So you finally upgraded to a credit card with a chip, you keep an eye on your credit score and you change your Internet passwords regularly. You’ve got your financial cyber security locked up, right?
Maybe not. Every year, millions of Americans become victims of cyber crimes, and online thieves continue to find new ways to target our finances.
If your eyes are already glazing over, we get it—cyber security doesn’t exactly make for exciting conversation. But it’s essential if you want to be sure your money’s protected.
We got the lowdown from Jason Glassberg, co-founder of Casaba Security, a cyber security firm based in Redmond, Wash., on how criminals gain access to your important data and money via dangerous tools, like overlay malware, PowerWare and phishing attacks—and what you can do to protect yourself.
Thanks to overlay malware, which is often used to target mobile online banking apps, thieves can overlay a legitimate website with a transparent window, Glassberg explains. You may think you’re entering information into a secure site (like your bank’s), but the information is actually being accessed by a third party—that now has your banking credentials.
This issue can occur when you download an app that’s either already equipped with malware or is vulnerable to it. It’s not a common occurrence, but a September Nokia Threat Intelligence Lab report found the overall “infection rate” in mobile networks spiked to an all-time high in April of 1.06 percent of 100 million mobile devices tracked.
Protect yourself: Run as few applications as you can on your phone. When you do choose to download something, Glassberg recommends searching sites like BGR , XDA-Developers.com and AndroidPIT first to see if the app has any problems.
For newer Android devices, Glassberg suggests Google’s Verify Apps feature, as well as high-security software, such as AVG, Norton or Lookout, which can help catch malware before any damage is done. (Android devices tend to be the main mobile platforms targeted, according to Glassberg and the Nokia report.)
A PowerWare virus takes advantage of built-in software sharing features on your computer and, because this type of virus targets those software subsystems, traditional antivirus protection doesn’t recognize it as a threat, Glassberg says.
That means if you’re using tax preparation software that’s vulnerable to a PowerWare virus, for example, once you access a spreadsheet or other program on your computer through that software, your information (which could include tax data, financial records or even bank routing numbers) has been compromised.
Another way thieves use PowerWare is to gain access to your Microsoft Word with a so-called phishing attack—for example, sending an infected “invoice” .docx Word file that looks like a legitimate file. When an unsuspecting victim opens the file, the virus is already on his or her computer. These PowerWare “invoice” files have also been reported as a popular attack for ransomware, which is when your files are encrypted and a pop-up window demands payment to unlock them.
Protect yourself: Fortunately, the latest versions of tax prep and other types of software usually include a capability to recognize PowerWare viruses. So Glassberg recommends users diligently update their programs.
“The most important and potent weapon you have against cyber crime is to always use the most updated version of everything, including your web browser, your software programs and your operating system,” he says.
Because medical records often contain all the information a person would need to steal your identity, they’ve become targets for identity thieves. Hospitals and insurance companies, like Excellus Blue Cross Blue Shield of New York , have been targeted in recent years.
“When a criminal steals a credit card, they may be able to use it once or twice before they get found out,” Glassberg says. “But medical records theft can be long lasting and incredibly hard to deal with…The thief can take out loans, open credit cards and do all kinds of things with the person’s information.”
Protect yourself: There’s not much you can do to prevent hackers from targeting your medical providers, unfortunately. But you can, and should, be diligent about monitoring your credit for any unauthorized accounts.
You may also consider signing up for a credit monitoring service, available through credit reporting agencies and other companies. They’ll send you a notification anytime a new account is opened in your name.
While reward points from hotels , airlines and credit cards may seem like freebies, they do have value—so there is a black market for them. “And think about the information you have to give to sign up for those accounts,” says Glassberg. “It’s usually all sorts of information that people can use as identity theft, too.”
Plus, some points are awarded by entities that aren’t as secure as banks, like grocery stores and pharmacies. But they still contain information that’s very valuable to thieves.
Protect yourself: If you participate in rewards programs, be careful about where and how you access your information online. You shouldn’t access that information—or any financial information, for that matter—while using free wifi or on shared computers. Also, use different passwords for different accounts: If one of your social media accounts gets hacked, the thief shouldn’t automatically have access to your bank accounts or credit card rewards points.
“The majority of attacks happen because people are gullible, in a rush or not paying attention,” Glassberg says. “Be aware, and never give out financial information by email or on the phone, unless you have originated the call.”