When we think of cyber-security, it is easy to assume that if our technology providers do their jobs well, we are protected. But today, no matter the skill and competence of our tech providers, and no matter the effectiveness of our passwords and the systems we use to secure them, the threat to our security remains.
Surprising to many, when this threat compromises our security, the cause is most often people behavior rather than IT system inadequacy. The reason for this—as the stories of Cindy and Philip will attest—is the increasing sophistication and ability of fraudsters to deceive us. This growing problem means we need to embrace a new level of vigilance in the interest of our own protection.
What three easy steps may help you stay protected?
- Do not open email attachments without first verifying the sender. If you feel any doubt, contact the sender prior to opening the document.
- Do not click on a link provided in an email without first verifying the sender. Again, if you feel any doubt, contact the sender prior to clicking on the link.
- Store your usernames and passwords in a secure, encrypted password manager, such as KeePass. And remember, do not email documents with your Social Security number or with account numbers printed on them. Instead, forward such information using a secure portal or after encrypting the documents first.
In reviewing her email one afternoon, she noticed a “Welcome” email from Bank of America. She assumed it was a fraudulent attempt to get her to open a document or click a link—thus exposing herself to hacking—so she hit “delete,” and kept reading her other mail.
The next day she noticed a couple of similar emails, again from Bank of America, but this time they showed a small deposit in her “new” account. Fortunately, this deposit prompted Cindy to act before it was too late. She contacted her local Bank of America branch and reported that she had not established a new account and had not authorized any of her money to be deposited.
The Bank of America branch worked with her actual bank to shut down this fraudulent account and stop the movement of additional funds into this faux account—thus preserving Cindy’s substantial savings from theft.
Philip happened to be talking with his financial advisor late one afternoon and mentioned that Schwab had emailed him indicating that he needed to update his password to his Schwab account, for security reasons. Philip mentioned to his advisor that he would take care of this the next day.
Upon closing the call, his advisor immediately contacted Schwab, thinking that it did not make sense for an email such as this to be sent. Typically, if passwords need to be updated, financial institutions do not send out emails. Rather, such a need is communicated when one is logging on. Indeed, no such email was nor would be sent from Schwab.
A call was immediately placed to Philip instructing him to delete the email and not to respond in any way. Had Philip clicked on the link and followed the instructions that gave every appearance of being from a reliable source, he would have inadvertently exposed all his investment accounts to cyber-fraud and theft.
At Entrust Financial we work with our team and our clients to reinforce effective cyber-security practices. This endeavor is ongoing. We welcome your call whenever you even have a concern, or to start a conversation about the cyber-safeguards you have in place for your protection. Contact us today: firstname.lastname@example.org or 610-687-3515.