Five Common Cybersecurity Threats—and How You Can Protect Yourself

January 2022

Cybercrime is increasing to a stunning degree. According to the Aite-Novarica, an independent research and advisory firm focused on business and technology issues, 47% of Americans experienced financial identity theft in 2020 at an estimated cost of $712.4 billion.[1] These costs are expected to continue rising. According to Cybersecurity Ventures, a cybersecurity research firm, cybercrime costs will grow by 15% per year over the next five years, reaching a staggering $10.5 trillion by 2025.[2]  
 
Practicing diligent cybersecurity has become an essential part of a modern wealth management approach. Yet even now, many investors lack a comprehensive strategy to anticipate and avoid cybercrimes. How can you best protect your financial assets in such an unpredictable landscape?
 
We outline five of the most common types of cyber threats affecting Americans today, as well as effective steps you can take to keep you and your loved ones safe.
 

Threat 1: Phishing

What is phishing? Cybercriminals pose as a trustworthy source, such as a bank, brokerage firm, or government agency, to acquire sensitive personal information. Common targets include usernames, passwords, home addresses, social security numbers, and credit card numbers.
 
Cybercriminals may contact you from a seemingly legitimate phone number or email address and instruct you to click on a link to “validate your account” or “confirm your identity.” The link may take you to a website that requires you to enter your personal information. Once you enter your personal information, cybercriminals may use it to steal money immediately, plan a more complex crime, or sell the data to criminal networks.
 
How can you protect yourself? If you receive an email asking for personal information, always validate the source. An email from a legitimate company, for example, should end with a stem that is commonly associated with that company, such as “[email protected]” If the email provides a link, hover over the link with your cursor to determine its true destination. A legitimate link should take you to a web page that is associated with the company with which you have an account. Also, beware of cloned websites that appear real. Note that secure websites start with “https,” not “http.” Any webpage beginning with “http” is not a secure site, and you should not enter any sensitive information.
 
Remember: Companies with which you have an account already have your personal information. It is unlikely that they will reach out to verify your information unless you have initiated some type of transaction. Unsolicited verification is a warning sign—always contact the company directly to verify any requests before proceeding.   
 

Threat 2: Social Engineering

What is social engineering? Cybercriminals mine information about you available on the internet, then pose as a trusted source—such as a friend, relative, or company. They may send you an email, call you by phone, or contact you through social media in a way that looks like you’re being contacted by someone you know. They may use psychological manipulation to gain your trust, obtain personal information, commit fraud, and potentially initiate a transfer of funds to the criminal’s account.   
 
How can you protect yourself? Limit the amount of information that is available about you on the web, and especially on social media. Set ground rules with family members to ensure that they are not revealing sensitive information publicly. This may include setting your accounts to “private only” or other secure settings. Never publish personal information or photos that reveal your address, employer, license plate numbers, or your children’s school affiliations, as cyber criminals can use such information to target you more directly.
 
If you receive a suspicious communication, again, always validate the source. If the sender poses as a friend or relative, call that person directly and ask them to verify the communication. Do not respond to any email addresses or phone numbers that you did not have in advance. When in doubt, ignore the solicitation.
 

Threat 3: Email Hacking

What is email hacking? A cybercriminal hacks into an email account by obtaining your password and login information and searches for emails involving correspondence between a person and their financial institutions. The cybercriminal then poses as the person in order to initiate a transfer of funds to the criminal’s account or to commit another kind of fraud.
 
How can you protect yourself? Never reveal your email password to anyone other than your service provider, such as Yahoo or Google. Use multifactor authentication—an authentication method that requires you to provide two or more verification factors before gaining access—to make sure your information is safe. Make your password sufficiently long (usually at least eight characters) and use a combination of upper-case letters, lower-case letters, numbers, and alphanumeric symbols. Do not base your password on birthdays, addresses, or commonly used words. Change your password every few months to make sure that it has not been compromised.
 

Threat 4: Wi-Fi Hacking

What is Wi-Fi hacking? A cybercriminal hacks a public Wi-Fi network to steal personal information, such as credit card numbers, bank account and routing numbers, or other sensitive information. This may occur in hotels, airports, public libraries, cafes, or anywhere else where public Wi-Fi is available. It is an especially common tactic in luxury destinations.
 
How can you protect yourself? Avoid using public and open wireless networks or hotspots to log in to password-protected sites such as bank accounts, social media channels, or email. If you need to use a Wi-Fi hotspot, consider using a virtual private network (VPN)—which gives you privacy and anonymity by creating a private network from a public internet connection—to secure your connection. 
 

Threat 5: Malware

What is malware? Cybercriminals create malicious software to infiltrate or disable computers and computer systems to steal data or gain unauthorized access to networks. ​Examples of malware include viruses, worms, Trojan horses, ransomware, and spyware.​ Cybercriminals may install malware on a computer when a user clicks an unsafe link, opens an infected file (such as an attachment), or visits a legitimate website that contains adware. 
 
How can you protect yourself? Avoid clicking on suspicious links, pop-up ads, and unsolicited attachments. Avoid any website that generates a warning from your internet service provider. Keep your personal devices safe and password-protected at all times. Consider purchasing an anti-malware software package that can help detect and destroy malicious programs. If you believe you have had malware installed on your computer, contact your internet service provider or a trusted security expert who can help you remove it.
 

Best Practices in Wealth Management Cybersecurity

In addition to the steps above, there are specific cybersecurity best practices you can follow to ensure that your wealth management assets and information are safe. Always verify that emails and phone calls from your wealth management team are legitimate before initiating any transfers of funds. You may also want to establish a predefined set of rules with your team so that everyone knows what types of transactions they are allowed to approve, as well as what type of verification they need to get. If a transaction falls outside of these guidelines, your team should not complete it. You should also be aware of where your assets are held (such as with an established custody firm) and have full transparency into the steps that must be taken to access your funds.
 
More than anything, practicing personal cybersecurity requires diligence and discipline. While cyber threats are constantly evolving, awareness of the common types of cybercrimes can help you understand the steps you can take to protect your assets and your loved ones.
 
Your BDO team is here to help. To learn more about how you can develop an effective personal cyber security strategy, please reach out to your BDO wealth advisor.
 


 

BDO Wealth Advisors, LLC is a Registered Investment Adviser dedicated to providing clients with unbiased, personal financial advice. Working in partnership with our clients, our wealth management team helps organize, enhance, manage, and preserve wealth through sound financial strategies. This information is provided by BDO Wealth Advisors, LLC for the personal use of our clients and friends. It should not be construed as personal investment, tax, or legal advice. Information compiled from additional third-parties. Please be sure to consult your CPA or attorney before taking any actions that may have tax consequences and contact BDO Wealth Advisors, LLC regarding any investment decisions. Every investment strategy has the potential for profit or loss.
 
[1] “U.S. Identity Theft: The Stark Reality,” Aite-Novarica, Mar. 9, 2021
[2] “Cybercrime to cost the world $10.5 trillion annually by 2025,” Cybercrime Magazine, Nov. 13, 2020