Have you been getting phone calls from an unfamiliar number and the young and perky voice on the other end immediately asks you if you can hear her? Have you been getting emails from your friends asking for money? Or emails from familiar companies that ask you to confirm your email address? These are forms of cyber phishing that, when you say “yes” or input your email, can end up costing you.
Cyber-crimes are on the rise for good reason.
- The ROI on ransomware hacking is about 1,425 percent. A 30-day campaign of $300 ransoms assuming a 10 percent infection rate and a 0.5 percent payout rate would cost about $5,900 for all the tools, but bring in $90,000 (Trustware 2015 report).
- 30,000 websites per day are infected with malware (Sophos Labs).
- 80 percent of all businesses suffered some sort of computer hack (Duke University/CFO Global Business survey in 2015).
The most vulnerable key to accessing your identity is your email. Consider this: how much information about you can be found in your email? You may get your bank account, phone, APS, cable and credit card statements through email. Although paperless billing is the right thing to do – it saves trees, money, postage and energy – notifications from these companies appear in your in box, and each company has an ID and password. Once those passwords are breached, the websites contain sensitive information about you that would allow someone to impersonate you through email or over the phone.
Phishing is the primary way to collect your email address and other information and come in a variety of forms.
- Email/Spam. An email asks the recipient to send money to someone they know or don’t know. They may ask for credentials, update account information, change details or verify accounts. Emails will often impersonate companies that you may have an account with or confirm an unexpected delivery. There is usually a sense of urgency or it’s too good to be true and may have attachments or links.
- Link Manipulation. In spam emails, there might be a deceptive link that sends the user to the phisher’s website instead of the website mentioned. Scroll over the link to look at the URL. If a link has a website after the third “/” then the link will take you to a malicious site. Example: https://www.phishing.org/net%45892-0004309getalife
- Fake advertising that forces malware onto your computer. These may appear as pop-ups being launched from a website being viewed.
- Trojan Horse. Malware designed to mislead the user into an action that will allow access to the user’s account for collecting credentials. These often take the form of pop ups.
- Search Engine Phishing. The user is directed to a site that offers low cost products or services where credit card info is collected. Beware of fake banks offering credit cards or loans.
- Vishing (Voice Phishing). The phisher calls exciting the victim with travel packages, loans, lottery winnings, charitable organizations, free trial offers or scare the victim with a fake fraud notice. The victim will be asked to give credit card information to secure the winnings, make a donation or call another number. After calling the number the victim will be asked to identify him or herself with credit card numbers, PINs, birth dates and social security numbers. Or the victim will be prompted to answer a question with “yes” and a recording of your voice will be used to get access to banks and other financial institutions you use.
Once a phisher gets your email and other information, it may not be long before they have access to your email account. Once there, they look for information about where you bank and do other business. It is a simple matter of decoding passwords to gain access to sensitive information at the websites that you get email from.
According to an article in Bloomberg Business Week, the time it takes a computer to guess a password varies by the complexity of the character combinations. For example:
- 6 characters
- Lowercase: 10 minutes
- Lower and uppercase: 10 hours
- Lower and uppercase + numbers and symbols: 18 days
- 8 characters
- Lowercase: 4 days
- Lower and uppercase: 3 years
- Lower and uppercase + numbers and symbols: 463 years
- 9 characters
- Lowercase: 4 months
- Lower and uppercase: 178 years
- Lower and uppercase + numbers and symbols: 45,630 years
Take your cybersecurity seriously and don’t take the bait. FBN
By Eric Souders
Eric Souders is an Accredited Financial Advisor at Ascendant Financial Solutions. Securities offered through Geneos Wealth Management, Inc. Member FINRA/SIPC Advisory Services offered through Geneos Wealth Management, Inc. and Ascendant Financial Solutions.
All investment strategies involve risk including the ones discussed in this article. There is no assurance that any investment strategy will be successful or that the investment objectives will be met.