Cybercrime May be Your Biggest Threat
We often associate crime with theft of physical things. However, there is a growing trend of theft through cybercrime. The dollar amount of cybercrime theft could very well be your most costly vulnerability – the dollar value loss of a few tools or even a vehicle can pale in comparison to having your bank balance cleared out. I will define cybercrime as theft via phone, email (computer), and cell phone.
I have noticed recently that I am getting emails from my banks with tips or even online courses with respect to protecting myself from cybercrime. The banks have a vested interest in your account security as they will often cover the loss. A lot of the following information is taken from CIBC and Alberta Treasury Branch information intended to help you recognize a cyber attempt to access your funds.
By the time of this publication, December 1, ATB’s online security course will have expired (November 30th) but I will summarize the basic protection recommendations.
Cyber crime’s basic modus operandi is the use of phishing where thieves try to convince you to divulge personal information. Any email, text, phone message that sets you up to divulge this information should be a BIG RED FLAG that someone is after your hard-earned cash. Immediately be on your guard.
So, what is the personal info you need to be concerned with: your bank account number, PIN’s, credit card details, codes, passwords, and SIN numbers. Never give these out without really having a hard look at why you are being asked for this information and if you really need to provide it.
The initial contact with you will be an attempt to gain your trust. Once they have that, they will abuse it. An attacker wants you to act without thinking first. So, if you receive an email, message, or other form of communication that is out of the ordinary for you, slow down and analyze it carefully.
Let me give you a live example of this. I received a call on my cell phone from someone purporting to be from the Canada Revenue Agency complete with their name and an “agent number”. I had received a few calls from this number in succession, so I picked up my cellphone as it appeared someone had made numerous attempts to contact me. As a side note, I ask people not to call me on my cellphone as there is a high likelihood of losing the call due to poor reception.
I asked the caller to call me back on my landline. At this point they asked me for my landline number. That was a red flag as two things occurred to me at the time. One was the CRA should have my landline number as that is the only one I would have given them if I had historically given them a phone number. The second thing was that I would never have given them my cellphone number due to it being unreliable. I told them off (I love that part) and, amongst other unrepeatable things, told them I knew they were a scam. They hung up and I never heard from them again.
If the Canada Revenue Agency is trying to contact you, they will be relentless. So, if someone is telling you they are from the CRA and you only hear from them once, it wasn’t the CRA. If you want to check if CRA is really trying to contact you, you can call them at 1-800-959- 8281 (Individuals) or 1-800-959-5525 (Businesses).
Look for some warning signs in a message that it belongs to a scammer: 1) threatening or urgent language. Forcing you to act without thinking is one of their tactics. An example of this is “Your bank account has been frozen due to an unauthorized charge. Call to rectify the situation”. 2) generic language. Example “Dear User”. 3) Spelling errors. Most of the cyber crime attempts come from overseas where English is not their first language.
Beware of attachments. They will often contain a virus or other malicious software. Don’t open or download anything you were not expecting. Make no assumptions. Treat all requests for sensitive info with a high degree of skepticism. A live example of this is a phone message I had purportedly from the “Security Department” of a bank that used the unauthorized charge, frozen bank account method. The red flag was that my name was never used, and it also occurred to me that more than one person in our household had an account with that bank and yet the message did not say whose account was involved.
Beware of providing too much personal info on social media. This info can be used to craft a more personal/believable message to you requesting additional personal info to access your account.
Keep devices and software updated as updates can be for plugging loopholes and vulnerabilities.
Protecting your personal info requires a commitment to security awareness. Unfortunately, it is a sign of the times in which we now live. This is as important as locking up your physical items. I would go so far as to say that it is probably more important because the dollar value of your loss may be much greater.
Dave Schroeder – HCRCWA Board Member