We are about to enter (arguably) the busiest season of the year: kids are going back to school and back-to-back holidays. All of us are so busy with our personal lives that some things will inevitably fall to the wayside. Your financial assets should not fall into that category.
I recently attended Schwab’s Cybersecurity & Fraud Prevention conference and would like to share some information about email fraud to ensure that our clients are keeping themselves safe.
I’ve outlined two email tactics that fraudsters are actively using to target unsuspecting targets. 2018 has been the year of data theft. About 40-50% of all fraudulent cases involve email.
Not “fishing.” Phishing is when someone sends you an email with links that say “Click Here” or “Open This.” When you click on the link, malware is installed on your computer to either capture all of your keystrokes (so that the fraudster can capture the passwords to your financial accounts) or to set up an auto forward on your email account. Sometimes, the malware disappears. Meaning it infects your system and then self-uninstalls, left untraceable to the common eye.
A common example that I’ve seen is when a fraudster crafts an email that looks like it’s coming from your banking institution. The email has all of the right logos, disclosures and may sound legitimate, but it will provide you with a direct link to login. A legitimate email from your financial institution will not send you a direct link to their login page, instead they will ask you to login without giving you a link.
Spoofing happens when someone masks the actual email sender’s name with a false email address. Fraudsters will use this tactic to sometimes engage in a conversation with their target, or send them false information. One way to ensure you aren’t getting “spoofed” is to toggle over the sender’s name in the email and see if you recognize the email address.
One of the riskiest periods for spoofing happens when you’re in the middle of a real estate sale or purchase. Whenever you receive wire instructions from the title company via email, always call the title company directly and verify the instructions before submitting the wire.
How can you prevent yourself from falling for these tactics?
1. Don’t open emails from senders you don’t recognize.
2. Periodically check to make sure that your emails aren’t set up to auto-forward to an address you don’t know.
3. Add dual factor authentication wherever possible. It is sometimes a pain to have passwords for your passwords, but personally, I’d rather deal with that than the alternative.