I received an email from a client stating that he was tied up in a meeting and needed “help” urgently. Instantly I thought this was odd for several reasons:

1. Stating needing urgent help
2. Stating being unreachable (wasn’t sure what meeting since he was retired)
3. The client usually signed his emails with his initials and this time his entire name was spelled out

You may feel obligated to help, but I would rather get yelled at for not doing anything than send a client’s money to Nigeria. The email was also not specific as to what he wanted “help” with so it seemed to be more of a test to see if I would be a good target.

I called him to confirm and he said he was hanging out with his grandkid and not in a meeting and he did not write that email! I told him to change his password on his email account right away and delete any important documents he might have stored in his email account.

Regardless of this tactic, we don’t move money without first verbally confirming with a client and have systems in place to make sure this does not happen. Once the money is moved it is gone forever (especially with wires) to a bank account halfway across the world faster than you can take a breath.

How to protect yourself

Passwords – passwords should have special characters, upper-case and lower-case letters – they can be easy enough to remember so you don’t have to write them down but not easy to figure out. Criminals have software that can easily figure out weak passwords. Try not to use the same password on several sites – if one account is compromised attackers may be able to gain access easier to your other accounts.  You could use a sentence that you can remember with letters and numbers on either side or in between. Never give your password to anyone.

Security questions – avoid using personal information or information a criminal can easily figure out such as your mother’s maiden name, address, dates, or colleges attended. You can also use two-factor authentication – this is the system that sends a code to your phone which you have to enter before you can gain access to your account. It requires your username and password plus a security question and/or access code.

Protect Sensitive Info – avoid storing documents with sensitive info in your email (yahoo, google, etc) Secure personal information on the web to the extent possible – for example don’t publicly post your address on social media accounts or phone numbers, etc.  Although a lot of this personal information is readily available online anyway, why make yourself an easier target? Sign out of social media websites when you are not using them and ensure that your settings and posts are private and can only be seen by your contacts.

Question Everything – Always verbally confirm messages or email requests and never respond to a link embedded in an email. If you get an email asking you to click on a link, go straight to the website directly. Some emails can impersonate real websites but they are actually fraudulent – for example an email saying you have a secure message and to “click on the link”. You can try and hover over the email address or click on it to see where the email is really coming from – if it does not look legitimate delete the email. For example, you may get an email from Amazon which may legitimately be [email protected] but when you click, reply or forward the email address you may see an address like [email protected] which is obviously not Amazon. Don’t click on texts with links unless you know where they are coming from.

If your credit card company calls you and asks for personal information tell them you will call them back on the number on the back of your card.

Encrypt your Data – Keep your browser secure by using encryption software that scrambles information you send over the internet.  Before sending personal information you should look for a lock icon on your internet browser which indicates your information will be safe when it’s transmitted. When connecting to a website that uses your personal information make sure you are using an encrypted connection – the URL should say HTTPS.

Wifi Access –  Avoid connecting to unsecured public wireless networks such as in coffee shops, hotels, airports, restaurants, etc. if there is no password.  Don’t allow public computers to remember your passwords – if you have to log in to a public computer to access your account make sure you log out and close the browser when you are finished.

What to do if you are hacked

Email – Change your password immediately if your email has been hacked. You may also want to warn your contacts in the event they get an email from you asking for information. Make sure the hackers didn’t set up a forwarding service to receive your emails.

Bank accounts & credit cards – Contact the institution immediately since catching this earlier will prevent additional transactions from taking place. The bank or credit card company can stop transactions once they are notified that there could be a fraud. Check your credit report to make sure no accounts have been opened in your name. You can also put a fraud alert on your credit or freeze your credit. This is a useful website where you can get your free credit report for the three different reporting agencies.

Avoid using a debit card for everyday purchases and only to get cash – if your debit card is stolen it is harder to get back that cash compared to a stolen credit card.

Run Antivirus or malware Software on your computer – Webroot, Norton, and McAfee are some popular antivirus software. Also, be diligent about running software updates even on your cellphone as sometimes these updates include enhanced security features.

Social media – If your social media accounts suddenly have posts you didn’t make you have probably been hacked – change your password immediately and visit the applications page and remove any apps you did not add.

Of course, none of these suggestions are foolproof as hackers are getting more and more sophisticated by the day, but anything that looks strange probably is. Better to stop, think and ask questions rather than end up with compromised data or becoming a victim of fraud.