Staying safe in a digital world
Whether you prefer a personal computer, carry a tablet or use a smartphone, connecting with the world has never been easier.
There's a darker side to our digital world, where threats to the privacy of your personal information lurk.
Phishing is one of the top 5 scams according to the Better Business Bureau. CPA Canada found that Canadians lost over $20 million dollars due to wire fraud and spear phishing in the previous year.
Not enough of us are tapped into how quickly cybercrime is evolving. Hackers creating mischievous computer viruses that wreak havoc is "old news". Now, the stakes are much higher as hackers focus on stealing your private information, your identity and your assets. According to the 2018 Norton LifeLock Cyber Safety Insights Report, more than a billion consumers have fallen victim to cybercrime, 800 million in the last year. Further, 117 million adults of all ages were impacted by identity theft in 2018 – 1.5 million in Canada. The most eye-opening: more than half of victims don’t realize that children are a target.
Cybercrime: email and connected devices
Consumers are more attuned to safeguarding their personal computers from established risks. Consumers are taking steps to protect themselves, through keeping passwords private, not opening suspicious files, and limiting information shared on social channels. But email and connected home devices; where the public is less aware of the dangers – are also avenues for fraud.
Norton's research noted that 30% of consumers on a global scale are not aware that their smart devices can be hacked (including smart homes, TVs, door locks, and baby monitors). 1 in 4 consumers don’t know that unauthorized access to an email account may lead to access to all linked devices.
It is important to highlight the risks of cybercrime in an effort to prevent any further losses. Here are some of the most dangerous privacy threats to watch out for.
Phishing is when Internet scammers use email lures to “fish” for passwords and financial data from the sea of online users. Phishing attacks use “spoofed” (look-alike) email messages and fraudulent websites designed to trick recipients into divulging personal, business and sensitive information such as credit card numbers, account usernames and passwords or social insurance numbers. Under the guise of a reputable brand like a financial institution, credit card company or government agency, thieves will approach you with a bogus appeal to lure you into responding.
This might be a request to update your account, confirm billing information or enter a contest. That request often includes a time element such as a threat to cancel or close your account if you don't respond quickly.
The malicious email will direct you to click on a link connected to a web address that's standing in for a legitimate website. Once there, you'll be asked to provide personal or financial information like credit card details, social insurance numbers or banking passwords.
Phishing scams often target the financial and payment services sectors.
SMiShing, short for "SMS phishing", is similar to phishing. But it is the practise of using text messages sent to a mobile device in an attempt to get you to release personal information or click on a fraudulent link. Many people are unaware of this type of scam.
A SMiShing attack usually has a call to action for the intended victim that requires an “immediate response”.
BlueShore Financial has implemented a number of safety measures to combat scams including security alerts. One of which advises clients if an account has been locked due to three unsuccessful login attempts.
If you have any suspicions or concerns at any time, it's best to contact your financial institution directly.
Vishing or "voice phishing" works phone contact into the act. A visher calls and speaks directly to you or leave's a voice message to try to get you to call them back. Either in person or through an automated system, they then attempt to get you to release personal information.
Online customer service through social media channels like Facebook and Instagram are vulnerable to fraud. “Angler phishing” is when requests for support or information to a legitimate company are monitored by scammers and then “answered” by the scammer asking for personal information or luring the victim to fraudulent websites.
You can check that their “handle” matches other responses, but remember, a legitimate company will never ask you for personal details on a public network. If you’re unsure, call the company directly using a phone number you know is accurate.
Spyware and ransomware
Spyware is a type of malicious software or "malware" that, once installed on your computer, allows criminals to monitor your behaviour and gather valuable data. Spyware isn't intended to crash your system or wipe its memory like the computer viruses of the past. Instead, it works quietly in the background tracking your keystrokes, searching your hard drive and sniffing out your personal details to send to unknown parties.
Ransomware on the other hand, is software designed to block access to a computer system until a sum of money has been paid. While often targeted to company networks, individuals have also been caught.
Public WiFi access is convenient, but not secure. Many people use free or unsecured Wi-Fi networks in airports, coffee shops and other public places. The perils of open Wi-Fi begin when you log on to a network that appears valid.
That free network may be nothing more than a gateway to track your activities, gather passwords you enter or view your sensitive information. Criminals will sometimes use a different tactic, setting up copycat hotspots with the same name as a legitimate network hoping to fool you into thinking you're connecting to the real thing.
Smart use of your Smartphone
We live in a wireless world where technology helps bring many things, including banking, into the palm of your hand. But with this flexibility comes the need for attention to safety and a clear understanding of where your private information may be vulnerable.
Bluetooth technology provides a way to exchange information between wireless devices such as mobile phones, laptops, computers, printers, and digital cameras across a low-cost, globally available, short-range radio frequency band. It provides nearly ubiquitous connectivity, but it also can open the door to data theft.
When Bluetooth is enabled, it creates an open network to your mobile device. For sensitive information like mobile banking, we recommend you disable Bluetooth until your transactions are complete.
And use built-in smartphone security features to their best advantage. Password protect your device. Use biometric authentication. Ensure you have the auto lock set to the shortest time possible. That way if you lose your phone (or it's stolen), you'll be protected.
How you can protect yourself
Despite the sophisticated methods fraudsters are devising to invade your privacy, there are steps you can take to protect yourself.
1. Remember the essentials
A few basic steps will go a long way to protecting your personal information.
- Keep the operating systems on your devices current with the latest updates and patches
- Install security software that can detect viruses, spyware and other malware and provide a firewall to protect your data
- Use email spam filters
- New malware is appearing constantly so ensure your protective tools are set to update automatically
- Never send out confidential information (account numbers, passwords, etc) via email
2. Understand how reputable businesses act
It's easier to spot potentially dangerous communication if you know how trustworthy organizations behave. As an example, BlueShore Financial will never send you an unsolicited email asking you for your password, account numbers, confidential information, or urge you to restore your account access in this manner.
Here are some ways to spot a phishing email:
- Spelling errors or other anomalies in the sender’s email address and the URL (web site address)
- Requests for personal or sensitive information (username, passwords, social insurance numbers, banking information, etc.)
- Pressure for urgent action or response; the fraudsters are appealing to the human inclination to click embedded links or open questionable attachments
- Scare tactics and threats; ironically, a frequent ploy is to claim “your security has been compromised”.
Also remember, before entering sensitive data through the website of any company you deal with, make sure you first see the "https:" prefix or a padlock in your browser's address bar.
3. Verify, verify…and verify
Learning to be a skeptic can keep you safer online. Don't click on a link or call a phone number that comes with an uninvited email, pop-up or phone message without first verifying it's valid. Avoid opening attachments, links, or installing software from an unknown source.
When you're mobile, know what you're connecting to. Only download apps directly from a service provider's website or an authorized source (e.g. Apple App Store). If you must use a public Wi-Fi network, check with a representative of the place you're visiting to make sure it's a genuine connection.
Using the privacy settings on your mobile device, including the password or passphrase feature, will help protect your connection and keep your data secure should your device be lost or stolen.
4. Don't overlook old-school risks
It's no surprise that security in the smartphone age concentrates on the digital channel. However that doesn't mean yesterday's threats have disappeared.
Be vigilant to identity theft and breaches of your privacy when you're offline as well.
- Don't write down PINs or keep them in your wallet
- Remember to sign your credit and debit cards as soon as you receive them
- Monitor your accounts and statements for unusual activity and shred confidential documents you no longer need
- It's wise to get in the habit of reviewing your credit report at least once a year
5. Use complex passwords and change them regularly
Norton stresses that using complex passwords and changing them regularly is still one of the best ways to protect your privacy online.
When creating passwords, longer is better.
- Go with one that's at least eight characters in length
- Use a mix of upper and lower case letters, numbers and special characters
- Avoid choosing real words, numbers in sequence or personal information that can be easily obtained like your birthdate, names of family members or phone numbers
- Set a reminder to change your password every six months
6. Take steps to protect you home network, connected devices and smartphone
- Use two-factor authentification on home computers, email accounts and smartphones where both a password and a second authentification step are required
- Install anti-virus software on both your computer and smartphone
- Ensure your home network is password protected by a password that you created, not the default password that comes with your router
- Password protect all your connected devices with different passwords
- Keep your personal computer on one network, and your connected devices on a second network - multiple networks can be set-up with many routers
- Never click on links in emails
Technology will continue to open doors to greater convenience in your financial life and beyond. That technology can be used more safely if you understand the risks and take the right steps to secure your privacy.