Cybercrime Part III: How to Prevent and Deal with Data Theft
In the first two parts of our series on cyber fraud, we looked at two true tales of client close calls, and a story of a vulnerable woman who lost her life savings to a swindler. In this third part, we delve into how to protect yourself against fraud, and what to do if it happens to you or your loved ones.
With minimal risk and the potential for significant rewards for the criminals, cybercrime and fraud are a constant threat. At JLFranklin Wealth Planning, our cybersecurity plan is solid, and our culture encourages our employees to be vigilant. However, since cyber attacks are becoming more common and serious in scope, we want to make sure that you have a personal plan in place to prevent fraud, and that you know the steps to take should you experience a data breach.
How to Prevent Fraud
Preventing cybercrime and fraud requires constant vigilance on the part of all parties with interest in or legitimate access to your resources. While JLFranklin Wealth Planning plays an important role in helping protect your assets, you can also take action to protect yourself and help secure your information. Below are some tips and best practices.
Be vigilant and take action.
- Be skeptical about phone calls, emails, and texts asking you to send money or disclose personal information. If someone calls you claiming to be a rep for a company you use, hang up and call back using a known phone number.
- Never share sensitive information via email, as accounts are often compromised. A secure portal is a good solution, and we have you covered via ShareFile.
- Beware of phishing and malicious links. Urgent-sounding, legitimate-looking emails are intended to tempt you to disclose personal information or (unwittingly) install malware.
- Don’t open links or attachments from unknown sources. If you must visit a URL you encounter in an email or text, type the web address in your browser instead.
- Check the sender’s email address. A sender’s name can be easily changed by a fraudster, but the actual address cannot. Be aware that letters strung together can look deceiving. For example, it’s hard if not impossible to tell the difference between an “m” and the letters “r” and “n” next to each other. Fraudsters can reconfigure their email address with such trickery.
- Check your bank and credit card account statements regularly for suspicious activity.
- Never enter confidential information in public areas or over open Wi-Fi. Always assume someone is watching.
Adhere to strong password principles.
- Don’t use personal information as part of your login ID or password, and don’t share login credentials. It’s a common occurrence to use the names of children or pets in a password—don’t do it.
- Create a unique, complex password for each website, and change it every six months. Consider using a password manager such as LastPass to simplify this process.
Update and maintain your technology.
- Keep your web browser, operating system, antivirus, and anti-spyware updated, and activate a firewall.
- Do not use free or found USB devices. They may be infected with malware. This was a strategy used by Russia to successfully hack into the US military computer network a few years ago.
- Check security settings on your applications and browsers. Make sure they’re strong.
- Dispose of old hardware safely by performing a factory reset, or removing and destroying all storage data devices.
Use caution on websites and social media.
- Do not visit websites you don’t know, and don’t click on pop-up ads or banners.
- Log out completely to terminate access when exiting websites.
- When you travel, don’t use public computers or free Wi-Fi. Instead, use a personal Wi-Fi hotspot or a Virtual Private Network (VPN).
- Hover over questionable links to reveal the URL before clicking. Secure websites start with “https,” not “http.”
- Be cautious when accepting “friend” requests on social media, liking posts, or following links.
- Limit how much info you share on social media sites. Assume fraudsters can see everything, even if you have safeguards.
- Consider what you’re disclosing before sharing or posting your resume.
How to Respond to a Data Breach
Being the victim of cybercrime is a frightening and stressful experience. If you do experience identity theft or fraud, time is of the essence. You’ll need to take immediate action to minimize the impacts. Below are important steps to take, and when you should take them.
Within the first 24 to 48 hours:
- Call us, regardless of where or how the breach occurred, so we can watch for suspicious activity in your accounts and collaborate with you on extra precautions to take to verify your identity prior to any fund transfers.
- Call the Social Security Administration’s fraud hotline at (800) 269-0271 if you suspect your Social Security number has been compromised. The Office of the Inspector General will take your report and investigate any activity that uses your Social Security number.
- Contact the Federal Trade Commission (FTC) at www.identitytheft.gov, by calling 1-877-IDTHEFT (TTY 1-866-653-4261), or by visiting www.ftc.gov. Click on Report Identity Theft to access the Identity Theft Recovery Steps. This one-stop resource for victims of identity theft will guide you through each step of the recovery process, from reporting the crime to creating a personal recovery plan and putting it into action. Banks and other company resources are listed here, too.
- Visit the IRS website https://www.irs.gov/uac/taxpayer-guide-to-identity-theft if you’re the victim of tax fraud. You’ll be able to access the Taxpayer Guide to Identity Theft, which provides education on tax-related identity theft, tips to reduce your risk, and steps for victims to take.
- Call the Schwab Alliance team at (800) 515-2157 if you suspect you’re a victim of fraud. Schwab will escalate your matter to the Fraud Prevention & Investigations team to look into your case and take necessary precautions to prevent further unauthorized debits.
- Run reputable anti-virus/anti-malware/anti-spyware software to clean your computer if the breach is a result of activity on your computer.
- After you’ve ensured your computer is virus-/malware-/spyware-free, change your account passwords. Make each password unique, long, and strong, and use two-factor authentication, when available.
Within the first week:
- Report the crime to your local police, even though the incident may cross multiple jurisdictions. Your local police will file a formal report and may be able to refer you to additional resources and agencies that can help.
- Report your stolen money and identity to one of the three main credit bureaus. Provide the credit bureau with your police report number and ask them to place a fraud alert on your account to prevent additional fraudulent activity. Once the alert is activated, the two other credit bureaus will receive automatic notification, and the fraud alert on your credit report will be in place for seven years with all three credit bureaus. (Without a police report number, the alert will only be in place for 90 days.)
- Review all recent account statements for unauthorized activity and report any suspicious transactions to the business where the unauthorized or suspicious activity occurred.
- Consider what other personal information (such as birth date, Social Security number, PINs, account numbers, and passwords) may be at risk and alert the appropriate businesses.
- Begin collecting and saving account statements, canceled checks, receipts, emails, and any other evidence that may be useful if a cybercrime investigation is warranted.
Within the next 30 days and beyond:
- Carefully review statements on all bank and credit card accounts as soon as they arrive. Look for unauthorized activity, and report any suspicious transactions to the business where the unauthorized or suspicious activity occurred.
- Notify your friends, family, business associates, and other relevant parties in your contact list that you were hacked. Tell them to beware of emails that may have been sent to them from your account.
- Contact us regarding precautions to enhance the identity verification process for executing financial transactions.