How are you helping cyber criminals steal your identity and your money?
We’re too nice. And we’re overly curious.
- “Oh, an email from my wife…. she doesn’t usually email me at work. Why would she send a link to this website – I don’t get it – what is this?”
- “I have an overdue invoice from this vendor? Wonder what this is for…”
- “My bank wants to test out the strength of my password for a security program they’re running. They said it’s urgent. I should probably go ahead and click this link to test it.”
- “Hey guys, Microsoft is on the phone, they said they’ve found a bunch of viruses on one of our computers, we need to let them connect through a remote session so they can fix it”.
- “The IRS is on the phone – we owe back taxes and we’re in danger of immediate arrest! We need to do what they ask right now, or they’re sending someone over.”
Every day, good people like you fall prey to cybercrime – through a phone scam, or through something you click on a computer or device. Because people are – by nature – nice and curious. The bad guys (cyber criminals) count on it. They’re for sure counting their money – many billions of dollars. A commonly quoted statistic says the expected “damage cost” (aka bad guy profits) of cybercrime will hit $6 trillion annually by 2021. This isn’t a group of kids in someone’s basement. They’re professional, international criminals – well networked and spread around the world. They’re fast, efficient, and nearly impossible to catch or prosecute.
They want what you have – credentials to accounts, identity, and personal information. With it they can take over your cell phone, empty bank accounts, access/steal confidential files in your network, take over and spy on your email accounts, buy things on credit/debit cards, demand money from you, file a tax return in your name, use your identity during a violation or arrest, and so much more.
Here’s the thing: about 91% of the time, criminals get access because you give them access. Even the now infamous Target breach started with one person clicking on a fake email from a bad guy impersonating someone else – it’s called a phishing email. They now walk right through the front door as you might say. Gone are the days of hacking your firewall or antivirus protection. They can get past the “human firewall” easily.
Here’s the good news – YOU have the power to change this. How? By changing behavior.
- Stop being so nice, curious, and trusting. Naïve.
- Start being more skeptical, suspicious and cautious. Take charge.
Here’s a short list of simple tips to help protect yourself and your business from becoming a victim.
- Don’t click on links or open attachments in email unless you’re 100% sure the email is from the sender. And not just because the name in the email address says it is. This includes friends, family, clients, vendors, coworkers. Curiosity and temptation with one click can be devastating. Call and ask, text and ask, but ask. If you aren’t sure – ask.
- Don’t click on links or open attachments in email that appear to come from a bank, credit card company, package delivery service, etc. Go directly to the company website – and locate the request or offer there. Be skeptical of clicking links and attachments in email always.
- Don’t answer cell or home phone calls from unknown numbers. Break this habit. Even numbers that look local or nearly identical to your own. Bad guys use technology to mask and spoof numbers – hoping you’re nice and curious. Let unknown callers leave a voicemail.
- Ok, so you answered an unknown caller phone call. Don’t engage in conversations claiming your software is out of date, you’re delinquent on taxes, credit cards, invoices, other. Especially if they’re threatening an issue requiring immediate payment by phone through credit card, eCheck, wire transfer or other methods. NEVER give them access to your computer system. NEVER give out any personal information. If you’re unsure if they’re legitimate ask for a phone number to get back to them. Or, hang up. Don’t react by phone. Be suspicious and cautious.
- If you must answer the phone for unknown callers, example at a business, follow tip #4. Ask for a phone number to call them back after you check with your “Security Officer, Management, Attorney or Accountant”. (It’s ok to make one up). Don’t react by phone. Take charge.
- Don’t respond to a voicemail claiming any of the same issues or threats in tip #4.
- Know that if the IRS truly has an issue to address with you, they won’t be leaving you a voicemail or threatening you by phone. You’ll receive an authorized document by mail, or from someone with credentials in person.
To sum this up – if you’re suspicious or uncertain of your call or email – hang up, delete it. Go with your gut. Expect callers and email senders to provide verifiable information in their communication. If not – don’t guess or assume.
Change your mindset of “I have to answer every phone call and react to every email”. You’re in control, not the caller or email sender. Stop before clicking. Don’t answer. Check with a trusted advisor if you’re unsure. Times have changed. The stakes are high, and you’re the target. Protect yourself.
Information from the following sources was used in this article:
