Protect yourself from cybercrime

Financial planning

Dec. 13, 2021

This year, it’s estimated that there will be a ransomware attack on businesses every 11 seconds—and that doesn’t include attacks on individuals, which occur even more frequently.

The intent of almost all cyberattacks is to get money—either yours or your company’s. At Truist, we deploy a layered, in-depth approach to security measures to protect you and your accounts.

“One of the biggest trends we’ve seen lately is attackers going after clients and suppliers,” says Jorge Perez, divisional chief information security officer for Truist Wealth. Being aware of the evolving, sophisticated way hackers are committing cyber fraud is the first—and often best—line of defense.

Perez explains what he sees as the biggest threats for Truist Wealth clients, and what you can do to protect yourself.

Ransomware

Ransomware is a form of malware designed to encrypt files on your device, rendering your computer systems unusable.

Here’s how it works. Cyberattackers send you an email getting you to either click on a link or download a file that unleashes the malware. The malware then encrypts your files, making them inaccessible; typically they also then take your information. Then, they demand ransom (often in cryptocurrency) in exchange for release of your files (and often for not posting your information to the dark web as well). Perhaps the most notable ransomware event in recent history was the Colonial Pipeline cyberattack in 2021.

“We’re seeing high-profile individuals and companies targeted, where the attackers steal the most money in the least amount of time,” says Perez. “From that perspective, clients who may be executives, business owners, or high-net-worth individuals are a big target because of their status within their companies and also personally.”

How to protect yourself: When it comes to avoiding ransomware, Perez says the best thing you can do is to limit your “attack surface.” “The more things you ‘touch,’ the more vulnerable you are on the internet.” Practicing good cyber hygiene is important: Doing things like running antivirus programs to catch malware, only visiting reputable websites, using a spam/ad blocker, keeping your computer system up to date—these are all steps that will limit your cyberattack surface.

Another tip from Perez is to not use an account with administrator permissions in your day-to-day computer work. “A lot of people set up their PCs on default settings, as an administrator,” he says. “That means we can install anything we want to. But in your day-to-day work, you typically don’t need that. If you just create a general account that’s not an administrator and use that, you’ve severely limited the attack surface.” When you do click a bad link on a nonadministrator account, this will severely limit the damage an attacker can do because they don’t have the required permissions.

Business Email Compromise (BEC)

In BEC, hackers will carefully craft an email pretending to be an executive or a position of authority that you know (like your CEO), asking you to wire or move money into another account. There is no compromise of your network, but the sense of urgency (or emergency) can make you act fast. Perez says hackers do their homework, and typically “they figure out who the players are, who they need to send this message to, what they need to say, and even the correct writing style in order to make it the most successful.” According to the cybersecurity software company Symantec, this type of emailing, known as spear-phishing, is the most popular avenue for attack and is used by 65% of all known cyber fraud groups.1

How to protect yourself: Perez says if you receive a suspicious or unusual email, get offline and pick up the phone. “Call your boss or whoever’s emailing you and say, ‘Hey, did you mean to send this? Are you serious? What’s going on?’ That typically catches a lot of this, because the person on the other end won’t recognize the request if it’s illegitimate.”

In terms of personal banking, many banks—including Truist—offer dual approval for large transfers of money. With dual approval, you need two parties to approve a financial transaction to a third party. The first person creates the transfer, while the second authorized person checks and approves the activity. This can add an extra layer of protection against cyber fraud, and even if the transfer is legitimate, it can cut down on mistakes.

Advisor impersonation

Because of COVID-19 and the shift to more phone and virtual meetings with financial advisors, there has been a huge increase in financial advisor impersonation, says Perez. Fraudsters will impersonate real investment professionals with spoofed websites, fake profiles on social media, and more.2 And while they’re using the likeness and credentials of a real advisor, their contact information directs you to the hacker. “These days, you’re not always meeting face-to-face, and hackers are exploiting that trust,” he says.

“With damages predicted to hit $6 trillion this year, if it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China.”

— Cybercrime Magazine, November 13, 2020

How to protect yourself: Do your homework on a potential advisor’s contact information. “Truist Wealth Advisors will have a published page on Truist, so go back to the source, the institution, and contact an advisor with that information,” says Perez. “If you have any doubts, always be willing to say, ‘I need to call you back,’ and then look up the contact information by calling Truist, or whatever financial institution it is.”

It’s important to educate yourself so you can identify suspicious cyber behavior, Perez says, but know that Truist has a whole team dedicated to preventing fraud. If you notice suspicious activity in your account, “Reach out to us and we will investigate and see what corrective actions we may need to take.

“In conjunction with the FBI, we’re monitoring changes in the cyber fraud landscape on an hourly basis to make sure we’re on top of it, and we’re looking at how to address those threats within the wealth landscape and within portfolios, applications, and with our clients.”

Good digital hygiene checklist

Keep your information and finances secure by regularly utilizing these best practices for safety:

  • Double down. Use two-factor authentication whenever possible.
  • Be complex. Use a variety of passwords; keep track of them with a password manager.
  • Stay up to date. Keep your computer system and antivirus software updated.
  • Save safely. Back up sensitive or important data regularly.
  • Check in. Monitor your financial accounts and credit activity.
  • Stay connected. Sign up to receive alerts for your bank accounts.

1 Internet Security Threat Report, Symantec, February 2019.
2 Fraudsters Posing as Brokers or Investment Advisers – Investor Alert, SEC.gov, July 27, 2021.

More from Perspectives Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    Component ID : "accordionGridLayout-1587143150"
    Model : "disclaimer"
    Position : "left"

    Disclosures

    Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    Services provided by the following affiliates of Truist Financial Corporation (Truist): Banking products and services, including loans and deposit accounts, are provided by Truist Bank, Member FDIC. Trust and investment management services are provided by Truist Bank, and Truist Delaware Trust Company. Securities, brokerage accounts and /or insurance (including annuities) are offered by Truist Investment Services, Inc., and/or P.J. Robb Variable, LLC., which are SEC registered broker-dealers, members  FINRA, SIPC, and a licensed insurance agency where applicable. Investment advisory services are offered by Truist Advisory Services, Inc., GFO Advisory Services, LLC, Sterling Capital Management, LLC, and Precept Advisory Group, LLC, each SEC registered investment advisers. Sterling Capital Funds are advised by Sterling Capital Management, LLC. Insurance products and services are offered through McGriff Insurance Services, LLC. Life insurance products are offered through Truist Life Insurance Services, a division of Crump Life Insurance Services, LLC., AR license #100103477. Both McGriff and Crump are wholly owned subsidiaries of Truist Insurance Holdings, Inc.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist Financial Corporation and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank. Deposit products are offered by Truist Bank.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

    • Multilingual teammates available at our Multicultural Banking Centers
    • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
    • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    • Limited English Proficiency Support
    • New York City residents

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2024, Truist. All Rights Reserved.