Cyber criminals will take advantage of any situation, and the coronavirus crisis is no exception. Since the pandemic and related quarantining began, the FBI says it has seen a spike in cybercrimes reported to its Internet Crime Complaint Center, with scammers leveraging the COVID-19 pandemic to steal money.
If you have online investment and banking accounts (like most Americans), you should always be diligent about your online financial
security. But during times of stress, you can be especially susceptible to internet and security missteps.
There are two primary techniques criminals use to target our vulnerabilities: phishing and malware. In phishing schemes, you are
tricked into giving up your personal information. Malware is malicious code that installs on your computer when you click on a fraudulent email or website. Both can result in bad guys getting your personal information and stealing from you.
Don’t think it can’t happen to you. At FourThought Private Wealth, our managing partner Scott Pinkerton was recently compromised in a phishing scheme. He received an email from Apple noting that his subscription to iHeart radio was being renewed. It instructed that if he didn’t recognize or authorize the renewal, he should go to his Apple account and dispute the charge. There was a clickable link to go directly to his Apple account and sign in.
The problem was that none of it was from Apple. The “fake” Apple asked him to double check the credit card he had on file by entering his card number and random other numbers, which unfortunately he did. He received no verification. Starting to get suspicious, he went directly to Apple and discovered that he never had a subscription to iHeart. He then called Apple’s security and they confirmed that he was victimized. He immediately changed all his passwords, cancelled his credit card, and froze his credit reports.
Scott has always been cautious with his online information, even writing about online security and talking frequently with clients about stolen identity issues. Yet, he was still victimized. According to him, “I had a stressful day at work and was in a hurry. I was mad that someone had somehow penetrated my passwords to sign up for iHeart radio. It was like the bad guy had on a police uniform.”
The fraudsters are getting more sophisticated.
While no one is immune from being targeted, here are 12 steps you can take to improve your online financial security during the pandemic and in the future—as this problem shows no signs of going away.
Passwords for Wi-Fi, personal email accounts and websites should be unique and tough to crack. Start with a special phrase that is at least 12 characters. Incorporate upper and lowercase letters, numbers, and special characters. Avoid using personal information such as names of loved ones, pets, and birthdates, as this information is easily accessible on social media as well as online white pages etc. Your address, political affiliation, date of birth and close family members are just a few keystrokes away.
One technique that can help you remember a password is to use a phrase and substitute numbers for letters, like “TheWorldisAnOyster4us!” There are also several good password managers you can install on your phone or computer to generate completely random passwords for multiple websites and keep track of them: you just have to remember one master password.
Install the latest updates for all your electronic devices, programs, and apps when you are prompted to do so. These typically include improved security measures. Where possible, opt for automatic updates.
It may look like a message from your bank, friend, or a colleague, but a misspelled or incorrect email address often indicates a fake..
Be especially suspicious of links you are asked to click in emails. Most companies know not to send them, but some still might. The general rule of thumb should be to hover first. Place your cursor over the link to read the URL. An unrecognizable site is a big red flag, so don’t click it. To ensure even greater safety, never click on a link, just go to the company’s website through either a Google search or a link that you keep and go into the website to ensure that you are not entering a site that can download malware or attempt to phish for information you may enter.
Urgent, fearful messages requiring immediate action and a deadline are typically fake, even if they look like they are coming from a friend or someone you know. If you think the email might be legitimate or you are genuinely concerned, contact your friend or family member by phone to verify.
Also, keep in mind that no government agency will ever contact you via phone or email and ask for personal information such as social security numbers, banking information or dates of birth. No police departments or hospitals will contact you for payment via phone for emergencies involving your loved ones. If you receive a call or email like this, hang up and Google the phone number for that entity and call to verify.
You can block callers from your cell phone and block access to certain websites. Contact your cell phone carrier to see if they have “spam alert” software available. Many companies such as Verizon and AT&T offer this as part of their subscription plans, while others offer it as an add-on service. Your internet provider can tell you how to block certain websites and you can also block emails or send them straight to a spam folder.
As a consumer you are entitled to a copy of your credit report. Requesting it will not have an adverse effect on your credit score. Many credit cards now offer FICA scores and credit reports free of charge, so you can monitor accounts that are opened in your name and social security number. These reports are updated either weekly or monthly.
You can ask to have your credit frozen at any time. This will add an extra layer of protection if you believe you have been compromised or hacked. In order for you or anyone else to open a credit account or run a credit report, you will need to contact the credit bureaus to give permission..
When you are on vacation or out to dinner, do not post statuses indicating where you are; wait until you have returned home to post photos or comments. Would-be thieves monitor social media and if they know you are gone, they may take advantage of your absence to enter your home.
Bitcoin is almost impossible for law enforcement to trace, so use it only in transactions with people you know and trust. No legitimate person or organization will ask for payment in gift cards. When using money transfer apps like Venmo, like Bitcoin use them only with people you know. Many times people will send deposits for vacation rentals via Zelle or Venmo, only to find out weeks or months later that the property does not exist and the companies are not willing or able to reimburse the money, which had already been laundered.
Be sure to check you bank and investment statements often. A popular form of fraud is for the online criminal to withdraw small, unnoticeable increments from investment and bank accounts, then after a few months make larger withdrawals; by then, no red flags are raised by the financial institution’s security protocol. Withdrawals from retirement accounts are becoming much more common. Consider consolidating your accounts to make it easier to keep an eye on all transactions.
Know what your children and grandchildren are doing online. Check their social media accounts and teach them what to post and not post. Scammers can go to family members’ accounts to gain information about you, making it easier to impersonate you online. Teach children not to post things like their grandmother’s maiden name, old street addresses, years of birth or past places parents may have been employed. Much of this information can be used to authenticate a person and open credit in their names. Also consider checking your children’s credit scores to make sure no one has opened accounts under their social security numbers.
Be open with your children regarding the dangers of sharing too much and set ground rules. Teach them not to click on links that can install malware on your home network. Make sure they check the URL. Government websites will end in .gov and emails from their schools should end in .edu or .org. Start teaching kids early to be safe online.