You may have heard the quote, “Trust, but verify,” (made famous by Ronald Reagan), but based on the information in the FBI Internet Crime Complaint Center’s 2019 Internet Crime Report, you’d do better to verify first. According to the FBI, 2019 had both the highest number of complaints and the highest financial losses since the IC3’s beginning in 2000 – 467,361 reported complaints and over $3.5 billion lost.
Internet Crime – Where The Money Is
With financial losses due to internet crime at the highest levels ever, what are the areas where fraudsters are causing the most damage?
Nearly half the losses reported were due to Business Email Compromise (BEC) or Email Account Compromise (EAC). This is a scam in which a cyber criminal hacks or spoofs a legitimate email account and convinces the recipient of the email to transfer funds to a fraudulent location.
For example, consider this BEC fraud attempt, in which First Business Bank received an email from the business email address of the CEO of a business client, requesting a $15,850.00 wire transfer. The bank employee emailed a blank wire request form, and received a return email with the completed form, including the CEO’s matching signature. The fraud was discovered when the wire desk did additional authentication by calling the client’s phone number of record.
Unfortunately, a woman in Spokane was not so lucky when she fell victim to EAC during the process of buying her dream home. A 75 year old woman lost her life savings of almost $100,000 when she followed emailed wire transfer instructions that appeared to be from her escrow officer. Sandra Lee lost her money and her home, and her only consolation is that the FBI was able to track down one perpetrator with the report and evidence she provided.
Sadly, Lee was also in the age group that loses the most to fraudsters – those over 60. These internet criminals prey on those over 60, since they are believed to have financial resources, as well as being more trusting and less tech savvy.
Elder Fraud, defined as a financial fraud which targets or disproportionately affects people over the age of 60, is a growing problem. According to the statistics in the report, this age group is the most targeted and the group which loses the most to internet crime.
IMAGE: FBI’s 2019 Internet Crime Report
Those over 60 are also the most victimized by another growing problem, Tech Support Fraud. This is a scam in which a criminal pretends to be a customer service or support technician in order to defraud a victim. The infamous computer pop-up claiming “your computer is infected by a virus” is one example, as are calls, texts, or emails purporting to be from a well-known company such as Apple or Microsoft, claiming to have discovered a problem with your system or account and offering to “help” you resolve it. While not the most lucrative or most prevalent scheme, losses due to Tech Support Fraud increased 40 percent in 2019, and the majority of victims were in the over 60 age group.
While BEC/EAC accounts for the majority of financial losses, it’s not the most prevalent scheme. The most common internet crime type by far, with 114,702 reported victims, is Phishing/Vishing/Smishing/Pharming.
IMAGE: FBI’s 2019 Internet Crime Report
Phishing, vishing, and smishing involve unsolicited emails, phone calls, or text messages from criminals pretending to be a legitimate company or even a friend, and asking for login credentials or personal information. Pharming is a tactic which uses a fake website pretending to be a legitimate company’s website, set up for the purpose of obtaining personal or financial information.
For example, you may get an email, phone call, or text purporting to be from your bank, telling you that your account has been compromised and asking you for personal information to confirm your identity. Or you may search for something online and find yourself on a fraudulent site which collects your credit card information.
How Can You Protect Yourself From Internet Crime?
With both victims and losses from internet crime at an all-time high, what can you do to protect yourself?
We can no longer “trust, but verify” – the best preventive measure is to verify first. The Chief of IC3, Donna Gregory, cautions that internet crime is becoming increasingly sophisticated, and she recommends we make a practice of double-checking everything.
Gregory advises, “In the same way your bank and online accounts have started to require two-factor authentication, apply that to your life. Verify requests in person or by phone, double-check web and email addresses, and don’t follow the links provided in any messages.”
Report Internet Crime
The IC3 report includes some appalling numbers on victims and losses due to internet crime, but it’s likely this is only the tip of the iceberg. Many victims don’t report these crimes, either because they are embarrassed or they aren’t aware of how to do so.
If you’re a victim of internet crime, report the crime to the IC3. With timely reporting, the FBI has a chance of stopping a fraudulent transaction and recovering the money. And the more information you can provide, the better it helps the FBI combat the criminals. Matt Gorham, assistant director of the FBI’s Cyber Division, encourages everyone to report internet crime, as “It is through these efforts we hope to build a safer and more secure cyber landscape.”
Today is Data Privacy Day, an international day of recognition to promote best practices in safeguarding data and respecting privacy.
There’s a lot of talk in the news about new privacy laws and the rights of individuals. While many businesses are taking a look at their practices and privacy policies, there are also several organizations under fire for real or perceived violations of individuals’ privacy.
Recognize that you do have to give up some private information in order to have some of the conveniences you may enjoy. You can’t get “local deal alerts” or “check in” on your phone unless you allow the device to know your location. You can’t get local weather from your smart home speaker, unless you are willing to share your address with the owning company. And you can’t get special offers on your favorite products without sharing your preferences.
But in many cases, you do have control of the data you choose to share. Here are three things you can do today to celebrate Data Privacy Day and help take control of YOUR data privacy.
1. Set Up Multi-Factor Authentication
Privacy and security aren’t exactly the same thing, but they are related. Using multi-factor authentication is absolutely necessary on things like your financial accounts, in order to protect you from fraud. However, it’s also a good idea to secure your email and social media accounts, so your personal information isn’t exposed.
2. Review Your Privacy Settings
You read all those privacy policies for every site where you set up an account, right? It’s easy to just ignore or gloss over those long legalistic policies, but take a few moments to read them and make sure you really do understand and agree with how the company can use your data. Often, they also give information on how you can limit the data you share. Spend a little time today to examine and update your privacy settings, and take control of your data. Not sure where to find the privacy and security settings? Check out this great resource with links to change privacy settings on many popular services and devices.
3. Delete Recorded Conversations
Most personal assistants keep records of your queries and requests. There have been instances where personal data was inadvertently revealed to a person other than the device owner. While most of these recordings are innocuous, it’s a little creepy to think about, and all these little snippets of information could be collated and become a bigger privacy issue. Take a few minutes and clean your digital house today by deleting those recordings, and make sure you’re comfortable with how long the recordings are kept. This Consumer Reports article provides information on how to control what’s heard and recorded on the “big three” devices, Amazon Alexa, Apple Siri, and the Google Assistant.
You can learn more about Data Privacy Day at StaySafeOnline.org.
Take action today, and Own Your Privacy!
Milepost 42 is proud to be a Data Privacy Day Champion.
It’s the last day of October, which means this year’s National Cybersecurity Month is officially ending. But that doesn’t mean you should stop taking measures to #StayCyberSafe! This year, the NCSAM theme was “Own IT, Secure IT, Protect IT” – let’s take a look at some of the tips that were presented this month.
We’re almost constantly connected, whether at home, at work, at school, or even on vacation. With mobile phones and Internet of Things devices, there are more ways to be connected than ever before. Not only that, we also have many accounts which collect our information.
- Don’t overshare on social media. #BeCyberSmart about where you share your information and who you share it with. Connect only with people you know and trust.
- Set privacy and security settings to limit what your devices and social media accounts share about you.
- Keep tabs on your apps; only download from legitimate, trusted sources. Review the permissions those apps are asking for, and deny any that don’t make sense.
Security breaches seem to be happening more and more often; they’re hardly front page news any more. Your personal information is valuable, so do what you can to keep it out of the hands of cyber criminals.
- Use strong passwords, and don’t use the same password on multiple accounts. A password manager can help you keep track of all those strong, unique passwords for your accounts. Some can even help you share access with trusted partners or family members, without requiring you to give them the password.
- No matter how strong your password is, if a breach occurs, your account may be vulnerable. Enable multi-factor authentication to add another layer of security and help ensure the only person who can access your account is you.
- Don’t get hooked by a phishing scam! Be very cautious when opening emails, and never click on links or attachments sent by people you don’t know. Even if the email looks like it’s from a friend, coworker, or your boss, be wary of clicking on links. Scammers can spoof email addresses, so it’s best to check the legitimacy of the email, especially if it’s urging you to click or open something right away.
While today’s technology allows us to shop, bank, communicate, and entertain ourselves anywhere, this convenience comes with an increased risk. Smart home devices, such as thermostats, door locks, and cameras can make our lives easier and save time and money, but be aware of the additional security risk that comes with these smart devices.
- Your wireless router is the main entryway to all your connected devices, so be sure to change the default user name and password, keep the firmware up to date, and set a password on your Wi-Fi network. Also, change the default credentials on all your smart devices, and make sure you understand the permissions and access they have to your network, your information, and your personal space. Assume a smart speaker is always listening, and a smart camera is always watching.
- Keep software and firmware on all your devices up to date. Your computer, smart phone, router, and many smart home devices get updates to help keep them protected from ever-changing threats. If you have an older device, make sure it’s still being supported; sometimes, it’s just time to get rid of that old streaming device to help protect the rest of your home.
- Public Wi-Fi is not safe or secure. Even a public Wi-Fi network with a password could be compromised. If you must use public Wi-Fi, be sure it’s the actual network provided by the location. Use a VPN service to protect the privacy of the information you’re sending, and avoid accessing sensitive accounts such as financial and banking accounts while on public Wi-Fi.
As we move into the holiday season and the new year, keep these cyber security tips in mind. OWN IT, Secure IT, and Protect IT to keep yourself and your family #CyberSafe.
Can You Spot The Phish?
One of the main ways cybercriminals steal information or spread ransomware is by gathering information through phishing emails.
Not all phishing emails are full of spelling errors and sent from people purporting to be Nigerian princes. Some are quite sophisticated, and emulate known and trusted brands.
Try this phishing quiz from Google to see if you can spot the phish.
Taken The Bait?
If you think you’ve been a victim of phishing, take action as soon as you realize the problem. Change your account login credentials, scan your system for malware, and report the phishing attack to the company that was impersonated. You may also want to notify your bank and credit card companies, and be sure to closely monitor your statements for unusual activity.
Also, consider reporting the phishing attempt to the Anti-Phishing Working Group (APWG), an international coalition working to coordinate responses to cybercrime. You can forward the suspicious email to [email protected]; if your email client allows, forward the email as an attachment, as this will provide more details to help APWG tracking and analysis.
Milepost 42 is honored to join an initiative to promote awareness of online safety and privacy, by signing up as a Champion of National Cybersecurity Awareness Month (NCSAM) 2019.
NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to this year’s NCSAM theme of “Own IT. Secure IT. Protect IT”, and this year’s initiative will encourage everyone to #BeCyberSmart through cybersecurity best practices.
30 years ago, the world wide web was just getting started. Today, we can access information almost instantly, from a device that fits in a pocket. We have technology in almost every aspect of our lives. And just like in all the other parts of our lives, we need to protect and secure the things we own.
~ Stacy Clements, Owner of Milepost 42
Now in its 16th year, NCSAM continues to build momentum and impact with the ultimate goal of providing all Americans with the information they need to stay safer and more secure online. [Organization name] is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.
“Cybersecurity is important to the success of all businesses and organizations. NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations,” said Kelvin Coleman, executive director, NCSA.
For more information about NCSAM 2019 and how to participate in a wide variety of activities, visit staysafeonline.org/ncsam. You can also follow and use the official NCSAM hashtag #BeCyberSmart on social media throughout the month.
About Milepost 42
Milepost 42 is a technology partner for small business owners who want to focus on their passion and not the “techie stuff” needed to support it. Small businesses need technology –websites, email, automation – to run and grow, and they also need to be aware of the need for cybersecurity to ensure business continuity. Milepost 42 provides those services and planning assistance for small business owners who are ready to have someone else handle the “web stuff”.
About National Cybersecurity Awareness Month
NCSAM is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing NCSAM in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/ncsam or niccs.us-cert.gov/national-cybersecurity-awareness-month-2019.
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Cybersecurity and Infrastructure Security Agency and NCSA’s Board of Directors, which includes representatives from ADP; American Express; Bank of America; CDK Global, LLC; CertNexus; Cisco; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Google; Infosec; Intel Corporation; Marriott International; Mastercard; Microsoft Corporation; Mimecast; NXP Semiconductors; Proofpoint; Raytheon; Symantec Corporation; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include National Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org/about/.