Cybersecurity

Please take a few minutes to read this message, because it’s on a very important topic: cybersecurity.

On Friday, May 12, 2017, well over 100 countries started getting hit by one of the largest cyberattacks ever seen.  This particular attack all centers around a type of scam known as ransomware.

You know, of course, what a ransom is. Someone takes something from you—be it your property, your identity, your secrets, even a loved one—and demands money in exchange for returning it. That’s exactly how ransomware works. In this case, cybercriminals essentially take your computer hostage, locking you out of your files until you pay a ransom.

Ransomware isn’t new, but it’s now more rampant than ever. While the odds of you becoming a ransomware victim are probably low, it’s important that you still take steps to avoid it. After all, cybersecurity is really just an aspect of overall financial security—and financial security is something no one can afford to ignore.

Here are a few things you need to know:

How Ransomware Works

Ransomware can get onto your computer if you visit a malicious or hacked website. It is often spread through a form of fraud called phishing, which is defined as:

“The creation of email messages and Web pages that are replicas of existing, legitimate sites and businesses. These Web sites and emails are used to trick users into submitting personal, financial, or password data. These emails often ask for information such as credit card numbers, bank account information, social insurance numbers, and passwords that will be used to commit fraud.”

Often, phishing works because it plays on people’s fears, or because it creates a sense of urgency to act. For example, imagine you get an email that looks like it came from your bank, saying there has been suspicious activity on your account and that you must click on a specific link to fix the problem. Clicking on the link could automatically download ransomware onto your computer.

In the case of this current cyberattack, victims received a message on their computer saying their files were encrypted, and that they must pay $300 for the files to be released.

How to Protect Yourself From Ransomware?

Fortunately, the best way to protect yourself from this or future ransomware attacks is by simply following good internet “hygiene.” For example:

  • Make sure your antivirus and antimalware software is up-to-date. Also, install a pop-up blocker in your web browser.
  • Routinely backup your computer files. You can save copies of your files to the Cloud with services like Microsoft OneDrive, Google Drive, and Dropbox, or to an external disc or hard drive.
  • Never click on links, read emails, or open attachments from people you don’t know or companies you don’t do business with.
  • When reading emails and websites, scrutinize them carefully. Often, they will be littered with misspellings, which is a strong sign of fraud.
  • Legitimate banks, retailers, and social media sites should never ask for your personal information via email. If you receive a message from someone asking for this info, assume it’s a scam.
  • Furthermore, as a rule of thumb, do not reply to any message, electronic or otherwise, that requests your personal information.
  • When doing business online, look at each website’s address. Secure websites should have a small symbol of a lock next to their URL, or the letters https (instead of merely http) at the beginning of the address. Both the lock and the letter “s” indicate that the site has been verified as secure.

What do I do if I’ve already been hit by a ransomware attack?

First off, most experts agree you should never pay the ransom.3 There’s no guarantee the criminals behind the attack will hold up their end of the bargain, and it could open you up to other forms of malware. Instead, you will need to take steps to manually remove the ransomware, which can be very difficult. If you need help with this, you can visit Microsoft’s page on the subject at https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx.

Hopefully you will never have to deal with ransomware or any form of cyberattack. But rather than just hope, take steps now to secure your computer, your identity, and your finances. As always, if you have any questions about financial security, please contact me. As a financial advisor, my job is to make sure you reach your goals in life—something that can only be done if your finances are kept safe. Please let me know if there is ever anything I can do.

Catch Me If You Can

On an average day, you probably write a check, use a credit card, make a cell phone call, throw out unopened junk mail, or apply for a credit card.  If you are like me, you don’t give these activities a second thought.  But, someone else may.  Simply by obtaining your personal information, such as your name, address, phone number, bank and credit card account numbers, and social security number, someone could falsely claim to be you.

We are starting to hear more and more about a new kind of crook, so-called “identity thieves.”  In a recently-released movie, “Catch Me If You Can,” Leonardo DiCaprio plays an adverturesome, creative teenager who managed to defraud banks out of millions of dollars by impersonating an airline pilot, a lawyer, and a doctor, just to name a few professionals.  The story was based on the exploits of a real life con man back in the 1960s.

Our modern day crooks are at least as creative and they have switched from holding up banks to using our good credit to run up enormous debt.  An identity thief does this by obtaining your personal information and opening credit card accounts in your name.  People whose identities have been stolen can spend months or years – and thousands of dollars – cleaning up their good name and credit record.  In the meantime, victims may be refused loans or even arrested for crimes they did not commit.

Can you completely prevent identity theft from occurring?  Probably not, but you can minimize your risk by better managing your personal information.  The Federal Trade Commission (FTC), working with other government agencies and organizations, has produced a booklet to help guard against and recover from identity theft.

One of the best ways to catch identity theft is to regularly check your credit record.  Order your credit report from each of the three major credit bureaus each year and make sure all the information is correct.  Also, follow up with creditors if your bills do not arrive on time.  A missing credit card bill could mean an identity thief has taken over your credit card account and changed your billing address to cover his tracks.

If you’ve been a victim of identity theft, call the FTC’s Identity Theft Hotline toll-free at   1-877-438-4338.  They will advise you on how to deal with the credit-related problems that could result.  For further information, visit the ID theft website at:  www.ftc.gov/bcp/edu/microsites/idtheft

Why You Should Monitor Your Credit