An important topic, which has gotten a lot of attention lately, is online security. This issue has been in the news recently, with two large companies (Colonial Pipeline and JBS Meats) being hacked and having their all of their operations shut down. In the case of Colonial, the hackers froze their systems and demanded a ransom payment of almost $5 million in Bitcoin (a digital currency) to restore them.
The pipeline shutdown caused shortages of refined oil products on the East coast for several days, as that line is a major artery for gasoline supplies. It turned out that Colonial worked with the FBI to follow the ransom payment, and they ended up recovering a portion of the payment, but the rest was gone. The hackers were traced to Russia, as was the group behind the JBS attack, but there is little hope of any legal remedy for either firm.
On a more personal note, I have spoken recently with someone who received a message online that there was a suspicious purchase on their account and that they should follow a link to speak with a representative from Amazon to resolve the issue. This turned out to be a “phishing” attack (a mass message designed to get people to click) and this person ended up losing thousands of dollars due to the professional appearance of the link and the well-practiced script of the “rep” they spoke with.
These incidents highlight the growing risks we all face in conducting business online. Very few people are expert in all the ways the internet connects us, and at some level we all want to trust that the systems we use are honest and aboveboard. Unfortunately, with the advent of online banking and shopping, the internet is where the money is these days, and we are all targets of those who would take advantage of our trust. It used to be that checking a message or link for typos or bad grammar would reveal its false origins, but that is no longer necessarily the case. Online currencies such as Bitcoin have also enabled the growth of this activity, as now there is an almost untraceable way to extract money from people all over the world without the safeguards of banking oversight.
What can we do?
The most basic and intuitive tactic is to not ever go online in the first place. If your information isn’t in an electronic format, it can’t be stolen or compromised. Is this realistic? No. Someone, somewhere, has information on you stored in a digital database that is at risk of being hacked. The Social Security Administration, Medicare, insurance companies, banks, etc., all keep your data in databases that are subject to compromise. Even if you don’t do any shopping or banking online, someone might file a fraudulent tax return or file for unemployment benefits in your name, which could take you months to discover, by which time it is too late.
It would take a small book to go over all of the steps you could take to protect yourself from online fraud, and even then it wouldn’t be foolproof. However, there are some common tactics these thieves use, and you can prevent most attempts at fraud by employing some simple strategies.
First, use different passwords for different sites you visit. If a hacker finds your username and password on one site, they will try that same combo on other sites to see if they can gain access.
Second, never click on a link in an email or a text message. If something looks important and you want to investigate, use a browser to visit that site directly and check it out. Sometimes, clicking a link doesn’t result in immediate and obvious catastrophe, but a malicious program could have been downloaded to your phone or computer and it will lurk there, collecting information for months as you use your device.
One of the newer tactics by groups who have obtained some personal information on you already is to call and claim to be from the IRS, threatening you with jail if you don’t immediately send payment to resolve the issue. First, the IRS doesn’t call or email anyone without initially sending letters through the U.S. mail. Second, they will not have local law enforcement come to your house because of past-due taxes. So even if the caller ID on your phone says “Internal Revenue Service,” and someone tells you that you need to make a payment, just hang up.
One thing to keep in minds is that if you receive an email, text message, or phone call that you are not sure about, slow down, take a breath, and ask someone you trust to also look at it. Do not be pressured into buying gift cards or giving your personal data to someone without knowing exactly why they need it or verifying their identity.
Another preventative step you can take is freezing your credit files with the three major credit-reporting agencies (Equifax, TransUnion, and Experian), which will prevent anyone from opening new accounts in your name. You can also request alerts on your current credit cards, which will send text messages any time a charge over a certain amount is placed on your card.
The various ways that fraudsters are trying to separate you from your money grow every day, and it takes constant vigilance and a high level of skepticism to keep them at bay. Be careful out there!
