Lets face it, we live in a digital world. Almost everything in our life is connected to the information highway now. Smart cars, smart phones, and now even smart homes! We can instantly know what our bank account balance is just from a few clicks on our smart phone. We can adjust the temperature in our house with a few clicks on our smart phone. Along with all of these conveniences also comes certain threats to our assets, the belongings that we have worked hard to accumulate and enjoy, and to our families. There are people out there that would rather engage in scams to take what honest hard working people have earned, as opposed to earning it themselves. The purpose of this article is to give the consumer a few tips on how to protect their hard earned assets from con artists.
First, the consumer has to understand that there are many different avenues that cyber criminals use to try to steal the honest consumer’s assets. There are computers on networks that are vulnerable, there are cell phones that are vulnerable, there are also people that are vulnerable to scams; this is the worst vulnerability and the most common, human exploitation or what we call “social engineering”.
Protecting Yourself Against Social Engineering Scams
The most common vulnerability of all is your confidence. More people have been successfully “hacked” by social engineering than any other means of hacking. A famous computer consultant named Kevin Mitnick once said that he could hack a reporter’s email with his cell phone in the time it would take him to walk two blocks to a store for a soda and back. The process he would use to accomplish this feat was social engineering. Social engineering is the process of gaining a person’s confidence through deception for the purposes of exploiting that person or another person. Many people are familiar with Nigerian Princes and Craigslist scams but a ploy that has recently seen a sharp increase involves a conman attempting to gain access to financial data by posing as someone from the government.
The Internal Revenue Service recently released a warning about scammers calling unsuspecting victims posing as IRS agents. The scammer attempts to convince their victim that they have an overdue tax bill that must be taken care of immediately or they will face prosecution and possible imprisonment. The con presses the individual they are targeting to provide credit card or bank account information. Once the information is given out by the victims of these scams, the cons go to work stealing their money. The IRS estimates these types of cons have cost people over $23 million since October of 2013.
Other scams include con artists calling and pretending to be with your Internet Service Provider. After explaining that the company is doing maintenance on the servers, the scammer may ask for a plethora of personal info related to you, your computer, or your network. Non-compliance may result in threats of disabling your internet access or your account with the company. I’d like to give you some common sense tips on how to deal with social engineering attempts.
- Nobody from the IRS will threaten to arrest you over the phone for unpaid taxes. Anyone calling you from a government office will provide their name, what office they are with, their jurisdiction, and give you a way to verify that they are who they say they are. Government works are usually very good about this and very understanding about people’s skepticism these days.
- No one from the IRS will demand credit or debit card information over the phone as payment. They also won’t specify that payments must be made by way of pre-paid debit cards. Many times scammers will ask that payments be made in ways that are hard to trace.
- With regards to enticement offers (offers that entice the consumer with some type of reward), basic, common sense should prevail, you know the old adage “If it is too good to be true”…
- In today’s world a mindset of trust is not the right mindset to be in. It pays to question, to be suspicious, to be skeptical, if something does not seem right to you, then question it until it either seems right, or you KNOW it is not right. There is nothing wrong with being suspicious until you are convinced that there is no need to be suspicious, don’t believe that being suspicious is offensive, today it is practical!
- If you get a call from someone and you think that they are trying to social engineer you, ask for who they are working for, their name, email address, and a call back number. If the person you are talking to is legitimate, they will have no problem with providing you with this information. If they refuse to provide this information HANG UP THE PHONE!
- Never give out your social security number! If you are asked for your social security number over the phone or in email, it is safe to assume that whoever you are dealing with is not on the up and up. Your social security number is the most unique identifier that you have, your social security number can be used to access your credit history, your bank account details, and a host of other private information. If you are asked for your social security number on the phone or via email, simply say that you are not comfortable with giving out your social security number to someone that you have not yet verified as to having a legitimate need for it, and then ask for identifying details and a call back number as instructed in tip (3), the previous tip.
- If you manage to get a phone number on your Caller ID, or the person you are talking to gives you a call back number, tell the person you will call them back at that number, and run the number though Google in the following format: “(XXX) XXX-XXXX” use the quotation marks. Chances are if this is a scam you will see others on the Internet posting about the number and any occurrences related to the number.
- Social engineering also occurs through email, the same rules apply. Do not download any attachments if the sender is unknown. If you feel like the email may be legitimate, write back and ask for the name of someone to speak with by phone, and a phone number. Then run the phone number through Google in the same format that I showed you earlier and see what you find.
Our laptops and our desktops make life a little easier for us. We can send email, chat with friends, and do quick research online. We can do our books online, if we own a small business we can invoice online, look at our bank balances, keep track of records, and more. What we must remember is that if this information is online and accessible to us, it can also be made accessible to others. It is our job to protect our privacy. We are responsible for our privacy. So, here I would like to offer a few basic, common sense tips that should make it difficult for someone to gain access to your personal information:
- Make sure you have a virus scanner on each one of your computers and make sure it is up to date.
- If you can afford a good firewall, get one and have it set up by someone that knows what they are doing; it is a worthwhile investment.
- NEVER download any unknown attachments in email from anyone that you do not know. You should have a list of trusted people that you will accept attachments from, these should be people that you deal with regularly, and you should not accept email attachments from anyone outside of that list.
- Change your passwords regularly. You should change your passwords at least every six months.
- If you are a small business, or just a consumer that works from a single computer or has three computers or less in your home, and your computers or network is not constantly processing data; shut your computer’s down at the end of the day when you are finished with them. It is almost impossible to “hack” a computer that is turned off, and it takes less than five minutes to boot up and be back to work on your computer the next day.
Cell Phone Security
Just five years ago there was not as much of a worry as there is now in regards to cell phones. Nowadays a cell phone is basically a “mini computer”; it has a processor, memory, a video card, and even a “hard drive” or a storage medium. Cell phones are no longer just for talking on. We text, we chat, we keep notes, we use them as GPS devices to get us from point to point, some of us keep up with our finances on them, and some of us even use our cell phone for remote administration of websites and social media pages related to businesses. Below are some basic, common sense tips for protecting your personal information on your smartphone:
- When you first get your smartphone, make sure that you set up a strong password to access your smartphone with use an alphanumeric passwords with mixed capital letters.
- Change your password on your smartphone at least every six months.
- Do not allow other people to use your cell phone while your are not present. If someone needs to make a call, dial the number for them and let them talk on the phone, but don’t let them out of your sight.
- Never accept attachments from strangers via text or email on your cell phone.
- Be careful with what applications you download, read the ratings on the applications, if the application is not a commonly known application do a little research on it by typing the application name into Google and researching the results.
Hopefully this will give you some easy to employ common sense tips to help to protect you against some of the most common methods that cyber criminals use to exploit people. Perhaps these tips will not make you any money, but they can sure save you a lot of money and heartache!
Ricky B. Gurley