There is a lot of concern and talk about the increase in cyber-attacks and hacktivist uprising amidst the Russia/Ukraine conflict. Just this week, hacktivist group Anonymous publicly declared that they were launching a full-on Cyber War with Russia by launching attacks on the Russian government and intelligence agency.
Everyone is expecting that Russia will retaliate, and the CISA (our federal agency for Cybersecurity and Infrastructure Security) has confirmed that there has been retaliation by Russia using some of the most common methods of cyberterrorism.
What does this mean for you and how can you stay safe? Below you’ll find some easy tips to implement and some ammo to help you fire back.
Be a detective! Scrutinize and question unknown emails and texts.
If you weren’t expecting an email from someone, treat that email as suspicious. Spoofed emails and texts will appear like they are sent by the proper organization, bank, or email provider but they are usually a letter or number off.
The spoofed email is generally sent with a “phishing” lure, where scammers attempt to trick you into thinking that the email is legitimate, and they get you to provide personal or financial information, or username and password combinations by clicking or interacting with something in the body of the message. The scammers can do this through text message as well, this is called “smishing.”
How can you identify these emails or texts easily? Stay diligent and:
- Examine the sender email address and make sure it is accurate (you can do this by hovering over it with your mouse).
- Look for poor grammar, spelling errors, low resolution images or logos.
- Don’t click unexpected attachments or strange URLs that ask you to act on something.
- Be wary of emails saying your account is locked or suspended or you’ve gotten something for free.
- Know that, generally, expired password and password reset requests never happen out of the blue. Those types of emails are generally sent only after being requested by you directly on the site in question.
Enable Two-Factor Authentication (2FA).
2FA can be setup on most financial accounts, email accounts, and medical logins, and is one of the best ways to protect your information. It can be setup via text message, email, or an authentication device.
How it works: you’ll sign into the site using your username and password, then, if 2FA is enabled, the site will send a code to the authentication method you choose, and you will enter that code in before you can proceed to the site. It is an extra layer of protection when scammers are trying to access your account.
Do not reuse passwords or store them in your browser. Do ensure passwords are hard to hack and get a password manager to help you with that.
Experts say the best practice for passwords is to never reuse the same password twice and to make that password at least 16 digits, consisting of numbers, upper and lowercase letters, and symbols.
It sounds terribly difficult to manage on your own, but it is SO easy if you use a password manager like LastPass. Password managers will store your passwords and will even generate those hard to hack passwords for you.
Also be sure to never let your browser store your passwords for you. This is the first place scammers will access once they have control over your computer, and then they will have the keys to the kingdom.
Keep your computer and other internet devices up-to-date and install anti-virus software.
Hackers can access all the devices on a network once they are in, which is a terrifying thought, especially considering the typical homeowner may have 10 or so devices hooked up to their internet (think Ring camera, multiple phones, personal and work computers, printers, watches, etc.).
Any one of these devices can be the entry point, which is why keeping those devices updated is extremely important. A lot of computers and phones have auto-update features you can turn on, making it fool-proof. Also, install a good antivirus (we recommend Webroot).
Regarding your accounts with Financial Synergies, please rest assured knowing that we do everything in our power to keep your assets safe. The custodians we work with, Schwab and Fidelity, do the same as well.
At the end of this post are some helpful resources, including a printable fraud prevention checklist which includes some neat settings you can turn on with the custodians, including voice authentication. If you have any questions about this, feel free to call or email me directly.
CISA Alerts: https://www.cisa.gov/uscert/ncas