These days it seems there is no shortage of scam calls, phishing e-mails, and bad actors trying to steal what is yours. And they’ve managed to creep into every corner of our lives – our computers, our phones, our front porches, and our mailboxes. So, how do you protect yourself from these people? To be honest, it’s hard to definitively say what you can do to ensure you, your identity and your bank accounts will be safe. But there are two pieces of advice we can certainly give you – stay educated and stay diligent.
How to Prevent Getting Hacked
Scams change all the time. New technology is developed, new scammers are trained and current events from as recently as yesterday are exploited. So, one of the best things you can do to protect yourself is to stay up to date on current scams. You’ll find this information on news channels, from your banks, and from some professional services companies you work with. Be sure the source of the information is legitimate. Banks have guidelines around how to identify that communications from them are legitimate. Be familiar with this information and, once you trust the source, carefully read all information from your bank(s) about current scams they’re seeing. Be patient with procedures meant to protect you and allow extra time to process requests when you know you’ll run into security checks.
Stay Educated on Recent Money Scams
Read news articles from legitimate news sources that describe new scams being seen in the marketplace. And don’t ignore profile stories of one person’s experience, which can be incredibly insightful. You’ll likely remember the details of a personal story more and will learn many tactics used by the scammer.
Secure Your Devices to Prevent Financial Hacks
Staying diligent involves many technology-based solutions. Setting up security measures on your cell phone and computer can be a helpful first step.
First, protect your physical devices by following these simple practices:
- Don’t connect to public Wi-Fi when you intend to access personal information on the web. This includes banking apps on your phone or any other app that contains personal information, such as retail apps that have your credit card information stored.
- To ensure you have control over that first item, don’t allow your devices to automatically join unfamiliar Wi-Fi networks.
- Disable automatic Bluetooth pairing on your phone, which can allow bad actors to sync up with your phone without you noticing.
- Don’t borrow phone chargers from strangers or use USB public charging stations, which can be loaded with malware and allow hackers to read your data, infect your device with malware including the type that would allow them to clone the SIM card on your phone, or steal sensitive information.
- Keep the software and operating system on your computer up to date. Updates often fix known security vulnerabilities and should be made as soon as they’re available.
Strong Passwords Can Keep Your Financial Information Safe
Second, protect your online presence by maintaining strong passwords on your accounts. We highly recommend utilizing a password manager that is itself protected with multi-factor authentication and a long password or passphrase. Twelve characters is long enough for a perfectly random password, but human-created passwords must be more than 18 characters to evade hackers. The good news is that passphrases are just as strong as long, random-character passwords and are likely easier to remember. Examples of good passphrases might be: Amberlikesdaffodilsinspringtime or Today,Ihadanomeletteforbreakfast.
Using the How Secure is My Password? tool at Security.org, I’ve learned that it would take a computer about one hundred decillion years to crack that first password and one hundred duodecillion years to crack that second password. Now, even though I work in the finance industry I had to look up how big those numbers are. A decillion is a 1 followed by 33 zeros, and a duodecillion is a 1 followed by 39 zeros. I think I’m quite comfortable with the security of these passwords.
What to Know about Social Engineering Attacks
Unfortunately, utilizing technology-based solutions alone is not enough to protect you from the most effective scams of all, which are referred to as “social engineering.” Social engineering is when a bad actor manipulates you into performing an action (such as willingly transferring money) or divulging confidential information (such as your address and social security number) to be used for an illegitimate purpose. These types of scams are particularly dangerous because you often don’t have the same protections from banks if you fall victim to this type of scam that you would if someone hacked your account or stole your credit card.
Luckily, there are several signs that can help you identify a social engineering attack:
- Scammers pretend to be from an organization you know and trust. We’ve seen clients get attacked by people who “worked at” Amazon, Apple, and TD Ameritrade, among others.
- Scammers present a problem you would want to take care of or a prize you would want to claim.
- Scammers pressure you to act immediately. They present the issue as urgent and discourage you from consulting with anyone else, including a trusted advisor or spouse. They may suggest you can’t even hang up from a phone call with them until the issue is resolved.
- Scammers give you specific instructions on transferring money that is not how you typically operate, such as sending money through a money transfer company or buying gift cards.
It is extremely important to remember that, no matter how urgent or serious the problem sounds or how enticing the reward seems, in truly legitimate scenarios you would always have time to think about your response and to consult with a family member or advisor. If someone is presenting a problem or prize to you unexpectedly and encouraging you to act immediately without consulting anyone else, IT IS A SCAM.
How to Block Scam Calls
The best way to avoid getting scammed in a social engineering hack is to not take phone calls from a scammer. This is easier said than done, but a few things you can do to decrease incoming scam calls are:
- Block spam calls through your wireless carrier. Major wireless carriers offer the following:
- AT&T: ActiveArmor
- T-Mobile: Scam Shield
- U.S. Cellular: Call Guardian
- Verizon: Call Filter
- Block spam calls through your wireless device.
- Apple iPhones can Silence Unknown Callers
- Google Pixel Phones have a “Call Screen” feature
- Samsung has a business partner that allows them to offer Smart Call on their devices
- Protect your landline.
- The FCC has a good Call Blocking Tools and Resources page which includes links to the above and to many landline resources.
Please note that implementing any of these solutions may cause you to miss legitimate calls. If you are attentive to your voicemails and your recent calls list, it is safer to put these protections in place and have some legitimate calls silenced than to answer all calls and fall victim to a scam.
Protect Your Personal Information
In conclusion, remember to use your best judgment. If something sounds too good to be true, it is. If a story sounds off, don’t believe it. Ask questions and ensure the answers make sense. Don’t give out personal and financial information in response to a request you didn’t initiate. Don’t pay someone money to get more money. Stop, think, and talk to someone you trust – a friend, a family member, a neighbor. And we’re always happy to have you contact us. Every employee at Agili is regularly trained in cybersecurity and social engineering. We can help you determine if you’re being scammed, but it only works if you contact us before you pay someone. Please do!