Account AccessGet Started
Global Wealth Advisors > What > Resources > What You Need to Know About Cybersecurity

What You Need to Know About Cybersecurity

Cybersecurity threats are all around us though we may not be paying attention to them. This free guide can help you learn how to protect yourself from the latest scams

What you need to know about cybersecurity photo of hacker in hoodie in front of computer.

Fraudsters are crafting even more creative ways to scam people out of money. Because of this, we created this guide to help you reduce your risk of being duped and to help you keep your personal information safe.

REMEMBER: You’re not too old or too young to be scammed by criminals, and you shouldn’t be ashamed if it happens. Always let your financial advisor know if you’ve been scammed, as soon as you can. They can help you make changes to your financial accounts and potentially unravel or mitigate further damage.

Real-Life Staff Examples

Here are a few recent examples that happened to GWA staff and their families:

Bank Text. A staff member received a text from what looked like her credit union asking to confirm a payment from her account. While it looked completely legitimate, she does not use that account and knew there would be no activity needing approval.

Employer Email. A staff member’s young son works for a local city. He received an email that looked like it came from the human resources department stating that they changed their payroll system. It provided a link asking him to upload his bank account and routing number so his paycheck would not be delayed. He asked his boss about the email.

Legitimate Business activity. Another staff member paid a tollway bill online with a credit card and then later received an email asking to verify ACH bank details. Except she remembered that it was paid by credit card.

Impersonation. One staff member received a text from an unknown phone number claiming to be another staff member. The sender asked her to run down to the nearest drugstore (likely to buy gift cards and provide the numbers).

Password Update. Another staff member received a message from what looked like LinkedIn, providing a link to update her password.

Had any of these staff members been too busy to pay close attention, they could easily have clicked on links that downloaded viruses or revealed their personal details to these scammers.

Here’s What You Need to Know

Two-Factor Authentication. Where possible, set up two-factor authentication (2FA) to require a second identification method for you to log in to your account such as login codes, tokens, and fingerprints or other biometrics.

Authenticators Apps. Google, Microsoft, and other authenticators allow you to use the app to access passcodes for participating websites. They keep the codes in one place and even work when you’re offline. Note that if you buy or upgrade to a new device, you will have to set it up again to “remember” the new device.

Artificial Intelligence. You may wish to set up fingerprint and facial or eye scan technology on your devices. There is also work being done with behavioral biometrics. These systems can measure the rate at which you input data using your keyboard, eye-hand coordination, voice, and even the pressure with which you type or tap.

Keep Software Updated. Even if you use two-factor and authenticators, when you use an outside source for a code, you can open yourself up for hackers to take advantage of backdoor vulnerabilities. Therefore, you must keep your device software updated and maintain current antivirus and antimalware programs on all your devices.

Stop Creating Spam for Yourself. You may unwittingly create even more spam for yourself and increase your risk of falling prey to scams. Never respond to a spam email and think twice before unsubscribing and letting the spammer know they reached an active account. If you do not know the sender or do business with them, delete the email. Reducing the amount of spam and junk emails that you receive will help you sort through emails faster.

Stop Recycling Passwords. With password apps, you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access your app and all your passwords.

Watch for Social Engineering

A successful “hook” uses social engineering in the form of headlines designed to lure you into taking some sort of action. Cybercriminals often send emails with heartfelt requests, shocking headlines, or legitimate-looking offers. If you click, you may be sent to web pages that install malicious software on your device.

Here are several types of social engineering scams:

Phishing and Spear Phishing. As we saw in the real-life examples earlier in this guide, familiarity and lack of attention can be catastrophic. To protect yourself, question the legitimacy of every email you receive, to help you avoid unwittingly giving up private information.

To protect yourself from phishing and spear phishing:

  • Be wary of emails that look like they came from your bank or credit card company that ask for personal information. Or watch for those that may send you to sites requesting personal information. Verify requests by calling the number on the back of your bank card.
  • If you receive an urgent email from a friend or co-worker that asks for money or a bank transfer, or an email that seems out of place, call them to verify if they sent it.
  • Pay attention to the “from” in emails and hover over any links to see the address they send you to in your computer’s notification area to spot phishing.
  • For charitable donations, you can make those directly on the company’s website instead of through an email request.

Ransomware. This is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails that are “booby-trapped” with attachments they open, or they click malicious links while browsing.

The three types of ransomware are scareware, screen locks, and encrypting ransomware:

Scareware. This usually takes the form of pop-ups that claim your computer is infected and you must purchase the hacker’s software to remove it. Your files are usually safe, but if you back out or pay, you’ll continue to get the annoying pop-ups.

Lock-screen ransomware. This will lock you out of your computer, often with an official-looking seal that says illegal activity has been detected and you must pay a fine.

Encrypted ransomware. This means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. Still, there is no guarantee the files will be returned to you if you decide to pay.

To protect yourself from ransomware:

  • Never pay a ransom to get your data back. You may be able to use other alternatives to get some of it, but you may never get it all
  • Routinely create secure backups to external drives that remain unplugged when not in use, so they do not become infected.
  • You can also backup to cloud storage that includes highly-encrypted, multi-factor authentication. Learn if cloud-based services can be trusted
  • Use multi-factor authentication whenever possible, including any cloud storage
  • Avoid clicking links, photos, or videos from strangers or even those known to you that look suspicious. Contact the sender to verify if they sent you something and what it is before you open anything.

Pharming. This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, social security numbers, and account numbers. This can occur when you inadvertently click a link that installs a virus on your computer that changes the addresses of sites you wish to visit.

To protect yourself from pharming:

  • Install anti-virus and anti-malware software and keep it updated
  • Use smart computer practices like avoiding clicking on websites or emails that look suspicious
  • Watch for addresses in the address bar that don’t look right
  • Be wary of sites that ask for personal information that normally do not
  • Get in the practice of looking for a lock on the address bar that indicates the website has special security encryption before you share information on the page
  • Click on the security lock in the address bar to make sure the website has an up-to-date, trusted certificate

Botnets. Like pharming, botnets can use your computer to create a network by sending you messages that are generally out of character. They often arrive by way of a strange email or private message from a friend suggesting you look at a link, picture, or video.

Botnets are large, zombie networks that link together thousands or even millions of affected computers to stage either a spam attack or Distributed Denial of Service (DDoS) attack. A DDoS usually overloads a website with requests, causing malfunctions and even taking down websites.

To protect yourself from botnets:

  • Never click links, pictures, or videos in emails or private messages sent by a friend or connection that seems out of character.
  • Ask your contact if they sent you something and what it is before you consider opening it.

Mobile Scams

Smishing. Similar to phishing emails that try to trick you into entering personal information or login credentials, short message service (SMS) phishing performs much the same function but uses messaging and texting instead.

Over 90 percent of attacks start with smishing, a technique where cybercriminals send text or private messages that dupe people into revealing personal information or login details, or that provide links they click which send their device malicious packets.

Mobile Ransomware. Ransomware threats are now focusing on mobile phones. The cybercriminal steals the data first, locks the victim out of their data, and then sends a note telling them to pay.

Sextortion. Cybercriminals may even threaten to shame the victim on the internet with their personal data. Frequently, these criminals gain access to explicit photos or messages and engage in “sextortion” to extort money from those who wish to protect their reputations.

Public Wi-Fi. Public hotspots are not the place to open new accounts or access your bank or investment accounts. Some of the sites you reach may be spoofed, leaving you open to sharing your personal details.

Protect yourself from mobile scams:

  • As with your desktop, you should add a virus protection app to your mobile devices. Your mobile provider may offer free apps and there are other free apps such as Malwarebytes
  • Never click on anything you are unsure about
  • Never assume privacy when using public hotspots

The Latest Scams

Fake Search Results Online. While they do their best to avoid it, online search engine results such as those from Google, Bing, and others may have fake websites included at the top of search results, including paid ads.

Membership Scams for Prime and Other Services. Calls, texts, and emails asking you to confirm or cancel the membership charge or asking for bank account information to reinstate your account.

Account Suspension/Deletion Scams. Fraudsters send a message, text, or email asking you to click on a link to verify your account or reinstate it. Also, watch out for phone calls offering discounts for immediate payment of a bill. Threats that a service will be turned off without payment (most companies will send you multiple notices by mail).

Digital Money Movement. Criminals impersonate well-known companies, financial institutions, and even government agencies requesting payment by wire transfer or through Zelle® or other payment platforms.

Facebook Market Place and Other Sales Sites. Watch for scammers that require you to provide your email address to make or receive payment using a Zelle® “business” account to which they send an email with links that ask you to sign in and “verify” your payment account.

Protect Yourself

Think Before You Part With Your Money. Never send  money to:

  • Anyone claiming your account is compromised
  • Asking you to send money to yourself
  • Claiming to be from a government agency
  • Any stranger, regardless of any reason they give
  • Telemarketers selling you something
  • Unauthorized, unverified crypto sites or salespeople

Simple Safety Reminders. These additional practices can help reduce your chances of becoming a victim.

  • Never allow remote access to your computer if you have not initiated contact with a company you know through a verified phone number or website
  • Never click on anything that looks suspicious or too good to be true
  • Review URLs and search results online to verify if you have the right business before clicking on it
  • If you receive a suspicious call, email, or text, do not disclose your personal information until you verify it is a legitimate source by contacting the company directly. Most entities from banks to the IRS will never contact you through an email that asks for private details or to verify your password
  • Set up Two-factor authentication with services you use online
  • Protect your login IDs, passwords, and PIN numbers, and ensure they are not easily guessable
  • Protect your bank cards and avoid storing them online
  • Keep your computer system software and browsers updated. These updates offer the latest security updates and fix flaws in previous versions. The WannaCry attack in 2017 was successful because it exploited many users who did not apply the Microsoft updates to their computer
  • Keep your anti-virus and anti-malware software up to date
  • Cut down on the amount of spam you sort through daily with two email accounts. Use one for personal emails only, and one for public use like signing up for new accounts, mail lists, and public forums
  • Protect yourself from card scanners. Use RFID protectors for tap and pay bank cards with the contactless symbol
  • Watch your mailbox for scams that warn your warranty is out, insurance offers, request payment for a service you do not use, and include check-like documents offering loans. Take care to verify that any bills and statements are from companies you currently do business with before you pay them

What Should You?

These tips are from a former FBI agent:

  • Don’t falsely believe that if they don’t do much online, a hacker or spoofer isn’t going to be interested in their data
  • Take extra care when traveling with tech
  • Have a data breach plan in place
  • Be cautious about what you visit, read, or receive. The internet is untrustworthy, and we must test and validate everything we do while online
  • If you become a victim of ransomware, visit a trusted local IT company that can reload your computer from scratch and pull your data from backups
  • The FBI keeps a database of cybersecurity crimes and would like you to report if you become a victim of cybercrime to their Internet Crime Complaint Center at ic3.gov
  • Finally, if you receive an email or text message that threatens your life, call 1-800-CALLFBI immediately so that the FBI can deal with that real-time

This material on cybersecurity has been provided for general informational purposes only and does not constitute either tax or legal advice. Although we go to great lengths to make sure our information is accurate and useful, we recommend you consult a tax preparer, professional tax advisor, or lawyer.

We are always happy to answer any questions you may have when it comes to preventing online threats.  You can reach us at one of our convenient offices listed on the Contact Us page.

We all know there is a lot of misinformation on the web. That’s why, as part of our GWA Gives© program, we are dedicated to helping others find sound advice. We believe in sharing free material so people have a trusted source to rely upon.

This material has been provided for general informational purposes only and does not constitute either tax or legal advice. Although we go to great lengths to make sure our information is accurate and useful, we recommend you consult a tax preparer, professional tax advisor, or lawyer.

Learn about our 3P Approach© to financial planning

Read More