Hopefully everyone knows not to reply to an email sent by a “Nigerian prince.” However, criminals are becoming more sophisticated in their tactics. We recently learned of a new email scam during a national conference we attended. The reality of this scam was driven home when one of our own clients was hacked.
One day as I was sitting at my desk, I received an email from a client with whom I had spoken recently. The email said, “Are you in office?” As I was on the phone at the time, I replied I would call as soon as I was done with a call.
The response came, “We are currently out of town, we are here in Mexico and our cell phone is not working here , kindly email available accounts balances as of today.” (Hopefully, you noticed some of the grammar and punctuation mistakes as I did.)
What we had learned in our conference is that the new scam starts by hacking into an email by figuring out the password. Then the crook patiently finds out as much personal information as he can, including names, dates of birth, financial information, etc. Next, the crook will pose as the individual and try to make connections with the individual’s contacts (in this case, me). With so much information about the individual sometimes access is gained to a bank, credit card, or other financial account.
Our policy is to never send personal information via email, which inherently is unsecure. For that same reason we won’t accept trade requests via email.
When the email seemed to be fishy, I left a message for the client and waited until she contacted me. The client was indeed on vacation . . . , but not in Mexico. It is likely that the criminal knew she would be on vacation and waited for that moment to make a move.
Thankfully, none of the client’s financial accounts were compromised. However, the episode cost the clients an enormous amount of time and worry.
What lessons can be learned from this?
1. Use strong passwords and change them frequently.
2. Protect your computer. Make sure you have antivirus protection and that you have updated it recently.
3. Encrypt your wireless router by using a WPA key, or password, that will impede hackers using network sniffers.
4. Don’t give your passwords to others. (No one should ever ask.) If you aren’t sure you can trust the emailer/caller, don’t give them any personal information. Find the contact information through an independent source and contact the company that way.
5. Don’t be fooled by emails. Many scammers will send you an email that looks legitimate, but when you click on the link it will download a virus to your computer. Don’t click on any links if you haven’t subscribed to a service from that provider.
6. Limit online purchases and remember that even brick and mortar retailers can have their customer information breached.
If you do make purchases online use credit cards, which typically have fraud protection. If you are compromised the credit card company will usually write-off all of those charges. Debit cards allow thieves to take your money.
In this digital age, cybersecurity is increasingly important. Take a step towards protecting your personal and financial information by first protecting your email.