CAN YOU SMELL THE PHISH?
The importance of appropriate Cyber Security precautions cannot be over emphasized
We live in a world where many, if not most of us, have multiple electronic devices such as desktop computers, laptop computers, tablets, smartphones and yes, even watches. These are generally inter-linked, and we have come to place daily reliance on them to manage the administration of our lives.
However, this has led to a dramatic increase in our exposure to cyber criminals and each of us has a responsibility to protect ourselves.
The security of our clients is of paramount importance to us. So we are putting additional measures in place by providing you with guidelines on the basic types of cyber crime, plus some important recommendations to help you protect the security of your online and email communications.
Firstly, please note that:
- WPS Staff will NEVER ask for any of your passwords. Additionally, you should NEVER divulge any password over the phone or via email.
- Before logging on to the WPS website (or any website for that matter) ALWAYS check that you are using the correct web address. You can check the validity of our digital certificate by clicking the padlock icon or confirming that you can see the EV Name Badge in the address bar.
- If you receive an email with a link and you are doubtful of the email’s authenticity, NEVER click on the linked provided. Instead, type the correct web address directly into your browser to access the website.
- ALWAYS ensure that you log off properly when exiting any site that required you to input your password by clicking the Log off button.
Cyber Crime: fraud, spoofing, scams, hackings… a ticking time bomb
Here are some important definitions relating to the more “common” forms of potential attack on your security. Note that this list is not intended to be comprehensive.
Phishing: emails received from a “legitimate-looking” email (e.g. from your bank) asking you to click on a link in the body of the email that requests an update or verification of information.
Sms..ing: instead of an email, this is where fraudsters text messages to your cell phone containing a link to update information.
Vishing: this entails social engineering over the telephone. Fraudsters phone you to elicit personal or account information that they can use to defraud.
Email hacking/impersonation: Cyber criminals manage to access your email account and passwords, allowing them to access sensitive information on your email that can be used to create authentic looking correspondence to convince others or an institution to act in a way so as to defraud.
Cyber Resilience: Empowering you to protect yourself
In order to protect ourselves as much as possible from cyber fraud, we need to constantly be aware of the threats.
Be Suspicious
- Be suspicious of emails/SMS’s asking for personal information or banking details (banks and financial institutions regularly advise that they would never do this).
- Be suspicious of emails/SMS’s received with a sense of urgency to provide information. Fraudsters try to pressurize you by claiming accounts will be frozen, etc. if action is not taken as soon as possible.
- Be suspicious of poorly worded or misspelt emails claiming to be from your bankers or financial service providers.
Websites
- Never click on links contained in emails/SMS’s.
- Website addresses that start with “http” rather than “https” are not secure and you should not load your personal or banking details onto such sites.
- All “https” websites should have a lock icon displayed. If it is a “http” site and does not have a lock displayed – it is a fraudulent site.
- If you hover your mouse over the email or web address, it shows the true email or domain address. If this reflects anything other than the text displayed, do not access or reply.
Passwords
- Use different passwords for all your devices or services.
- If you have the means, use a password manager to generate your passwords. These are passwords generally stronger in quality than those we derive ourselves. We will often choose something that is easy to remember and therefore can be easily deciphered.
- Password protect as many devices as you can i.e. on your smartphone/tablet/laptop. If any of them are lost or stolen, the ‘password protect’ is an added barrier to would-be cyber criminals.
- Enable two-factor authentication (password and PIN/OTP) on sensitive accounts such as email and banking.
- If you know that your personal information has been compromised in a phishing, smishing or vishing attempt, you must change your passwords and PINs immediately.
Ongoing Vigilance
- Keep your anti-virus and anti-spy software and firewalls up to date.
- Check and reconcile your statements of account and investments regularly.
- Be careful when using computers in hotels, internet cafes, conference rooms etc. Not all computers are secure, and fraudsters can install keylogger devices to record your keystrokes and then use this to access your services.
Disclaimer: Please note that the above is merely a guideline on the basic types of cyber crime. Wealth Preservation Strategies is not an expert in this field. Should you have any concerns with regard to your personal electronic communications and connectivity security arrangements please contact an independent expert and your internet service provider.