This article originally appeared on September 16th, 2015 in U.S. News & World Report
12 Tips to Outsmart Financial Spies
People are scared of identity theft, and for good reason. If a bad guy gets his hands on your credit card information or Social Security number, he can set up accounts in your name, launder thousands of dollars and ruin your credit. It can take years – and countless amounts of time and energy – to clean up the mess.
A survey of 1,000 adults by MasterCard released in July found that 77 percent of Americans feel anxious about having their financial information stolen, which is a greater percentage than those who fear their home being robbed (59 percent). Still, many respondents reported engaging in behavior that increases their risks of being a victim of identity theft or fraud, including rarely changing passwords for online financial accounts (46 percent) or using the same password for multiple accounts (44 percent).
“The average person should be very concerned,” says Charlie Price, managing director in MorganFranklin Consulting’s corporate investigations and dispute solutions practice and a former FBI agent. “Every time you click on a link, you’re essentially opening up your front door to let a con man in,” he says.
The risks that come with identity theft can be even higher than losing the money that’s in your bank account. “Attackers aren’t going for the $5,000 or $20,000 you have in savings. They’re going for something far more valuable: your identity,” says Chris Hadnagy, CEO of Social-Engineer, a consulting company that helps organizations protect themselves, and an expert on financial fraud. The attacker can then use your identity to create credit accounts and steal far more money than you have in your bank account.
Here are steps you can take to protect yourself from becoming a victim:
Look out for phishing emails. One of the easiest ways for an attacker to get your financial information is by sending you an email that tricks you into thinking the message is from your financial institution. You then click on the embedded link, enter your password and the attacker has access to your account. Hadnagy admits that even he was fooled by one of these emails that appeared to be from a retailer he frequently shops with and claimed his credit card had been denied. To avoid falling victim, always look closely at the return email address and domain name. Instead of clicking on an embedded link, type the domain name into your browser yourself, Hagnagy suggests.
Don’t share the answers to security questions on social media. Where you went to high school, your mother’s maiden name, your pet’s name, your wedding anniversary, where you met your spouse – all of these are not only frequently asked security questions used to reset passwords for online accounts, but their answers are also often available via Facebook or other social media accounts. That’s why Hadnagy recommends keeping your full birth date and other telling details off social media.
Pick charities carefully. Hadnagy notes that within hours of the tsunami hitting Japan in 2011, the first link that showed up on a Google search for donating to victims was a scam site. He recommends donating only to organizations you are familiar with and you have done background research on.
Change passwords frequently. It’s particularly important to change passwords if you suspect you have been the victim of an attack or accidentally clicked on a phishing email, Hadnagy says. “As soon as an attacker gets one password, he’ll try to go and use it on other websites, because most consumers are reusing passwords,” he says, noting that it’s a practice he advises against. If you have trouble remembering all your passwords – and who doesn’t? – he suggests using an encrypted password manager tool like keepass.info.
Leave important cards at home. “Never carry your Social Security card or those of your children,” says Adam Levin, author of the forthcoming book “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.” He also recommends carrying only one credit or debit card in your wallet. That way, if your wallet gets stolen, you only have to cancel one card and you have a backup card at home, ready to use.
Password-protect your phone: Smartphones contain a treasure trove of information on your financial life, including access to your email and financial accounts. That’s why Levin urges people to use a pin that’s difficult to guess – not your birth date or part of your phone number. “Adding a password might seem like a hassle, but it’s nothing compared to the hassle of resetting all your accounts,” he says.
Monitor bank account statements. It’s not possible to completely eliminate the risk of being a financial victim, Levin says, because your information is located in databases that could be hacked through no fault of your own. If your information does get stolen, Levin says it’s important to be proactive about minimizing the damage through active monitoring of your credit and financial accounts. That way, if you see an erroneous charge, you can immediately report it and make sure you are not on the hook for it. He points out that many people have access to identity monitoring services through their work, credit cards or financial institutions.
Try to keep your email address private. You can’t help it if you have to use your email address as your usernames for many online accounts, but sharing your email address publicly can make it easy for a scam artist to send an email that tricks you into clicking on an embedded link or downloading an attachment with a virus. As a result, Levin suggests keeping your email address off websites and social media accounts when possible.
Get a chip card. Financial institutions in the U.S. are in the process of rolling out credit and debit cards, which contain an embedded chip that makes it harder for financial fraudsters to steal account information. “It creates a unique code with every transaction, and that makes it virtually impossible for a fraudster to create a [copy of the card],” says Carolyn Balfany, a senior vice president at MasterCard.
By the end of the year, she says 65 percent of all debit and credit cards will be replaced by chip cards, and that proportion will go up to 100 percent by the end of 2017. Countries that have already adopted chip cards have seen counterfeit fraud drop by 70 to 80 percent, Balfany adds. The website gochipcard.com contains more details about how the cards work.
Stay off public networks when checking financial accounts. The MasterCard survey found that 39 percent of respondents said they have checked their financial data on public networks. But when you use a public computer to check your bank account, the risk of a hack can go up, Balfany says, because an attacker monitoring the network can potentially steal your information.
Teach your children to be Internet-smart. Children often feel comfortable sharing details about their lives, including photos, online because they grow up using the Internet, but Price urges parents to teach their kids to keep personal details offline and to monitor their accounts. Price warns that kids can encounter thieves posing as other kids online. The attackers can then use details they learn to log into family financial accounts or, even worse, try to meet up with kids in person.
Report the attack. If your accounts have been compromised, you should let your bank and financial institutions know. Price also encourages victims to file a report with the FBI at ic3.gov. The report could help prevent the next person from becoming a victim – and put the perpetrator behind bars.
About MorganFranklin Consulting
MorganFranklin Consulting (www.morganfranklin.com) is a global management and technology consulting firm that works with leading businesses and government. The firm helps organizations solve their most pressing challenges and address critical finance, technology, and business objectives. MorganFranklin is headquartered in the Washington D.C. area with regional offices in Atlanta and San Francisco, and supports clients across the globe.
MorganFranklin Consulting is the brand name referring to the global organization of MorganFranklin, Inc. and its subsidiary MorganFranklin Consulting, LLC.