Stay Safe Online

Common Online Threats

In today’s digital age, online threats are evolving rapidly. Understanding these threats is the first step in safeguarding your financial well-being. Here are some common online threats:

• Phishing Scams: These are fraudulent attempts to obtain your sensitive information by disguising scams as trustworthy entities via email, phone calls, text messages, or other communication channels. Often, these scams use deceptive messages that appear to come from legitimate sources, urging you to click on malicious links or provide personal information.
• Smishing: The term “smishing” is “SMS” (Short Message Service) and “phishing” combined. Smishing scams are a form of social engineering, which exploit an individual’s trust. Given that nearly everyone owns a cell phone, reaching potential victims through SMS is simple—scammers can easily send messages to randomly generated phone numbers. People often believe that cybercrime is more prevalent in emails and on social media than in text messages, making them more susceptible to smishing scams. Scammers typically impersonate trusted organizations or governments to trick victims into divulging personal information. For example, a scammer might pose as a package delivery service, claiming that you need to click a link to reschedule a missed delivery. This link would lead to a counterfeit website, where you might be asked to enter your address, contact details, or even payment information which then is used by the scammer for identity theft or other nefarious purposes.
• Malware: This refers to malicious software designed to damage or disable computers and networks. Malware can take various forms, including viruses, worms, trojans, ransomware, and spyware. It can be delivered through email attachments, malicious websites, or seemingly legitimate software downloads.
• Identity Theft: This is the act of stealing someone’s personal information to commit fraud. Identity theft can lead to unauthorized transactions, new account openings, and other fraudulent activities in your name. It often occurs through data breaches, phishing scams, or unsecured online transactions.
• Man-in-the-Middle Attacks: These attacks intercept communication between two parties to steal or alter information. They can occur on unsecured public Wi-Fi networks, where attackers can intercept data transmitted between your device and the website you are visiting.
• Account Takeover: Account Takeover is a common and increasingly prevalent form of cyber-attack where a malicious actor gains unauthorized access to a victim’s online accounts, such as banking, email, or social media. This is often achieved through phishing schemes, credential stuffing, or exploiting weak passwords. Once the attacker has control over the account, they will change the password, locking the legitimate user out, and then they can siphon funds, make unauthorized purchases, steal sensitive information, or even use the account to launch further attacks on other targets. This type of attack can have devastating financial and personal consequences. It is crucial to use strong, unique passwords, enable multi-factor authentication (MFA), and remain vigilant against suspicious activities to safeguard against account takeovers.
• Email Compromise: Email compromise is a form of Account Takeover in which attackers infiltrate an email account to conduct unauthorized activities. Once the attacker gains access, they can monitor email communications, redirect sensitive information, and impersonate the email owner to defraud contacts or manipulate financial transactions. Attackers may send convincing emails from the compromised account to request wire transfers, redirect payments, or gather further confidential information. Email compromise can lead to significant financial loss and data breaches, making it essential to employ strong security measures such as multi-factor authentication (MFA), unique passwords, and training on recognizing phishing attempts.
• Spoofed Websites: In this deceptive scheme, cybercriminals send emails that appear to be from legitimate custodians (e.g., Schwab, Fidelity, Pershing, etc.), persuading you to click on links that lead to spoofed websites mimicking the real ones. These sites are meticulously designed to capture sensitive information like your login credentials or personal identification numbers. To guard against this threat, exercise caution with unsolicited emails, verify links before clicking, and access custodian websites directly by typing their URL into your browser. Look for secure connection indicators, such as “https” and a padlock icon, and report any suspicious emails directly to your custodian using their official contact information. Staying informed and vigilant is your best defense against falling victim to such scams.

Emerging Threats

• Social Engineering: This is the act of manipulating individuals into divulging confidential information. Attackers may use social engineering tactics to exploit human psychology, including creating a sense of urgency or posing as someone you trust.
• Zero-Day Exploits: These attacks exploit previously unknown vulnerabilities in software. They can be particularly dangerous because they take advantage of security flaws before they are addressed and patched by software developers.
• Advanced Persistent Threats (APTs): These are prolonged and targeted cyberattacks aimed at compromising specific entities. APTs often involve sophisticated techniques and are usually carried out by well-funded attackers, such as nation-states or organized crime groups.
• AI Deep Fakes: This refers to the use of artificial intelligence to create realistic but fake images, videos, or audio recordings. These can be used to impersonate individuals, spread misinformation, or commit fraud. Deep fakes pose a significant threat because they can be highly convincing and difficult to detect, potentially leading to severe reputational and financial damage.

Tips for Staying Safe Online

1. Select a Modern Email Provider: Choosing a modern email provider is essential for protecting your online security (e.g., Gmail, iCloud, Outlook.com, ProtonMail, etc.).These providers automatically scan inbound emails for phishing attempts and malware, using advanced algorithms and machine learning techniques to detect and block malicious content before it reaches your inbox. This significantly reduces your risk of falling victim to scams. Additionally, all modern email providers support Multi-Factor Authentication (see below). Legacy email providers that rely on “POP3” or “IMAP” to retrieve email put you at risk.An unsecured email account can be a goldmine for cybercriminals. If threat actors gain access, they can reset passwords for your important services, effectively locking you out of your email, social media, and, most critically, your financial accounts.
2. Create Strong, Unique Passwords: Ensure your passwords are complex and difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information, such as your name or birthdate. Consider using a password manager to both generate and store unique passwords for each of your accounts.
3. Enable Multi-Factor Authentication (MFA): Add an extra layer of security by requiring a second form of verification, such as a code sent via text to your mobile device or generated by an authentication app (preferred over text). MFA greatly reduces the risk of unauthorized access to your accounts.
4. Update Software Regularly: Keep your operating system, browser, and other software up to date to protect against vulnerabilities. Automatic updates should be enabled whenever possible to ensure you receive the latest security patches.
5. Be Cautious of Phishing, Smishing, and Social Engineering Scams: Verify the authenticity of emails, websites, and text messages before providing any personal information. Look for signs of phishing or smishing, such as generic greetings, spelling and grammar mistakes, and suspicious links. When in doubt, contact the company directly using a known, legitimate contact method. Either call the sender directly or start with a blank browser tab and type in the URL of the company, for example: https://www.captrust.com.  Do not click on links without verifying the authenticity of the sender.
6. Monitor Your Accounts: Establish online access to each of your financial accounts using a unique password and multi-factor authentication.  Regularly check your financial accounts for any suspicious activity. Set up account alerts to notify you of unusual transactions, and report any discrepancies to your financial advisor and custodian immediately.
7. Secure Your Wi-Fi Network: Use a strong password to protect your home Wi-Fi network, and consider enabling network encryption (WPA3 if available). Avoid using public Wi-Fi for sensitive transactions, and if necessary, use a virtual private network (VPN) to secure your connection.
8. Be Mindful of Social Media Sharing: Limit the amount of personal information you share on social media platforms. Cybercriminals can use information from your social media profiles to guess passwords or answer security questions.
9. Regularly Backup Your Data: Backup important data to an external drive or cloud storage service. This ensures that you can recover your information in case of a malware attack or hardware failure.
10. Establish Shared Secrets with Family Members: Establish shared secrets or code words known only to you and your trusted family members. This can help you verify the authenticity of communications and detect AI deep fakes or impersonation attempts. In cases where you’re unsure if a message, video, or call is legitimate, asking for this shared secret can help confirm the identity of the other party.

Safeguarding Your Data

Your personal information is invaluable. Here’s how you can protect it.

Limit Sharing: Be cautious about the personal information you share online, especially on social media. Adjust your privacy settings to restrict access to your information and think twice before posting sensitive details. When service providers—other than financial institutions and governmental authorities—request sensitive information like your date of birth or social security number, ask if you can provide alternative information.

Secure Your Devices: Utilize security features such as passwords, fingerprint recognition, and encryption on all your devices. Enable remote wipe capabilities on your smartphone and tablet to erase data if your device is lost or stolen.

Shred Sensitive Documents: Properly dispose of physical documents containing personal information. Use a cross-cut shredder to destroy documents like bank statements, tax returns, and medical records.

Use Secure Connections: Always use secure, encrypted connections when entering personal information online. Look for the letters https at the start of the website address, also known as a URL. Avoid accessing sensitive accounts or making transactions on public Wi-Fi networks unless you use a VPN.

Be Wary of Unsolicited Requests: Do not provide personal information in response to unsolicited requests via phone, email, or text message. Legitimate organizations will not ask for sensitive information through these channels.

Educate Yourself and Your Family: Stay informed about the latest security threats and best practices. Share this knowledge with your family members to ensure everyone understands how to protect their personal information.

Privacy Policy Overview

At CAPTRUST, we are dedicated to protecting your privacy. Our comprehensive privacy policy outlines how we collect, use, and safeguard your personal information. Key aspects of our privacy policy include:

• Data Collection: We only collect information necessary to provide you with our services. This may include, but is not limited to, personal information such as your name, contact details, financial information, and transaction history.
• Data Use: Your information is used to enhance your experience and provide personalized services. We may use your data to process transactions, provide customer support, improve our services, and send you relevant information and updates.
• Data Protection: We employ advanced security measures to protect your data from unauthorized access, disclosure, alteration, and destruction. This includes physical, technical, and administrative safeguards.
• Your Rights: You have the right to access your personal information at any time. You can also opt out of receiving marketing communications from us. To exercise these rights, please contact your financial advisor.
• Third-Party Sharing: We do not sell your personal information to third parties. We may share your information with trusted partners and service providers who assist us in delivering our services, subject to strict confidentiality agreements.
• Cookies and Tracking Technologies: Our website uses cookies and other tracking technologies to enhance your browsing experience and collect information about your usage. You can manage your cookie preferences through your browser settings.

Advanced Security Measures

We implement state-of-the-art security measures to protect your information.

Encryption: All sensitive data is encrypted to prevent unauthorized access. We use industry-standard encryption protocols, such as transport layer security (TLS), to secure data transmitted between your device and our servers.

Secure Servers: Our servers are protected by advanced firewalls and security protocols. We continuously monitor and update our systems to defend against cyber threats and vulnerabilities.

Regular Audits: We conduct regular security audits and vulnerability assessments to ensure the integrity of our systems. Independent third-party experts review our security practices and provide recommendations for improvement.

Employee Training: Our staff undergo ongoing training on the latest security practices and protocols. We emphasize the importance of data protection and empower our employees to identify and respond to potential security threats.

Access Controls: We implement strict access controls to limit who can access your information. Only authorized personnel with a legitimate need are granted access to your data, and all access activities are logged and monitored.

Incident Response: We have a comprehensive incident response plan to quickly address any security breaches or incidents. Our dedicated security team is trained to respond to potential threats and mitigate their impact.

Reporting and Response

If you suspect that your account has been compromised or you have been a victim of fraud, take immediate action:

1. Contact Us: Reach out to your financial advisor or contact us directly at 800.216.0645. Provide as much information as possible about the suspicious activity, and we will assist you in securing your account.
2. Freeze Your Account: Either contact your custodian directly or work with your financial advisor to place a temporary security freeze your on account to prevent further unauthorized transactions. We will work with you to investigate the issue and restore your account to a secure state.
3. Monitor Your Account: Keep a close eye on your account for any additional suspicious activity. Report any unauthorized transactions or changes to your account information immediately.
4. Report to Authorities: Notify local law enforcement and relevant financial authorities about the fraud. Provide them with any evidence you have, such as emails, transaction records, or screenshots of suspicious activity.
5. Change Your Passwords: Update your passwords for all affected online accounts, especially if you use the same password for multiple accounts. Ensure that your new passwords are strong and unique.
6. Freeze Your Credit and Check Credit Reports: Regularly review your credit reports for any signs of fraudulent activity. Consider placing a fraud alert or credit freeze on your credit file to prevent new accounts from being opened in your name. The four major credit reporting agencies are Experian, Equifax, TransUnion, and Innovis.

Stay Informed

Stay up to date with the latest security trends and best practices. Explore these additional resources.

• Federal Trade Commission (FTC): The FTC’s Identity Theft and Online Security website offers insights, tips, and updates on the latest security threats and how to protect yourself. Subscribe at the bottom of the page to stay informed about emerging trends and best practices.
• Social Security Administration (SSA): The SSA’s Protect Yourself from Scams website is regularly updated with information about scams affecting recipients.
• Educational Webinars: Join our periodic live and on-demand webinars to learn more about online security, privacy protection, and safe banking practices. Our experts cover a wide range of topics and provide actionable advice. Invitations to webinars are distributed to clients via email.
• Financial Advisors: Consult with your financial advisor about the recommended cybersecurity concierge services offered by CAPTRUST through select partners. These services are designed to help you establish and maintain strong cyber hygiene practices.