It started innocently enough:

“Hello Andy! Hope all is well, please email the current value in my account as of close yesterday.”

I received this message from a client in the midst of a typical busy day. I think it’s safe to say we all get bombarded with various kinds of messages day-to-day.

But what was lurking behind this particular message, and may very well be among the many e-mails you receive, was a cyberfraud attempt. Cybercrime is a $10+ trillion annual business – larger than the combined sale of all illegal drugs worldwide.

Willie Sutton famously said he robbed banks because “that’s where the money is.” Cyber criminals attack those with financial resources because that is where the biggest scores loom.

How easy would it have been to simply reply and quickly provide our good client with an easy piece of information in order to move on to the next thing?

When you’re engaged in a business you cannot disregard messages out of hand – there’s a risk that it is real and no one wants to be unresponsive to a legitimate request.

Our policy at Proquility is to verbally confirm any e-mail request for confidential information, so my reply to this request suggested I would call our client on their cell phone.

The potential thief on the other end of this e-mail, likely a third world country Intelligence Officer who attacks Western institutions and, by night, moonlights as a cybercriminal, responded (all typos and broken English are included to demonstrate the tip off that this was fraud):

“Hello Andy! I understand you perfectly, i thought to give you a call as regards my request but we are visiting Yellowstone staying at a cabin where my phone service does not have the capacity to make a call, we will be home by ending of the month. feel free to email the current value Thanks!”

Subsequent calls to both client cell phones revealed what we suspected – they were not visiting Yellowstone and they had not sent a request for their account value. Clearly someone had co-opted at least one of their e-mail addresses and were likely sending messages out to financial institutions hoping for a vulnerability.

The vast majority of these fraud attempts do not work, but those that do can wreak havoc on your money, your identity, and your sense of security – we’ve seen it happen and it is devastating even if you don’t lose a penny.

Our message this month, at the risk of being repetitive, is to remind you that for all of the benefits of technology there is a dark side. It is almost always the intersection of humans and technology that creates the best opportunities to penetrate cyber defenses, so here are some quick reminders to avoid being victimized:

• If you’re too busy to pay close attention to any e-mail or text message reply you’re about to send, take a step back and take care of it when you can be more focused

• The e-mail sender may look legitimate at first glance, but if what follows after the “@” symbol isn’t recognizable, pause

• If you know the sender, you also know how they turn a phrase, spell, and use grammar – trust your gut when you see typos or grammatical errors that aren’t consistent

• When in doubt, use that fancy tech device tied to your hip to make a quick phone call and confirm verbally what is being asked of you in writing

This all takes some getting used to. No one wanted to wear seat belts when first introduced but today those simple devices regularly save thousands of lives. Taking the extra steps to keep cyber crooks out of your pocket requires some inconvenience, potential delays, and a few extra steps but it is, and will be, well worth it.

And of course – the return on your investments is meaningless if you lose your hard-earned money to a bad actor!

Wishing you a wonderful Fall!

Andy, Patty, and the Team