Protect Yourself

These 5 Tips Can Protect you from Serious Financial Fraud

1. 90% or Greater Cyberattacks Have Origins in Email

  • These threats are referred to as ‘Phishing’ attacks

  • They typically misrepresent the email’s source, and may go as far as appropriating original artwork and logos and may fake the email senders address to match with a trusted source.

  • The mails typically encourage you to download software referred to as ‘Ransomware,’ which locks access to the computer or its files, but may also encourage submitted passwords through false login portals.

  • Mail may embed tracking code into the message itself, which will both expose you as a active and valid mail address if opened, and alert the hacker that you were interested in the content of the mail.

  • Any communication of interest to the hacker exposes you to additional attacks.

  • The solution: delete the mail or flag it as spam without opening it so you do not expose yourself as a potential target.

2. Fraudulent Tech Support Companies Have become Rampant

  • They may present themselves as an un-closable pop-up window with a scary message and phone number, or result from an unsolicited warning phone-call

  • When on the phone, a fraudulent agent may either direct you to another tech agent who will attempt to defraud you, or attempt to do so themselves.

  • They direct you to websites that download software that gives them remote access to your computer until removed. Simply hanging up does *not* end the threat

  • The fraudulent agents will threaten you with action if you do not follow through with their recommendations

  • They use familiar terms in nonsensical ways: common phrases such as ‘hacked IP addresses’ or ‘infected email accounts’ are evocative but do not communicate realworld occurences.

  • As with email scammers, phone scammers won’t give up easy. Expect follow-up calls and threats, as tech fraud is a huge industry.

  • The solution: hang up the phone when you get unsolicited tech calls, and get your computer cleaned professionally if you let them connect to your computer.

3. Two-Factor Authentication is a Must

  • Two-Factor Authentication adds an additional layer of security to online accounts and services, requiring a cell-phone verification or mobile authenticator app in addition to a password

  • Two-Factor is only required when a new device is used to login to a service, or after a defined period of several weeks or months.

  • Email verifications are not considered a viable second factor and are no longer sufficient.

  • Authenticator Apps are considered superior to cell number verification, because motivated hackers can coax a cell service provider into activating a Sim Card on another phone they possess through identity theft.

  • Authenticator Apps generate a new code every 30 seconds, are tied to a trusted device, and offer downloadable recovery code in the case of loss or theft.

  • Solution: use an authenticator app if possible, a phone verification if not

4. Third-Party Advertisements on Webpages can Embed Malicious Code

  • Many websites use advertising affiliate networks to monetize their content, and the sites themselves have little control over the quality or content of individual advertisements.

  • The advertisements in some cases can embed code, which captures mouse clicks or page closes. These captures can trigger additional code.

  • The code can produce unexpected behavior, such as opening addition webpages or pop-up windows.

  • The content of these pop-up windows can be one of the variety of scams discussed here, and can be difficult if not next to impossible to close.

  • Solution: If presented with a windows that will not close or allow normal computer use, hold the power button until the computer turns off. If necessary bring to a professional tech for a check-up.

5. Low Volume or Old Websites can be Hijacked

  • Older websites no longer being actively supported can host known security vulnerabilities, which remain unpatched

  • Contemporary websites require episodic maintenance to address these faults, or they pass their risk to site visitors.

  • These sites are vulnerable to so-called ‘Injection Attacks,’ which issue malicious code to pass on to site visitors, made more dangerous by the trusted nature of the website itself.

  • Community, Church, and Small Business websites are common victims and vectors of these threats.

  • Solution: keep your websites well maintained and patched, and avoid websites with an old appearance and unchanging content.