Protect Your Assets from Identity Thieves
Identity thieves and cybercriminals are relentless in their pursuit of personal information, and in some cases, financial assets. Last year alone, U.S. consumers lost $16 billion to criminals.* Through education and good cybersecurity practices, you can significantly reduce the risk of becoming a victim of fraud and cybercrime.
During the holiday season, cybercrime activity triples. Fake package delivery emails, retailer notifications, and e-cards are just a few tactics that criminals employ. Here are some other things to be aware of to keep your personal information safe.
Don’t Get Hooked by Phishing. Don’t carelessly open attachments or click on hyperlinks in emails. Viruses, ransomware, and password theft could be one wrong click away.
Passwords are the Key to Your Information and Assets. Always protect your financial account, email, computer, and social media passwords. Don’t share or provide a password over the phone or through a link you receive in an email. No financial services or IT professional will ever have a legitimate reason to ask for your password.
Be Mindful of Social Engineering Attempts. Cybercriminals rely on fear, hope, and trust. Phone calls and emails with a sense of urgency, legal threats, or incredible offers are a few tactics used to get your personal information or money. Don’t trust unsolicited phone calls or emails asking for payment or personal information.
Public Wi-Fi Is a Hunting Ground for Cybercriminals. You might think you are connecting to a legitimate and safe public Wi-Fi network. Criminals can easily spoof these networks and intercept your information. Your passwords, emails, and personal information are all at risk. If you must connect to public Wi-Fi through your phone or computer, consider using a virtual private network (VPN) service.
*Source: Javelin Strategy & Research 2018 Identity Fraud Study
Cybercriminals Study Online Behavior to Target Unsuspecting Victims
Social engineering takes many forms. Anyone who spends time online, communicates via email, or answers their phone may be targeted through social engineering and fall victim to cybercriminals.
Protect yourself by understanding more about social engineering and how it may be used against you. Knowing what to look for and what to do if it happens can help you reduce the chances of having someone steal your personal or employer data, cash and assets from your financial accounts, and more.
Playing on hopes or fears, criminals will use email to cast a wide net to gather personal data from unsuspecting targets. This is known as phishing. In contrast, spear-phishing happens when a specific user’s personal details are used to target them directly.
Appealing to Your Hopes
Look for new messages:
- “Your digital payment account summary”
- “You have a new friend request”
- “An eCard for you”
- “Accept your payment from Sally B.”
Appealing to Your Fears
Look for new messages:
- “Your account has been suspended”
- “Package undeliverable”
- “Unpaid Invoice”
- “A warrant for your arrest”
Phishing creates vulnerable entry points where the criminals trick victims into providing personal information or allowing access to their computer.
Look for inquiries asking for personal data, like your anniversary, the name of your favorite pet, or your children’s birthdays. These inquiries may look friendly (e.g., “Let us help you celebrate!”), while in reality, the criminal may already have some information on you and wants to know more to narrow down account access information.
These inquiries may come via email in phishing, or via phone calls, known as vishing.
Never provide sensitive information via email or to someone who calls you directly, including:
- Usernames and passwords
- Social Security or tax ID numbers
- Bank or financial account information
- Credit card information
Phishing emails from cybercriminals purposefully look like emails from companies or individuals you regularly interact with. They can take many forms, including that of a missed delivery attempt message from an online retailer where you shop, or from a delivery service such as the U.S. Postal Service. Cybercriminals often use subtle tactics to make their emails appear to come from a trusted source when, in reality, they are not. Examples include using a “1” instead of a lower case “l” in the return email address or adding a word in the email address or return links.
A Safe Perspective
Do not download a document or attachment or click a link in an email if you do know and trust the sender.
Criminals entice users to download a malicious file disguised as a legitimate, harmless attachment, like invoices, receipts, or other documents.
Users are enticed to click on hyperlinks, taking them to a site where malware is downloaded, or the victim may be asked to provide sensitive information via an online form.
Common Themes and Tactics of Social Engineering
- A bank or credit card company reporting fraud activity and asking for passwords and other personal account details
- Government agencies threatening to take action if you do not pay a tax levy, fine, or other fee
- Computer help desk offering to solve performance issues if you grant them access to your computer
- Posing as friends or relatives asking you to help them with money and keep it secret from other family members
Common Malware Types
- Ransomware: Intended to encrypt a user’s data and hold it for ransom
- Viruses: Intended to harm a computer system or give the hacker control of the computer
- Key loggers: Intended to record keystrokes in an effort to capture passwords
- Spyware: Intended to spy on victims
Take action if you are a victim of identity theft.
U.S. victims lost $19.4 billion in 2018.
**According to 2018 Symantec Internet Security Threat Report
Important Steps: Take Action If You are a Victim of Identity Theft
You should also contact any other financial institutions where you have accounts that may be impacted by the loss of your personal financial information. These may include banks, credit card companies, or insurance companies.
Immediately change the password for all accounts associated with potentially compromised personal financial information. Always remember to use strong passwords that are not easy to guess, consisting of at least eight characters, including symbols, numbers, and both capital and lowercase letters.
If you notice any unauthorized access into your investment or financial accounts, you may want to ask your firm to close the account and move the assets to a new account. You should consult your investment firm/bank about the best way to handle closing an account, if you choose to do so.
Look out for any changes to your account information that you do not recognize (e.g., a change to your address, phone number, email address, account number, or external banking information). You should also confirm that you authorized all of the transactions that appear in your account statements and trade confirmations. If you find any suspicious activity, immediately report it to your financial institution.
Placing an initial fraud alert in your credit file provides notice to potential creditors (e.g., banks and credit card companies) that you may have been a victim of fraud or identity theft. It will help reduce the risk that an identity thief can use your personal financial information to open new accounts. Contact any of the three credit bureaus listed below and ask them to add an initial fraud alert to your credit file.
Protect Against Social Engineering
- Be aware of any form of unsolicited contact and don’t be coerced by fear, hope, or urgency.
- Don’t give personal information or make a payment to anyone who calls you.
- Be careful of what you post about your family information, locations, travel plans, etc. on social media and neighborhood message boards.
- Don’t trust an unusual sense of urgency. Tactics such as: “Account Locked,” “Package Was Undeliverable,” or “Security Alert, Fraudulent Activity” should be a tip-off.
Protect Against Phishing Emails
- Double-check the email address to verify that the message is from a legitimate sender. Think about whether this is an email they would typically send you.
- Check to see if the grammar and language fit the supposed sender.
- Do not click on any link unless you are certain it is legitimate. Hyperlinks can be spoofed. Hover your mouse over a hyperlink to see where the link actually takes you.
- Never open an attachment from an unknown source.
Protect Against Vishing
- Never give your personal information to unsolicited callers no matter how much they insist.
- When in doubt, call them back at the phone number on your account statement—not at a number provided by the caller.
- Be aware that computerized voices leaving messages regarding legal action against you are never real.
- Do not let callers take control of your computer to “fix” a problem.
- Don’t trust your caller ID—it can be spoofed.