Financial fraud used to be simple. Erase the ink from a check, make it out for more money, and laugh as you withdrew money. Nowadays, it requires a bit more finesse but is still simple in concept. Thankfully, it’s also fairly easy to protect yourself or your company from financial fraud in a highly digitized world.
In 2017, massive data breaches, ransomware attacks, and financial fraud ramped up. Steps are being taken around the world to combat this, such as the European Union updating their General Data Protection Regulation to help with breaches, but where does that leave you?
Identity Theft and Credit Card Fraud
First, it’s helpful to discuss identity theft and credit card fraud, and what they mean to you. From a data breach, a hacker could, in theory, steal your Social Security number and open a credit card in your name.
The first part is identity theft; the second, where the hacker maxes out the credit card, is credit card fraud. You won’t be liable for the damages, but you need to be aware of them first. Otherwise, they will sit on your credit report, quickly wrecking your credit score thanks to unpaid bills and high utilization ratio. This makes financing a car or a house much harder.
This is a less-than-ideal situation, but at least your money is safe. That’s only the beginning, though.
A 2013 study showed that identity theft accounted for $24.7 billion in losses. Hackers attack every 39 seconds, from your social media accounts to your IoT devices. They steal credentials, log in to your bank account, and steal your money. Here’s how:
If you look in your spam email folder, you are likely to see familiar emails. Banks and people you know have, apparently, been emailing you without your knowledge. Your bank needs your password in order to unlock your account, for example. The problem is that the email is not actually from your bank; hackers have spoofed the email address to appear as something familiar.
It’s not just banks, either. It could be an email from Facebook or Instagram that looks legit, asking you to log in. Once your credentials are stolen, they can try your logins on other sites, leading back to your bank.
Hackers are sophisticated enough that they can even spoof a different employee of your company. If you get an odd email from someone in the finance department, it’sa good idea to verify, in person, that they actually do need the private information they are asking for. Otherwise, you may end up with a compromised payroll.
The Internet of Things
You have a spam filter for your emails. You don’t see any spoofed emails. But you do have IoT items. It might be a fitness tracker, your smart TV, or a home automation system, but it’s wirelessly connected to the internet.
If your network is not secured, your IoT devices offer multiple opportunities to penetrate your network and “sniff” the data that is being transmitted. Hackers can see what images you are loading. They can see everything you type, including login credentials. They can redirect you to a custom-made website to steal more information, under the guise of a legitimate version of your bank’s website.
Although your financials will not be affected, IoT devices can also be hacked and added to a botnet. As part of a botnet, the device could be used as part of an advertisement fraud scheme, where it is remotely commanded to go to a website and click on an ad. The hacker then gets a percentage of the advertising fees for every click. Or it could be made to mine cryptocurrency, slowing down your system.
What You Can Do
How can you stop hackers from infiltrating your system and either stealing your money, login credentials, or even the potential for making money? Here are some simple steps:
- Upgrade your password. You may think replacing letters is a smart idea, but it’s even better if you use four random words.
- Don’t use the same password for everything. Use a different password for banking than anything else. Use a completely different password for social media. Use yet another password for logging in to your email.
- If you are protecting a business, encrypt your data whenever possible. Conduct regular accounts payable audits to make sure hackers have not obtained access to your accounts.
- Avoid suspicious emails, especially with links to unfamiliar sites. Always check where the link actually goes to, rather than what it says in the text of the email. The same goes for suspicious attachments.
- Get antivirus software. If you do download a file or click a link, if it tries to install a virus or malware, an antivirus can stop it. This is more important in a business, as the computers are likely linked, and one computer will infect the next.
Hackers are evolving with the times. Some use new tactics, while others try to pose as someone in authority and get information, such as login credentials. It’s vital to understand their methods so you can protect yourself or your company from losing vast sums of money.