How much are you and your family sharing online?
Your personal network of advisers, colleagues and family members could be inadvertently sharing your personal information online. We look at how to stay protected.
When Simon Johnson [not his real name], chief executive of a large FTSE 100 company, asked a cyber security specialist to carry out a review of his data online, he was confident nothing would be found. He was meticulous about privacy and careful not to reveal any details that could be used by fraudsters.
“Simon was convinced that he hadn’t revealed any personal information online, but he’d shared more information than he thought. What’s more, his family, associates and wider network disclosed even more details about his life,” says Chris Underhill, managing director of Equiniti Cyber Security.
“Within an hour we had a full 3D virtual tour of his home, the details of all his family members (including photos, jobs, locations, relationships), his car number plate, home address, work history, as well as work contacts, previous employment details and his children’s school location.”
Many individuals use personal security companies, or ‘cyber bodyguards’, to ensure that their devices, homes and personal accounts are protected. But the biggest challenge many of us face in protecting our personal data is the amount of information we share online, and the information shared by our network of friends and family, according to Underhill.
Our personal information can be incredibly valuable to criminals, helping them to develop convincing frauds, scams and cyber attacks.
Targeting your network
Personal data is obtained by criminals in a wide variety of ways, but social engineering (Phishing, Vishing and Smishing) is particularly prevalent. Fraudsters manipulate victims into disclosing confidential information, or acting in a way that will compromise their security.
Phishing involves sending legitimate-seeming emails that direct you to bogus websites or phone lines that capture confidential information. Vishing and Smishing are similar techniques, undertaken by phone or by text.
“Cyber criminals often befriend or monitor people on social media to gather as much data as possible,” Underhill says. “Crucially, rather than focusing on the ultimate target, they can also turn their attentions to the wider network, such as family members, friends, advisers or colleagues.”
How your data could be used
Once a fraudster has your private information, they can devise convincing scams that usually combine details about your personal financial arrangements with effective psychological techniques, such as creating a sense of urgency or warning of serious consequences.
Guy Phoenix, managing director of cyber security specialists CCS, says: “From one or two calls a month just a couple of years ago, we now receive daily requests for support from companies and wealthy individuals whose personal or company information has been compromised.”
By posing as the police, investment advisers, your bank, HMRC, a utility supplier or any familiar company, fraudsters will try to convince you to hand over personal data or provide access to your financial accounts.
Carrie Wade, fraud governance lead for Barclays Private Bank, says: “In recent years, we have seen a particular increase in invoice scams across the industry.
“Fraudsters send an invoice or a bill requesting an urgent payment or a change of payment details. Clients accept these requests at face value and are duped into making payments to fraudsters rather than their genuine suppliers. Often by the time the scam is discovered, the funds are long gone and clients are left out of pocket.
“One example is the school fee invoice scam. First, fraudsters find out via social media where a client’s child goes to school. They then hack into the school’s email account and send the unsuspecting parent an amended school fee invoice with false bank details. Typically, parents make the change without validating the request. It’s only when the school subsequently chases the fees that the scam comes to light. Similar scenarios can occur with all kinds of suppliers, including solicitors, building firms and holiday companies.”
While scams are designed to convince us to make payments directly to fraudsters, other attacks are designed to provide cyber criminals with free access to our accounts.
Phishing and Smishing emails and texts can be designed to install malicious software on your computer, by convincing you to click on a link in the message. Fraudsters could use malware to access your personal accounts remotely, or to access private information on your network. The spread of viruses that harvest online banking details on infected computers, known as banking trojans, grew 239% last year, according to British cyber security company Darktrace.
Protecting your money and your personal data
Reputable organisations will never contact you to ask for PINs, passcodes, account information, or access to any of your devices.
Be suspicious of all unsolicited communications: don’t open emails or click on links they contain and do not answer texts. If you get a call you’re not sure about, hang up and call back on a publicly available number.
You, your family and friends should always be vigilant about what to share on social media, as any information can be used to build a profile about you and your life. You should also check which apps are linked to your social accounts, as many automatically have access to your photos, locations, calendar and camera.
“A secure digital footprint requires the co-operation of those close to you in your personal life,” says Underhill.
“Security and awareness training can help avert the loss of critical information online and could help to prevent crime.”
It’s important to establish a cyber hygiene procedure for everyone connected to your wealth and business. It should cover all computers and software, and include practical steps that users of computers and other devices can take to improve online security.
Wade says: “It’s easy to create a single point of entry for hackers, with one password for multiple accounts. Making sure that each account has its own, and that those passwords are strong, can harden your online infrastructure and offer your assets further protection.”
Keeping your wealth secure
Having the full picture about the various ways that your wealth could be targeted by cyber criminals is crucial to protecting your assets.
Our security guides give you information and advice on staying secure, as well as details on how to contact us if you suspect there has been fraudulent activity on your account.
For further help and advice about protecting your wealth from cyber threats, contact your Private Banker.
Always contact us immediately if someone has taken money from your account, or if you’ve accidentally given your personal details to a fraudster.