Editor’s note: This article is provided by the union’s legal department.
You’ve probably heard about serious data breaches that have occurred in recent years across the globe. These incidents have affected millions of people worldwide, crippled businesses and government agencies, and caused huge financial losses.
U.S. Secretary of Homeland Security Alejandro Mayorkas has warned that these attacks are on the rise, and that nearly everyone is at risk.
One of the most common types of digital breaches is known as ransomware. When a ransomware attack occurs, the criminal encrypts all of the user’s data, and then will not allow access to the data unless the business or individual pays a ransom. According to the Department of Homeland Security (DHS), more than $350 million was paid in the U.S. in ransom during 2020 alone. Related expenses (such as downtime and implementing new security measures) may have exceeded $20 billion.
Many of the losses experienced by individuals are the result of emails or text messages that are designed to trick the reader into clicking on a link or into providing certain information. This type of email is called phishing. Some hackers are skilled at using various techniques to steal personal data, including information about bank accounts, credit cards, other assets and general information about a person’s identity such as birth date, address and Social Security number. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes last year. However, there are certain preventive steps that will help you to avoid becoming a victim of these scams.
For instance, always examine emails carefully before clicking on any links, no matter how urgent the email seems to be. These are questions and considerations to keep in mind:
- Does the email claim to be from your bank or credit card company? Scroll over (but do not click on) the sender’s address carefully. Is it really from your bank or credit card company? Banks and credit card companies generally do not send emails about problems with an account; they will usually call. If you’re unsure, call your bank or credit card company using the number on your credit card (not the phone number in the email) instead of clicking on the link.
- Is it an email saying you won a prize, or you just have to provide certain information in order to claim a large sum of money? Why would this person contact you? If it sounds too good to be true, it’s probably false. Check the sender’s address.
- Is it an email or phone call that claims to be from the IRS saying that you owe back taxes, and threatening you with legal action if you don’t respond? The IRS does not send such emails, and they do not make threatening phone calls.
- Is it an email or phone call claiming that a relative is in trouble, and needs money urgently? Check with your relative to make sure they are ok, but these types of calls and emails are almost always scams.
- Is it an email that claims to be from an online retailer, contacting you about a problem with your order? Look at the sender’s address carefully. Is it really from Amazon, Costco, UPS or whoever it claims to be from? Is the company logo completely accurate? Are you actually expecting a package from that retailer? Is the order number correct?
- Does the language of the email sound like the person or company it is supposed to be? Are there grammatical mistakes or misspellings? Is the language awkward? These are often signs that the email is not genuine.
Usually, scam emails and phone calls will try to make you feel urgency to act quickly. Common tactics by the scammer include threats of legal action, account closure, or forfeiture of prize. Realistically, there are very few situations so urgent that you cannot take the time to carefully review the email and verify who really sent it. If in doubt, look up the phone number for the company or person who supposedly sent the email, and confirm whether or not it is genuine. Do not click on any links or provide any information.
It is also important to maintain strong passwords for all of your personal accounts so that cyber criminals cannot easily crack your password and access your account. A strong password should not contain personal information (like your birthdate or your spouse’s name) and should not be a single word that appears in the dictionary. Strong passwords should be longer and complex.
One method to create a suitable password that you can easily remember is to make up a sentence, but substitute numbers and special characters (#, !, *, etc.) for some of the letters, or put them in between the words. There are various websites that you can use to test your password’s strength. These are just a few suggestions to avoid becoming the target of cyber criminals. The following is a link to an article from the Federal Trade Commission regarding other steps you can take to protect yourself from these scams:
Internet criminals are constantly coming up with new ways to trick people, so it is important that you pay close attention to emails, maintain strong passwords and change your passwords from time to time.