As a trusted financial institution in Rockland County, we are often asked by our customers what they can do to protect themselves from cybersecurity threats—and the associated monetary losses. In fact, New York State ranks fourth in the country for both the number of cyber victims and the total dollar amount in losses. Cybercrime is constantly evolving, and it may seem hard to stay on top of the latest internet scams and attacks, even if you consider yourself tech-savvy. And for many, all that jargon and high-tech information and advice might feel impossible to navigate.
October is Cybersecurity Awareness month, and a great time to revisit a topic we’ve touched on in many of our previous blogs. In this post, we’ll offer some time-tested as well as updated advice for individual customers, businesses, and organizations to follow to raise their own awareness, and protect themselves from future attacks and scams. Keep reading to learn more!
Who is Vulnerable to a Cybersecurity Attack?
The short answer is that anyone can be vulnerable to cybersecurity threats. If you use an internet-connected device or have an account that can be accessed through the internet, you can be affected by cybersecurity crime. Even if you don’t, nearly everyone has personal data available through private companies’ and government agencies' online databases—and these storehouses of personal information are key targets for hackers.
Even though cybersecurity attacks can affect nearly everyone, the more our activities move online, the more opportunities there are for cyber criminals to access our data. Since there is no escaping cybercrime entirely, and it’s nearly impossible to live without technology these days, the best thing to do is to be knowledgeable and to take steps to protect yourself from cyber-attacks.
What Are the Most Common Cybersecurity Threats?
Being familiar with common hacking techniques and fraud schemes is one of the best ways to prevent yourself from falling victim to these crimes. While the list of online scams is always growing, here are some important ones to watch out for:
Phishing Scams: Typically using email, but also social media and text messaging, and even phone calls, cyber criminals will pose as legitimate businesses and institutions, in an attempt to ‘lure’ you to spoof (fake) login websites, give up your password or personal data, or otherwise trick you into providing them access to your accounts and information. Phishing scams are often used in identity theft, where criminals will pose as you to make purchases, access accounts, or even open new ones. We’ll talk more about phishing and other social engineering scams later.
Malware: Malware (short for ‘malicious software’), is downloaded software that allows hackers to access or harm your device and/or the networks that your device can access. Common forms of malware include:
- Viruses: Viruses start out as a host program that disrupts the way your computer operates, and spread to other programs on your computer, and even across networks. Viruses insert code into your computer and its software programming to make systems inoperable and can bring whole networks down. Viruses can also lead to financial loss and identity theft.
- Worms: Worms are very similar to viruses. The main difference is that viruses have a host program that must be activated to start infecting your device, whereas worms simply replicate themselves. They both accomplish the same goal of interfering with your device’s operations and leaving you susceptible to cybercrime.
- Ransomware: A kind of software that blocks access to your computer, network, or its data until a ransom is paid. Unfortunately, there is no guarantee you will get your data back even if you pay up.
- Spyware: Software that ‘watches’ everything you do on your device. It can catch personal information, login information, and other sensitive data which can be used to access your existing financial accounts, or even open new ones. Man-In-The-Middle attacks (MitM), where hackers intercept data between users and other systems to gather personal data and login credentials, is one example of how spyware can be used.
- Trojan Horse: Any malware that users initially download thinking that it is safe—for instance a software update, photo from a friend, or a third-party app. The name is a reference to the giant wooden horse used by ancient Greeks to sneak inside the city of Troy.
- Rootkits: Software or a collection of software tools that allow cyber criminals to gain remote access to computers and networks, often downloaded through spam emails.
Denial of Service (DoS) Attacks: Cyber criminals flood websites or systems with traffic to crash them, making them inaccessible to users and customers. High-profile organizations and businesses whose sites and services are used by many individuals are common targets, and the result is often more a nuisance than any long-term damage that results in monetary loss, rather than the theft of data.
Password Attacks: Beyond using spyware—and beyond simply stealing your passwords or tricking you to give up your passwords—hackers can also guess them based on personal information or commonly used passwords. They can also use software (a ‘password cracker’) to do it for them. Any method of stealing passwords is called a ‘password attack’.
Social Engineering Attacks
As we mentioned above, phishing schemes are tech-based social engineering scams—fraud that relies on getting individuals—using deception and emotional manipulation—to give up important personal data or login information. They don’t just affect you as an individual, either. Employees are often targeted, as getting an employee’s credentials can sometimes grant access to government and business accounts and data.
Imposter Scams: Scammers call or text individuals, impersonating institutions (like your bank or the IRS) or loved ones (friends, family). They usually ask for money or access to financial accounts, and will use emotionally-manipulative tactics in order to pressure victims into giving them up. For instance, a caller might advise you that you owe money to the IRS and your wages will be garnished, that your grandchild is injured and you need to send payment to the hospital for treatment, or that your bank has detected fraudulent activity, and you need to provide your login credentials in order to prevent monetary loss.
Payment App Scams: There are several ways scammers can use payment apps, like Venmo or PayPal, to steal your money. In one form, scammers will ask you to send payment for a good or service that you never receive through a payment app. In another form, you will not only be paid for something you are selling, but you will be overpaid. The scammer will ask you to send that money back in a new transaction, canceling their original payment before it clears.
Winner Scams: These sometimes overlap with payment app scams. Victims are contacted via text, phone call, or social media messaging platforms, informed that they won a prize. The catch is that you will be asked to send money, sometimes via those payment apps, in order to claim it. After you do, the scammer disappears, and no prize is ever received.
Healthcare Scams: These are phishing scams usually conducted over email. You will be promised very low rates on health insurance but will need to provide personal data for a quote. You will be asked to give up information including full names, birthdates, and social security numbers—in short, everything needed to commit identity theft.
Tech Support Scams: In these scams, you may receive a call, email, or even a pop-up on your computer claiming to be from tech support. To resolve an “issue,” you need to grant access to your computer. Once they do get access, they also have access to your personal data.
Romance Scams: Here, scammers portray themselves as interested romantic parties. You may be contacted through dating websites or social media sites. These fraudsters will get close to their victims, playing on their emotions or feelings of loneliness. Eventually, they will ask for money—sometimes large sums—to deal with an emergency, or even to simply visit the person they are victimizing. The FBI reports that billions of dollars are lost to these kinds of scams.
Money Mule Scams: In these scams, victims are asked to transfer money (be the ‘money mule’) that often comes from other victims of fraud and help launder that money for the actual criminals. Money mules are usually recruited through ads for easy money, and will be asked to accept or send packages, open bank accounts, and transfer funds as part of their “job,” leaving them open to criminal liability themselves.
Prevent Cybersecurity Threats
Although there are countless ways that cyber criminals try to steal data, access accounts, and drain money from their victims, that doesn’t mean you are powerless to stop them. In fact, there are a few manageable practices that you and your business can do to prevent the vast majority of internet scams and cyber-attacks—and their accompanying financial losses. Here are a some basic measures you can take to protect yourself:
- Utilize antivirus software: Most computers come with it. Make sure yours is up to date.
- Update your software and computer operating systems regularly: Allow software updates—even those annoying restarts—in order to keep your systems safe with the latest technology.
- Upgrade unsupported devices, apps, and programs: When your computer or phone get too old for firmware or software updates, it’s time to replace it with something that can better shield you from the latest cybersecurity attacks.
- Use strong passwords and password managers. Password managers use ‘multi-factor’ or ‘two-factor authentication’ (MFA/2FA) to make sure your identity is verified not once, but twice, often using your email or phone as the second step in authentication. They can both store your passwords and generate passwords that are exceptionally resistant to hacking. If you prefer to create your own password, follow this advice from the Cybersecurity & Infrastructure Security Agency (CISA) on how to choose and protect your passwords.
- Train employees to look out for cybersecurity threats. There are many online resources you can utilize to help, including free coursework from CISA.
- Be safe with your smartphone. Watch out for the common payment app schemes mentioned above, keep a screen lock on your phone, and use MFA/2FA to keep accounts doubly secure.
- Only download from trusted sources. For your phone, utilize official app stores like Apple App Store or Google Play. For your computer, never download anything from an email, particularly if you can’t verify the sender. For software updates, always use your operating system prompts. If you aren’t sure, check first.
- Scrutinize emails and never click on suspicious links. If you get an email from a trusted institution or organization asking you to login, hover your mouse over the link to verify that it is official. Links could download malware or divert you to a spoof website designed to collect our data. Lookout for typos, misspellings, unprofessional looking graphics, or urgent requests. When in doubt, type the address directly into your browser to login, rather than click on a link.
- Question any requests for personal information, login information, or money: Fraudsters are professionals at making their scams appear legitimate. If you feel pressured into giving up any confidential information or money because of an unexpected urgent situation, verify the request with the individual, agency, or business, or financial institution through a phone call or other channel before proceeding.
At Palisades Credit Union, we know that cybersecurity awareness is key to protecting yourself against online fraud and identity theft, and we strive to keep our customers safe and up-to-date on the latest threats to their financial wellbeing. We’ve devoted many posts to related issues, like our post on managing online accounts.
« Return to "Blog"