Sony, JP Morgan Chase, Target, Home Depot attacked. Russian, Chinese, North Korean, stateless hackers blamed. Stories about identity theft, e-mail hacks, and elder abuse blanket the news. No wonder many of our clients fear it's just a matter of time before the cyber criminals attack them personally. Fortunately, with a reasonable amount of vigilance, you can avoid becoming a victim.
Here is a summary of attacks against our clients, simple steps you can take to protect yourself, and what our firm is doing to protect clients' data.
Attacks against our clients in the last 12 months
1. Taking over e-mail accounts
Using your computer to connect to e-mail over a public WiFi (e.g. Starbucks) enables hackers armed with "sniffers" to grab your e-mail login and password. Once in, the hacker browses the outbox to sleuth out relationships with wealth advisors, travel plans, and other helpful facts. We recently received an e-mail asking us to wire $27K to pay for the purchase of a horse. Our client lives in rural New Hampshire, so it's not out the question that he would make that request. However, our money transfer rules require a phone confirmation on e-mailed money requests we weren't expecting. We called the client and learned that, not only had he not made the request, but he was also about to fly to Europe on vacation.
We immediately advised him to change his e-mail passwords AND all his bank and credit card passwords, since people often "recycle" passwords among multiple applications. A pain to do right before vacation, but of course the hacker knew from the client's e-mail about his upcoming plans. We also realized that the client wasn't receiving e-mails from us. We did a join.me session to review the client's e-mail settings and saw that a filter had been installed directing e-mail from @HeronFinancialGroup.com directly to the trash folder. The client wouldn't see e-mails from us. Meanwhile, the hacker could respond to us from the trash folder to keep up the charade that the client still wanted to buy the horse, but just couldn't reach us by phone while in EuropeMessages to us would be deleted from the send folder, so the client wouldn't stumble onto the exchange.