Our society is becoming increasingly digital. While digitization brings many benefits, it also generates a number of cyber-related risks. For example, consider cyber-fraud. At the heart of every fraud is a compelling story, which profiles seemingly easy ways of making money. Most people want to make a great deal of money, but it is important to understand there is NO easy way to create wealth. Therefore, if someone tells you—or sends you an email—about a way to make “easy money” they are either a fraud or they do not know what they are talking about. Either way, you should neither talk to nor email such people. This is important because you cannot be defrauded if you do not give a fraudster your money (and your trust).
A far more subtle cyber-crime is identity theft, which occurs when criminals obtain victims’ personal information, such as birthdates and social security numbers, and then secure and use lines of credit in the victims’ names. There are three general ways that cyber-criminals steal personal information: (1) Directly from a victim via some form of con, (2) From a victim’s computer via some form of program, and (3) Stealing it from a website securing victims’ information. Here are some ways to mitigate each of these risks.
First, make it a practice of never giving out either your birthdate or social security number. Exceptions to this rule are to your banks/credit providers, insurance companies and certain governmental agencies. Significantly, each of these entities are generally very careful with personal information and will not indiscriminately ask you to provide it. Therefore, if you receive an email asking for this information that seems to be from any of these entities, you should first click on the email address to ensure that address is “legitimate.” By legitimate, I mean the email address matches the entity in question. If it does not match, and most of the time the addresses will not match, then you should permanently block the email address. However, if the email address seems legitimate, you should still not respond to the email. Instead, call the local office of the entity in question and ask a manager to both confirm the request, and to clarify the reason for it.
Next, make it a point to never click on non-secure links in emails, especially emails from people you do not know. (An example of a secure email link, is a link found in a confirmation email that is sent after you have made an electronic purchase from a reputable merchant.) The reason to generally avoid email links is that some of them deploy programs designed to scan and retrieve personal information off of a computer, which can be used to steal your identity (amongst other things). Despite techniques like these, many computers will be hacked, and much personal information will be stolen. Therefore, you should try to not have documents that contain personal information—such as tax returns, social security documents and bank statements—on computers connected to the internet.
Similarly, personal data should not be stored on portable flash drives, unless such drives are encrypted and carefully secured. You should also regularly monitor your credit history via subscription to a credit bureau. If, while doing so, you suspect credit lines in your name have been opened by someone else, you should immediately close those lines and have your credit history put on alert for fraudulent activity.
In closing, technology should be used with an appreciation of both the benefits of digital experiences, as well as the risks emanating from the cyber environment.
Joseph Calandro, Jr. for Personal Finance Employee Education Fund