Protecting Yourself from Fraud Online
The omnipresence of digital technology can be a double-edged sword. On one hand, it’s become more convenient and easier to shop, pay bills, communicate, and learn about the world around us. On the other hand, because so much of our personal lives are stored digitally, a single hacker can steal your personal information and use it to do any number of untoward things.
Unfortunately, the rate of cybercrimes is increasing:
- The Identity Theft Research Center (ITRC) reported a 68% increase in data compromises from 2020 to 2021;
- According to the Aite-Novarica Group, 47% of Americans experienced financial identity theft in 2020; and
- A Clark School study at the University of Maryland found that hacker attacks of computers with internet access occur once every 39 seconds on average.
However, there is a silver lining to all this. It turns out that 95% of cybersecurity breaches are due to human error, which means that there are steps you can take to protect yourself & dramatically increase the likelihood that your data and identity will remain safe.
Don’t Send Sensitive Information Via Email
A big threat we see in the personal finance and financial planning world is people sending sensitive information through email. Although your email account is password protected, that does not mean that your email communications are secure.
Now that most email providers will auto-fill the addresses that you want to send emails to, there’s always a chance you’ll accidentally send your email to the wrong person. Everyone’s familiar with the “horror stories” of someone hitting “Reply All” on a personal email, or cc’ing someone they didn’t mean to include, leading to very unfortunate consequences. Even if you did send it to the right person, there’s nothing stopping them from forwarding it on to anyone they choose. Furthermore, even if the email is only sent to your intended recipient, that doesn’t mean no one else will read it. Emails bounce from server to server along the internet from source to destination, meaning that there are any number of malicious actors who would have the opportunity to intercept your communication and use the information it contains for their own nefarious ends.
How should you send information securely using the internet? If you’re a client sending information to HCM, you can use your HCM Vault, request a secure Sharefile link, or call/fax your information to us. For secure communications more generally, you’ll want to use end-to-end encryption. A number of secure messaging apps exist to provide this, such as Signal, Telegram, or WhatsApp. Another popular tactic is to use a file storage service such as Google Drive, Microsoft OneDrive, or Dropbox to upload files and only grant access to the people you want to see your information, with the added benefit that you can revoke permission should you choose to in the future.
Use Secure Passwords
As mentioned above, a Clark School study at the University of Maryland found that hackers attack computers with Internet access every 39 seconds on average, affecting one in three Americans every year. Of the online users who were victims of security breaches, 30% were due to weak passwords.
There are several actions you can take to increase password strength. First off, there are several items you should never use in your login credentials or passwords – Social Security number, birthday, children’s names, address – anything someone can look up about you. You should use a unique password with characters, numbers, and symbols for every account you have. This keeps your information secure by ensuring that, if a hacker were to access your login credentials on one website, they can’t go on to access every other online account you have.
Because we all have a lot of accounts these days, and it is very hard to remember just one secure password, password managing software exists to manage your credentials. With a password manager, you create an account with a secure password to log in, then it can create and remember secure passwords for all of your other online accounts. This means you only need to remember the one password to the managing software. Another vital step is to enable multi-factor authentication whenever possible. This way, even if someone were to hack your login credentials for a website, they would also need access to your phone (or whatever device your second authentication factor is), substantially reducing a hacker’s ability to access your accounts even if they’ve compromised your credentials.
Beware of Phishing Attacks
Phishing is the practice of an attacker attempting to acquire sensitive data by masquerading as a legitimate business or reputable person. Phishing attacks have been on the rise since 2020, with “around 25% of all data breaches involving phishing and 85% of data breaches involving a human element.” Phishing attacks usually take the form of an email from IT, HR, or social media asking you to verify login credentials or provide other personal information. As such, there are a number of best practices you can take to reduce the odds of succumbing to a phishing attack:
Avoid clicking on links to websites you don’t trust. A good way to check this is to hover over a link before clicking on it; if the link isn’t pointing to the site you think it should, don’t click on it.
Make sure your spam filter is enabled for your email account.
If a website is asking for personal information, make sure it is secure. A secure website will have a URL that starts with “https” (the “s” is the important bit) and it will have a closed lock icon near the address bar. If you get a message stating a certain website may contain malicious files, do not open the website, and never download files from suspicious emails or websites.
Be sure to update your browser, operating system, and relevant programs when prompted to keep them up to date. Most software updates contain security patches protecting you from vulnerabilities previous software versions were vulnerable to.
If someone who claims to know you calls or messages you asking for money, gift cards, or personal information, but they don’t seem trustworthy or the wording seems “off,” don’t send the money or information and do reach out to the contact via a trusted communication medium (phone calls work well for this because you can hear their voice).
This is not a comprehensive list of what you should do to maintain your privacy and security online. For more information, you can watch the video series on internet security made by our security consultants InTrust, and you can download this online security checklist from Schwab.
| Mike Hengehold, CPA/PFS MST RICP®
Mike is the Founder and President of HCM Wealth Advisors. Over the last 30 years, he’s provided financial planning guidance to a myriad of families to help them realize their financial dreams. Mike is an avid homebrewer and animal lover, and when he’s not at work you can often find him on the golf course working on his short game.