My husband and I recently attended a Cyber Security program offered by a large investment firm. The advice they offered was timely and actionable, so I thought I would share it with you.
Today, as more and more aspects of our personal lives are conducted online, the danger of falling prey to cybercriminals and identity thieves is a particular threat. The good news? Adopting a comprehensive personal security strategy isn’t complicated. “Dark web” criminals go after the low hanging fruit – those with little protection – because “time is money.” Just setting up a few preventative safeguards will cause those criminals to go elsewhere for easier targets to scam.
Make yourself a difficult target for cybercriminals
Cybercriminals devise schemes to trick you into giving them an entryway into your digital world. They’ll try to steal log-in credentials to your financial accounts, your email, and/or your mobile phone, with the ultimate goal of moving money from your accounts to accounts they control. Taken as a group, these identity thieves are formidable adversaries: highly skilled and sophisticated, and employing time-honed techniques and technology tools to deceive you.
Cyber scam scenarios: What to watch for
Step 1: Cybercriminals will most often target your financial accounts. First, they need to capture your log-in credentials—your username and password. The cyberattack may come via any of several methods: you’ll receive an email, text, or phone call from a fraudster pretending to be a trusted source, be it a company or person. The criminal will try to get you to provide personal information or to click on a web link that will install malicious software, or malware, on your computer or other device. Constant vigilance is required.
Step 2: Account takeover
Once the scammers have stolen the log-in credentials to one of your accounts, they will move quickly to take over that account. Once in, they’ll oftentimes change the password to lock you out. And if you use the same username and password in multiple places, they will often exploit that too, and try to take over as many of your accounts as possible.
Step 3: Moving the money
Once the criminals have gained access and locked you out, they will look to move the money to a third-party account they control or attempt to open a new account in your name. Most often, they’ll first move the money to a destination or fraud account here in the United States, and then will hop the money overseas to launder the funds.
Low-pain, high-impact strategies to protect yourself from cyber fraud.
Following these four strategies will make you a difficult target and protect you from the vast
majority of cyber scams:
Strategy 1: Protect your financial accounts—employ extra layers of protection
• Use a strong and unique username and password
• Employ two-factor authentication (2FA), also known as Multi Factor Authorization (MFA), for all financial accounts and sites that store your financial information (credit cards, bank accounts, etc.). A 2FA is the addition of a second step (e.g., an extra, one-time password) to the log-in process; the feature is generally available, but must be enabled.
• Leverage alerts on all financial accounts to warn you of suspicious activity.
• Leverage voice biometrics to verify your voice on a call.
• Freeze your credit—this will make it more difficult for thieves to open new accounts in your name. You don’t have to wait for your Social Security number or other information to be exposed in a data breach — or misused by an identity thief — to benefit from a credit freeze. Anyone can use a freeze to protect themselves against identity theft. While a freeze is in place, nobody can open a new credit account in your name. A freeze is free to place and lift, and it doesn’t affect your credit score.
• There are three major credit agencies you have to go to freeze your credit: TransUnion (https://www.transunion.com/credit-freeze/); Experian (https://www.experian.com/help/credit-freeze/); and Equifax (Security Freeze | Freeze or Unfreeze Your Credit | Equifax®)
Strategy 2: Protect your email account(s)
• Use a strong and unique password
• Employ 2FA
• Don’t keep sensitive data (like account numbers) in your email folders
Strategy 3: Protect your mobile account
• Use a strong and unique password
• Employ 2FA for online accounts whenever possible
• To set up 2FA on Apple productsgo to:https://support.apple.com/en-us/HT204915
• To set up 2FA on Samsung devices go to: https://account.samsung.com/membership/guide/2step/gate
Strategy 4: Protect your computer
• Keep operating system up to date (auto-update is recommended)
• Use antivirus software and keep it up to date
• Be very cautious when clicking on email attachments or links
• If possible, use a dedicated device for financial transactions
• Be wary of Wi-Fi networks: All browsing that involves sensitive information should be on
a network you trust
• Don’t save passwords or credit card numbers in your web browser
Your digital footprint—understand and protect it
Don’t let the bad guys keep you from doing what you want to do. It’s fine to use social media for communicating with friends and for professional networking. But take advantage of security settings, be selective about what information you share, and be aware of what’s out there on public sites—and how it may be used by bad actors.
- Limit disclosure. Don’t share unnecessary personal details on social media.
- Enable security features. Find the security settings (like two-factor authentication) on social media sites, and use them to protect your accounts.
- Leverage privacy settings. Use them to distinguish between accounts and posts you want to be public and ones you want to be private.
- Don’t share information as it happens. Example: “We are boarding our flight to Europe!”
If you believe your identity has been stolen, go immediately to: http://www.identitytheft.gov.
Hopefully these steps will help you avoid the bad actors out there… and there are, unfortunately, many.
