Foiling Cybercriminals: 11 Tips to Keep Expat Financial Accounts Safe
By Peggy Creveling, CFA & Chad Creveling, CFA
Consumer financial fraud continues to hit all-time highs around the world, and much of it occurs online. Stories about scams abound, including identity theft, phishing and push-payment scams, smartphone hacking and malware installation, QR-code scams, unauthorized credit card purchases, and even hacked financial institution websites.
Recently JP Morgan and Fidelity Investments reported apparently related sensitive data hacks. In JP Morgan's case, names, addresses, phone numbers, and emails of 76m households were stolen. In a related follow-on hack, Fidelity Investments reported a data breach for over 77,000 of its customers, with US Social Security numbers and driver's licenses being stolen. Such information may be sold on the dark web, aiding bad actors to phish account owners, steal identities, open fake accounts, or conduct other harmful activities.
In the past, hundreds of millions of dollars have been stolen, even from large corporations such as Facebook and Google, and scamming continues today. If sophisticated tech companies and their platforms can fall prey to these scams, how can you protect your own finances? We've put together the following checklist designed to help make sure your money is safe.
An Expat Financial Safety Checklist
1. Avoid phone and email phishing and push-payment scams, which use text or email messages or fake websites to entice you to click on a malicious link or attachment. The goal is to either download malware to your phone, tablet or computer, or get you to enter passwords or credit card information or otherwise transfer funds to a fraudster.
These types of scams used to be easy to spot. For example, few of us would believe an email from a Nigerian lawyer asking for funds to release a large inheritance from a deceased foreigner with a similar same.
Nowadays, however, phishing is getting sophisticated, as it may involve making a replica of a legitimate message that has already been received or in some cases is yet to be received. The victim is convinced to send what appears to be a valid payment for an authentic service such as school tuition, magazine subscription, or workman's bill. Instead, the funds go directly to the scammer's financial account.
Sophisticated push-payment scams happen when fraudsters trick victims into sending them unauthorized funds. To avoid being scammed, do not click on any links from random text messages or emails, no matter how legitimate they may look. If you're in doubt, go directly to the website instead, or call the sending institution first.
2. Make sure your financial institution's or custodian's policies are solid. Don't assume that the consumer protections you may enjoy in your home country will be the same if you live overseas. Check with your custodian regarding the following:
- Are there multiple layers of security (beyond logging in) to protect you, including monitoring of suspicious activity?
- Does your financial institution ask for additional authentication if it suspects unauthorized access?
- Are advanced encryption software and firewalls used?
- Does your bank or custodian keep your personal information private, not sell it, and restrict and properly screen and train personnel inside the company who have access to your personal information?
- Are customer accounts insured against fraud?
3. Use two-factor authentication logins for financial accounts. Most financial institutions offer their account holders additional login security in the form of a temporary code sent separately by phone or digital security card or token. If your financial institution doesn't provide this type of security at a minimum, make sure your financial account logins are completely different from any other login you may use, and make each one unique. Do not use social media logins, as once a social media account is hacked, other accounts with the same login details can also be compromised.
4. Safeguard all login information. This would seem to be obvious, but unfortunately, a lot of unauthorized access of financial accounts occurs by those who are closest to us, including friends and family members. That's why it's important to secure any digital security devices and not to tell anyone your username and password. If possible, memorize your login data and then destroy any written record.
5. Keep your devices safe from hacking. Make sure your operating software is up to date, enable firewalls, and install and keep up-to-date anti-virus and anti-spy software.
6. Take care when using phones to access external sites. QR codes can be hacked and shortened URLs may hide fraudulent sites. Make sure you know the full URL of a site before you allow your device to access it, or you could end up downloading malware or becoming victim to a phishing attack.
7. When traveling, be careful when logging in to your financial accounts. If possible, use your own computer or device, and subscribe to and use a reputable VPN service. Do not log in to your financial accounts using insecure (free or no password) wireless networks.
8. Maintain copies of the latest financial statements from your custodian and keep them in a secure place. If hackers disable your financial institution's systems and you can't view your account, the latest statement is one way to prove what you own. Many of us no longer receive paper statements, so you may need to download the latest statement each month and save it in a secure location.
9. Review your financial accounts regularly. Report any criminal activity promptly to both the financial institution and the proper authorities in your jurisdiction.
10 Keep account contact details up to date. Make sure your financial institution can get in touch with you in case it detects potentially unauthorized activity and needs to check your identity. If you are contacted by someone claiming to be from your bank, make sure to call them back before verifying your identity. Confirm that the phone number that you are calling is one that is used by your financial institution.
11. Don't send sensitive information in emails or email attachments. Emails can get hacked, and attachments may be stolen. Instead, send information such as financial account statements and tax ID numbers by fax or, better yet, through an encrypted file-sharing service.
12. Avoid ATM fraud when traveling. When withdrawing cash from an ATM, always shield the keypad with your free hand, and do not interact with strangers or let one get too close. ATM scams involve skimming your ATM card details while observing your personal identification number (PIN) as you enter it. Using this information, fraudsters can rapidly make and use a duplicate card to withdraw funds from your account. The withdrawal may take place in a separate location-sometimes even in another country-and you may not become aware of a problem until the next time you check your balance. Therefore, if something seems amiss while you're at an ATM, don't wait. Immediately report anything odd to your financial institution.
Don't Sacrifice Security for Convenience
For those of us who travel and conduct business across borders on a regular basis, using technology, ATMs, and the internet to access our financial accounts has become a necessity. With that convenience comes the need for additional security. The above list is intended to help expats make sure their financial accounts are protected from the various forms of cybercrime. Taking precautions can help make sure you don't fall victim to financial hackers or frauds.
This article is a revised and updated version of an article that originally appeared on www.crevelingandcreveling.com.
About Creveling & Creveling Private Wealth Advisory
Creveling & Creveling is a private wealth advisory firm specializing in helping expatriates living in Thailand and throughout Southeast Asia build and preserve their wealth. The firm is a Registered Investment Adviser with the U.S. SEC and is licensed and regulated by the Thai SEC. Through a unique, integrated consulting approach, Creveling & Creveling is dedicated to helping clients cut through the financial intricacies of expat life, make better decisions with their money, and take the steps necessary to provide a more secure future.
Copyright © 2024 Creveling & Creveling Private Wealth Advisory, All rights reserved. The articles and writings are not recommendations or solicitations, and guest articles express the opinion of the author; which may or may not reflect the views of Creveling & Creveling.