In our modern world, email hacking has become quite advanced. Gone are the days when you received an email asking to wire money to a friend stranded in Milan after his wallet was stolen. Today’s hackers are sophisticated, clever and patient. They break into your email and read everything about your personal life. Hackers piece together information from your social media accounts and check out websites you frequent to learn of your hobbies and vacation plans. This type of snooping is called Social Engineering.
When hackers think they’ve found a good target, they go Phishing for a big payoff. Phishing is the practice whereby criminals use your legitimate email address or create a “spoofed” email address incredibly similar to your own to write to your friends and financial advisors to persuade them to send money. Phishing may also fool you into going to a criminal’s website which looks very similar to one to which you are accustomed and ask you to key in personal information or reset a password.
Financial institutions are a chief target for social engineering and phishing scams. In the past, it was easy to tell if the email sender was not the client simply by noting poor grammar or misspelled words. Today’s hackers hire native speakers to read your emails and then write to your friends and financial institutions. They learn with whom you bank and invest your money by looking for keywords like “Wire Transfer”, “Bank Transfer”, and “Account”. Hackers are also savvy to the reasons why we might need an urgent cash transfer. They’ve figured out that one is more likely to send a wire or a check to a domestic account or a person’s address. In these cases, the hackers have hired “mules” to live in the U.S. and open bank accounts for this purpose. Then they quickly wire cash out of the U.S. where it is rarely retrieved.
At Kendall Capital, we’re watching out for our clients by educating ourselves, and our clients, on these current trends to help our client’s money safe. We also implement simple but effective procedures such as requiring verbal confirmation anytime client ask us to send cash to an account other than a previous established ACH linked account. If we must send the client a form to sign, we’ll either omit client’s personal identifying numbers or password protect the document. For our clients Kendall Capital’s emails may be vague to do our best to refrain from using those financial services keywords which make you a tempting target. We’re also using the technological tools available to us such as e-delivery, e-signature and setting up links to client bank account in advance.
Now, you may be asking yourself what you can do to make yourself less of a target for hackers. The best way to prevent criminals from reading your email and accessing your financial accounts is by changing your passwords often. The more frequently you change it and the stronger the password, the less likely someone will be able to read your emails and personal information. If you must use the same password for several purposes, please at least make it different for your email and your money. We have provided five tips for creating and periodically changing your passwords that will not be easily hacked:
- Think of your password like a toothbrush – don’t let anyone use it and change it every six months.
- Avoid the obvious – today’s hackers use brute-force programs to guess your password in as little as 3 minutes.
- Make it Complex – add numbers and symbols.
- Use a Passphrase – if you have the space, why not make it a combination of words. Ideally, you should use at least 10 characters when possible.
- Keep it Weird – think of vanity license plates which use numbers instead of letters, but you still understand the meaning. Even adding a space where it doesn’t belong helps tremendously.
It may seem daunting keeping track of multiple passwords. Thankfully, there are software programs called “Password Managers.” They can be used on your computer or smartphone and not only make it easy to organize the dozens of providers requiring log-in credentials but come with helpful tools that remind you when it’s time to change your password. They cost nothing or charge a nominal annual fee to synchronize with your devices. Best of all, you only need to remember one User Name and Password to gain access to the rest.
So remember, be VIGILANT – pay attention to your online experiences. Be VERBAL – if you are a client of Kendall Capital Management, expect a phone call from us or, better yet, call us before you send an email request to transfer cash so we know it’s legitimate. VERIFY – use software programs to help you create and keep track of less-hackable passwords so vendors can verify it’s really you. We’ve seen these hackers in action. You can rest assured we’ll be vigilant in order to protect our clients.