Four Ways To Avoid Being Victimized By Phishing Expeditions
Remember when hearing about fishing meant just that? You’d think of sunny days, being out on a boat or a dock, enjoying the fresh air and sport of catching that next big fish.
Alas, when you hear the term today, more often than not you might think of ransomware, hacker attacks and other digital dangers.
Unfortunately, we’re living in a world where phishing attempts can result in major crisis situations.
In this installment of CyberCrypt Tales – where we spotlight the most common cybersecurity-related matters as well as outrageous situations that have actually happened – we’ll review a phishing situation that could have turned out very badly…and best practices for firms and advisors to educate themselves and staff members to avoid phishing catastrophes.
Here’s the scenario
A wealth manager at a leading RIA firm receives a phone call from one of their clients just verifying that the wealth manager receive the funds he recently requested.
The wealth manager immediately responds to his client and says he did NOT request a wire transfer.
The client says NO, it was you and forwards him the email that she received from the wealth managers email address.
The wealth manager is horrified because he did NOT send that email. Someone obviously logged into his email and sent it. The wealth manager looks at his sent folder and does NOT find any email sent to the client. How did this happen?
How hackers use phishing emails
It turns out phishing emails like this are fairly common. Hackers routinely leverage free hacker tools available on the internet to send emails that can mimic any email domain.
“Using social media, a hacker can easily guess a wealth manager’s clients based on past birthday wishes or other types of revealing posts on public Facebook or twitter feeds. ”
It isn’t difficult to figure out what a wealth manager’s email address is or guess it based on a firm’s name. All it takes is a simple Google search.
Using social media, a hacker can easily guess a wealth manager’s clients based on past birthday wishes or other types of revealing posts on public Facebook or twitter feeds.
Best practices for avoiding phishing catastrophes
There are four simple steps that every firm can take to maximize preparedness and awareness, and thereby minimize the risks of catastrophic phishing attacks.
Here they are:
- Simple table top exercises at your RIA firm to teach every person at the firm the importance of cybersecurity. Teach every person to spot common phishing emails
- Don’t just stop at teaching employees at your firm but teach your clients as well . Clients are often times the weakest link in the chain
- Use multi-factor authentication on your email client or if you receive an important email even if you think it’s coming from a trusted source. Always call and verify
- Make all your social media channels private immediately if you haven’t already done so. Reduce your publicly visible online footprint.Sid Yenamandra,
Founder & CEO of Entreda
Unfortunately, no wealth management firm is going to change the population of hackers or eliminate the desire of cyber criminals to find new ways to steal from you and your clients.
But with that said, sticking to these four best practices can make a big difference on this increasingly thorny cybersecurity risk.
Until next month, stay safe in cyberspace!