Cybersecurity Awareness Month: How to Protect Sensitive Information Online

The threat of cyber fraud continues to prevail online, and it continues ramping up thanks to advancements in artificial intelligence (AI). Despite this, there are still safety measures you can take to ensure you do not become a victim. 

October is Cybersecurity Awareness Month, which is a great time to make sure your fraud-fighting skills are primed to stay safe in cyberspace. ACFE Research Director Mason Wilder, CFE, shared insights into cyber fraud and other cybersecurity threats for consumers and organizations, what to know about data breaches and proactive measures you should have in place to protect your financial information online. 

What are some common cyber fraud threats right now? 

“A lot of the traditionally impactful cyber fraud schemes, like social engineering, phishing and scams, like investment scams, are some of the most prevalent right now,” said Wilder. “They just look a little bit different thanks to enhancement from artificial intelligence tools and technologies that have been made very easily accessible for the general public.” 

Wilder shared how cyber fraud schemes are getting more sophisticated and automated thanks to AI. Fraudsters are now able to target even more people at once, and their schemes are becoming more convincing, even if they are from a different country or speak a different language than you. 

“[The schemes] would often result in poor language in emails, text messages or phone calls, and that was a red flag,” said Wilder. “But thanks to ChatGPT and other large language models and voice cloning or voice generation technologies, these kinds of red flags are no longer applicable.” 

In the coming months to years, Wilder sees many of the same type of scams we are seeing now happening on a larger scale. He noted how digital assets and cryptocurrencies will continue to be exploited, and the instances of romance fraud and impersonation scams will increase. 

“I think we will get some different versions of pig butchering,” said Wilder. “Once pig butchering gets to a point where there is enough awareness in the general public about the way those scams work, the attackers are just going to pivot a little bit and come up with a different scam to convince people to hand over their hard-earned money.” 

How can people protect themselves from cyber fraud? 

“Be skeptical of everything and every digital interaction,” said Wilder. “Every digital interaction carries some cyber fraud risk — even, phone calls, text messages and communications with numbers that you think are your acquaintances or loved ones.” 

If you receive a request for money or information, Wilder cautioned that you should verify the request through a trusted channel before sending money or anything else of value. If someone asks you to put money in a crypto ATM, “Stay away from crypto ATMs, period,” Wilder emphasized. “If anybody asks you to go put money in a crypto ATM, that is a humongous red flag. Just do not do it.” 

What cyber threats are companies facing? 

Wilder said ransomware remains a concern for most organizations, but cyber threats vary depending on your industry, organization size and many other factors. For instance, financial institutions and financial services businesses are currently combatting synthetic identity fraud, account takeovers and new account frauds from many different avenues. 

“People are using AI and deepfakes to either bypass authentication protocols or open new accounts that can receive funds from other illicit activity, including other types of fraud,” Wilder warned. 

Other cyber threats that organizations face include: 

1. Social engineering and business e-mail compromise: “People in organizations that have the ability to authorize wire transfers are at particular risk of being targeted with those types of attacks,” Wilder noted. 
   
2. Unauthorized access of company or organization networks for fraud-related reasons: Hackers may try to steal intellectual property or observe employee communications for future impersonations or targeted social engineering schemes. 

Organizations of all sizes can stay ahead of these threats by putting in place anti-fraud programs or controls. 

“The more that you have data about your customers that could be used in fraud schemes, the more at risk you are of suffering a data breach or some kind of account takeovers or unauthorized access that gives the bad guys access to your customers' data that they can put to use in a number of different fraud schemes,” Wilder stressed. 

Data breaches and the power of unique passwords 

Data breaches continue to impact businesses, but does this always spell trouble for their customers?  

“What it means for consumers is that their private information is available to bad guys and that means that they are at an increased risk of identity theft-related fraud,” said Wilder. 

This becomes a problem if people reuse usernames and passwords for different online accounts. That is because cyber attackers will try out usernames and passwords on different accounts to access financial information stored in those accounts and use it. 

If you suspect you have been a victim of some kind of cyber fraud, or someone may have accessed your information in a data breach, Wilder recommends changing your password immediately and making sure that password is not being used for other accounts. 

“On a semi-regular basis, just change passwords to accounts to reduce your vulnerabilities. Do this about a couple times a year or quarterly,” said Wilder. “The longer you keep a password active and the more you use that password across accounts, the higher risk you are facing of being a victim of cyber fraud.” 

Proactive financial protection 

There are a lot of safety measures you can take ahead of time to make sure your finances remain intact should you fall victim to a cyber scam in the future. 

Ways You Can Protect Yourself: 

1. Use a credit card: Instead of using a debit card for online and other transactions, use credit cards as they have better fraud protection than debit cards. 
2. Explore your payment options: Many card issuers and banks offer unique options like virtual credit card numbers. “Those are one-time use credit card numbers,” said Wilder. “If you know that information does get intercepted or the retailer that you buy something online from suffers a data breach, then that single use credit card number is of no consequence to you for future use or vulnerabilities.” 
3. Check your accounts regularly: Keep a close eye on your bank accounts and any payment card accounts you have. Wilder recommends reviewing your bank statements every one to two days to catch any suspicious charges early and report them for a better chance of recovering funds. 
4. Take advice from your financial institutions: Listening to all advice and guidance from your financial institution, especially when it comes to scams and red flags, is important. “If your bank is reaching out to you saying, ‘Be on the lookout for this scam,’ it's worth taking a couple minutes to read the guidance because they're not sending it for hypothetical reasons,” Wilder shared. “[The financial institutions] are experiencing this and seeing it in their customer accounts and that is why they are warning you. Pay attention to that and just stay cautious and on the lookout.” 
5. Freeze your credit: Keep your credit frozen most of the time, unless you have specific plans to use it or apply for some new line of credit. This is one tip that Wilder reiterated throughout the conversation. “If you have a credit freeze in place, nobody can take your stolen information and get a new credit card, open up a line of credit with a retailer or apply for a loan in your name,” noted Wilder. “That is a really easy way that you can prevent your credit from being ruined [by] identity theft.”