With the widespread use of digital devices – computers, laptops, tablets, smartphones, etc. – interconnected via the internet, criminals seeking to steal information for financial gain is an ever-present threat. Cybercriminals regularly make sophisticated attempts to trick people into clicking suspicious links, connecting on social media, or downloading attachments from emails, which can then open the door to having sensitive information stolen. Criminals intent on committing fraud may pose as legitimate organizations, like Lattice Wealth Management, creating fraudulent websites, making phone calls, or sending emails to solicit monetary payments. These scams are often highly convincing because the sender often uses the names of actual employees and is able to replicate proprietary documentation.
At Lattice Wealth Management, protecting clients, employees, and the general public from cybersecurity and fraud is a high priority, which is why we have programs and technical controls in place to protect client accounts and information. To help improve your personal cybersecurity practices, we are providing the following background information about cyber threats, along with guidance to help protect you, your family, and your employer from falling victim to a cyber-attack or fraud scam.
Understanding Cybersecurity Threats
Any organization or individual can be a target of cybercriminals. Here are some of the most common tactics and types of attacks they employ:
Malicious Emails and Websites
An e-mail from your bank or favorite retailer that, while convincing in its appearance, may secretly be attempting to steal your identity or personal information. “Phishing” is a common tactic of cybercriminals who send “spoofed” e-mails referencing fraudulent websites (which may look like a well-known website) to collect personal and financial information, or to infect your device with malware and viruses. Criminals use this stolen information to commit identity theft, credit card fraud, and other crimes. Phishing can also occur over the telephone and is becoming increasingly prevalent on social media platforms and professional networking sites.
Too often, clicking on a malicious link or downloading an attachment from an unreliable source can result in the installation of malware on your device. Malware refers to software that is intentionally designed to alter or damage a digital device. The most common form of malware is a virus, which is often designed to give criminals who create access to the infected devices. Ransomware is another type of malware that is a significant cyber threat. Ransomware accesses a victim’s files, locks and encrypts them, and then demands that the victim pay a ransom to get control back. With ransomware, your valuable data is “kidnapped,” potentially affecting every file on your device, from personal photos and memories to client information, financial records, and intellectual property. Any individual or organization could be a potential target for a ransomware attack.
Social Media Impersonation
Cybercriminals are also using social media to fraudulently establish relationships with victims and ultimately steal data. Typically, these actors will create fake accounts that appear (and claim) to be official accounts for an individual or organization. Social media impersonation can also refer to the hijacking of real accounts, which can then be used for phishing activities or for damaging an individual’s or a company’s reputation.
Many people use the same username and password combination across multiple websites or services, making them particularly susceptible to this cybercrime technique. It involves using stolen account credentials to gain unauthorized access to a user’s other online accounts. Credential stuffing attacks can often go unnoticed until funds are transferred.
How You Can Protect Yourself
- Establish Secure Email Protocols: Emails are one of the most common entry points for hackers performing online fraud. Never click on links or download or open attachments from suspicious-looking emails. Make sure your communication protocols include verifying sensitive information, such as wire instructions, in person, or by telephone. Generally, Lattice Wealth Management will never send wiring instructions via email.
- Enable 2-Step Authentication Measures: Always use 2-factor authentication for account login (2FA) if it’s available. 2FA is a two-step verification or multi-factor authentication, commonly done via a PIN sent over text message or email and done most securely when a hardware token or phone application is used. At a minimum, enable this capability for your email, financial websites, social media, cellular provider, password manager, and cloud file storage.
- Employ Password Management: Use lengthy, unique, complex passwords that use upper- and lower-case letters, numerals, and special characters, which are extremely difficult to guess correctly. In fact, best practices suggest creating long, memorable, and hard-to-guess passwords, such as a favorite song lyric. Avoid reusing passwords across multiple platforms. Consider using a password application, such as LastPass, Password, or Dashlane to help manage multiple complex passwords.
- Lock Down Social Media: Periodically adjust your social media account settings to better control who can view the content you post. Hackers frequently obtain critical information about people from their social media sources. When posting, always consider how that information can be used against you.
- Reduce Your Public Online Footprint: From time to time, review all your online accounts. Reduce and/or obfuscate personal information on the internet, delete unused accounts, and remove unnecessary data. Also, avoid sharing or reusing passwords across accounts to minimize the risk.
- Protect Critical Data: Know where all your sensitive personal information is located on your devices. Ensure that sensitive data is always encrypted to prevent someone from accessing it if your device gets lost or stolen. Also, consider having a second encrypted backup of your sensitive data on an external hard drive or flash drive stored in a safety deposit box, or in the cloud using a reputable service such as Dropbox, iCloud, or Google Drive.
- Update Your Software: Keep all software up to date, applying software updates as soon as possible once they become available. Consider enabling automatic updates where available.
- Protect Your Personal Devices: Consider what your risks would be if your device were stolen or lost and configure them securely. Use a password that’s difficult to guess as a backup to biometric security, such as facial recognition or a thumbprint or, and be sure the device is encrypted. Also, make sure sensitive data, such as email, does not display on the lock screen.
- Secure Wi-Fi Access: Connecting to public Wi-Fi can expose your communications and devices to risk, so if you must use public Wi-Fi, consider a virtual private network (VPN) to protect your communications, particularly when traveling and using public Wi-Fi at an airport or hotel. Alternatively, consider using a mobile hotspot to protect sensitive information. At home, use a guest network for visitors.
- Freeze Credit Lines: Thwart identity theft and minimize fraud risk by calling the major credit-reporting bureaus – Experian, TransUnion, and Equifax, as well as Innovis, the unofficial fourth credit bureau – to set a security freeze on your credit reports. Also, consider signing up for an identity theft protection service, such as LifeLock, Kroll, or Experian.
Understanding Financial Fraud
Financial fraud occurs when someone takes money or other assets from you through deception or criminal activity. Here are some common examples of financial fraud:
This involves getting you or your business to agree to a financial transaction with the promise of a questionable financial opportunity. The criminals typically make contact via email, through a website, or by phone. These offers are typically low-risk-high-reward investments that sound “too good to be true” – because they are! To evaluate whether you are the target of an investment scam, you should consider:
- How were you contacted? Any contact with Lattice Wealth Management will come from an “@mylatticewealth.com” e-mail address (not from a free email account such as Yahoo, Gmail or any other domain other than “@mylatticewealth.com”) and/or can be found on the mylatticewealth.com website
- Did you find the investment opportunity through a website not associated with Lattice Wealth Management (such as a comparison website)?
- Have you provided your personal information on a website not associated with Lattice Wealth Management?
- Have you been contacted by cold call or e-mail offering a low-risk-high-reward investment opportunity?
- Does the e-mail or documentation contain multiple spelling errors or typos?
- Have you provided a photo ID or proof of address documentation? If you have, consider notifying the organization that issued them and contacting your regional fraud prevention service
- Were you pressured into making a money transfer to avoid missing an opportunity?
Identity theft occurs when someone steals your personal information and uses it for their own gain. With this type of personal information, it’s possible to open bank accounts in your name, take out credit cards and loans, or apply for government benefits and documents in your name.
There is no definite rule on how to protect yourself from identity theft. However, in addition to the cybersecurity practices listed above, you can protect yourself by:
- Not sharing your personal data with anyone or any website you’re not familiar with
- Safely disposing of unwanted documents, such as utility bills or bank statements
Business Email Compromise
Business Email Compromise (BEC) scams occur when a cybercriminal compromises legitimate business or personal email accounts to intercept communication between the victim and their business partner or to conduct unauthorized transfers of funds. They commonly tend to intercept email wire instructions from investment firms, real estate agencies, and art dealers to then impersonate a trusted source.
In addition to the cybersecurity practices listed above, protect yourself by:
- Watching for anything that appears suspicious or out of the ordinary when receiving transfer instructions, as well as last-minute changes of payment information via email
- Confirming the payment instructions with the recipient verbally, not by email
If you receive a cold call or e-mail from Lattice Wealth Management that you are uncertain about, or which you believe to be fraudulent, please forward any information and the email you receive to firstname.lastname@example.org. Lattice Wealth Management will investigate the situation and respond back to you. If you are an existing client of the firm, please also notify your wealth advisor or investment professional.