Phishers and hackers are getting increasingly sophisticated with their attempts to collect personal information that gives them the keys to your financial information. They often will use what is called social engineering techniques in order to trick or pressure people into helping them out by giving them a password for an account. The techniques aren't obvious (that's the point!), and that's what makes them so effective. And they'll just keep getting harder to spot. The good news is that there are ways to protect your personal information and finances from these nefarious people and groups.
First, what’s social engineering?
Social engineering is the art of manipulating people to get them to give up confidential information. The types of information these criminals seek can vary, but can range from tricking targets into giving up passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
Common social engineering attacks
- Email “from a friend”. If a criminal manages to hack or socially engineer one person’s email password, they gain access to that person’s contact list–and because most people use the same password for most sites, they probably gain access to that person’s social networking contacts, too.
- Share a link that you “have to check out”. This one works with a link coming “from a friend” and because you’re curious, you’ll trust the link and click it, infecting your machine with malware that allows the criminal to take over your machine and collect your contact info.
- Phishing attempts. In this case, a phisher typically sends an e-mail, direct message, comment, or text message that appears to come from a legitimate, popular company, bank, school, or institution. They may pretend to your preferred bank, and explain that there is a problem that requires you to "verify" the information by clicking on a link and providing information in the form. The link could look legitimate with all the right logos, and content (in fact, the criminals may have copied the exact format and content of the true site). Because everything looks legitimate, the idea is that you trust the email and the phoney site, then providing whatever information the hacker is seeking. These types of phishing scams often have a sense of urgency, such as giving a warning as to what will happen if you fail to act soon.
People who take the bait may be affected with malicious software (malware) that can generate any number of new exploits against themselves and/or their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.
Ways to protect your personal finances and information
- Slow down. Spammers want you to act first and think later. Don’t let their urgency influence your careful review.
- Be suspicious of any unsolicited messages. If the email looks like it’s from a company you know, still do your own research to cross-check the contact info. Likewise, ignore junk or chain emails.
- Ignore and delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Don’t let a link control where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
- If you don’t know what the email is about, don’t click the link. Similarly, never use phone numbers from the email; it is easy for a scammer to make it sound as though you’re talking to a bank teller.
- Be careful of what you download. Don’t download something if you don’t know the sender personally, or if you weren’t expecting a file from someone.
- Download anti-virus software, firewalls, and email filters, and keep these up-to-date. Set your operating system to update automatically, and if your device doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you of risks.
- Turn off file and printer sharing in your devices, especially if they are connected to the internet.
- Perform backups at least quarterly, but ideally monthly.
- Turn on Disk Encryption. This way, if someone has access to your laptop and extracts the disk drive, they will not be able to access the data stored in it without your password
- Always securely log out and clear browser cache after performing online transactions
- Only use a trusted computer or device, and never use public or internet cafe computers to perform financial transactions.
Fortunately, we’ve ensured that even in the case of a compromised password/OTP, hackers can’t access your StashAway funds, as we only allow someone to withdraw funds to a bank account with the legal name you registered when signing up with StashAway.
At the end of the day, we recommend that you learn more about the various types of security risks and familiarise yourself and your loved ones to prevent them from falling victim to these incidents when they occur.