Due to the national health emergency created by COVID-19, online scammers have way more opportunity to cheat and defraud, as most Americans are doing virtually everything via the Internet – shopping, happy hours with friends and family, even doctor appointments. The most common fraud bait recently? Refunds for cancelled travel and other events.
At this uncertain time, it’s an even bigger challenge to keep personal data private and secure. Here is what we recommend when clients ask what they can do to protect against getting hacked:
#1. Treat incoming emails, calls and texts with suspicion, especially if unsolicited. Scammers have gotten very, very good at sending emails and texts that look legitimate, as if they’re from a friend, relative or trusted institution like your bank or the IRS. All new email now is suspicious, especially if the email contains a link and/or attachment or asks you to provide personal info. No government agency, including the IRS, and no legitimate financial institution would ever contact you asking for personal information for any reason. Also be suspicious of new apps that promise new info on the coronavirus; these could contain malware.
#2. Do not automatically click on links or download attachments. Both of these “add-ons” are common ways to get at your device. Clicking on a malicious link doesn’t set off alarm bells. You may think: “Oh, that’s just an error message,” or “wrong website.” What may not be apparent is that the website you were on for less than a second goes on to quietly capture your browser data as you surf the web, including any passwords or log-in information stored on your browser!
#3. “Hover to Discover” malicious links. If you get an email that includes a link, ALWAYS hover over the link with your mouse. If you do that, the website address for the link will appear, usually near the link or on the left bottom of your screen. If you do not recognize the web address shown, or if it seems suspicious to you, do NOT click on the link.
Say you get an email from your bank that includes a link. You hover over that link and see that it starts with “Dropbox” or some other name instead of the bank name, followed eventually by your bank name. That is really, really suspicious. No bank will steer customers to an online-storage site like Dropbox.
#4. Increase use of “multi-factor authentication.” LNWM’s client portal and many other websites now allow for a two-step sign-in process. In addition to providing a password, you are asked to confirm your identity each time you log in by answering a personal question or a randomly generated number that is texted to your phone. Multi-factor authentication is much harder to hack, and we encourage our clients to add this feature not only for the LNWM portal but on all important websites they use.
#5. Protect your electronic devices. If you bought your device after 2010, the software should automatically update itself. All you need to do is (1) update your anti-virus by buying the latest version; (2) do not change the default settings for your computer’s firewall and for its automatic updating. It’s also safer to turn your computer off when you’re not using it and to periodically change the password for your home Wi-Fi network.
#6. When public gathering bans are lifted, remain very wary of using “free public Wi-Fi.” Before logging in via a public network at a hotel, airport or coffee shop, STOP to think: Am I working on something that is OK for everyone around me to see? If traveling, you might want to bring a device just for Internet access, with no sensitive information on it.