Marjorie Bloom had worked 42 years as a federal attorney. She had amassed her nest egg of $661,000 for retirement through decades of work and an inheritance from her parents. She was looking forward to her future and ultimately leaving any leftover money to her children just as her parents had for her.
That all changed for Marjorie in 2021 when her computer suddenly froze. A popup window that appeared to be from Microsoft provided a phone number for her to call customer support. During the call a “Microsoft engineer” explained that Marjorie’s financial accounts had been compromised and transactions were pending. In order to protect her funds, she needed to move them to an uncompromised account immediately before the pending transactions were completed.
Given the urgency, Marjorie disclosed where she banked, and her call was transferred to a “fraud specialist” with her banking institution. After talking with an individual posing as a representative of her bank, Marjorie was instructed to wire all the funds to a new account where the funds would be “safe.” To keep the funds safe, she needed to act immediately without notifying anyone else. Marjorie complied and never saw the funds again.
This story first published by CNBC in 2023 tells a far too common story of individuals losing funds to cunning cyber criminals. When many individuals read stories like Marjorie Bloom’s, they don’t believe it can happen to them. While they may recognize the warnings signs in stories they read, they often underestimate the skill of con artists and the emotional reaction of human nature when they become a target themselves. Many savvy individuals are counted among the victims.
Cybercrime in the United States:
Annually the Federal Bureau of Investigation (FBI) publishes the Internet Crime Report which compiles data from its Internet Crime Complaint Center (IC3). The IC3 provides a way for the public to report instances of cybercrime and initiate a process for tracking and attempted recovery of stolen funds.
Since its establishment in 2000, the IC3 has received over eight million complaints and has averaged 757,000 complaints per year for the last five years. Over those five years, the complaints have represented $37.4 billion in losses.
With the increase of each individual’s technological footprint expanding through their online presence, cybercrime continues to grow with 2023 accounting for 880,418 complaints and $12.5 billion in losses, a 10% increase in complaints and a 22% increase in losses over 2022.
Source: 2023 Internet Crime Report (https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf)
While the table above tells a sobering tale, it is just the tip of the iceberg. The FBI reported that they were recently able to infiltrate a ransomware group’s infrastructure and found that only 20% of victims had reported their incident to law enforcement.
With cybercrime on the rise, it is more important than ever for individuals to understand and recognize common schemes. While cyber criminals are always innovating and no one can be fully immune to an incident, implementing best practices and protecting personal data can reduce the risk of experiencing a life-changing loss like Marjorie Bloom.
Key Takeaway:
Cybercrime is substantial and increasing. Everyone needs to be prepared to protect their financial wellbeing.
Commons Scams:
Phishing: Phishing scams are the most common scams reported by consumers accounting for almost half of the complaints the IC3 receives each year. In a phishing scam, cyber criminals attempt to gain access to your computer, personal information, or credentials by sending an email with a malicious link or requesting that you enter your credentials in what looks like an appropriate website.
The email or request typically appears legitimate given the con artists attempt to replicate the appearance of an authentic email or website. However, there often are slight differences in the email address sending the message or the URL of the website. While email phishing has been a favorite of cyber criminals for years, a recent scheme is focused on search engines like Google.
In a search engine-based phishing scheme, the cybercriminal creates a fake login page for a reputable financial institution. When a customer searches for that institution’s login page, the fake page shows up at the top of the search results. The individual goes to the page which looks authentic, types in their username and password, and immediately gets an error that they used the wrong password. From that point on, the cybercriminal has the username and password for the real account and can log in.
Typically, the fake page will provide a number to call for assistance which will connect you to the cybercriminal who poses as a representative of the financial institution. During the call, they may ask for information like a two-factor authentication code, access to your computer (under the pretense of tech support), or provide advice not to log into your account for multiple days until the issue is resolved (during which they are actually wiring your funds to their bank account).
How to Avoid: Given phishing scams are popular, nearly everyone will encounter them eventually. Good practices to avoid falling for phishing scams are:
- Don’t click on links in emails from unknown sources.
- Double check email addresses and URLs to confirm they are authentic. URLs and email addresses with misspellings or random characters should be treated with extreme caution.
- Don’t provide usernames, passwords, or multifactor authentication codes to “customer support” representatives. If you are talking to an authentic representative of the financial institution, they can access your account on their institutional platform without your credentials.
- Be wary of any advice stating that you should not access your account or discuss with friends or family. An authentic customer support representative will never tell you to stay out of your account for a certain number of days or request that you refrain from contacting trusted individuals.
Key Takeaway:
Be vigilant and confirm the authenticity of email addresses and websites before logging into your account or following links. If something looks suspicious, don’t interact with it.
Tech Support Scams: Tech support scams function similarly to phishing scams. This is the scam that Marjorie Bloom fell for at the beginning of this post. Usually, a tech support scam begins with a popup warning on your computer stating that suspicious activity, viruses, or malware has been detected.
Often the popup is accompanied by the logo of a well-respected institution like Microsoft and includes a phone number to call for assistance. However, the phone number leads back to the scammer posing as a support technician.
Once you make the call, the support technician will explain that there is a pressing issue that requires wiring money in order to protect the funds from being compromised (as Marjorie experienced). Other times the “support technician” may request that you download software onto your computer or give them remote access so that they can help “fix” the issue.
Often the software they help you download allows them to obtain personal information on your activity or log your keystrokes so that they can identify your usernames and passwords for multiple websites and access your accounts.
How to Avoid: With everyone having multiple devices connected to the internet including smartphones, computers, tablets, etc., we are all targets for tech support scams. If you receive a suspicious tech support request, consider the following:
- Ignore suspicious calls claiming you have an issue and offering tech support. If you receive one, hang up.
- Don’t click any links in suspicious popup windows on your device and don’t call phone numbers in any suspicious popup windows. Real security warnings from reputable institutions will never ask you to call a phone number.
- If you are concerned that there may be an issue with your device, independently look up the contact information for a reputable company you know and trust and reach out to them directly.
Key Takeaway:
Be suspicious of any popup windows that claim you have a virus and provide a website link or customer support number. If necessary, get help from an independent trusted third party.
Grandparent Scams: In a grandparent scam a scammer may call pretending to be a grandchild or other relative who needs help. Typically, the scammer claims to have been arrested or in an accident and needs financial support.
In many cases, the scammers are able to “spoof” the caller ID system to make the call appear as though it is coming directly from the relative. In this type of scheme, the scammer impersonating the relative will request not to be contacted directly or ask that no other contact be made with other family members given they are in an embarrassing or difficult situation.
More recently, with the widespread access to artificial intelligence, it is easier than ever for scammers to recreate anyone’s voice as long as they have a short clip of them speaking. Getting a short clip is typically easy and can be done by recording a phone conversation or having access to a publicly available recording such as a podcast, radio, or television interview. Using this, they can sound exactly like the loved one they are impersonating.
How to Avoid: If a relative calls and requests money for an emergency, consider taking the following steps:
- Hang up and call them back directly on their own number.
- Consider having a secret word that everyone in the family knows. If anyone calls and claims to be part of the family but doesn’t know the secret word, hang up.
- Notify trusted friends and family members to confirm the legitimacy of the event.
- Never provide personal information such as usernames, passwords, multifactor authentication codes, and never wire money to unknown accounts.
Key Takeaway:
Be sure to verify the identity of anyone claiming to be a relative and involve family members to ensure the request is legitimate. Never wire money to an unknown account.
Ransomware Scams: Another popular scam is ransomware scams. Ransomware scams often begin by an individual clicking on a link in a phishing email or interacting with an infected website or online ad. Once the infected ransomware has access to the individual’s computer, it will encrypt files or prevent access to important information
The purpose of a ransomware attack is to hold the data hostage until a ransom is paid. If the data is sensitive, the perpetrators may also threaten to release the data if the ransom is not paid.
One important consideration for individuals who experience a ransomware attack is that paying a ransom does not guarantee that the perpetrators will reinstate access. Rather, it further emboldens criminals to continue their schemes as a result of the financial success, and it may make the victim a likely target again given they have demonstrated their willingness to pay. Accordingly, law enforcement typically does not recommend paying the ransom.
How to Avoid: There are a few steps that can reduce exposure to ransomware schemes:
- Don’t click on links in unknown emails or interact with suspicious websites.
- Only download data from known and trusted sources.
- Backup your data regularly on a separate network or device.
- Ensure computers are up to date with the latest security patches and updates.
Key Takeaway:
If you have important information on your device, ensure its security is up to date and all the important files are regularly backed up on an external device or network.
How To Reduce The Likelihood of Becoming a Victim:
!!!Note: Prairiewood is not a cybersecurity firm and makes no assurances that individuals can be immune from cybercrime. However, most cybercrime occurs when individuals do not protect their own data. In light of this fact, the following are ways to reduce but not eliminate the chances that individuals fall victim to cyber criminals.!!!
While the cybercrimes discussed above are common, there are an unlimited number of other tactics that cybercriminals use to gain unauthorized access and steal funds. Cybercriminals are working endlessly to stay ahead of law enforcement and technology companies and are continuously developing new methods to stay one step ahead.
Although cybercrime is not going away anytime soon, most cybercrime occurs when well-meaning individuals compromise their own security by clicking links, providing information, or wiring funds directly to nefarious sources. In order to reduce the risk of becoming a victim of cybercrime, consider taking the following steps to protect and secure your information.
Password Maintenance: Everybody hates passwords. We get it, but the reality is that passwords keep your data safe. For websites that maintain important data such as financial accounts, financial information, health care information, etc., use strong, random character passwords and do not reuse the same password across multiple accounts.
Also, consider updating your password on a recurring basis. Individuals who struggle with passwords may find that a quality password management software can help streamline this process.
Finally, never give your username and password to an individual posing as a customer support representative. If the customer support representative actually works for the institution, they should have access to your information through their institutional platform without needing your username and password.
Multifactor Authentication: Set up multifactor authentication for all important accounts. Multifactor authentication ensures that your username and password alone are not sufficient to log into your accounts. Typically, a multifactor authentication code will be sent to your phone to confirm your identify while logging in. Similar to a password or username, never give out your multifactor codes. A legitimate customer support representative will not need them.
Check With Trusted Family and Friends: If there is a suspicious request, ask a trusted friend or family member. If the suspicious request specifically states that you should not talk to friends or family, that is an even bigger reason to bring it up immediately to those you trust. Legitimate individuals should have no concern with other friends or family members being involved.
Report Any Potential Crime to IC3: Internet Crime Complaint Center (IC3) is the FBI’s way to allow the public to directly report cybercrimes. Crimes can be reported at www.ic3.gov. The FBI established a Recovery Asset Team in 2018 that can work with financial institutions to freeze accounts and recover funds that are fraudulently taken.
Since 2018, they have recovered over $538 million in funds for victims. However, the success of recovering funds declines as the time taken to report the crime increases.
Key Takeaway:
Strong passwords, multifactor authentication codes, never giving passwords and multifactor authentication codes out, talking to trusted individuals if something seems suspicious, and ultimately reporting any cybercrime event to IC3 quickly, can help reduce the risk of financial loss to cybercrime.
Conclusion:
With the interconnected and technologically advanced world we live in today, cyber security and fraud will continue to be a challenge that faces many Americans. Individuals just like Marjorie Bloom face threats every day that can have devastating consequences to their financial futures.
As cybercrime continues to be an extremely lucrative crime for perpetrators, we can be assured that there will be no shortage of new schemes to bilk individuals out of their hard-earned savings. Because of this, it is more important than ever for individuals to take precautions to reduce the risk that they become a victim.
Simple strategies such as appropriate password maintenance and multifactor authentication, not disclosing this information to third parties, not calling suspicious phone numbers in popups, not clicking on suspicious links in emails from unknown sources, and involving knowledgeable friends and family when in doubt can significantly reduce the risk of experiencing a loss.
While growing your wealth is a primary focus throughout life, it’s equally important to ensure you are protecting the wealth you’ve accumulated, and in many cases, the simple solutions outlined above can reduce the risk of becoming a victim of cybercrime.
If you are interested in learning more about how a Family CFO can help create a comprehensive plan for your family’s financial future, we would love to connect to see if what we do is right for you.
