Cybercrime continues to rise and spread. The FBI’s 2022 annual report shows that Americans lost $10.2 billion in 2022 to scammers and cybercriminals through attacks such as ransomware, business email compromise and cryptocurrency theft, up 48% from $6.9 billion in 2021.
Although hacking is still a concern—even NATO’s data was recently hacked!—it’s important to make sure you’re aware of the threat of “social engineering.” That’s where a real human makes contact via phone, email, Facebook or any of the other myriad means of communication that have proliferated in our daily lives. In short, the goal is to persuade you into making a transfer of funds that can’t be reversed or recovered.
At present, you’re largely reliant on your financial institutions and other service providers, such as cellphone and internet companies, to protect you from hacking. And the good news is that they’ve gotten a lot better at doing that. It’s also great that most people practice good security measures, such as two-factor authentication and complex passwords.
But, sadly, precisely because it is now more difficult for criminals to get access to your money through a “back-door” data-security breach, they are finding new ways to access your accounts. The chances are now far greater that you will be targeted by a cyber baddie who has gleaned personal information about you in order to engender a compelling sense of urgency. That way, they can try to get you to hand over cash in a “legitimate” transaction.
It’s absolutely critical that you’re aware of the risks, and to stop and think before you authorize any access to your accounts, or transfer of funds. Urgency is one of the best tools of a scammer. Being pensive is one of your best defenses against them.
Plenty of phishes in the cyber sea
The most likely encounter you’ll have with an attempt to steal your money this way is via phishing. This is a way of posing as a trusted entity in order to convince you to give up privileged data, including login credentials and credit card numbers. Although these were mostly attempted via email for a while, we’re seeing a resurgence in more “traditional” forms of attempted scams, such as phone calls or instant messaging.
In this form of “social engineering,” criminals exploit easily available technology that allows them to pose as someone trustworthy. The “spoofed” number on your Caller ID says, “Bank of America” or “IRS” and the voice on the other end says they need you to transfer funds, or complete some personal information in order to fix a problem with your account. Or they register an email address that at a quick glance (especially without spectacles) seems to be from someone you know—“[email protected]” say, instead of “[email protected],” for example.
Another common danger is the ease of hacking Facebook accounts. Be wary of a message from a Facebook friend who suddenly seems to be in trouble and in need of money. They may have had their account stolen.
A sure sign that something is fishy is when there’s a sense of urgency. Criminals like to get you on the back foot, alleging your account’s security has been compromised, or that the IRS is about to arrest you for back taxes. If someone approaches you, rather than the other way around, you should always, always doubt their authenticity. End the conversation immediately and communicate with the entity—your bank or internet service provider, or whomever—via trusted channels.
One of the most under-handed ways cybercriminals get to people is by posing as a “service” that offers to get your money back from scammers. If you have been scammed, don’t give in to being too embarrassed to say anything about it. That’s absolutely the worst thing you can do. It’s essential to get your accounts secured right away, so more money doesn’t go into the criminals’ pockets.
At all times, be sure you know who you’re talking to on the internet or phone, and assume whoever you’re talking to could be lying about who they are, even if they seem to have proprietary information or know a lot about you personally.
Be warned, however, some cybercriminals have set up websites to show a fake number when you Google “Charles Schwab” or any number of other high-profile entities. You could inadvertently be calling a scammer! Check the number via a reliable source, such as your statements.
Similarly, do not open any links in texts or emails from unknown numbers or addresses. A popular scam requests further information for a package that can’t be delivered. The link will take you to a fake site where you enter personal information, or it will download malware onto your computer. When in doubt, go to the delivery carrier’s website or use the retailer’s online tracking tools.
Don’t forget basic cybersecurity
Hacking is still a risk, so you should proactively install anti-malware cybersecurity software on all your devices, and set reminders so you don’t let it expire at the end of the year. In order to avoid downloading malware purporting to be anti-malware, use a trusted source, such as https://www.cnet.com/tech/services-and-software/best-antivirus/
Ensure all apps and operating systems are fully updated. Software providers constantly update security features, and they work. Where possible, choose the auto-update option, so you don’t have to remember to do it. Additionally, make sure all devices on your network, such as wireless printers or routers, are also updated with the latest software (“firmware”). It’s also critical to use only secure passwords, and to avoid duplicating them, or even the form they take, across accounts. Don’t use easily accessed terms such as your date of birth or dog’s name. Password generators can help, but they’re not completely un-hackable. The best approach is to change passwords regularly. Again, set a reminder.
Ever wonder why an increasing number of websites start with an “https://” rather than simply “http://”? That extra “s” means the site is secured, with protocols that help prevent intruders from tampering with the communications between the website and your browser. Always try to use these web addresses.
For financial statements, online is safer than paper
It may seem counter-intuitive, but paper statements present a higher security risk, because someone could go through your trash and ascertain your account number, address and other information that could give them access to your account. At heart, the fewer things you have coming through the mail, the better. If you haven’t already, make sure you switch to electronic statements for all your financial accounts where possible. And never put whole statements in the trash. If you must throw out sensitive documents, use a shredder first—they’re very affordable and easy to use.
Spread the word among loved ones
Many of us have cause to worry about friends and family members who are not super tech- savvy, especially the elderly. It can be tricky to address this when there’s a fear on the other
side of losing autonomy. But that shouldn’t stop you from establishing a good line of communication with those you care about, to make sure they know their cybersecurity is important to you. You might even want to suggest that someone they trust monitors their accounts for suspicious activity.
We also advise that you keep a sharp lookout for romance scams, which are incredibly prevalent and pervasive. Widowed and divorced people can be especially vulnerable to these schemes, and the perpetrators can spend months or even years reeling in a target.
While scammers often impersonate a trusted source, they are also highly practiced at impersonating a whole host of other things: a match on a dating site, or someone responding when you’ve posted something for sale online. (A common response is that a scammer will say they are “out of town but really want to buy it.”) If you know or suspect your data security has been breached in any way, we recommend you take the following steps as soon as possible:
- Change your passwords and alert anyone you think the hacker might contact to impersonate you; and
- Scan your devices for viruses and malware, or contact a service provider to do so.
We also urge you to contact us at Bridgewater as we have protocols to immediately alert your financial institutions to flag any suspicious activity. Remember that cybercriminals work to create an atmosphere of urgency. Being aware of the ways they do that can go a long way towards safeguarding your personal information.
Benjamin W. Bernard, Leo V. Marzen and the rest of your Bridgewater Team