Fraud and Cyber Security
Field Note: July 2021
Cyber-attacks are on the rise. Rarely do we go a day or two without hearing about a new organization that has been breached. Targets range from large corporations to local school districts and costs for regaining access to lost data can run into tens of thousands, even millions of dollars. And, as the pandemic has forced Americans into increasingly digital lives, fraud is on the rise as well (fraud reports were up by 40% in 20201). As businesses and governments seek to reconcile vulnerabilities in their infrastructure, we’d like to take the time to highlight what Skyline does to protect you from internet attacks as well as what steps you can take to protect yourself.
Top Ten Fraud Report Categories (2020)
*see end of post for category descriptions
At Skyline we have put practices in place to maintain client privacy and ensure continuity of service including:
Secure document storage. Client information is stored on Box.com. All Box content is encrypted, stored in secure data centers that are monitored 24/7 and backed up daily to multiple locations. Any physical documents are shredded on a weekly basis.
Verbal confirmation for transactions. Advisors will require voice verification for distribution requests to anything other than a previously established ACH connection.
Utilizing two-factor authentication. Wherever available firm staff utilize two-factor authentication to access online applications such as Right Capital, Morningstar Office, Schwab Advisor Center and Veo One (TD Ameritrade’s advisor portal).
Enable digital security controls. All mobile devices, tablets and computers are password protected. Apps with sensitive information such as Box require an additional password or verification. All devices can have data remotely wiped in the event of theft or loss.
Ways that we recommend you protect yourself from online security breaches:
Utilize a password manger, and implement a passphrase to secure it. Strong passwords make it harder to hackers to gain access to your information. Unfortunately, they are hard to remember. Consider using a password manager such as LastPass or 1Password. These will generate unique, secure passwords and store them in one place.
Only share personally identifiable information via phone or secure portals such as Box.com. Don’t share sensitive information including account numbers or Social Security Numbers via insecure means of communication such as email.
Utilize two-factor authentication. If you have not already, activate two factor-authentication for any accounts that may leave you vulnerable. Examples include: online banking, Schwab Alliance, email accounts, etc.
Learn to recognize phishing emails. These messages often appear authentic at first glance, but here are some tips from the FTC on how to determine out which emails to trust and which to delete.
Time It Takes a Hacker to Crack Your Password
If you would like to further explore this topic, here are a few additional resources:
A fraud risk assessment you can complete to get an idea of how vulnerable you are.
Charles Schwab has a security knowledge center with more details on how they protect client information, steps you can take and what to do in the event of a suspected breach.
Security.org allows you test how secure your passwords are.
Have more questions about how Skyline manages your data or how you can protect yourself? We’d love to discuss further.
Source, FTC
Descriptions of FTC Fraud Report Categories from Chart:
Imposter Scams: Someone pretends to be a trusted person to get consumers to send money or give person information. Examples include scammers claiming to work for or be affiliated with a government agency; scammer posing as a friend or relative with an emergency need for money; and scammers claiming to be affiliated with a private entity (e.g., a charity or company).
Online Shopping and Negative Reviews: Undisclosed costs, failure to deliver on time, non-delivery, and refusal to honor a guarantee on purchases made online; internet auctions.
Internet Services: Problems with website content, including websites that offer content for a fee or advertise products and services; difficulty cancelling an ISP or online account; and problems with broadband internet services and contest, including the truthfulness of cost, access and speed disclosures.
Prizes, Sweepstakes and Lotteries: Promotions for “free” prizes for a fee, foreign lotteries and sweepstakes offered through the phone, fax, email or mail, etc.
Telephone and Mobile Services: Advertising related to mobile plans, rate or coverage areas, problems with mobile applications or downloads; other mobile device problems; charges for calls to “toll-free” numbers, unauthorized charges, such as charges for calls consumers did not make; unauthorized switching of consumers’ phone service provider; misleading pre-paid phone card offers.
Travel, Vacations and Timeshare Plans: Deceptive offer for “free” or low-cost vacations; cut-rate student travel packages; misleading timeshare offers; etc.
Business and Job Opportunities: Business opportunities (e.g., offer to start a new business); work-at-home plans, (e.g., stuffing envelopes or processing medical claims); multi-level marketing schemes; job scams; job listings, or employment services; inventions or idea promotions.
Health Care: Fraudulent, misleading or deceptive claims for: medical products, supplies or treatments. Also includes reports about eye care and fitness monitors and devices that can connect to the internet and use a processor or sensor to collect consumer information, etc.
Foreign Money Offers and Fake Check Scams: Letters or emails promising a percentage of millions of dollars that are from a foreign country in return for money, bank accounts numbers or other identifying information from the victim; fraudulent schemes involving foreign lotteries, mystery shoppers or internet purchases/classified ads in which someone in over paid with a counterfeit check and asked to wire back the difference immediately after check deposit, leaving the victim responsible for the funds withdrawn; etc.
Investment Related: Investment opportunities in day trading; gold or gems; art; rare coins; other investment products; reports about companies that offer advice or seminars on investments; etc.