Protect What’s Yours: A Q&A with FBI Cybersecurity Experts

Recap of People’s United Advisors Virtual Client Event: November 18, 2020

A silver globe of the Earth sits on a pile of paper currency from around the world

KEY TAKE-AWAYS

  • Cybercrime is increasing at an alarming rate, with malevolent actors usually sophisticated criminals and victims both young and old.
  • It is surprisingly easy for criminals to not only get the information they need for scams but to sell it to criminal networks, compounding the danger.
  • You can likely prevent being victimized with multi-factor authentication for accessing your sites and, for businesses, an off-line back-up of all your data.
  • High-quality virtual payment systems and apps, along with purchasing on-line from major retailers, are likely to be secure, if you take basic precautionary steps.
  • At People’s United Bank, our AlwaysChecking service, free to personal checking-account customers, offers comprehensive digital-identity protection on both your Bank and non-Bank information.

In this Q&A, David Murphy, People’s United Advisors Regional Wealth Leader for Massachusetts and former military and U.S. Special Operations Command leader in counter-fraud and counter-terrorism initiatives, speaks with two cybersecurity professionals. Donald Codling, the owner of a cybersecurity and data-privacy firm, is retired from the FBI, where he was a Cyber Team leader for more than two decades. Scott Pierce is a Connecticut State Police Detective assigned to the FBI Task Force in New Haven.

David Murphy: We all know that cybercrime has become a sad fact of modern life. Of the various scams and plots out there, Scott, which do you think is the most invidious?

Scott Pierce: I’d start by saying that losses from cyber fraud are increasing at a startling rate. I guess that’s not surprising in a world filled with “Smart” devices—not only phones but cars, TVs, and even refrigerators. Tons of personal and business information are available to criminals contemplating e-mail scams, credit-card scams, romance scams, and a whole lot more. But my vote for the most nefarious is ransomware, a plot in which criminals hijack and encrypt data, usually of businesses, and demand money to unlock the computer files. For example, a mid-size construction-services in Connecticut recently lost all the data it had stored on its customers, vendors, and employees, not to mention its good reputation, which is probably its most important asset. The thieves demanded a million dollars to release the files.

David Murphy: Wow. Did they pay? And could they have prevented becoming a victim?

Scott Pierce: In that case, the company wound up handing over $250,000. Our general advice is to alert the authorities and not pay, but of course, victims have to make that decision for themselves. The problem with paying is that you open yourself up to escalating demands and re-victimization. But you can almost certainly keep ransomware off your system. We believe that maintaining off-line back-up of all your data could foil more than 90% of ransomware attacks—basically, put the criminals out of business. Multi-factor authentication would add further protection. In fact, requiring two or more layers of authentication to log in to a device is one of the most powerful tools we have for fighting cybercrime.

David Murphy: When I think about all the data we’re trying to protect, I’m reminded of a term I learned in my military days—"digital exhaust.” That’s the data footprint that we all establish. Don, how serious is that issue, and who’s taking malignant advantage of it?

Donald Codling: It’s a huge issue. Many people have an image of a cybercriminal as a teenager in the basement of his parents’ house. There are a few of those around, but these days, most cyber fraud is committed by professional criminals, who may work with other criminals in gangs. And often, they’re not satisfied with just victimizing you, but trade or sell your data on the dark web; lists of private data have become a currency among cybercriminals. Appropriately enough, those lists are called suckers’ lists.

As to digital exhaust, I recently picked an upscale ZIP Code in the area—06878, which is in Riverside, Connecticut. The average annual income in the town is about $665,000. I also found out that one of the residents had recently bought a very valuable painting from a local gallery for more than $100,000—and I got the name and telephone number of the resident’s personal assistant who handled the transaction. If I were so inclined, I could now pretend that I was from the gallery and call or e-mail the buyer with what would seem like great news. “We just got an incredible painting,” I’d say, “and since you’re such a valued customer, we’ll give you a special price of—whatever—before it goes on the market. Just wire us the money, and it’s yours.” That’s exploiting digital exhaust.

David Murphy: Remarkable. How long did it take you to get all that information on the buyer?

Donald Codling: I actually timed it: about seven minutes. I think 47 key strokes on my computer. And most exploitations of digital exhaust can be foiled by following an elementary rule: Never send money to anyone without checking on whether he or she is who they say they are. It’s obvious, but the scammers are excellent at what they do, and they succeed every day. By the way, the same thing goes with anyone who says to a victim, “Give us $5,000, and we’ll help you get your money back.” They’re all scammers.

If you are victimized, go immediately to law enforcement—probably starting with your local police, who may elevate the case. If you have cyber insurance, the company may reimburse you; you may even get some of your money back from your homeowner’s policy. And go to www.ic3.gov, which is a central website for people reporting cybercrime. You’ll be able to fill out the right forms immediately.

David Murphy: I’d just add that although the stereotyped victims of cybercrimes are elderly, there are no age boundaries on those who fall prey. In fact, Millennials are proving quite vulnerable—no doubt because they’re on-line so much. Let me also ask some questions that I think are top-of-mind for our clients. Like, are payment apps such as Apple Pay and Google Pay secure?

Scott Pierce: Yes, and even more so than physical cards. These apps require dual authentication, and of course, they’re run by strong, reputable companies.

Donald Codling: If you’re interested in payment apps, Venmo and Zelle, and others are also highly secure. But stick with well-known names. Best of all may be payment platforms offered by high-quality financial institutions.

David Murphy: Speaking of which, People’s United Bank offers all of its personal checking account clients free access to a platform we call AlwaysChecking. It’s a digital identity protection service that covers the bases. It will monitor your full digital footprint, and your family’s, including non-Bank information too, such as your e-mail addresses, Social Security numbers, drivers’ licenses, and social-media accounts. We’re proud of the protection that it provides. Talking about protection, is signing up with a Virtual Private Network, known as a VPN, a good idea?

Scott Pierce: I definitely recommend VPNs, which give you the added comfort of working on a private network tied to your devices but free from the prying eyes of cyber criminals. Google and Apple, for example, have excellent VPN capabilities, including extra password security, data encryption, and two-factor authentication. Firefox browser also has a strong VPN option built into its site. The key, as in everything related to cybersecurity, is to do your research. Make sure you have confidence in the program and the company that developed it; look before you leap.

David Murphy: One final question: Particularly with the holiday season beginning and with on-line sales proliferating in the pandemic, can we feel safe buying on-line from Amazon, Walmart, and other major retailers?

Donald Codling: Yes, these companies have made on-line selling into a science. But I’d mention two caveats: One, make sure that you’re on the right site. If you mistype the URL, you might just wind up in a scammer’s lap. Second—and this applies to not only retailers but any other websites you rely on—if you get an e-mail telling you that something’s wrong with your account and you need to verify information with them, delete that e-mail immediately. It’s almost surely a scam, and one that will surface in force during the holiday shopping season. If you have questions about one of your accounts, go to the appropriate website, not via an unsolicited e-mail that purports to be from the company.

Sometimes, all you need to avoid becoming a victim of cybercrime is to slow down and check what you’re doing against your own good sense.

We're here to help!

People’s United Advisors brings uncommon expertise in the form of pragmatic, thoughtful wealth management solutions to individuals, families and organizations.

Our experienced professionals work as a team, bringing specialized knowledge and solutions to the conversation.

Red and blue telephone. Call this phone number for help, to speak with an expert or for more information

Call us at (800) 392-3009 to schedule an appointment with a Financial Advisor.

A red and a blue person

Visit a local branch near you

Please fill out the form below to have a Wealth Advisor contact you.

People's United Advisors official logo

Disclosure

Investment products are offered through People’s United Advisors, Inc., a registered investment advisor. People’s United Advisors, Inc. is a wholly-owned subsidiary of People’s United Bank, N.A.

Investment Products are:

• Not Insured by FDIC or any Federal Government Agency
• Not a Deposit of or Guaranteed by a Bank or any Bank Affiliate
• May Lose Value


Form CRS - ADV Part 2A - Privacy Policy - Legal Disclosure - Wrap Fee Disclosure

© 2020 People's United Bank, N.A.