Cybercrime techniques are constantly evolving and take advantage of new tools and communication channels as soon as they emerge. High net worth individuals are often targeted specifically, but there are however a number of best practices you can observe to minimise the risks.
Bad actors will always seize on crises as an opportunity, so it is no surprise that attempts by cybercriminals to steal sensitive information and target those performing financial transactions are rocketing during the coronavirus pandemic.
We have compiled this succinct guide as part of our efforts to give users important guidance on all aspects of their financial lives during this difficult time. Read on to learn about current cybercrime techniques and how you can protect yourself.
1. Observe basic WiFi network hygiene
Ensure your home WiFi network is password-protected, otherwise neighbours or even passers-by could get access.
Select the WPA2 security protocol for routers and all devices connected to your network. Printers and other smart devices like baby monitors and doorbells are often overlooked
2. Invest in in cybersecurity protection, and keep updated
3. Be serious about password security
It may be a pain remembering many passwords, but using the same or similar ones for multiple accounts multiplies your risk. Do not write passwords and account details down (this is surprisingly common) and instead consider password “vault” services.
At least two-factor authentication should be in place for any financial business, but three-factor should be preferred (such as user ID, password and PIN).
4. Know that app scams are on the rise
Scamming apps often promise official advice, important services, or something really fun, but actually install “ransomware” which will lock your device until a fee is paid.
Be extra careful about apps. Do not download apps from unofficial websites and stick to the Apple Store or Android Play Store, where apps are pre-checked for safety. Also, pay attention to the app permissions you grant (you can control this via app settings on your phone, table or other mobile device).
5. Pay attention to web addresses and subdomains
“Pharming” manipulates web traffic to send users to a fraudulent website where your information could be harvested for fraud and theft.
Always check the address in your browser bar to make sure it continues to match the one you inputted. Be aware that differences could quite subtle – even a single letter or number. A padlock should appear on the browser bar for any secure site.
6. Carefully screen all bulk emails
A phishing email will try to get you divulge personal or financial information, or click unsafe links/attachments.
Although sent out in bulk, phishing emails can look plausible – and important. Think before you click. Do not open any links/attachments from senders you don’t know, even if they purport to be from an institution like HMRC.
We know that affluent individuals can be particularly guarded about their personal data, which is why we never ask for sensitive information like bank details or home address. We are also proud to say that our website is protected by advanced 256-bit encryption, which ensures no data can be intercepted by malicious third-parties. Our security exceeds that of many online banking platforms. However, please do get in touch if you need further reassurance and guidance on how to proceed in a way that is comfortable for you.
7. Be extra careful of emails clearly customised to you
“Spear-phishing” is a more sophisticated version of phishing, targeting an individual with cleverly personalised messages, and they might play on knowledge of the platforms you already use.
Do not let your guard down because the sender seems to know all about you. Know that malicious documents might be stored on legitimate sites like Dropbox, OneDrive or Google Drive.
8. Do not trust communications just because they seem to be from someone senior
“Whaling” frauds are even more sophisticated, with the sender impersonating senior executives in an email intended to extract financial information or authorise a fund transfer.
These scams can look very plausible and carry much information that is correct. It is unlikely that you will receive a direct email from a senior executive, and certainly not one asking for details or payment instructions: give none, and delete/quarantine the email while you verify the message.
9. Be on high alert with mobile phone messages
“Smishing” texts (or in-app/push messages) appear to come from trustworthy sources like the government or even your own doctor, but are an attempt to get information/install malware.
Here again, if in doubt do not click on any links. Give no information and do not call any numbers before checking them against what you have on file or an official website.
10. Don’t let a friendly voice lower your guard
“Vishing” relates to unsolicited phone calls, which may be from a “concerned party”. They may say you’ve been the victim of fraud and need to change bank details or passwords, for instance.
Challenge any cold caller and hang up if you can’t verify them. Call a trusted number on another line if you can, as fraudsters can keep lines open and listen in on mobile calls. Never give out authentication details on an incoming call. A financial institution will never request your authentication details in full.
Always be cybersecurity aware – and ensure your financial adviser is too
Cybersecurity protocols are absolutely paramount for all financial institutions and any financial institution you engage with should be both observing best practices itself and educating you about any risks too.
If you don’t feel like your wealth management adviser is as security-aware as they should be, then this could be a very good reason to consider an alternative.