Six Tips to Increase Your “Cyber” Security
We have written in the past about the importance of protecting your personal data and this continues to be a hot topic for individuals and businesses. Following is a summary from a presentation by Clyde Langley, VP of Fraud Prevention & Investigations for Schwab.
The annual economic impact of cybercrime is estimated to be larger than the illegal drug trade (approximately $400 billion) with 47% of US residents hacked in 2015 (with hacking defined as some form of ID theft).
Emails are a constant and growing avenue for cybercrime. The FBI estimates approximately 40% of all emails are compromised through sites like yahoo and gmail. It takes only three minutes for a criminal to assess the value of the email account by searching for terms like wire, transfer or account number.
The most common technique is to hack email via “phishing” and about one in seven phishing attempts are successful. This is where a criminal sends an email link designed to trick victims into clicking and giving away personal information. The days of poorly spelled emails coming from a “Nigerian prince” are giving way to sophisticated emails that appear to be from a legitimate financial institution or government agency. Once a recipient clicks the link provided in a phishing email and enters their password, the criminal is in the recipient account. The personal information is sold almost instantly on the “dark web”.
Users of social media are particularly vulnerable (watch this video if you think you aren’t). By trolling Facebook and other platforms they are able to tell when you are out of town. That information is used to contact the financial institution to attempt wire fraud (I’m out of town, unable to talk, etc.).
Langley reports that they are seeing very high levels of attempted wire fraud, particularly with real estate deals. The most typical technique is using a real estate title company and attorneys. An individual is scammed, the criminal then attempts to give the wealth management firm and/or Schwab “good” wire instructions that in fact send the client funds to a criminal account.
What Schwab is Doing
At SHWM, we understand that security of your asset accounts and your personal information is critical. We generally custody client assets with Schwab. In addition to its strong financial position, Schwab has stringent controls in place to safeguard your accounts and the privacy of your information.
Schwab has a 24/7 Command Center and they pay outside hackers to attempt to hack their systems. They report having had no data breaches as of the date of this article. Schwab uses very sophisticated authentication techniques and they also see when criminals log in with stolen client credentials and attempt to open a new account.
While Schwab works non-stop to protect your information, there are also important safeguards that you and your advisor must implement.
What You and the SHWM Team Can Do
At SHWM we know our clients and have a procedure in place to verify the client’s identity. We strive to be aware of suspicious activity in communications from supposed clients, including indications of a financial need while traveling and unavailable, use of sympathy or emotion in an unusual situation, the inability to get to a phone or to provide a phone number and/or requests that are extremely urgent, especially when preceded by any of the previous indicators.
When third party money requests are made, we verbally confirm with our client, the client is required to sign a form and we are required to sign a form for Schwab attesting to the fact that we spoke directly with the client.
Here are a few other tips for you (and for us):
- Treat your emails as if they are read by criminals; 40% of them are. Don’t ever put Schwab (or other) account numbers, your social security number or other personal information in emails.
- Passwords: Change them frequently (Schwab suggests every six months). Use very complicated ones for financial institutions and simple ones for accounts such as the newspaper. Approximately 55% of people report using the exact same password across all accounts. Langley suggests not using password “keeper” apps, saying they are ripe for hacking.
- When clients call Schwab, additional security can be implemented by adding a password that Schwab will need in order to speak with the client. Schwab will also have security questions in place as well before giving out any information.
- If you believe your email account has been compromised, please alert SHWM immediately. We also notify Schwab if we suspect a fraudulent email request; this has happened a few times over the past couple of years.
- SHWM will always call you to verify account transfers, and we will be especially leery of a request when a client says they are “unavailable and the matter is urgent.”
- Bad guys know “out of wallet” questions, like your first home address, mortgage company and other information they can buy on the “dark web” from Equifax and others. If asked for security question answers online, answer the same for all of them. For example: First dog: Spot. Childhood friend: Spot. Mother’s Maiden Name: Spot.
As with any potential security issue, active and ongoing involvement in prevention and recognition of the real threat are the keys to maintaining the integrity of your personal information and therefore your money. We take our responsibility to you seriously, as does Schwab. If you have any questions or concerns in this area, please call us at 404-874-6244.