Key cyber-security principles to keep your money safe online
October was Cyber Security Awareness Month in Canada. It’s traditionally the time industry experts and governments have set aside for talking up all things related to online security in your everyday life, including your financial transactions. But, to paraphrase Mark Twain, I’ve found the other really good months to maintain security awareness to be November, December, January, February, March, April, May, June, July, August, and September. Here’s why.
The bad guys never sleep. They simply don’t care what day, week, or month of the year it is. And they’re always inventing new ways to try to rip you off. The most prevalent type of fraud attempt these days doesn’t actually involve exploiting vulnerabilities in software or hardware. Although that’s still a big problem (witness the recently-revealed vulnerability of public Wi-Fi systems), most online scams and schemes are now classified as “social engineering,” that is, attempts to trick you into opening your computer systems to the bad guys rather than trying to exploit a weakness in hardware or software. Most of these attempts at deceit fall into three broad categories:
Phishing: Fraudsters will send you an email that looks like one from a legitimate financial institution, like your bank or investment advisor. They’ll use some sort of pretext involving an account that is supposedly “overdrawn” or “in arrears,” often threatening to close it down unless you click on a link to provide sensitive personal information such as your name, password, account numbers, Social Insurance Number, and so on). But do not do this! Once you click on a link or provide this information, they’ve pretty much got an open window on your financial life.
This sort of email is a dead giveaway that you’re dealing with a phishing scam because the government, banks, insurance companies, credit card companies, mutual fund companies, investment advisors, and so on, never ask for this information by email or text message. Never click on a link in a strange email that you aren’t expecting or from a source you don’t know personally. Always double check. And if in doubt, throw it out.
Malware: This is a type of malicious software that invades your computer system if you ever do click on a link in a sketchy email. Once your system is infected (and you’ll never know it is, unless you have robust, up-to-date virus protection), the malware can capture any keystrokes you may enter when you login to any of your legitimates sites. The bad guys then have your passwords, and from there, the sky’s the limit for them. They’ll be able access your accounts using windows that aren’t visible to you, and empty them out in an instant.
Pharming: If you click on a link in a scam email, you may be directed to a fake website that looks like the real thing (this is known as “spoofing”). You may be asked to fill out forms giving various bits of highly sensitive personal information that the bad guys can then use to access your account information.
When using online financial sites, always make sure there’s a “padlock” icon in the address bar and that the web address begins with an “https://”– the “s” stands for “secure.” This ensures that you are on a legitimate site and that your connection is secure.
Thwart the cyber-criminals!
While banks and investment companies do their utmost to ensure cyber security, you yourself are always the first and best line of defense. Public Safety Canada, the government department responsible for national security, offers a number of common-sense tips to follow to ensure you don’t get scammed by cyberthieves:
* Choose strong passwords for your banking and online investing accounts and keep them private.
* Look for the “padlock” symbol on the website or “https://” at the beginning of the website address.
* Avoid using online auto-fill or auto-remember features for your password and personal information.
* Keep your browser and anti-virus protection up to date.
* Use the firewall feature in your operating system.
* When you’ve completed any financial transaction, close the browser window, delete your browser history (also known as “clearing the cache”), and disconnect from the Internet.
* Never use public Wi-Fi or public computers to make financial transactions.
* When navigating to a website, especially a financial or investment site, enter the address in the browser window yourself – never use a link.
* Call your investment company, bank, credit card company, or financial advisor directly about suspicious messages threatening to close accounts or asking for personal information – remember, financial institutions will never do this by email. (Do not use any phone numbers supplied in an email to contact the institution; instead, use numbers supplied on your statements or on the back of your credit card).
It’s also a good idea to talk regularly with your financial advisor about security concerns and issues.
By Robyn K. Thompson, CFP, CIM, FCSI
President, Castlemark Wealth Management Inc.
© 2017 by Robyn K. Thompson. All rights reserved. Reproduction without permission is prohibited. This article is for information only and is not intended as personal investment or financial advice.