CYBER-20: How to Be Aware in Times of Cybercrime
By Crescent Team
In a time when we are most concerned about our physical safety as it relates to the ongoing pandemic, there lies another hidden fear of safety lurking. Everyone notices the increasingly growing tech sector, which comprises approximately 27 percent of the widely tracked S&P 500 index[1]. As the technology sector continually crops up in the news, it serves as a reminder of the speed at which technology infuses with our lives, saturating our daily routines with regular video conferencing, constant social media updates and countless emails. As a result, care must be taken to avoid overlooking the gaps that technology creates, breaches that have the potential to give cybercriminals a key to your sensitive personal information, leaving you as a potential victim of fraud.
COVID-19’S EFFECT ON CYBERSECURITY
Unfortunately, when challenges befall the world, as it has while the coronavirus pandemic continues, hackers and identity thieves have better opportunities to prey on unwitting civilians enduring a time of crisis, a time when it might be easier to let one's guard down.
Retirement Plans
Fiscal policy changes surrounding retirement plans have exposed unique cybersecurity vulnerabilities. Prior to the passing of the CARES Act, participants under the age of 59 ½ were not typically expected to withdraw from their retirement accounts.
Nonprofits
Charities gained traction all over the world by use of the Internet. Unfortunately, fraudulent charity campaigns prey on the flaws in cybersecurity during difficult times of crises.[2] Avoid clicking on campaign links via e-mail in the unfortunate event it is a phishing[3] attempt. Perform the due diligence of verifying the charity's legitimacy through resources such as Charity Navigator and the BBB's Give.org.
Work from Home
In addition, while remote work could become the norm for most of the workforce long after the pandemic has ended due to the strides technology has taken, this “new normal” endured issues at the beginning of the initial global lockdowns. Zoom Video Communications' subscribership increased exponentially from 10 million daily users in December 2019 to hosting 300 million meeting participants per day in March 2020.[4]
As a result, video hijacking, or “Zoom-bombing,” propagated throughout the Zoom system because of meeting IDs and passwords being posted publicly. These “Zoom-bombing” events bombarded unexpecting Zoom meeting attendees with intruders. Across video-conferencing services, maintain privacy when sharing credentials to avoid any unwanted visitors by sending these credentials directly to your meeting participants. In other words, do not under any circumstance share such sensitive information on any public or social media platforms.
BEING CYBER AWARE WITH YOUR INVESTMENT ADVISORY TEAM
Below is a chart that details the Federal Trade Commission (FTC)’s recommendations for helpful actions you can take to avoid fraud.
As technology continues to evolve, so does the creativity and sophistication of cybercriminals. Never overestimate your investment advisory or banking team's cybersecurity protocols and limit the use of delivering your sensitive information in an e-mail or phone calls unless necessary and following appropriate security protocols. The number of security steps custodians require of their clients to perform that confirm legitimacy is essential to avoid wire fraud and money laundering. According to data from the Federal Trade Commission, mortgage wire fraud attempts rose 1,100 percent between 2015 and 2017.[5]
It helps to have a trusted relationship with your advisory team where they can independently decipher suspicious requests, even if the cybercriminal obtained your social security number, date of birth and other security answers.
Suppose your investment advisory or banking team needs account information from you to process a request. In that case, it is important not to send your full account number in an e-mail; preferably give your trusted advisor/banker a call to deliver the information. You may trust the cybersecurity measures on their end. However, there are many instances when cybercriminals break into an e-mail address and spend time reviewing these interactions between their target and external parties; this is known as a spoofing[6] attack. As a result, cybercriminals have requested funds using information found within these everyday interactions.
Nothing is Ever Truly Free
FREE public Wi-Fi
FREE trial requiring date of birth and e-mail
FREE charging stations
Do not be fooled: “FREE” is not always a good thing, and the free service you might be getting could be granting hackers the freedom to steal your information or worse. It's best to leave these common conveniences alone.
Upon plugging in your low-battery phone into a public charging station, you run the risk of being a victim of fraud. According to NBC news, “The practice, known as ‘juice jacking,’ occurs when people plug in to "juice" up their phones and hackers use malware in the charging station or USB cable to "jack" their information, such as phone numbers and passwords.”[7]
Additionally, exposing your mobile device to unprotected Wi-Fi networks in public areas like hotels and coffee shops can leak sensitive information contained on your devices. Dates of birth and the last four digits of social security numbers are now common answers to security questions or two-step authentication services. As the rise in data breaches continues, it is easier for cybercriminals to obtain this information and use it to reset your passwords and transfer funds fraudulently.
Thankfully, resources such as password managers, identity protection services and virtual private networks are increasingly coming to the forefront to assist the average American in the constant fight against fraud. Managing passwords for online accounts has become a much more daunting task, especially if you have to generate long, encrypted passwords on your own.
Password managers like Enpass and LastPass, to name a few, can assist you in maintaining different and complicated passwords to streamline your online life. In fact, many smartphones and other devices have such useful tools already built-in to their operating systems, such as Apple’s Keychain. Stay safe, be well and maintain your vigilance.
For more information, please contact any of the professionals at Crescent Wealth Advisory.
Download a PDF version of this blog.
1 Standard & Poor's, Morningstar as of June 30, 2020.
3 Phishing: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. (Definitions from Oxford Languages)
4 https://computer.howstuffworks.com/zoom-bombing.htm
6 Spoofing definition: Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server. (https://www.forcepoint.com/cyber-edu/spoofing)
Note: This report is intended for the exclusive use of clients or prospective clients of Crescent Wealth Advisory. Content is privileged and confidential. Any dissemination or distribution is strictly prohibited. Information has been obtained from a variety of sources believed to be reliable though not independently verified. Any forecast represents future expectations and actual returns, volatilities and correlations will differ from forecasts. Past performance does not indicate future performance. The information presented does not represent a specific investment recommendation. Please consult with your advisor, attorney and accountant, as appropriate, regarding specific advice.