Last week I received an unsettling email; a college friend of mine was lamenting about how he fell victim to a cyberattack…his family’s business email account had just been hacked. The perpetrator, after gaining access to sensitive company information, sent numerous wire transfer requests to financial companies where his firm had accounts. He scrambled to contact every bank to prevent any illicit distributions and, much to his relief, the breach was detected before he lost anything. He was lucky.
An incident such as this is referred to as a “hostile email takeover.” Using various deception tactics, hackers will take over an email account and look for any messages that contain financial related data, such as correspondence with a bank or financial advisor. The hacker then poses as the client and requests a wire transfer to a third-party location. The hackers usually reference some sort of emergency situation, and may go as far as saying that they are unable to be reached by phone. Others are more brazen and will actually call the advisor or bank, knowing they may require verbal confirmation.
Coincidentally, I had received an email that same morning from Charles Schwab on the threats financial advisors face by these cyber criminals. It had me thinking about how I should probably update the passwords on my various online accounts. Online security is a very hot topic these days given the data breaches of household names like Target, Home Depot, and JP Morgan. But when something like this happens to you or someone you know, it takes on a whole new meaning.
There are a variety of ways to reduce the chances of a breach. Installing antivirus and malware software is a great start. Updating your password every few months is one of the best ways to stay safe online. Since most of us aren’t likely to keep up with all of those password changes, there is a service called Keeper Security which stores all of your login credentials in a single, secure place. Charles Schwab lists a number of measures to help ensure your financial accounts are well protected, and Financial Synergies has written some helpful content on mobile security and how to safeguard your online identity.
I’ve come across a few more unique ideas recently that really stood out, including:
1) Using fake answers to security questions. If a hacker is capable of taking over your email account, it probably won’t be hard for them to figure out your mother’s maiden name or your favorite pet. Instead, choose an answer that is similar or perhaps the exact opposite – just make sure it is something you will easily remember.
2) Have a credit card dedicated to making only online purchases. Buying things online helps save time and energy. However, these expenditures usually get lumped in with groceries, gas, and other day-to-day purchases. Having a credit card strictly used for these online purchases makes it easier to review and potentially identify fraudulent charges. Credit card companies have very good security measures in place but there is no harm taking it the next level.
3) Avoid programming your home address into your smartphone. We take our smartphones and other personal devices with us everywhere. Programing your home address may seem like a logical thing to do. However, if they end up in the wrong hands, we don’t want to give a criminal an open invitation right to our front doorsteps. The same goes for if your car has a navigation system. Instead, program a nearby business or reference point in your neighborhood.
Technology is sewn into the fabric of our daily lives, so we have to treat online security like any other healthy habit. As financial advisors, it is our responsibility to take every measure available for safeguarding our clients’ private information. We have various ways of doing this including verbally confirming transactions such as wires, offering secure online portals for document delivery and storing important financial information, and various resources, tips and articles on our website that can help implement layers of protection for online lives.
If you have any concerns about online security, or want to know how you can be better at shielding yourself from a hostile takeover, please give us a call.