Account Security Best Practices
At DriveWealth, LLC, we take your account security seriously and you should too. Cyber security crimes cost the Global Economy upwards of $6 Trillion USD in 2019 and cyber criminals are becoming extremely convincing in getting you to hand over your personal information or allowing them to access your account through several methods. Please read the information below, which will help you keep your account(s) safe in light of this growing threat. Please note, the below is not an exhaustive list of steps you can take to keep your account secure, but serves as information for you to implement best practices around your account security.
Definitions:
1) Phishing/Spear Phishing – Is the act of sending an email or personalized email eliciting an individual to click on a link or attachment, which then infects the device or network of the individual being attacked.
2) Voice Phishing (Vishing) – Is the act of using the telephone to elicit an individuals to provide a cyber criminal with personal information about you, typically mimicking legitimate financial institutions which you may do legitimate business with (Banking, Insurance, Financial (investments), etc.).
3) SMS Phishing (Smishing) – Is the act of using text or other messaging services which elicit an individual to click on a link or attachment.
Examples:
Phishing/Spear Phishing – An email communication which is general in nature, or from a company, organization, or other sender which you maintain a relationship with (e.g. Bank, College, Phone Company, Insurance, etc.). The communication will include some personal information, such as your name, and can also include information such as an account number (in its entirety or partial) and requests that you take an action, such as clicking on a link to reset your password, or other action - typically to ensure your service is uninterrupted. Phishing and Spear Phishing attacks can be very convincing, particularly if you do have a relationship with the company or service provider for which it appears the communication is coming from.
Note: To combat these types of cyber-attacks, most legitimate companies will never send you an unsolicited password reset (unless you have requested a password reset), they will not ask you to click on a link within the email (they will direct you to their website, to login to you account), and will not include an attachment or other file (unless you have requested the file to be sent).
Vishing – A telephone call from a real person, or a pre-recorded message, typically with an urgent message concerning your account or in regard to your personal information being compromised (e.g. From your bank, credit card or IRS, etc.). The message will typically sound very urgent to get you to act, before thinking about the legitimacy of the message itself.
Note: To combat these types of cyber-attacks, most legitimate companies to not send you pre-recorded messages, nor will they request personal information from you (when they are calling you, and you have not reached out to the company). Please note, most companies, when you reach out to them do require you to verify some personal information before discussing or answering any account or service related questions.
Smishing - A text message, typically with an urgent message concerning your accounts or service, which elicits you to click on a link or provides a support number to call. Once you click on the link, it may download malware (malicious software) to your device or bring you to a webpage or other location to download a malicious mobile application.
Note: To combat these types of cyber-attacks, most legitimate companies do not send you text messages, with links for you to click on. Most text messages from legitimate companies will only provide text, with additional information and will generally not provide, within the text message, a number to call back (but may refer you to the company’s public website).
Security Tips to help keep your account(s) secure:
You Should Never…
- Use open (public) Wi-Fi to access your accounts – open or public Wi-Fi does not transmit your information securely and makes it very easy for a cyber criminal to snoop on any websites, or information you transmit via a public Wi-Fi. Public Wi-Fi is often available at coffee shops, libraries, and other public locations where you can gain internet access via Wi-Fi.
- Share your User Credentials or Passwords with anyone else
- Never plug a USB drive or External hard drive into your computer unless it is yours
- Click on a link in an email, text message, or chat which you did not request (such as password reset, meeting invite, etc.)
You Should Always…
- Create secure passwords with a minimum length of 12 characters (16+ characters is ideal).
- You should maintain different passwords for every account you maintain – if a hacker cracks one of your user names and passwords, they then have access to all of your accounts, if you use the same credentials for every account.
- Be suspicious of an email containing links or attachments - Before clicking on any links or attachments review an email closely to assess it legitimacy. Often times, cyber criminals will create fake website links that closely resemble legitimate companys’ websites. Also, you should review the sender and recipient information, the date and time in which the communication is sent, the subject line, the body of communication and whether there are any links or attachments included in the body of the email. Typically, there is information in the communication which is ‘off’ by a letter or word from the legitimate company (e.g. Thanks for your order! Click the link to view your confirmation From: AmazonSales.com; the actual is Amazon.com)
- Question communications, emails, or phone calls that create a sense of urgency. This is a common cyber criminal technique to elicit you to make a quick decision before you have thought about the legitimacy of the communication.
Consider using a password manager to manage the strength of your passwords and help you track the use of different passwords for your different accounts. Some of these services also provide enhanced features which include scanning the dark web, and other forums where cyber criminals sell your information f