by Charlie J. Zambri, Chief Operating Officer & Chief Compliance Officer
by The digital age we currently live in offers us much convenience. We can transfer money, order groceries, and stay in touch with friends in as little as a few clicks. However, this convenience does not come without risk. As the technology we use in our everyday lives has become more sophisticated, so too have cyber-criminals, who now use a wide array of methods to pursue financial victims. Unfortunately, the COVID-19 global pandemic has led to an increase in cyber-crime as criminals look to capitalize on the increased time people are spending online during social-distancing.
You may be familiar with the terms Phishing, Spoofing and Malware, but perhaps less familiar with what they entail. These are some of the most common cyber-crime methods deployed today. Below, we attempt to explain what these cyber-attacks look like and what you can do to defend against them.
Phishing
What is it?
Cyber-criminals pretend to be a trustworthy source in order to acquire sensitive personal information such as usernames, passwords, social security numbers and credit card details.
What does it look like?
An email from a seemingly legitimate email address instructs you to click on a link to take action (e.g., “validate your account”, “confirm your identity”, “access your tax refund”). The link brings you to a website requiring you to enter your personal information. Phishing can also take the form of a phone call from a seemingly legitimate caller who asks you to confirm personal information.
How does it happen?
Because the cyber-criminal masquerades as a legitimate source (e.g., financial institutional employee, realtor, banker), you believe the request is from a trusted source, and you unwittingly oblige when they ask you for your personal information.
What’s the impact?
Victims of phishing may have malware installed on their computer systems or have their identity stolen.
How can you defend against it?
- Hover your mouse curser over questionable links to reveal the true destination before clicking. If the address looks legitimate, manually type it in your web browser’s address bar instead of clicking the link.
- Be aware that secure websites start with https, not http.
- Be wary of urgent-sounding, legitimate-looking emails or phone calls asking you to disclose personal information. To be safe, it is best to check with your team at BFM before providing any information over the internet or phone.
Spoofing
What is it?
A fake email header that gives the impression the email is from someone or somewhere other than the actual source, with the goal of tricking the recipient into opening and responding to the email. Phone spoofing is a comparable common cyber-threat using a similar phone number.
What does it look like?
Your advisor receives an email from a cyber-criminal who impersonates you and confirms a fraudulent wire transfer request.
How does it happen?
The cyber-criminal creates an email address nearly identical to your email address (i.e., off by a character).
What’s the impact?
Like the other cyber-attacks, your money is stolen, and you become the victim of fraud and/or identity theft.
How can you defend against it?
- Carefully check the incoming emails for the proper email address and the accuracy of the spelling of the sender’s name.
- Verbally verify all money movement requests with your advisor.
- If an email or phone call is questionable, contact the sender/caller directly, using the email address or phone number you have on file for that individual.
- Never share sensitive information or conduct business via unsecured email.
Malware
How does it work?
Malicious software is created to damage or disable computers and computer systems, steal data or gain unauthorized access.
How does it happen?
You receive an email containing a link or attachments, which you click on or open. This action downloads the malware to your computer.
What’s the impact?
Malware can delete files or directory information, or it may allow attackers to covertly gather personal data, including financial information and usernames and passwords.
How can you defend against it?
- Install the most up-to-date antivirus and anti-spyware software on your devices.
- Do not click on links or attachments from unknown sources. For links, enter the web address in your browser.
Email Account Takeover
What is it?
A cyber-criminal hacks an email account and reads emails to learn about the victim and their habits so they can pose as the victim to steal money.
What does it look like?
Your email is hacked, and posing as you, the cyber-criminal emails your advisor instructions to forward funds to an account.
How does it happen?
Cyber-criminals find vulnerabilities to gain access to log-in credentials, or to the email account directly.
What’s the impact?
Because the cyber-criminal has access to your email and can impersonate you, the recipient of the cyber-criminal’s email believes the correspondence comes from you. The cyber-criminal may provide institutions within the email to transfer funds to a fraudulent account. Without proper verification, the money could be transferred and stolen.
How can you defend against it?
- Use phone call verification, secret passwords, and video chats to help verify the identity of people with whom you correspond.
- Create a unique, complex password for each website you access and change it every six months. Use the dual authentication whenever possible.
What is BFM doing to keep you safe?
At BFM, we have policies and procedures in place that help prevent us from falling prey to the above cyber-threats. For example, it is our policy to verbally verify all money movement requests received from clients via email. Additionally, our employees are continuously educated and tested on the latest cyber-threats. We also partner with an Information Technology provider who specializes in working with SEC registered investment advisors. They help us ensure your personal information is kept safe through a variety of tools, including a highly secure firewall to protect against viruses and malware, continuous patch management and deployment to ensure our software is up to date with the latest security settings, penetration testing to ensure there are no unknown vulnerabilities within our network, and the use of dual-authentication on our applications to verify the identity of our employees.
The safety and security of our clients will continue to be a top priority for BFM. While we do not expect cyber-threats to abate anytime soon, we do believe that through our collective vigilance we can mitigate these risks and keep each other safe. As always, feel free to reach out to your team at BFM with any questions.
This publication is for informational purposes only and should not be considered investment, legal, tax or accounting advice. The opinions expressed in this article are as of the date issued and subject to change at any time.