Remember 2000? Smart phones were science fiction, the internet came through the mail on CDs, and if a bad actor wanted to grab your financial information, they had to either steal your wallet or pose as a temporarily displaced royal in need of a safe place to store their millions.
Times, of course, have changed. Our digital devices are smaller, smarter and more omnipresent than ever before. Entire sectors of our lives, from work and education to shopping and socialization, have moved online, and the list of errands that can’t be completed via smartphone keeps getting shorter.
Unfortunately, as the internet has become more sophisticated, so have online fraudsters and their tactics. Scam emails are still making the rounds, but now they’re disguised as legitimate communication from trusted companies. Hackers use stolen personal information to gain access to bank accounts and credit card numbers. Savvy criminals use social psychology to take advantage of our smartphone dependence and trick even experienced internet users into turning over names, numbers and passwords without a second thought.
In theory, you could protect yourself from cyber crime by avoiding the internet entirely, in the same way you could lower your chances of being struck by lightning by never leaving the house. The less drastic, more realistic alternative is to follow cyber security best practices like keeping software up to date, creating strong passwords, and using your devices’ built-in privacy features. The tools are available — it’s just a matter of knowing what they are and how to use them.
As part of its holistic approach to financial wellness, Berkshire Money Management has added cybersecurity to the long list of topics on which it offers education and guidance to its customers. Julia Lewis, compliance professional at BMM and the office go-to on all things cyber safety, began launching a series of blog posts on the company’s website this September covering online threats and how to face them.
“One thing we believe strongly at BMM is, we’re here to support our clients in every aspect of their lives,” she said.
Customers are encouraged to reach out to their advisor any time they have a question or concern regarding their online safety. In addition to the quarterly informational posts, Lewis is working on an educational mailer for clients listing common signs of scams and what to do when you encounter them.
“I think that financial services institutions have a responsibility to help their clients, and to help protect their clients, she said. “And some of that is through education.”
A pocket-sized problem
In their two decades or so of existence, smart phones have established themselves as a dominating force in modern communication. A 2021 Pew Research study showed that 85% of American adults own a smartphone. As a nation, we now spend more time using our phones than we do watching TV.
As vital as the mobile device has become to our everyday lives, they’re an obvious target for hackers — a risk that many users may not recognize. Not only do they carry some of our most sensitive data, but we engage with them in a very different way than a regular computer, allowing scammers to manipulate our usage behaviors for their own benefit.
“They call it social engineering, and hackers engineer these scams to try to make people vulnerable to get close to them,” Lewis said. “They will do that anywhere, but the biggest target for that now is actually through social media and texting. What studies have found is that users are actually three times more likely to click on a spam link on a mobile device than on their computer.”
Part of the problem is a false sense of security born from the belief that hacks are a ‘computer’ problem, and that phones aren’t at the same level of risk.
“People have such a false sense of security on their cell phone. They use it for everything, and they’re like, ‘I have Face ID, it’s password protected, of course it’s safe.’ And unfortunately, that’s just not the case,” Lewis said.
Smartphone users should approach their mobile activity with the same caution they would use on a laptop or desktop computer. That means steering clear of suspicious ads, never clicking a link or downloading a file from an unsolicited message, and even — for Android users — installing anti-virus software to prevent malicious programs from taking root.
Regardless of the device used, email inboxes are still a preferred hunting ground for scammers, though their methods have gotten more and more insidious as technology evolves.
“Spoofing is what really gets people,” Lewis said. “Hackers now have the ability to actually fake an email address. For example, someone could email me and have the message appear as though it is coming from your email address. And you and I have already communicated, so there’s a false sense of security.”
Spoofers can mimic addresses from large, trusted companies without ever breaching their websites or internal computer systems.
“What people will do, is they will use emails to fraudulently represent reputable institutions like your bank,” Lewis said. Your trust secured, scammers will then try to convince you to turn over sensitive information (such as a password or username) to verify your account or some other official-sounding business.
Scammers don’t even need to reach you on line to go after your information. They may reach out over the phone, rather than email, with the same goal of coaxing out your account credentials and other sensitive data.
“People think, ‘Oh, my bank is calling me. Something’s wrong. I’ve got to give them my log-in info so they can fix it,’” Lewis said, “Legitimate businesses don’t need that information. They can get right in from their systems. If someone is calling you asking for your account information, hang up.”
Regardless of what form the suspicious correspondence takes, Lewis has the same advice: find a verified number for the company in question and contact them yourself. “Call them directly at that number and say, ‘Hey, is this right?’ Always, always verify,” she said.
Even as advances in technology have opened new avenues for hackers to prey on the internet-using public, they’ve also produced powerful tools for keeping your data safe.
Strong passwords are the foundation of a sound security strategy, but generating (and then remembering) a complex string of letters, numbers and symbols for every single online account is, quite frankly, exhausting.
“I think a lot of people struggle with password management,” Lewis said. “I mean, I remember when I first joined the professional workforce 10 years ago, people were just writing their passwords down on pieces of paper.”
Rather than falling back on the same three easily guessed passwords for everything, Lewis recommends employing a password management software to do the hard parts for you.
“It does seem daunting to remember all of these passwords,” she said. “You can get free versions of some password management software. It’s not as big of a cost as one might think.” Some password managers will even alert you if any of your accounts are compromised or if your personal details show up in a data leak.
For online shopping, Lewis recommends using a payment service like Paypal, Apple Pay or Google Pay rather than entering your credit card or banking information to make a purchase. “I like to make payments through Paypal or Apple Pay,” she said. “If you’re an Android user, you can sign up for Google Pay. And that actually doesn’t transmit your personal credit card details [to a vendor]. It acts as sort of an intermediary, and it protects your credit card details, which is really handy when you’re doing any type of shopping.”
Whenever possible, opt for two-factor authentication. It’s essentially a ‘double check’ on login attempts. Upon entering the correct password, you’ll receive a single-use code, usually as an email or text message, which you’ll then use to finish logging in. Should your password be compromised, hackers can’t use it to get into your accounts unless they also have access to your email or text messages.
“You should have two factor authentication on everything that you can,” Lewis said. “Preferably, try to set up two factor authentication so that it’s going to send you a text, so that it’s going to go to a separate device, in case your computer is ever stolen.”
Should your device ever be lost or stolen, a tracking app like Find My Phone, for iPhone, or Find My Device, for Android, will help you locate it. If it’s no longer recoverable, you can use the app to remotely wipe the device’s memory, erasing any personal data that might be misused should it fall into less scrupulous hands.
Most importantly, don’t fall behind on your software updates. “Anytime that you get a software update on your phone or on your computer, always install it,” Lewis said, recalling a recent iPhone update that corrected a serious security flaw.
…and common sense solutions
If all this has you tempted to toss your electronics in the Housatonic and never go online again, take a deep breath.
“Don’t allow cybersecurity to frighten you,” Lewis said. Any time you find yourself unsure about the validity of an email or the security of a link, simply step back and take your time assessing the situation.
“You’re never going to get an email or phone call — unless it’s some dire health emergency — where if you don’t act right now, everything’s going to crash down,” she advised. “You have that time to call, to ask if this is legitimate.”
Older internet users, who may be less confident in the digital realm to begin with, are especially vulnerable to scams that encourage immediate action.
“A big thing that’s really important with that older generation is just encouraging them to slow down,” Lewis said. “Cybersecurity scams and hackers prey upon people’s vulnerabilities, and so you might get a communication that is insinuating urgency or demand. It’s trying to scare you into action: you’re getting a phone call from the IRS saying you have back taxes, if you don’t pay this now you’re going to have a lien put on your house. Have conversations with the older people in your life. Inform them of how that communication works, because previously people did call, and that’s not how things work anymore.”
Open communication is key here. Lewis encourages those with older adults in their life to talk to their loved ones about common scams, and to make it clear they’re around if questions arise. “Make yourself available to the older people in your life,” she said. “I think a big thing is just educating them, letting them know what you hear as far as best practices and common scams, helping them out with it, showing them how things work.” Helping them set up password management software is a great way to help ease tech anxiety, as is showing them how to take a screenshot and send it to you should they ever have questions about something they come across.
“That way they don’t feel like they’re in it alone, because technology is daunting for a lot of people in the older generations,” Lewis said. For internet users of all ages, she suggests visiting ready.gov/cybersecurity, a website run by the federal government featuring the latest information on common scams, security best practices and what to do if you find yourself the victim of an online attack.
Ultimately, the fight against digital threats is constant and ever-evolving, but the one thing that never changes is this: no one is in it alone.