Cyber Attacks Becoming Faster and More Sophisticated

“One thing is clear…with cyber attacks becoming faster and more sophisticated, education about prevention is necessary for everyone.”

More and more Americans are using cyber technologies and spending more time online during COVID-19 than ever before. Our growing dependence on technology, coupled with the increasing threat of cyber attacks, demands greater security in our online world.

Consequently, the FBI has seen a significant spike in cyber crimes reported to its Internet Crime Complaint Center (IC3) since the beginning of the COVID-19 pandemic, as hackers take advantage of Americans’ daily activities moving increasingly online. IC3 has been receiving between 3,000 and 4,000 cybersecurity complaints each day, a major jump from prior to the COVID-19 pandemic when about 1,000 complaints were received daily.

Additionally, Microsoft reports that COVID-19 themed attacks, where cybercriminals get access to a system through the use of phishing or social engineering attacks, have jumped to 20,000 to 30,00 a day in the U.S. alone. And, researchers for the cyber group Barracuda Networks found a 667 percent increase in phishing emails using the coronavirus to trick individuals into clicking links or downloading attachments that included computer viruses, such as ransomware that lock up computers and demands a ransom to unencrypt them, according to The Hill.

Both the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have put out alerts warning Americans to watch out for these phishing emails while working from home.

To protect yourself and your money from cyber threats, it is important to understand how hackers think and act. Today’s hackers are using “social engineering” to take information they glean from social media and publicly available information, such as speaking engagements and media profiles. Armed with that data, they target people using personal details that make them feel comfortable sharing pertinent information.

Hackers can spoof phone numbers or email addresses to look like they’re coming from a legitimate financial or mobile service provider. They ask questions or send links that mine for personal data, such as credit card numbers and identifying information.

“Defend Today, Secure Tomorrow”—Protect Yourself from Cyberattacks

It’s imperative to understand the nature of cybercrime and to get educated about avoiding it. While nothing is foolproof, there are tangible steps you can take to ensure you are not an easy target for hackers.

Five Ways to Keep Your Information and Systems Secure:

  1. Use two-factor authentication everywhere you can. Yes, it can make logging in more time-consuming, but it’s much more difficult for a hacker to breach your password and access your PC or phone.
  2. Make your passwords more complicated and use different ones for different sites or a password vault. Use phrases that are longer, rather than generic word and number combinations that fall into a pattern (e.g., Fall2019, Winter2019). A phrase such as ILoveBuckeyes! is more difficult to hack. If remembering multiple passwords is an issue, try a recommended password vault provider, an online service designed to help keep your password information secure and consolidated into one location, such as 1Password, KeePass, LastPass, or Dashlane.
  3. Make sure you keep your computer software up to date. Security updates are designed to fix known attacks or vulnerabilities that software developers are monitoring and addressing.
  4. Be careful of how much information you share on social media. Social engineers can track your spending habits, location, busy times on your schedule, travel plans, and more and strike when you’re preoccupied, attending functions, at work, or traveling. That catchy Facebook quiz? Watch out if it asks for too much personal data like your birthdate or address.
  5. Do not give out personal information without verification. Hackers can impersonate financial services providers. If you receive an email or phone call that looks official, do not respond directly. Use the phone number on your financial services provider’s statements to call and confirm whether the call/email was genuine. Never give out your Social Security number or credit card information to an unverified person on the phone, and avoid clicking on any links in emails you receive.
STOP. THINK. CONNECT.
The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.

References:

  1. https://thehill.com/policy/cybersecurity/490232-cyber-threats-spike-during-coronavirus-pandemic
  2. https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercrimincybersecurity-in-the-hacking-age.jspals-behaved-during-the-outbreak/
  3. https://www.key.com/businesses-institutions/business-expertise/articles/
  4. https://www.cisa.gov/cybersummit2020
  5. https://www.stopthinkconnect.org

Digital Pirates Are Hacking Brokerage Accounts | Bloomberg

“Cyber hacking has now become the biggest threat to investors’ financial well-being.”

Cybersecurity experts say the exponential rise in online stock trading on apps such as Robinhood has created a parallel opportunity for hackers. And even the most diligent traders can fall prey to the increasingly sophisticated tactics of today’s digital pirates.

According to the Financial Industry Regulatory Authority (FINRA), a government-authorized not-for-profit organization that oversees U.S. broker-dealers, cyber threats to brokerage firms are increasing and with these threats comes the increase risk of potential harm to investors. Dangers to accounts include email hack attacks, improper transfer or theft of customer assets, and misuse or even theft of customer data.

“Cyber hacking has now become the biggest threat to investors’ financial well-being,” said Andrew Stoltmann, a Chicago-based lawyer and former president of the Public Investors Advocate Bar Association. “Unfortunately, brokerage firms haven’t invested the money needed in order to keep cyber hacking of brokerage accounts from happening.”

The cyber threat

More believable “phishing” emails, said Jonathan Care, a research director who specializes in cybersecurity and fraud at Gartner, has aided in the hacking of accounts. Such missives might use personal information gathered from publicly visible social-media accounts. They may use the logos of financial institutions to look official to even the most discerning eye enticing unwitting investors may be baited into forking over their log-in information.

Other tactics take place in the background and make legitimate-seeming web activity risky. Some hackers set up WiFi networks in public places with monikers that sound credible — such as the name of a nearby business — which can in fact be used to take control of a system.

Malicious software installed on some machines can detect when users log into financial accounts and even make additional transactions they did not intended to authorize, Care said.

How to protect your brokerage accounts

Digital traders should change their passwords frequently, experts say, and avoid unfamiliar WiFi networks. They should be sure to have two-factor authentication enabled, which requires a secondary code to sign in.

But more than anything else, even savvy users could benefit from simply paying more attention to the flurry of emails, texts and other messages that flood their devices.

Recourse if hacked

Investors who think their accounts are compromised should immediately notify their brokers, who may be able to track down where funds were wired and reverse the transfer. After alerting their brokers, investors may also find it helpful to file a complaint with law enforcement. The most direct way to do that in the U.S. is with the FBI’s Internet Crime Complaint Center.

A common industry practice is to promise to cover 100% of losses as a result of unauthorized activity in a brokerage account. The sticking point, of course, is whether the company will rule the breach was indeed unauthorized or lay the blame on you. Since brokerage firms have a strong incentive to compensate consumers for losses.

“With most of these firms, the judgments are really reputational,” said Adam Fee, a former federal prosecutor in the Southern District of New York who is now a partner at Milbank, a law firm. “When something bad happens, they are asking, ‘Do we want a bunch of articles about how people are out money because we messed up and didn’t react?’”

Practice Cyber Safety

Your online security can be enhanced by doing your part to safeguard your brokerage accounts and personal financial information.

Sound cyber safety tips include using up to date firewall and anti-virus programs on your personal computer, as well as formally logging out of all online sessions related to your account once you are finished. If you use apps on mobile devices to access your financial accounts, be sure to password-protect your device—and make sure you select the highest security setting that the app offers (such as disabling quick access or keeping your account open even if you close the app).

Email awareness is essential. Cybercriminals use a variety of phishing techniques—scams that use spam email or a fake website to lure you into revealing your bank or brokerage account information, passwords or PINs, Social Security number or other types of confidential information.

Beware of emails that request personal information. And, don’t reply to, or click on a link in, an unsolicited email that asks for your personal information. When in doubt, log onto the main website of your bank, credit card company or brokerage firm using the website address that appears on your account statements or credit card—or call your firm using a telephone number you know is legitimate.

Stay Protected While Connected

The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you even in your own home on encrypted Wi-Fi.

You can protect yourself from online fraud:

  • Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar— this signifies a secure connection.
  • When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
  • If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
  • Don’t reveal personally identifiable information such as your bank account number, SSN, or date of birth to unknown sources.
  • Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.

Read more: https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews

STOP. THINK. CONNECT. ™

The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.


References:

  1. https://www.finra.org/investors/alerts/cybersecurity-and-your-brokerage-firm
  2. https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews
  3. https://www.cisa.gov/stopthinkconnect
  4. https://www.cisa.gov/sites/default/files/publications/NCSAM_TheftScams_2020.pdf