The rapid advancement of internet technologies over the past two decades has enabled us to do everything from banking and shopping, to collaborating and socializing online.
Unfortunately, the added convenience of a truly digital world means that cases of identity theft and other forms of cybercrime have risen dramatically, even as businesses and IT experts work feverishly to protect potential victims.
A recent development was brought to our attention that clearly illustrates the challenges faced by firms, particularly those in the financial services industry, of securing data. A client received a written notice from his bank indicating that they would no longer accept phone calls from their customers without an additional security measure to confirm their identity. It really isn't surprising when you consider that telephone fraud increased by 30% in the past year alone.
While these additional measures are necessary in today's environment, it is still an extraordinary measure for the bank to take. Requiring an additional step means they can no longer rely on verbal information (such as a list of security questions) alone to confirm a client's identity by phone. There is also the possibility that a would-be criminal has contacted them from a cloned or stolen phone, making that former failsafe an unreliable backup.
At RAA, we are fortunate to know our clients well, so we don't need to go to the same extent as a bank when you call us. However, we do have measures in place to protect your assets and personal information at all times. For example, we do not accept third-party (an account not in your name) distribution requests verbally or by email. Rather, we require the client’s signature on a form after we have verified, via a phone call, that they are making the request.
We have put these protections in place because unauthorized third-party wires are one of the biggest security threats to advisors and their clients. Added security is more important than simple convenience.
How Most Identity Theft Happens
The vast majority of scams happen through email, with a 75% increase in reported cases last year. Phishing is a technique in which thieves send emails claiming to be from trusted sources in order to gain access to low security accounts. The information is then used to inflict significant damage through other accounts and contacts.
RAA has seen this attempted first-hand. We received an email from someone posing as a client and requesting that a large sum of money be sent to a different account, purportedly because he was out of the country and had lost his wallet. The email prompted a phone call to the client where we learned that a cybercriminal had gained access to the client's email account and was using it in an attempt to steal money.
Unfortunately, these crimes are increasingly common. We want to help you understand the risks and suggest steps you can take to prevent this type of fraud from happening.
Be Aware of Potential Threats
Most of us don't think like cybercriminals, so we are not aware of the ways in which our actions enable them to steal important personal and financial information. As we have discussed, phishing is one of the most common email scams, and it is used worldwide to compromise data.
Once thieves have gained access to your email account, they can use the information to build a profile of you that includes details such as the names of your spouse and children, your hobbies, and the names of your pets. These often lead to passwords you've set or answers to security questions that are common on most websites you use.
In addition to email hacking, there are a variety of other techniques used to access your data.
- Malvertising: Malvertising occurs when malware code is inserted into otherwise legitimate online advertisements. When you click on a link, the malware is downloaded to your computer and can be used for everything from data exploitation to browser hijacking.
- Mobile Trojans: A mobile trojan is another way that your information can be both accessed and shared via your smartphone. It is usually activated when you download something to your phone, from what appears to be a trusted source, but is actually a system virus. When you consider that most banks and retail sites have mobile apps, it quickly becomes apparent how much damage a mobile trojan or piece of spyware can do.
- Ransomware: Ransomware is an emerging threat for anyone who regularly uses a computer. It is malicious software code designed to "capture" a computer and hold the files ransom until a specified sum of money has been paid. Just recently, a piece of ransomware dubbed WannaCry hit over 300,000 users across the globe, demanding payment of $300 from each entity in order to be released.
- Tax Fraud: One of the fastest-growing cyberscams is tax fraud, which has seen a year-over-year increase of more than 6,000%. In the year 2016 alone, an estimated $5.8 billion was lost due to fraudulent tax returns tied to identity and smartphone theft. Securing your tax returns and the information contained within is vital for your protection against theft.
The sophisticated methods used by criminals may make the idea of preventing identity theft seem overwhelming, but there are easy, common sense ways to protect yourself and your loved ones.
Protect Your Identity
- Do not give out your Social Security number, driver's license number, or other identifying information easily.
- Check your credit report at least once a year to monitor for any suspicious or unauthorized activity. Visit www.annualcreditreport.com for once-a-year free access to your credit reports at Experian, TransUnion, and Equifax.
- If you believe your accounts may have been compromised, you can request that the three major credit bureaus freeze your credit report so that no new credit accounts can be opened in your name.
Use Email Wisely
- RAA takes your security seriously. We will never request personal information through email and will password protect any documents sent via email that may contain any personal information. The same is true for all financial institutions with whom you do business. Never respond to an email asking for this type of information.
- AOL and Yahoo are common targets for email scams because of their large databases of users. Consider using an alternative email provider with a solid record on cybersecurity.
- Activate your email provider's spam filter. These typically do a very good job of identifying potentially harmful emails before they reach your inbox.
- If you receive an email containing embedded links, even from a trusted source, hover the mouse over the link to see where it's going before you click. If you notice anything suspicious, contact the business or person who sent you the link to verify its authenticity.
Leverage Technology to Protect Your Information
- Make sure you install recommended software updates to any computer you use as these are often security-related and respond to new vulnerabilities.
- Purchase a quality antivirus software product to protect your computer. This also applies to Mac and iPad users. Despite the common perception, Apple products are not immune to viruses or other cyberattacks.
- Use multi-factor authentication, a method that requires at least two independent types of identification, for your email and financial accounts. An example would be using both a password and code texted to your smartphone to access an account or website.
- Use a modern, updated internet browser on your desktop computer. If you are one of the millions of people currently using Internet Explorer (IE), consider an immediate upgrade to Microsoft Edge, Chrome, Firefox, or Safari. There are extensive lists of vulnerabilities specific to IE, and the problems are magnified for users of older versions.
Strong Passwords are Your First Line of Defense
- Create strong passwords with a combination of uppercase and lowercase letters, numbers, and at least one special character (such as an exclamation point or percent sign) that are not easy to guess or duplicate. Password management software such as Dashlane or LastPass can make the work of creating and accessing complex passwords easier.
- Password protect your home's network router and be sure to change the password from the manufacturer's default.
- As tempting as the convenience may be, don't connect to public Wi-Fi such as in a library or a local Starbucks. These public connections make it easier for potential thieves to gain access to your confidential information.
At RAA, we understand the very real challenges presented by identity theft. If you would like to learn more about ways you can keep your financial and personal information safe, or if you have any other questions related to your financial plan, please request a call with a certified advisor.
Disclaimer: This blog is intended for informational purposes only and should not be construed as individual investment advice. Actual recommendations are provided by RAA following consultation and are custom-tailored to each investor’s unique needs and circumstances. The information contained herein is from sources believed to be accurate and reliable. However, RAA accepts no legal responsibility for any errors or omissions. Investments in stocks, bonds, and mutual funds may increase or decrease in value. Past performance is no guarantee of future results. Any of the charts and graphs included in this blog are not recommendations for the purchase and sale of any security.