CyberSmart: How to stay a step ahead of fraudsters
Editorial staff, J.P. Morgan Wealth Management
October is National Cybersecurity Awareness Month.
With work-from-home for many of us, our reliance on digital tools has skyrocketed in recent years. Cybercriminals have wasted little time taking advantage of this, launching large-scale cyberattacks, phishing scams and other malicious activity against individuals and businesses.
While a number of organizations – including J.P. Morgan – work tirelessly to establish safeguards and protect us from these criminals, we have some homework to do as well. For the month, we are sharing tips and strategies to improve your digital defenses against cybercriminals and fraudsters.
The volume of cyber-attacks against the financial sector has risen significantly over the years, with an increase of 238% during the peak of the pandemic alone. While most financial institutions have rigorous systems in place to protect your data from breaches, it’s also important for you to stay vigilant – by understanding emerging trends and taking action to protect yourself against potential exposure.
Below are some actions you can take for extra protection:
Interested in working with an advisor?
Work 1:1 with our advisors to help build a personalized financial strategy that’s built around you.
Actions you can take with your bank
Here are actions you can take with your bank.
Create unique, complex usernames – not just passwords
Usernames should not contain any personal information, including any variation of your email address. So, if your email is johnsmith@gmail.com, don’t set your username as johnsmith – even if it makes it easier to remember.
Passwords should be unique, at least 10 characters long – including a combination of upper- and lowercase letters, numbers and special characters – and should not contain any personal information or answers to your security questions, such as a pet’s name.
Enable online alerts
Turning on alerts allows you to be one step ahead of fraud. Many financial apps offer online alerts for different types of account activities to help you stay on top of potentially fraudulent transactions or account changes.
Use online bill payment systems
If a physical check is stolen or lost, a fraudster will gain access to your personal information – including your name, address, bank account number and signature. Using online bill payment services can limit this risk.
Set up paperless statements
Similarly, your account statements can be lost or stolen, potentially exposing your personal information to fraudsters. Online statements through your banking app or email are likely more protected from this threat.
Actions you can take outside your bank
Here are actions you can take outside your bank.
Implement a credit freeze
Freezing your credit is a proactive measure against identity theft. A credit freeze –also known as a security freeze –restricts access to your credit report, making it more difficult for identity thieves to open accounts in your name or abuse your credit.
To put a security freeze on your credit, as well as to protect the accounts of your family members, call or visit the websites below:
- Equifax: 888-378-4329| www.equifax.com/personal/credit-report-services/credit-freezeOpens overlay
- Experian: 888.397.3742 | www.experian.com/freezeOpens overlay
- TransUnion: 833-806-1627| www.transunion.com/freezeOpens overlay
Choose a reputable email provider, with spam filtering and multi-factor authentication
Compare your email providers against each other, and try to choose one that offers additional layers of protection – such as multi-factor authentication – against cyberattacks.
Of course, history shows that even seemingly secure email providers aren’t completely immune to cyberattacks. So regardless of the provider you end up choosing, there’s some homework to be done on your end. Specifically, you should regularly clean up your mailbox. Delete emails containing personal information – such as photos of IDs or documents saved in your email Inbox, Sent and Trash folders. Fraudsters often review the emails in your account to understand how you transact, communicate and conduct business months before they attempt to commit fraud.
Contact your mobile service provider to prevent phone porting and call forwarding
In an emerging trend, fraudsters hijack phone numbers by tricking cell phone service providers into transferring (or porting) a victim’s phone number to a new device, or by hacking into an individual’s online account. When this happens, fraudsters gain access to the data ported from the original mobile device and are able to reset a victim’s passwords on every account that uses the phone number for auto recovery. They are also able to receive one-time verification codes sent to the mobile number by text, phone call or email. Equally concerning is the ease with which a phone number can be forwarded to another number.
To prevent this from happening to you, log in to your online account or call your service provider to freeze phone porting and call forwarding capabilities, and add a verbal password to your account for additional security.
Install anti-virus and ad-blocking software on all of your devices
Do your homework – not all software is created equal. You may want to consider software that includes multi-layered malware, spyware and adware protection. Some also offer firewall and spam filtering capabilities, as well as ransomware protection.
Limit the amount of personal information you share online
Conduct an audit of your social media privacy settings and the information a person may have access to when viewing your accounts, as well as your children’s.
Actions to avoid completely
Do not assume a phone call, email or text message is genuine
Be wary of impersonators. Fraudsters use social engineering techniques to deceive you into disclosing information or taking action on a financial account.
Do not share personal information with unknown individuals
Be mindful of the information you share with others, even in the normal course of business. Always try to verify in person, or through additional outreach, if the individuals contacting you are who they say they are.
Do not use the same credentials and passwords for your online accounts
For instance, your email password shouldn’t be the same as your bank account password or your social media password. These days it seems like there is an infinite number of passwords to keep track of, so consider using a password management tool instead.
Do not allow unknown individuals to access your computer remotely
Even if they claim to be from your work, a reputable service or a technology provider. Hang up, or disconnect, and independently verify if the request is legitimate and necessary.
Do not use public Wi-Fi networks, such as those in hotels, airports or coffee shops
If you absolutely have to, make sure to first set up a Virtual Private Network (VPN). A VPN can encrypt the data you send and receive while using the public Wi-Fi, potentially protecting that information from other users of the same connection.
Invest your way
Not working with us yet? Find a J.P. Morgan Advisor or explore ways to invest online.
Editorial staff, J.P. Morgan Wealth Management
