Published On: May 27, 2021
Written by: Ben Atwater and Matt Malick
The security of your money must be a high priority. With society’s overreliance on technology, scammers are working harder than ever and getting ever more sophisticated.
In our capacity as the manager of your wealth, it is our responsibility to take cyber security very seriously. We have policies and procedures in place and we take great care to consistently evaluate our vulnerabilities.
But businesses are only one part of the equation. Individuals can also do their part.
Recently, three of our clients had their email accounts hacked. Once the email account is compromised, the scammers peruse sent items for financial-related emails and attempt to mimic them using similar themes and wording. This is an attempt to trick the recipient (people like us) into sending money, divulging personal information or clicking hyperlinks that upload malware.
Individuals should try hard to project their email using a complex and completely unique password as well as two-step verification. (Here is a link on how to set-up two step verification for Gmail. If you do not use Gmail, rest assured most major email providers provide a similar option.)
It is important to set up added email security before a hack. Fraudsters have become so sophisticated that once they hack your email, it is hard to correct. Scammers can copy your old emails and continue to mine them for data and scams even after you reset your password, add 2-step verification and get the hackers out of your live email account.
Often, once they copy your old sent items, they will create a new email address to use when luring your contacts, friends and business partners. Ostensibly, the email will look to the third party like it is from you and only upon careful examination of the actual email address can you determine that the address is not legitimate.
Sometimes, though, fraudsters will phish without even hacking anyone’s email. Instead, they will create an email address very similar to what you are accustomed to seeing.
For example, PP&L, the electric utility, uses the domain pplweb. A hacker could use a domain like pplinternet and try to create an authentic looking email claiming to be about your electric service.
As another example, a scammer might recreate your boss’s email address and email you asking for information. Say your boss’s email is boss@bigcompany. The hacker might create an email address like boss@bigcompanny and use this trick of a slightly altered address to get you to respond.
Be hyper aware when clicking any links in emails you are not 100% certain about. It is a sound personal policy to never click on email links unless you take time to verify the email. Scammers are counting on our innate reactions to familiar names, words and phrases that spur us to quick, natural and intuitive clicking without thinking.
Take a few minutes to reflect on email security. It is a vulnerability for many of us. Change your password. Establish 2-step verification. Be vigilant. Even with all of this, some bad luck can befall any of us, but we can make it as difficult as possible for the hackers.