- Wes Moss For the AJC
In this day and age, we all have to take cyber security very seriously. And with good reason: Equifax, Yahoo!, Target, and the list continues to grow of major company data breaches.
Given the opportunity, the seemingly never-ending parade of techno criminals would take you to the proverbial cleaners. These hackers employ new and nefarious techniques to steal your identity, drain your accounts and open new ones in your name, wrecking your credit. But you aren’t helpless in the endeavor to keep your online accounts locked down. A few simple strategies will make you (and your financial well-being) safer.
Don’t take it from me. Take it from a former FBI agent.
The one-time G-man heads up one of the nation’s largest investment firm’s corporate investigations and its fraud-protection program.
On this agent’s dossier is a decade and a half of white-collar crime fighting: financial fraud, corruption and garden variety cybercrime. He was chief of the FBI’s Undercover and Sensitive Operations Unit in Washington, D.C., heading up many of the bureau’s most complex cases. In the second half of his career, he’s a top-tier professional in cybersecurity and risk mitigation.
Today, his life’s work is keeping people and their money safe from virtual thieves. During our conversation, he told an illustrative story, and I want to share it with you. It’s about two guys who want to make you a target. Meet Yuri and Dimitri.
Yuri is a Lithuanian criminal mastermind. He employs Dimitri, a skilled hacker residing in the U.S. One thing to note here is that this is not a small business outfit. Yuri works with dozens of sophisticated cybercriminals just like Dimitri. What do these hackers do for Yuri? They search for and target high net-worth individuals.
In their pursuit, they compile detailed profiles, getting to know you, your spouse, your kids, your schools, churches, alma maters, hobbies. The list goes on. Armed with this information, they plant an unsuspecting piece of malware on your computer. How? By sending an email that looks like it’s from somewhere like your church.
Embedded is a link, and once you click, you have just unknowingly given the malware access to scan your device. The next time you type in your user name and password at your financial institution’s site, the malware records it. Yuri and company then use this information to open an online account in your name, to link it to your current accounts, and, one day, to draft your funds out. Just like that.
This is just one iteration of the cybercrime racket called “True Name Fraud.” Here’s how our expert recommends you protect yourself:
1. Freeze your credit: Our man suggests you do this with all three major credit bureaus. Remember, never (and I mean never) lose your PIN. It is your access card for freezing and thawing your credit report accounts.
How does this help? When opening up a new “mirrored account” online, most firms will verify or check your credit before they do so. If your credit reports are frozen, not only have you disallowed a criminal from borrowing money in your name, but you’ve also prevented that criminal from opening a new account in your name. No new account means no anonymous, “same named” account to siphon money to and from.
2. Two-factor authentication: Add a layer of protection by selecting this option for anytime you log into your account on your financial institution’s website. Just do it. Since its inception in 2012, nearly all major web services now provide some form of two-factor authentication.
3. Monitor accounts regularly: Make it a habit to look at transactions on all of your accounts on your own, and do it often. Additionally, you can consider using a monitoring service like LifeLock or Credit Karma.
4. Practice prudent cyber hygiene: Don’t just click on any old link. Keep an eye out for erroneous links and emailed links that look fishy (or phishy).
This one is difficult to practice perfectly, so our expert recommends having a separate computer/laptop/tablet for financial accounts only. This means that on this separate device, you don’t even link the email, and you never, ever go to websites outside of the ones belonging to your financial institutions. By eliminating your surfing on your “financials-only” device, you force yourself to have good cyber hygiene while helping to prevent hackers from putting malware on your device. No malware equals no inroad to stealing your passwords and accessing your financial institutions.
5. Consolidate: There’s no reason to have two dozen bank and investment accounts. If you have a slew of accounts, trim them down to two or three institutions. This makes monitoring your transaction activity less complicated.
6. Use live people: Low tech is the new tech. Try doing business with actual humans. You should talk to (and not email) your financial institutions when it comes to moving funds or doing anything new or material in your financial life.
Technology has made our lives easier and more convenient, but with this ease and convenience comes a lessening of privacy and rise in the opportunity for cybercriminals to steal our money. While no list of steps for protective measures and good habits can ensure that you won’t become a target, it is a fact of human nature that hackers pick the low-hanging fruit. For these criminals, time is money, so employing these steps gives you a much higher probability of security. Because most people don’t employ all of these measures, there are millions of easier targets on which cybercriminals can set their mark. Don’t be one of them.
This information is provided to you as a resource for informational purposes only. It is being presented without consideration of the investment objectives, risk tolerance or financial circumstances of any specific investor and might not be suitable for all investors. Past performance is not indicative of future results. Investing involves risk including the possible loss of principal. This information is not intended to, and should not, form a primary basis for any investment decision that you may make. Always consult your own legal, tax or investment advisor before making any investment/tax/estate/financial planning considerations or decisions.