Staying Safe Online – Part One

In Compliance, Cyber Security, Financial Services Technology by Amaya Swanson

With actual mini computers in our pockets, free WiFi, and unfettered access to all things technology, online threats are everywhere. Our mobile phones, tablets, and computers not only contain our Personal Identifiable Information (PII), including email, passwords, and financial information, they also hold our contact list, correspondence with friends, family, and colleagues, and photographs. While it’s easy to assume that you’re not a high value target (e.g. a CEO), you’re still at risk — but don’t worry, we’re here to help!

First let’s address the five most common online risks:

Identity Theft

Simply put, identity theft is the unauthorized and illegal use of someone else’s Personal Identifiable Information (PII) typically to obtain money. Many of the other online risks below also involve or result in identity theft.

Phishing Attacks

Phishing is a cyber-attack that uses email as its weapon. There are two types of phishing: Spear Phishing, when attackers craft a message to a specific individual, and Whale Phishing or Whaling, when attackers go after high-value targets (CEOs, CFOs, and often company board members). Phishing emails typically have one of two purposes: to get you to enter sensitive information (passwords, financial information), or to get you to download software to infect your machine / network with malware and viruses. These emails look like emails you’d normally receive: an Amazon order confirmation, a banking alert, a request from HR to update your records, or a LinkedIn connection request.

“You’ve Won” Scams

I can’t tell you how many cruises I’ve won, but it’s a lot – and yet, I’ve never been on a cruise. The “You’ve Won” scams are exactly what they sound like: someone emailing, calling, or texting you that you’ve “won” something – but there’s a catch – in order to collect the prize, you need to provide your bank account information, or pay a tax or small fee. A newer variation of this is the calls I’ve received that the extended warranty on my car is about to expire, and to provide my credit card information to renew (…I live in NYC, and don’t have a car).

Impostor Scams

The most common impostor scams are emails from your friend / family member / colleague / acquaintance (or rather, a hacker) writing that they’re stranded on vacation and lost their wallet, and can you send money. They request that you wire funds ASAP to “help”. There are other variations of impostors posing as banks, medical offices, and credit card companies.

Free WiFi + Man-in-the-Middle Attacks

People love free WiFi rather than using their data plans, and unfortunately attackers know this too. Known as Man-in-the-middle (MITM) attacks and especially risky at coffee shops and in public spaces (specifically in cities), attackers set up WiFi connections with legitimate sounding names, usually similar to or a variation of a legitimate business nearby. Once you connect to the fraudulent WiFi, the attacker will be able to monitor all of your online activity, meaning they can intercept your passwords, financial information, and more. Note: there are several types of MITM attacks, which we will expand on in a later post. Today we’re focusing on the free WiFi MITM risks.

Check back Monday for Matsco’s best password tips!

Share this Post