How to Protect Yourself Against Financial Cybercrime

What Is Financial Cybercrime?

‍

Sometimes, cybercriminals collect data that can be used to steal money from victims — such as credit card numbers and account passwords. Other times, they steal data that can be sold for profit and used in future attacks, such as email addresses and contact information. Otherwise, attackers may directly exploit and steal from banks and financial services.

‍

In some cases, cybercriminals steal data that does not have value in and of itself. Instead, cybercriminals encrypt or “lock” their victim’s data and threaten to reveal or destroy it. Then, they offer to safely return the data to its original owner once a ransom payment is made.

‍

Specific types of financial cybercrime include identity theft, ransomware, phishing, scams, theft of passwords and account information, and other types of fraud and crime.  

‍

Impact of Financial Cybercrime

‍

Financial cybercrime can have numerous impacts on businesses and individuals alike. 

‍

For businesses, cybercrime may result in lost revenue and a loss of trust from users. It can also force businesses to spend time and money pursuing solutions and enforcement. Companies may need to dedicate extra resources to helping customers through the crisis.

‍

Financial cybercrime that targets individuals can similarly result in a loss of funds. However, because most people have fewer resources and capabilities than large companies, financial cybercrime against individuals can have much farther reaching effects. 

‍

Customers may be repeatedly targeted after they fall victim to an attack, especially if they fail to remove malicious software or end communications with the attacker. Law enforcement may spend less time pursuing smaller financial crimes against individuals. Individuals may also lose access to some online services if their account is associated with fraud.

‍

On the other hand, individuals have some advantages. Financial institutions are often willing to undo transactions for customers who can show that they are the victim of fraud and customers who rarely request transaction reversals. Furthermore, individuals are not always attractive to cybercriminals, as high-revenue companies are more profitable targets.

‍

Types of Financial Cybercrime

‍

There are several types of financial cybercrime. Some forms of financial cybercrime typically target companies, organisations, and governments. These methods include:

‍

• Hacking: Cybercriminals can gain access to banks and payment services by hacking into those systems with a variety of tools
• Ransomware and extortion: Ransomware attacks occur when cybercriminals steal and encrypt their victim’s data; the attacker then threatens to destroy or publicly reveal that data unless a payment is made
• Credential theft: Cybercriminals can steal credentials from employees of financial companies and services, then use those credentials to steal funds
• Internal attacks: Malicious employees working for a company may be able to abuse their credentials to transfer funds for their own gain
• Data theft and sales: Criminals can steal user data, such as email addresses and passwords, from companies in bulk; they can later sell that data for profit
• Illegal transactions: Cybercriminals can use dark net markets and money laundering techniques to spend and move their ill-gotten gains

‍

Other types of cybercrime often target individuals. These methods include:

‍

• Scams: Bad actors can convince victims to purchase or invest in fraudulent offers and products; scams are often advertised through public communication such as social media and through private messages such as emails or phone calls
• Phishing: In phishing scams, attackers impersonate a real company and instruct a victim to send money or provide their account information 
• Money laundering: Cybercriminals can launder money by buying and selling hard-to-trace assets such as online gift cards, in-game currencies, and cryptocurrency; some of these are bought from and sold to consumers
• Malware: Criminals can install malware on devices, which may be used to steal financial information or perform other malicious activities
• Cryptocurrency fraud: While many cybercriminals rely on traditional financial services, attackers can also target cryptocurrency investors and trading platforms; some cybercriminals prefer crypto because it is easy to move and hard to trace

‍

9 Steps to Prevent Cybercrime

‍

Strong and Unique Passwords

You can protect your financial accounts from being illegally accessed by setting passwords that are difficult to guess. Choose a strong password with assorted letters, numbers, and punctuation rather than a simple and easy-to-remember word.

‍

Many online services now display the strength of your password as you create it. Some services even require your password to meet a certain strength rating.

‍

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) settings allow you to configure an online account so that you must approve every login attempt. When this feature is turned on, you must grant approval from a secondary device, such as a mobile phone or email account. This prevents attackers from logging into your account even if they obtain your password.

‍

Though almost every online service now supports two-factor authentication (2FA), some services make this feature optional while others make it mandatory.

‍

Update Devices and Software

You can protect yourself against attacks by keeping your devices and software up to date. On all devices, including most mobile phones and tablets, system updates will ensure that you have the latest security patches. You should regularly update your web browser as well.

‍

On desktop computers and laptops, you may be able to update virus scanners and anti-malware software alongside any other system updates. 

‍

Some systems may also allow you to turn on automatic updates, and many systems forcibly download critical security patches.

Be Cautious of Email Attachments and Links

Take a cautious approach toward emails. While many emails from unfamiliar addresses are clear threats, some email scams are not so obvious.

‍

You should beware of:

• Unexpected emails from any financial institution or company
• Links that appear to lead to a site that you recognize, but which do not match the expected website address
• Unusual email addresses that imitate the names of your known contacts
• Email addresses and links that contain nearly-identical characters
• Requests for personal or financial information 
• Attachments, especially programs and .exe files

‍

Deloitte found in 2020 that 91% of cyberattacks begin with email phishing attempts, meaning that this may be the most common method of cyberattack. Though many email services move fraudulent email messages to your spam folder, these filters may not catch all scams. 

‍

If you can’t tell whether a message from your bank or financial service is real, you can phone a support number. Be sure to use the phone number on your payment card or bank statements — not the phone number in the suspicious email.

‍

Use Trustworthy Security Software

If you are using cybersecurity software such as virus scanners and anti-malware applications, you should rely on trusted brands. Recent reports from mainstream publications like Forbes can help you identify trusted brands such as Avast and McAfee.

‍

It is not necessary to buy expensive software, and many reliable security applications are free. However, you should make sure you are downloading the app from a trusted source.

‍

Secure your Wi-Fi network

You should ensure that your wireless internet setup is secure. If you are using a home network, make sure to set a strong password or key for wi-fi access. 

‍

Some wi-fi routers offer additional security options. You may be able to set up a “guest” option, which means that you will not need to reveal your password to visitors who want to use your wi-fi. You can also set up other restrictions as your device allows: consider turning on firewalls, encryption, and passwords in your router’s online control panel.

‍

Be Careful of Public Wi-Fi

Public wi-fi poses a security risk. In addition to setting up “honeypots” or malicious access points, attackers can take over trusted public wi-fi access points. From there, attackers can intercept data that you send or inject dangerous data into the sites you visit.

‍

While this risk cannot be eliminated entirely, you should generally connect to trusted wi-fi networks. You should use your personal network — especially your home wi-fi network — for important online financial activities as much as possible. 

‍

Regularly Back Up Your Data

By backing up your data, you can protect yourself against certain attacks. Full access to your data can help you contest cases of identity fraud. Backups can also protect against ransomware attacks that only intend to prevent you from accessing your data. 

‍

Practice Safe Browsing Habits

There are several general strategies you can use to stay safe online. For example:

‍

• Visit sites you know and trust
• Avoid clicking on ads (and use an ad blocker) 
• Stay as private as possible and do not give out information unless necessary
• Only browse the internet on devices with a system-wide password; this will prevent others from viewing your browsing history and passwords
• Use private browsing, do not save your passwords, or clear your history often
• Browse on the most secure connection whenever possible
• Store your usernames and passwords in a password manager; set a universal password for those entries
• Ensure all browser, security, and system software is up to date

‍

How to Report Financial Cybercrime

‍

You should report cybercrime to your local authority.

‍

• In the US: Contact the FBI’s Internet Crime Complaint Center (IC3) 
• In the UK: Contact Action Fraud, a service run by the City of London Police and the National Fraud Intelligence Bureau (NFIB)
• In the EU: Refer to Europol’s list of reporting websites to find your local authority
• In Australia: Submit a report to the government’s ReportCyber page

‍

Payset’s Financial Cybercrime Protection Measures

‍

Payset provides several protections to those who use its financial services.

‍

• Password protection: Payset uses standard password protection on all accounts so that only you can log into your account
• Two-factor authentication: Payset allows users to set up two-factor authentication for extra protection through the Google Authenticator app; see instructions here
• Fraud reporting services: Payset allows users to report fraud and receive assistance quickly; see more details here
• Safeguarding: Payset safeguards user funds through a authorised credit institution or custodian in line with regulatory obligations; this protects access to your funds in case of a company failure and ensures that funds are held at an authorised independent institution with the highest security standards
• KYC/KYB: Payset enforces know-your-customer (KYC) and know-your business (KYB) checks to ensure that funds are not being used for illegal activity or money laundering; this means that we check the identity of all users and applicants

‍

These features, when combined with overall security strategies and device security, will keep your finances and personal data safe.