How to Protect Yourself in the Digital World
- Cyberattacks are now all too common occurrences. This means, it’s imperative that you take steps to safeguard your data and online accounts and protect your assets.
- We offer four tips to help you identify malicious cyberattacks and provide steps you can take if you’re a victim of cybertheft.
Today, cyberattacks are a common headline around the world. We are all too familiar with the largest data breaches: Capital One was hacked, compromising 106,000,000 records; Facebook allowed a rouge application to illegally obtain records of 540 million users; and the Equifax leak impacted 143 million people. According to Cisco, ransomware attacks are growing more than 350 percent annually1 and Cybersecurity Ventures estimates that cybercrime damages in general will cost $6 trillion by 2021.2
But the truth is, while attacks on big companies make the news, it’s the private individuals who are most at risk. People like you and me don’t have the same resources as big companies to defend and protect against cyberattacks. By heeding the age-old wisdom that “Knowledge is Power” and by identifying risks, you can take proactive measures to address and respond to these threats. Here are some ways you can recognize and protect yourself against cybercrime attempts:
- One of the most common mistakes people make is to use default names and passwords or use the same names and passwords for multiple accounts. In fact, 95% of all cybersecurity incidents attribute human error as a contributing factor to cybersecurity incidents.3 To prevent this, you can use a password manager, which will generate and retrieve complex passwords and store them in an encrypted database.
- According to Symantec’s Internet Security Threat Report, 71% of targeted cyberattacks begin with a spear-phishing email.4 Cybercriminals customize their attack emails with the target’s name, position, work phone number and other information in an attempt to trick the recipient into believing they have a connection with the sender. Cybercriminals use social media sites, such as LinkedIn and Facebook, to collect information and craft a targeted attack email. Often, these emails will ask you to download a file and view it, perform a certain task for them, such as a money transfer, or provide your bank account information.
- Another common cyberattack method is deceptive phishing email, where cybercriminals impersonate a legitimate company and attempt to steal an individual’s personal information or login credentials. For example, you may receive what looks like a legitimate email from PayPal, Chase or Bank of America that instructs you to click on a link to rectify a discrepancy with your account. In actuality, the link leads to a fake login page that collects a user’s login credentials and delivers them to the attackers.
Three Tips to Identify Malicious Cyberattacks
It’s challenging to differentiate a scam email from a legitimate one; however, most have slight hints of their criminal nature. Here are three tips to help you identify a malicious email and maintain your online security.
1. Watch for companies that ask for your sensitive information via email.
Odds are, if you get an unsolicited email from an organization that provides a link or attachment and asks you to give sensitive information, it’s a scam. Companies will not send you an email asking for passwords, credit card information, credit scores or tax numbers; nor will they send you a link from which you need to log in.
2. Beware of unsolicited attachments.
A legitimate institution won’t randomly send you emails with attachments. Cisco’s 2018 Annual Cybersecurity Report identified Microsoft Office file extensions, such as Word, PowerPoint and Excel, as the most commonly used malware files (at 38%).5 Never open attachments from senders you don’t know. If you want to verify validity of the attachments, contact the sender directly to confirm.
3. Make sure links and email addresses match.
Check the sender’s email address by hovering your mouse over the ‘from’ address to make sure no changes have been made. For example, let’s say you see these altered emails: [email protected] and [email protected]. Did you notice the difference?
Also, make sure to double-check URLs. If the link in the text isn’t the same as the URL shown when the cursor hovers over it, that’s a sign you may be taken to a site you don’t want to visit.
If You’re Already a Victim of Cybertheft, Take Care with These Steps
There are steps you can take to mitigate the damage if you have been a victim of a cybersecurity breach or other identity theft incident.
- Check for damage. The Federal Trade Commission (FTC) provides a free, one-stop resource for reporting and recovering from identity theft at indentitytheft.gov. The service can generate pre-filled letters, affidavits and forms for you to send to credit bureaus, businesses, debt collectors and the IRS. It also provides recovery plans for more than 30 types of identity theft.
- Monitor your credit. Under federal law, you can request a free copy of your credit report once a year from each of the three credit reporting agencies: Equifax, Experian and TransUnion. You can request a copy of your credit report online at annualcreditreport.com.
- Place a fraud alert with the reporting agencies. You can place a fraud alert on your account if you want to take an extra step to protect it. Fraud alerts are free, and they last for 90 days. A fraud alert requires a business to verify your identity before it issues credit in your name, so it makes it harder for people to open accounts without your permission. When you establish a fraud alert with one of the companies, it is required to notify the other two agencies, so you only have to go through the process once. Fraud alerts do not prohibit the credit reporting agencies from sending your credit report to people who ask for it.
- Put a security freeze on your credit. The most reliable option is to put a credit freeze or security freeze on your credit report. A freeze prohibits credit bureaus from providing your credit reports to businesses that request them. Since businesses usually can’t open accounts in your name without first seeing your credit report, this makes it much more difficult for someone to open an account in your name without your permission. Credit freezes need to be requested from each of the three bureaus.
What Mercer Advisors Is Doing
At Mercer Advisors, we value the relationship we maintain with our clients. In fact, it’s our most valuable asset. We honor and serve this relationship by maintaining the highest standards of trust and confidence, which includes the safeguarding of client information. We take extraordinary measures to:
- Ensure continuous confidentiality of all client data – biographical; personal identifiable information, such as your SSN, driver’s license number, bank account numbers, passport, email addresses; non-public information, such as any business-related data not yet released to the public; professional; and financial information.
- Ensure the physical and electronic security of all client records.
- Protect against any anticipated threat to the security of such records.
- Protect against any unauthorized access to such records.
1 “Ransomware Lessons for the Financial Services Industry,” Cisco, May 2017.
2 “Cybercrime Damages $6 Trillion by 2021,” Cybercrime Magazine, October 2017.
3 “IBM Security Services 2014 Cyber Security Intelligence Index,” IBM Global Technology Services, 2014.
4 “Internet Security Threat Report, Volume 23,” Symantec, March 2018.
5 “Cisco 2018 Annual Cybersecurity Report,” 2/18.
Mercer Advisors Inc. is the parent company of Mercer Global Advisors Inc. and is not involved with investment services. Mercer Global Advisors Inc. (“Mercer Advisors”) is registered as an investment advisor with the SEC. The firm only transacts business in states where it is properly registered, or is excluded or exempted from registration requirements.All expressions of opinion reflect the judgment of the author as of the date of publication and are subject to change. Some of the research and ratings shown in this presentation come from third parties that are not affiliated with Mercer Advisors. The information is believed to be accurate, but is not guaranteed or warranted by Mercer Advisors. Content, research, tools, and stock or option symbols are for educational and illustrative purposes only and do not imply a recommendation or solicitation to buy or sell a particular security or to engage in any particular investment strategy. For financial planning advice specific to your circumstances, talk to a qualified professional at Mercer Advisors. Past performance may not be indicative of future results. Therefore, no current or prospective client should assume that the future performance of any specific investment, investment strategy or product made reference to directly or indirectly, will be profitable or equal to past performance levels. All investment strategies have the potential for profit or loss. Changes in investment strategies, contributions or withdrawals may materially alter the performance and results of your portfolio. Different types of investments involve varying degrees of risk, and there can be no assurance that any specific investment will either be suitable or profitable for a client’s investment portfolio. Historical performance results for investment indexes and/or categories, generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. Economic factors, market conditions, and investment strategies will affect the performance of any portfolio and there are no assurances that it will match or outperform any particular benchmark. This document may contain forward-looking statements including statements regarding our intent, belief or current expectations with respect to market conditions. Readers are cautioned not to place undue reliance on these forward-looking statements. While due care has been used in the preparation of forecast information, actual results may vary in a materially positive or negative manner. Forecasts and hypothetical examples are subject to uncertainty and contingencies outside Mercer Advisors’ control. Mercer Advisors is not a law firm and does not provide legal advice to clients. All estate planning documentation preparation and other legal advice is provided through its affiliation with Advanced Services Law Group, Inc.