FBI Tips to Better Protect You from Cyber Crime

Almost daily Pinnacle’s team of financial advisors hear from clients that their email accounts have been compromised and contacts and other information have been stolen. We recently hosted a workshop in partnership with the FBI to help educate our clients on ways they can better protect themselves from cyber criminals. Along with FBI Supervisory Special Agent Scott Augenbaum of the Memphis Cyber Crime Investigations Team we gave the following tips to help both consumers and small business owners better protect themselves from cyber criminals:

• Can you receive texts on your cell phone? Good, let’s get some mileage from that.

The FBI strongly recommends setting your cell phone to receive a text PIN as your “second factor” or another step to verify your account when logging into email or social media. This can also be called two-factor or multi-factor authentication. It’s the combination of something you know (your username and password) and something you’ll have (a new PIN sent to via text) each time you log into the application.

• Do you own a small business and send wires occasionally? Use caution.

Crooks use email to first compromise your account and then pose as legitimate suppliers, partners or merchants you may have done business with in the past. They may ask you to “urgently send a wire” or pose as another executive or partner in your business. In any case, the key is to pick up the phone and call your contact at a known good number (not from the email). Your banker will ask this question if you request a wire via email, so go ahead and pick up the phone.

• Update your computer’s software. No, not just Microsoft or Apple updates.

While updating your operating system is important, it’s just as important to update other third party software too. Secunia PSI (now Flexera’s Personal Software Inspector) is a free tool for personal use that is one of the best for identifying that ancient version of Adobe Reader, Flash and Shockwave and Oracle’s Java all running on your workstation. Even better, it shows you the best official sites to download safely and in some cases automates the process.

• Who needs a strong password? GoTitans123! has always worked great for you, right?  (We don’t think so.)

Passwords should be long. In fact, SSA Augenbaum recommends at least 12 characters with some uppercase, lowercase characters, numbers and symbols. What is the best way to achieve this? Create a password that doesn’t contain words by using a memorable passphrase like “I like banking like a Titan at Pinnacle in 2016!” Now get creative, taking the first characters from each word to get “1lblaT@Pn2016!” Write it down or keep it in a password vault like KeePass, LastPass or CodeBook, but keep it safe.

• Heard of ransomware?  No … then maybe you haven’t heard of Locky, Cryptolocker, Cryptowall or their ilk.

Encryption is supposed to be a good thing, protecting your information from prying eyes. Unfortunately crooks have a built a really torturous business model using encryption against us.  Now they can infect your PC, typically after clicking on a link or ZIP attachment in a phishing email, and encrypt every one of your personal files on your PC … and any connected backup device. So keep your backup drives disconnected when not in use, or use a cloud backup service. Pinnacle does not ever recommend paying criminals for the “keys” to unlock these files, but it’s unlikely you will get access to your information otherwise unless you’ve kept a recent backup. So invest in a backup service or drive(s), but be sure you rotate them frequently.

• What about phishing? These cyber crooks are smart, savvy and patient.

Organized crime rings in Eastern Europe and Russia, along with nation states, are using resources to distribute malware and reap its rewards via compromised workstations and mobile devices around the world. Let’s take a couple quick steps, slowing down to: hover over links to establish where you are being redirected, find its primary domain, establish whether it matches and makes sense. Additionally use sites like urlvoid.com, virustotal.com and webutation.net to interrogate the address, typing it in. You say it’s an attachment from a friend? Call them to confirm the email and attachment if you weren’t expecting that email from them.

• And what about your mobile device? It’s no surprise it’s a computer, but you probably aren’t treating it like one.

Most people assume their mobile devices are immune from viruses, worms and phishing. Think again. While the issue is much smaller than PC-based malware, mobile device infection is rapidly growing as confirmed by Verizon, Symantec, Trend Micro and other leading security firms. We recommend that you use a common sense guide like PC Magazine’s Best Free Antivirus Utilities for 2016 and choose security applications for all of your devices, considering those that have strong mobile options.

Using these tips, hopefully you can avoid a special trip to visit your local IT shop.  If you have further questions or you are a client needing to report that you’ve been hacked, contact our Client Service Center at 800-264-3613 and ask to speak to someone on our Identity theft team.