a friend suggesting you look at a link, picture, or video.
Botnets are large, zombie networks that link together thousands or even millions of affected computers to stage either a spam attack or Distributed Denial of Service (DDoS) attack. A DDoS usually overloads a website with requests, causing malfunctions and even taking down websites.
To protect yourself from botnets:
Smishing. Similar to phishing emails that try to trick you into entering personal information or login credentials, short message service (SMS) phishing performs much the same function but uses messaging and texting instead.
Over 90 percent of attacks start with smishing, a technique where cybercriminals send text or private messages that dupe people into revealing personal information or login details, or that provide links they click which send their device malicious packets.
Mobile Ransomware. Ransomware threats are now focusing on mobile phones. The cybercriminal steals the data first, locks the victim out of their data, and then sends a note telling them to pay.
Sextortion. Cybercriminals may even threaten to shame the victim on the internet with their personal data. Frequently, these criminals gain access to explicit photos or messages and engage in “sextortion” to extort money from those who wish to protect their reputations.
Quishing. Scammers are taking advantage of people’s willingness to use QR codes and sending them to nefarious sites that steal your information or automatically download malicious ransomware.
Public Wi-Fi. Public hotspots are not the place to open new accounts or access your bank or investment accounts. Some of the sites you reach may be spoofed, leaving you open to sharing your personal details.
Protect yourself from mobile scams:
Fake Search Results Online. While they do their best to avoid it, online search engine results such as those from Google, Bing, and others may have fake websites included at the top of search results, including paid ads.
Membership Scams for Prime and Other Services. Calls, texts, and emails asking you to confirm or cancel the membership charge or asking for bank account information to reinstate your account.
Account Suspension/Deletion Scams. Fraudsters send a message, text, or email asking you to click on a link to verify your account or reinstate it. Also, watch out for phone calls offering discounts for immediate payment of a bill. Threats that a service will be turned off without payment (most companies will send you multiple notices by mail).
Digital Money Movement. Criminals impersonate well-known companies, financial institutions, and even government agencies requesting payment by wire transfer or through Zelle® or other payment platforms.
Facebook Market Place and Other Sales Sites. Watch for scammers that require you to provide your email address to make or receive payment using a Zelle® “business” account to which they send an email with links that ask you to sign in and “verify” your payment account.
1. Think Before You Part With Your Money. Never send money to:
2. Simple Safety Reminders. These additional practices can help reduce your chances of becoming a victim.
3. Ensure you are securing your passwords. A password manager—some well-known versions include LastPass, Dashlane, RoboForm, and 1Password—is essentially a secure online storage vault for your passwords. You’ll find both desktop and smartphone app versions available. Load them on multiple devices and your information will be synced across them.
4. Verify your cloud storage is secure. As cloud-based services become more prevalent, you might be wondering how your information is stored. If a criminal were to guess your password, he or she could potentially gain access to your information. Here are some provider security features to watch for:
5. Ensure your web browser is secure. It’s important to check your browser’s default settings which are often geared toward enhanced usability rather than information security. The following features are not considered dangerous in and of themselves, but they are commonly used by attackers as avenues of exploitation:
6. Other things you can do. These tips are from a former FBI agent:
Check out our other carefully curated articles on information security. We are always happy to answer any questions you may have when it comes to preventing online threats. You can reach us at one of our convenient offices listed on the Contact Us page.
We all know there is a lot of misinformation on the web. That’s why, as part of our GWA Gives© program, we are dedicated to helping others find sound advice. We believe in sharing free material so people have a trusted source to rely upon.
This material has been provided for general informational purposes only and does not constitute either tax or legal advice. Although we go to great lengths to make sure our information is accurate and useful, we recommend you consult a tax preparer, professional tax advisor, or lawyer.