How to Protect Your Accounts From Online Fraud
Online account fraud is on the rise - don't be an easy target.
Online account fraud is on the rise. Criminals are finding new ways to impersonate you - and the people you do business with - in order to have your money wired offshore. Here’s how they are getting away with it, and most importantly how to protect your retirement money.
Criminals Find Easy Targets by Lurking in Your Email
Overseas hackers find easy targets by breaking into email accounts and lurking. Personal email accounts are at the most risk because they often don’t have the encryption systems in place that business email accounts use.
If your email account is hacked you won’t know the person is there. They watch, sometimes for months, or even years, waiting for a key conversation, personal info, or account data they need to be emailed to someone. Through email, they learn when you will be out of town, and who your key contacts are - such as your banker or financial advisor. They impersonate you and will email your contacts and make it sound real. Here’s an example of a fraudulent email that may be sent to your banker or investment advisor from someone pretending to be you:
“Hi John, as you know I am traveling to Boston with my daughter to look at colleges. We’re a little short on funds. We’ll be touring the college all day so I won’t be able to take a call, but I need you to wire money to me right away. Please send a wire to xxxxx for $ immediately.”
If the person receiving this email does not have good controls in place to make sure they verbally verify the request with then that money could be gone.
How Do They Bypass a Signature Requirement?
Think about how many times you email a document that has your signature, date of birth, Social Security number, or other personal data? Someone hanging out in your email account can easily snag that data and match it up with other personal data they have gathered about you.
If you emailed a form for your child’s school that signature could be used on a wire request form months later. Or maybe you emailed a password to a family member. That might get saved and used later.
They Impersonate Your Service Providers
With the latest type of fraud, online hackers wait for a key transaction, such as a real estate purchase, and then pretend to be your real estate agent or title company and email you fake wiring instructions. You act in good faith and send the funds – never knowing the instructions were fake.
This can also happen if you are buying products online or from a new vendor. For example, the criminal may reach out several weeks after a proposed transaction and let you know of a good deal if you want to wire funds right away.
They even impersonate family members and pretend to be in need and request funds right away.
What Can You Do to Protect Yourself?
Common sense and a “trust but verify” approach is the best way to protect your accounts from online wire fraud. Below are six simple things you can do to make sure a malicious person does not steal your hard-earned money.
- Change passwords. Change your email password frequently - and don't use the same password on email as on other accounts. This one simple step can offer great protection. If someone was lurking in your email and you change the password then the access is immediately cut off. You should also use secure passwords that have capital letters as well as numbers and special characters interspersed with lower case letters. If you want to run a password check, try out LastPass; it encrypts all your data and will make sure your passwords aren’t used twice.
- Don’t email signatures or account info. Don't send full account numbers, passwords, wiring instructions or other personal info via email. Use a secure file-sharing service to send documents that have personal data or signatures. For other types of account information such as passwords or account numbers call and verbally relay the information.
- Verbally confirm any wire transactions. If you are wiring money, such as with a real estate or business closing, call the person requesting the wiring info from you to make sure the request is legitimate. And don’t wire money to strangers! You wouldn’t believe the number of people that find a good deal on Craigslist and wire money to a perfect stranger – only to find out it was a fake product listing. If you are wiring money to adult children in college – be sure to check with them no matter how urgent they say it is. Fraudsters exploit emotion and claim the situation is urgent to try to get transactions pushed through quickly.
- Expect verification calls. Expect calls from your bankers and investment advisors to verify requests when money is to be sent to someone other than yourself. Institutions with good controls in place will train their staff to call and verify the transaction details with you. Be patient with them – they are doing this to protect your money.
- Assume hackers have your info. Data breaches have occurred at Target, Home Depot, Neiman Marcus, T-Mobile, Kmart, Staples, UPS, Anthem, Blue Cross, JP Morgan Chase, Adobe, eBay, Twitter, and the Federal Government, just to name a few. In the part of the internet called the “dark web,” your account info is for sale. It is only a matter of time before someone tries to exploit it.
- Don’t open attachments or click on email links from unknown sources. Malware (malicious software) can be installed on your computer when you click on an email link or open an attachment from a threatening source. This is a technique called phishing – where scammers send an email that appears to come from a legitimate financial institution. Don’t open attachments from unknown sources. Don’t click on email links if you don’t recognize the sender. If your bank or another institution sends you a request for info, go to the website directly and log into your account.
Taking the Steps Above Helps Far More Than You Might Think
If you change passwords frequently and verbally verify any wires you are no longer an “easy target." Criminals share information and go for the institutions and targets that have the least amount of security or controls in place. Although the above steps may take a few extra minutes – it is time well spent.