Protect yourself from cybercrime

Financial planning

Dec. 13, 2021

This year, it’s estimated that there will be a ransomware attack on businesses every 11 seconds—and that doesn’t include attacks on individuals, which occur even more frequently.

The intent of almost all cyberattacks is to get money—either yours or your company’s. At Truist, we deploy a layered, in-depth approach to security measures to protect you and your accounts.

“One of the biggest trends we’ve seen lately is attackers going after clients and suppliers,” says Jorge Perez, divisional chief information security officer for Truist Wealth. Being aware of the evolving, sophisticated way hackers are committing cyber fraud is the first—and often best—line of defense.

Perez explains what he sees as the biggest threats for Truist Wealth clients, and what you can do to protect yourself.

Ransomware

Ransomware is a form of malware designed to encrypt files on your device, rendering your computer systems unusable.

Here’s how it works. Cyberattackers send you an email getting you to either click on a link or download a file that unleashes the malware. The malware then encrypts your files, making them inaccessible; typically they also then take your information. Then, they demand ransom (often in cryptocurrency) in exchange for release of your files (and often for not posting your information to the dark web as well). Perhaps the most notable ransomware event in recent history was the Colonial Pipeline cyberattack in 2021.

“We’re seeing high-profile individuals and companies targeted, where the attackers steal the most money in the least amount of time,” says Perez. “From that perspective, clients who may be executives, business owners, or high-net-worth individuals are a big target because of their status within their companies and also personally.”

How to protect yourself: When it comes to avoiding ransomware, Perez says the best thing you can do is to limit your “attack surface.” “The more things you ‘touch,’ the more vulnerable you are on the internet.” Practicing good cyber hygiene is important: Doing things like running antivirus programs to catch malware, only visiting reputable websites, using a spam/ad blocker, keeping your computer system up to date—these are all steps that will limit your cyberattack surface.

Another tip from Perez is to not use an account with administrator permissions in your day-to-day computer work. “A lot of people set up their PCs on default settings, as an administrator,” he says. “That means we can install anything we want to. But in your day-to-day work, you typically don’t need that. If you just create a general account that’s not an administrator and use that, you’ve severely limited the attack surface.” When you do click a bad link on a nonadministrator account, this will severely limit the damage an attacker can do because they don’t have the required permissions.

Business Email Compromise (BEC)

In BEC, hackers will carefully craft an email pretending to be an executive or a position of authority that you know (like your CEO), asking you to wire or move money into another account. There is no compromise of your network, but the sense of urgency (or emergency) can make you act fast. Perez says hackers do their homework, and typically “they figure out who the players are, who they need to send this message to, what they need to say, and even the correct writing style in order to make it the most successful.” According to the cybersecurity software company Symantec, this type of emailing, known as spear-phishing, is the most popular avenue for attack and is used by 65% of all known cyber fraud groups.1

How to protect yourself: Perez says if you receive a suspicious or unusual email, get offline and pick up the phone. “Call your boss or whoever’s emailing you and say, ‘Hey, did you mean to send this? Are you serious? What’s going on?’ That typically catches a lot of this, because the person on the other end won’t recognize the request if it’s illegitimate.”

In terms of personal banking, many banks—including Truist—offer dual approval for large transfers of money. With dual approval, you need two parties to approve a financial transaction to a third party. The first person creates the transfer, while the second authorized person checks and approves the activity. This can add an extra layer of protection against cyber fraud, and even if the transfer is legitimate, it can cut down on mistakes.

Advisor impersonation

Because of COVID-19 and the shift to more phone and virtual meetings with financial advisors, there has been a huge increase in financial advisor impersonation, says Perez. Fraudsters will impersonate real investment professionals with spoofed websites, fake profiles on social media, and more.2 And while they’re using the likeness and credentials of a real advisor, their contact information directs you to the hacker. “These days, you’re not always meeting face-to-face, and hackers are exploiting that trust,” he says.

“With damages predicted to hit $6 trillion this year, if it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China.”

— Cybercrime Magazine, November 13, 2020

How to protect yourself: Do your homework on a potential advisor’s contact information. “Truist Wealth Advisors will have a published page on Truist, so go back to the source, the institution, and contact an advisor with that information,” says Perez. “If you have any doubts, always be willing to say, ‘I need to call you back,’ and then look up the contact information by calling Truist, or whatever financial institution it is.”

It’s important to educate yourself so you can identify suspicious cyber behavior, Perez says, but know that Truist has a whole team dedicated to preventing fraud. If you notice suspicious activity in your account, “Reach out to us and we will investigate and see what corrective actions we may need to take.

“In conjunction with the FBI, we’re monitoring changes in the cyber fraud landscape on an hourly basis to make sure we’re on top of it, and we’re looking at how to address those threats within the wealth landscape and within portfolios, applications, and with our clients.”

Good digital hygiene checklist

Keep your information and finances secure by regularly utilizing these best practices for safety:

  • Double down. Use two-factor authentication whenever possible.
  • Be complex. Use a variety of passwords; keep track of them with a password manager.
  • Stay up to date. Keep your computer system and antivirus software updated.
  • Save safely. Back up sensitive or important data regularly.
  • Check in. Monitor your financial accounts and credit activity.
  • Stay connected. Sign up to recieve alerts for your bank accounts.

1 Internet Security Threat Report, Symantec, February 2019.
2 Fraudsters Posing as Brokers or Investment Advisers – Investor Alert, SEC.gov, July 27, 2021.