Seven Ways to Protect Your Family Against Fraud & Cybercrimes

Alarmingly, experts believe that cybercrime is underreported and the actual number of victims is much higher, as many individuals do not report incidents to the FBI or local law enforcement.

At CWM, we know that cybersecurity is a critical component of both client and firm success. But we can’t do it alone. We rely on our clients to be vigilant about their own online landscape, which is why we recently hosted a community-wide, annual cybersecurity training with Tim Villano, cybersecurity expert and Chief Information Officer at Artemis Global Security.

During our most recent training, Tim shared seven easy ways to help protect you, your family, and your financial accounts against fraud:

1) Secure accounts with Multi-Factor Authentication

Also referred to as MFA Two-Factor Authentication (2FA), enabling MFA on accounts such as email, banking, and social media makes you 99% less likely to be hacked.² MFA typically requires a combination of two or more credentials (i.e. a password and text message code) to verify a user’s identity for login. It increases security because even if one credential is compromised, such as your password, a hacker still cannot access the account without a second credential.

Other common factors are biometrics (facial recognition or a fingerprint), an authenticator app that generates time-based, six-digit passcodes, or a security key (generally a physical device that can either plug into a USB port or uses near-field communication to connect to your device when it is held close to the device).³

You’re only as strong as your weakest link – so ask your spouse, children, and parents to also secure their accounts with MFA. This single step closes more doors against cyberattacks than almost anything else.

2) Utilize a password manager

A password manager service manages logins and creates robust, complicated passwords. Password managers are secure digital vaults that store ALL your credentials, requiring you to remember only ONE strong master password. The password manager automatically generates long, randomized, and highly complex passwords for accounts - eliminating password simplicity and reuse.

According to Hive Systems, a 6-character password consisting of numbers, upper- and lower-case letters, and symbols takes about two weeks to brute force hack. Anything shorter or less complex can be hacked almost instantaneously (our own IT consultants suggest that passwords consist of 14 characters or more with a mix of numbers, upper- and lower-case letters, and special characters). Reused passwords are also a vulnerability because they may appear on lists of known data breaches. The good news is that many password managers will actively track and alert you if a password has been compromised in a data breach, prompting you to change it. 

Most password managers have family account options so that you can include your loved ones in this layer of security, thereby strengthening your cybersecurity biome.

3) Never trust caller ID – Verify before you act

What do you do when you get a call from an unknown number? Many of us opt to not answer and let it go to voicemail. It’s a great way to weed out spam calls and gives you the choice to respond to unknown people. But what should you do if you receive a call that appears to be from a legitimate source?

Spoofing is when a cybercriminal deliberately falsifies the information transmitted to your caller ID display to disguise their identity. The caller ID could appear as if it is coming from your bank, a government entity, a utility company, or even as if it’s your phone number!

If you answer a call from an unknown or suspicious source, immediately end the call and instead dial back using a number you independently trust and can verify. You can obtain this information from a statement, the back of your credit card, or an official website. No legitimate institution or organization will object to this. (Side note: now is a great time to recommend our clients save CWM’s phone number as a contact in their phone.)

Be careful of engaging with any spoofed calls as your voice can be cloned in less than 3-seconds. Be extra wary of answering “Yes” or “No” questions. NEVER give out personal information to an unknown caller and use caution if you are immediately being pressured for information from the caller.

4) Turn every suspicious contact into an outbound call

Whether it arrives by phone, email, or text message – if something feels off or you are not expecting contact, disengage and initiate your own contact using a verified and trusted source. Many hackers rely on our innate politeness or catching us off-guard to create a panic situation to get us to engage. The best thing you can do is hang up, don’t reply, and don’t engage. Most smart phones and email platforms have the ability to mark emails or text messages as spam and then block the number/sender. Use this feature to prevent additional contact from that specific source. As with the previous bullet point, any legitimate organization will not object to you hanging up and calling back.

5) Protect passwords and login credentials

Being cyber-safe includes NOT sharing your password with others. Be wary of communications (either by phone, email, or text) from unknown/unsolicited sources requesting a PIN code or your password.

6) Be wary of any unknown party reaching out to help you with security

Unsolicited outreach from “security teams”, “fraud departments”, or anyone claiming they can ensure you never have your identity stolen is ALWAYS a red flag. Cybersecurity measures and support is something YOU initiate.

7) Create a family safe word

A common AI-powered scam is called “The Grandparent Scam” or “Distressed Loved One Scam” in which the bad actor employs AI to create a voice clone or deepfake of your loved one. There are many avenues from which a scammer can get someone’s voice or image: videos and pictures shared on social media, personalized voicemail greetings, or recording a voice on a phone call.

The scam usually unfolds like this: a spoofed number calls you with a voice that sounds like your loved one. That “loved one” then claims to have been in an accident / arrested / [insert urgent situation here]. They may ask for bail money or hand the phone over to someone posing as an official seeking immediate payment. When faced with overwhelming news or a sense of urgency, it can be easy for you to want to take action to help your loved one. However, in situations such as these it is recommended that you create a family safe word ahead of time to confirm you are legitimately speaking to your loved one. In the absence of a pre-established safe word, hang up and call your loved one back using the phone number you have saved in your contacts. If you can’t reach them, check with other family members and friends who may be able to get in touch with them.

* * * * * * *

For a lot of us, the genie is already out of the bottle when it comes to safeguarding our privacy, data, and voice or image if we’ve posted anything to a social media site or unwittingly been involved in a large-scale data breach. In fact, as reported by Cybernews.com last year, over 16 billion passwords were exposed in a single data breach from many different online services such as Apple, Facebook, Google, and even some government platforms.

At CWM, we have processes and procedures in place to safeguard our clients against fraud, including verbal authorization on every money transaction or changes to accounts, continual reviews and testing for security, as well as on-going cybersecurity training firmwide. We will always call if we have questions or something seems off. We believe that building and maintaining relationships with our clients - by meeting on a regular basis and getting to know you at our events – helps us to identify when something might be strange.

Effective cybersecurity is not about creating a perfectly waterproof system. It's about building a watertight process - one with layers, vigilance, maintenance, and safeguards designed to contain problems before they become disasters.