Top 5 Tips to Build a Defense Against Online Fraud
Email Hijack
A few weeks ago I got a strange couple of emails from one of our clients. Unlike the usual “Mugged in London” type of email scams, this one seemed more legitimate -- he requested an account balance so he could wire cash to make a real estate purchase.
It turns out that a hacker had gotten into this client’s email account, searched through the online address book, and found my email address (as his financial advisor); he then simply asked for money. I noticed the scam right away because the email was a bit out of character – but the grammar in the message wasn’t too bad, and the hacker even took the time to sign the email with the client’s nickname.
After quite a bit of hand-wringing, calls and text messages to and from the client, we determined that the hack was isolated to the email account which had a fairly weak password. Nevertheless, we took other precautions.
Top 5 Tips
Email hijacking and “social engineering” types of attacks are becoming more common as both companies and individuals put more of our personal information online. Here are my top 5 tips to building a defense against fraud:
- Use strong passwords (include upper/lower case letters and numbers), try to use different ones for each website.
- There are people actively trying to hack your account with commonly used passwords like: "password", "12345678", "abc123", "password1", "baseball", etc. So this is the toughest, but most important tip to implement.
- Here’s a fun mnemonic to create and remember a password: Think of a phrase, and use the first letter of each word. For example, “Mom always says, chew each bite 13 times” -- your password would be “Masceb13t”; or “Bank of America has $10 of my money” – “BoAh$10omm”.
- Create a separate second or third email account for backing up your address book (to warn contacts of a hack) and for password recovery.
- Don’t use your “cloud” based email or account ID for anything important. A recent hack of wired editor Mat Honan’s Apple ID is an example of why this is a bad idea.
- Use a separate credit card only for online purchases, and track transactions closely.
- Some might think this is overkill, but I like the idea of tracking purchases knowing where a card has physically been used.
- Use Anti-Virus/Malware software on your computers, and only use these "safe" computers for online transactions.
- My favorites are Microsoft’s freely available for Anti-Virus, and MalwareBytes for Anti-Malware (free and paid versions available).
- Check your credit for errors regularly at https://www.annualcreditreport.com; and consider adding a “Security Freeze”on your credit to prevent unauthorized account opening in your name
- Expect to pay a small one-time fee to freeze or unfreeze your credit. For example, Experian charges California residents $10.