It was recently discovered that hackers had developed new tools to circumvent two-factor authentication, one of the latest cybersecurity procedures that allow online shopping and banking users to log in to their accounts. Two-factor authentication works by simply sending a randomly generated code to the users’ email or mobile device, which they can enter on websites or apps to login. The procedure is a way to protect the customers’ username and password. With this news, it’s becoming increasingly clear that no security procedure is hacker-proof, and measures must be taken by consumers to protect their wallets from potential data and financial loss.
New technologies have both enabled us faster access to information, but also made access to private information for fraudsters and criminals far easier, with Internet fraud alone costing individuals and hundreds of businesses billions of dollars a year, jumping from the $450 billion to $600 billion. Most of us are either shopping online, banking, booking trips to or do something that involves sharing personal information. Email and telephone scams are still the most common ways fraudsters find their victims, however Facebook and other social media websites, and text messages are fast becoming their chosen tool.
Consumers waste on average 24 hours trying to deal with the outcome of a single case of cybercrime. Fraudsters can use your personal information to apply for credit cards and loans. Of course, the cost is not only financial but psychological harm and lack of trust in the financial system. More could be done by organisations to help combat theft by collaborating with government and financial institutions to combat cybercriminals. However, no such institution exists, and even organisations may not wish to collaborate with other organisations due to their own privacy concerns. Furthermore, concerns arise about private corporations and government working together to create standardised data security systems without acquiring too much power.
Here’s how you could be a target for financial fraud and how to avoid it.
Who are the victims?
In 2017, cybercrime affected around 978 million people around the world. Unlike, for example, victims of investment fraud, who’s profile consists of identifiable demographic patterns, including the retired, military veterans. Victims of cybercrime span right across different ages groups, socio-economic backgrounds and different countries. On average victims are likely to lose around $142 in a case of cybercrime, the higher the GDP in the region the higher the losses. This may come in the form of hacked social media accounts, phishing emails, compromised shopping accounts, hijacking of phones, laptops and other mobile devices, as well as unwillingly sharing information with fraudsters via telephone calls. In most cases, the victim does not even realise their money has been stolen until it’s too late.
Common cyber-attacks to look out for
Ever received an email from your bank, tax department, or favourite social network that addressed you by your email address? Or maybe you received a phone call “your bank” looking to carry out a verification check, who then requested your PIN number? Chances are you’ve been the target of spear phishing. Cybercriminals use legitimate entities encourage you to share whatever private information you would normally share with said company. With more consumers turning to mobile, landline and VoIP for communication with friends, family and colleagues, criminals have begun taking advantage of these mediums to mislead the customer into parting with their money.
Vishing
Phone calls are regularly used by banks and other institutions to verify the details of callers. Knowing this, scammers also pose as the same organisations using a near identical approach to steal your information. This is known as “vishing”. An obvious warning sign is that legitimate banks or other organisations won’t ever ask for your PIN or password to get into your account. If they do, tell them you’ll call them back once you’ve found your information. If they’re frequently ringing back there’s a number of ways you can block calls on your smartphone as well as your home phone.
Organisations looking for ways to collect private information such as credit card details from customers over the phone securely can look into methods such as Dual Tone Multifrequency (or DTMF) masking. The customer can simply input their credit card information using their phones touchpad rather than reading their credit card or other private information to the contact centre agent. This prevents their payment details being intercepted by hackers or even stolen by contact centre agent themselves. The data packets containing credit card information is then sent directly to the payment processor for secure payment.
Email phishing
If you find yourself receiving unscrupulous looking emails, make sure you check the email headers so you can see the real email address of the sender. If this doesn’t match the email of the organisation the sender claims to be from, then delete the email immediately.
Social media phishing
There are numerous ways you can avoid phishing attacks on social media, including avoid clicking on any links via posts, tweets, at DM’s which you’re 100% sure are genuine. If in doubt, call the official number of the organisation where the Tweet supposedly came from, and ask if the content was created by them. It may also be the case that account of an organisation has been hacked, in which case report any suspicions to the social media network via their website or app.
Emotional sentiment
Cyber criminals will say anything to part to get your part with your money. If you’ve been targeted, they may not know exactly who you are, but will know the demographic group likely to use said product or service. In particular, avoid emails or phone calls where the person pressures you to act quickly, especially if an offer seems to good to be true. They’ll play with your fear of loss and impatience
What to do if you’re a victim?
The first thing to do is to change the password of your account for the compromised app and report any breaches or losses to the organisation that have your personal details. In the UK, there are several associations that can help you recover your money and even catch the fraudster if you feel if you’ve been scammed or someone else has. The go-to organisation is Action Fraud. This is the national fraud and cybercrime reporting centre combining the efforts of the National Fraud Intelligence Bureau (NFIB) and the City of London police. You can report any fraud or cybercrime claims via their website or on the phone. While they don’t investigate cases of fraud and are cannot update you on its development, they can point to you the NFIB, who will handle your case upon reporting.
Been a victim of cyber fraud or know someone who has? Tell us your story below:
In the meantime, if you’re looking for more tips to avoid being caught out, check out Rainy Day, a new interactive app bringing you tips on how to protect and save your money.
RAINY DAY 