How Clients Can Protect Themselves

Explore tips to enhance your cybersecurity, become aware of the common scams, and learn about actions to take if you become a victim of a cyberattack. Utilize our cybersecurity checklist to ensure you apply these critical approaches to boost your security.

Explore Cybersecurity Checklist Explore Client Protection Explore Cybersecurity Program

Tips to Boost Your Cybersecurity

Explore the tips below to enhance your cybersecurity and learn about the significance of harnessing these techniques.

Setting up a username and password on laptop.

Establish Strong, Unique Passwords & Apply Effective Password Management

A strong password is at least 12 characters long – implementing upper- and lower-case letters, numbers, and symbols.
Utilize different passwords across accounts to minimize account exposure with a password breach.
Periodically change your passwords across your accounts, especially after a suspected compromise, and never share your passwords with others.
Memorize your passwords or store them securely.

Routinely Review & Update Your Software to Ensure It Is the Most Current Version

Confirm that your installed software, operating system, and web browser are the latest versions. The latest versions of software fix bugs and provide the greatest protection against potential vulnerabilities.
If possible, enroll in automatic updates for your software and consistently restart your devices so that updates are fully implemented.
If you’re unsure how to check if your software is the latest version or how to enroll in automatic updates, review resources from your vendor or research steps online.

Email message warning user about using caution when opening an email from an outside organization.

Practice Caution & Verify Sources

Practice caution when visiting new websites, opening emails from unknown senders, clicking unfamiliar links, downloading software, and installing apps.
Ensure apps are downloaded from reputable places like Google Play or Apple’s App Store, as malicious apps can steal your data or infect your device.
Verify the authenticity and security of sources before clicking or downloading any links, attachments, or software.
- Look for clues such as a sense of urgency, grammatical errors, generic messaging, unusual tone, or suspicious requests when assessing the authenticity and security of a source.
- Hover your mouse over links (do not click) to see where they will direct you if clicked.
Only take action with known, reliable sources. If a source seems unreliable or suspicious, avoid any action.
To determine the authenticity or security of a source, use known and trusted contact methods to verify them directly.

Businessman installs antivirus software.

Install Antivirus Software with a Firewall from a Reputable & Strongly Reviewed Vendor

Antivirus software and firewalls protect against malicious threats. Antivirus software prevents malware (malicious software) and viruses from penetrating your devices and threatening your data. A firewall provides defense from hackers, viruses, and other threats that occur over the internet by guarding the internet activity entering your device.
Ensure your devices (TV, Wi-Fi routers, etc.) are up-to-date and secure with the latest software updates by referring to your provider's manual and installing updates as they are made available.
Consider disconnecting devices that are no longer in use, as they can become routers for bad actors to hide their identity by routing traffic through that device.

Opt Into Two-factor Authentication

Two-factor authentication is an additional layer of security beyond solely username and password. It requires a second form of verification, such as inputting a code sent to your personal device, to ensure fraudulent parties cannot access your accounts. Therefore, even if a cybercriminal gains access to your password, they cannot access the account without the second verification method.

Person using Virtual Private Network technology on laptop computer.

Consider Use of a VPN from a Reputable Vendor

A Virtual Private Network (VPN) boosts your cybersecurity protection by encrypting your internet activity and protecting your online privacy. It increases your security against external attacks and disguises your IP address – hiding your location.

Businessman on his tablet at the aiport.

Exercise Caution When Using Public Wi-Fi

Public Wi-Fi lacks security: therefore, it is a common access point for cybercriminals to attack.
Common attacks by cybercriminals include routing your internet activity through themselves to steal your data, connecting to your devices, or malware attacks.
Refrain from sensitive activities, like online banking, when using public Wi-Fi. If you have to use public Wi-Fi, verify the exact spelling of the public Wi-Fi, as hackers will create a similar looking Wi-Fi access point (i.e., network name). In addition, consider use of a VPN while on a public Wi-Fi network.

Cloud like filing cabinet with folders stored.

Frequently Back Up Your Data

Valuable data can be lost in a ransomware attack when cybercriminals gain access to and hold the only source of data hostage. Cybercriminals can gain access through victims clicking malicious links or downloading malware.
Data can also be lost if you are required to reset your devices to remove viruses.
Therefore, you should regularly back-up important files and store them in a secure location, such as the cloud or an external hard drive, to avoid potential data loss.

Person using mobile smartphone sending text messages.

Be Prudent with the Information You Share Online

Everyone can be a potential target to cybercriminals; therefore, we must exercise careful judgment with the information we share, especially through social media. What we believe to be harmless information can be a valuable clue to cybercriminals.
Refrain from posting sensitive information, such as your phone number, home address, date of birth, or any other personally identifiable information (PII). On social media, strengthen your security by setting your privacy setting to limit who can see your posts. The data you post on social media can be used as content to trick you in a phishing email.

Financial fraud alert message on smartphone.

Regularly Monitor Your Accounts for Suspicious Activity & Properly Dispose of Sensitive Information

It is important to review your bank accounts, credit card statements, and any other financial accounts for suspicious activity. If any suspicious activity is noticed, report it to the appropriate institutions immediately.
Review your accounts for any unauthorized changes to your settings, such as contact information changes or changes to verification method.
Enroll in alerts or notifications offered by these accounts. They can help you monitor your accounts and detect unusual activity quickly.
Destroy sensitive information, such as paper financial statements, by methods such as shredding. If possible, opt into electronic statements to reduce the number of hard copies with sensitive information.

Women reading her laptop screen with a confused look.

Be Alert for Social Engineering Scams

Social engineering is a method used by cybercriminals to deceive an individual into sharing sensitive or compromising information.
The most common modes for social engineering are emails, phone calls, or text messages. Be vigilant towards suspicious communications and never share sensitive information with unknown sources.
Common scams involve a family member needing money to get out of jail, the IRS claiming you owe back taxes, and other "urgent" scenarios like your bank account was compromised.

Person at the charging station of an airport, plugging in their phone.

Never Use Unknown External Devices

External devices, such as a wireless mouse or USB drive, can contain viruses and malware. If plugged into other devices, these external devices can infect other devices. Therefore, you should never use unknown external devices.

Common Cyber Scams

Learn about the common cyber scams.

Phishing & Smishing Scams

Phishing remains one of the top security risks companies face today.

Phishing scams are fraudulent attempts to obtain valuable personal information (payment information, passwords, social security numbers, etc.). The senders disguise themselves as reputable sources, like a company or organization. Phishing can occur through several types of communication, such as emails, phone calls, QR codes, or text messages—a phishing technique known as "smishing."

Smishing uses text messages (SMS—Short Message System) sent to your phone through messaging apps, such as iMessage and WhatsApp, to lure victims into sharing personal information or clicking malicious links. Smishing takes advantage of the ubiquity and immediacy of mobile devices and text messages. Research shows that people are more likely to click links in text messages than in emails.

Both phishing and smishing are social engineering attacks that rely on psychological manipulation (such as creating fear, curiosity, or urgency) and technological tricks (such as spoofing familiar numbers) to deceive victims. Scammers employ these tactics to gain access to personal or confidential data.

Set of three phones displaying scam package delivery text messages.

To Prevent Phishing / Smishing Scam Attacks:

Scrutinize all communications that ask for personal information, avoid clicking on unknown links, and refrain from downloading attachments from unfamiliar sources. In addition, be extra cautious when using QR codes. If a QR code takes you to a credential screen, verify the accuracy of the QR code with the business before entering your login ID and password.
Before taking any action, verify the credibility of the source through another known means.
Be cautious of messages that include a sense of urgency, such as asking you to confirm personal information or threatening consequences if you don’t act quickly.

Malware Attacks

Malware attacks seek to install malicious software on a computer or device. Once installed, the malware can be used to steal information on the device or take control over the device.

To Prevent Malware Attacks:

Utilize an antivirus software from a reputable provider and regularly update your operating systems and applications to ensure the latest security features are installed.
Do not download material from suspicious or unknown sources.

Ransomware Attacks

Ransomware attacks aim to gain control of a user’s valuable files stored on their devices. Once a victim clicks on a malicious link or website, a ransomware attacker will infiltrate a victim’s device and encrypt files, preventing the victim from accessing the information. The attacker will then demand payment from the victim in exchange for access to the files.

To Prevent Ransomware Attacks:

Do not engage in communication with suspicious or unknown sources. Never click links or download files from unverified sources.
Furthermore, back up valuable files by storing them through sources outside your devices, such as the cloud or external hard drives.

Cyber criminals phishing stealing private personal data, user login, password, document, email, and card.

Identity Theft

Identity theft is when a criminal steals a victim’s personal information, such as their name, date of birth, address, or social security number, and poses as the victim in order to commit fraud or theft under the victim’s identity.

To Prevent Identity Theft:

Sharing online

An individual should never share sensitive or personal information online and should limit engagement with unknown sources.

Freeze your credit & set alerts

Freeze your credit and that of your children. Set alerts with credit reporting agencies to notify you of any changes to your account.

Shred documents

Shred documents containing sensitive information before disposing of them.

Investment Scams

Investment scams defraud victims by convincing them to invest in fake or fraudulent opportunities, such as Ponzi schemes.
The scammer will often go to great lengths to make the fraudulent opportunity appear legitimate.

Businessman studying his laptop screen with concern.

To Prevent Investment Scams:

Scrutinize all unsolicited investment opportunities, perform research to determine the legitimacy of the opportunity, and consult with reliable third parties to examine the opportunity.

Credit Card Fraud

Credit card fraud occurs when a criminal uses a victim’s credit card information to make unauthorized purchases.

Credit cards with an open lock and chain. Protect your credit cards concept.

To Prevent Credit Card Fraud:

Never share your account information with unknown sources, only transact with trustworthy sources, and regularly monitor your account statements.
If possible, enroll into notifications that will alert you when your credit card is used. A credit card company will never ask you to confirm your password.

Online Shopping Scams

Online shopping scams deceive individuals into purchasing goods that they never receive, goods that are stolen, or goods that are falsely advertised or counterfeit.

Person using their credit card information to make an online purchase via laptop.

To Prevent Online Shopping Scams:

Scrutinize offers that seem too good to be true, only transact with trustworthy and reputable sellers, and utilize payment methods that provide buyer protection. Never purchase from ads listed on social media sites.

Tech Support Scams

Tech support scams involve scammers posing as tech support to convince victims they falsely need technology services. The scammers use this deception to gain access to devices or fraudulently charge individuals for their fake services.

To Prevent Tech Support Scams:

Scrutinize messages or random phone calls offering technical support.
Never provide remote access to your devices unless engaging with a trustworthy vendor.

Business Email Compromise (BEC) Scams

In a Business Email Compromise (BEC) scam, criminals posing as real people send emails with legitimate-seeming requests. Examples include a vendor sending an invoice with a new mailing address, a CEO asking for gift cards, or a homebuyer receiving wiring instructions from a title company. Common tactics cybercriminals use in BEC scams include:

Email spoofing: Business emails could be compromised, or they may use an email with slight changes to make fake accounts look real.
Spear phishing: Targeted emails to trick victims into revealing sensitive information.

Victims should report BEC scams to the FBI’s Internet Crime Complaint Center (IC3) and contact their financial institution immediately. For more information on BEC scams, visit Business Email Compromise—FBI.

Businesswomen observing her laptop screen while concerned on a phone call.

To Prevent BEC Scams:

Discuss the risks of BEC scams with co-workers or employees.
Don’t click on unsolicited emails or texts asking to update account information—verify the request by contacting the company directly.
Check email addresses, URLs, and spelling for slight variations that may indicate a scam.
Be cautious when downloading attachments, especially from unknown senders.
Specifically for businesses, verify payment requests, changes in account numbers, or payment procedures with the person requesting, either in person or by calling the person directly.
Be wary of urgent requests that push for quick action.

Social Engineering Scams

Social engineering scams trick people into sharing sensitive information or transferring money by capitalizing on the victim’s trust or emotions.

Person holding phone displaying an IRS scam call.

To Prevent Social Engineering Scams:

Do not respond to unsolicited messages or phone calls from unverified sources. Never exchange sensitive information or transfer money unless you are certain the source is legitimate and trustworthy.

Be wary of urgent requests that need immediate action to avoid a negative consequence. For example, someone impersonating the IRS claiming you owe taxes.

Phone displaying online dating site and credit card phishing. Romance and Phishing Scam Concept.

Romance Scams

Romance scams are an attempt by cybercriminals to form disingenuous online romantic relationships with victims to exploit their emotions for gain, such as exchanging money or valuable personal information. These cybercriminals may communicate through email, social media, or dating websites and will utilize fake photos and personal information.

To Prevent Romance Scams:

Practice caution with unsolicited messages

If a person randomly contacts you online and shows romantic interest very quickly, it may be cause for concern.

Verify with research

Perform online research (Google) to verify the legitimacy of the romantic interest’s name, photos, or other information they have shared.

Do not share sensitive information

Do not share sensitive personal information or send payments to people you have only met online.

Be alert for inconsistencies

Be alert for and probe any inconsistent information that the person shares. This may be a sign that they are not who they claim to be.

Meet in person

If communications advance, meet in person to corroborate their identity. First, ensure you have exhausted the online tools to verify their identity. If you still decide to meet in person, meet in a public place and/or ask a friend or family member to accompany you for the initial visit.

Concerned man looking at his mobile phone.

Family Imposter Scams

Family imposter scams involve cybercriminals posing as a victim’s family member to deceive the victim into a course of action, such as transferring money or sharing valuable personal information. A common scheme is a cybercriminal contacting a grandparent and impersonating their grandchild who needs financial assistance. The scammer will portray a sense of urgency to get the victim to act quickly without thinking thoroughly.

To Prevent Family Imposter Scams:

Verify their identity

Confirm the person contacting you is a friend or family member by testing them with a personal question or creating a code only a trusted source could answer.

Evaluate the urgency

Scrutinize the urgency of the request and refrain from sharing personal information with unexpected communications. An “out of the blue” request for urgent personal information may be a red flag.

Communication channels

If possible, verify the request for personal information or a transfer of money through other communication channels. For example, if you receive a request through a suspicious email, call the individual directly with a phone number you already know to verify the request. Requests through unusual channels, such as social media, may also be a red flag.

What to Do if You Are a Target of a Cyberattack

Learn about actions to take if you become a target of a cyberattack.

Man on the phone contacting help to report a cybersecurity attack.

1. Contact legal authorities

You should report your attack to the appropriate authorities, such as the police. They will be able to provide guidance, help remediate the situation, and walk you through the next steps.
If your Social Security number, tax-related information, or identity has been compromised, immediately contact the Social Security Administration (SSA) at 1-800-772-1213 and the IRS at 1-800-908-4490 (for the IRS Identity Protection Specialized Unit). These organizations can help you issue fraud alerts, protect your identity, and prevent future identity theft or tax-related fraud. Acting quickly can prevent further misuse of your personal information.

Credit cards with a closed lock. Protect your money concept.

2. Contact your financial institutions

If the attack involves information that could impact your financial accounts, contact your bank or credit card company to report the incident. They should be able to provide guidance and can freeze your accounts.

Meter detecting risk on a low to high scale.

3. Assess the situation

Determine the scope and severity of the attack — What is the value of the information or access that was stolen? What assets, such as accounts or devices, are now at risk due to the attack?
If personal financial information is affected, take immediate action to resolve the situation.

Warning label appears in front of a new message.

4. Identify the type of attack and pinpoint the instrument of attack

Your response to an attack will be determined by the type of the attack. For example, if it is a phishing attack, you will be required to detect and delete the malicious communication. If it is a malware attack, you will need to isolate the impacted device by disconnecting it from your network.

Businessman isolating a red, infected piece from a Jenga tower.

5. Isolate the exposed device

If it is suspected that a device is infected, isolate the device by disconnecting it from the network and/or the internet. Disconnecting the device will limit the potential of an infection from spreading to other devices and also block any communications from the infected device over the internet.
If you suspect that the attack is across several devices, then disconnect each device.

6. Create new passwords for your accounts

Determine which accounts may have been compromised and change their passwords. Ensure that the new passwords are strong and unique. It may be appropriate to change passwords on all vital accounts if there is uncertainty on whether or not these accounts were exposed in the attack.

Phone message concerning an unauthorized credit card transaction.

7. Review your accounts for unauthorized changes

As a result of the attack, the cybercriminal may have gained access to your accounts. Therefore, you should inspect your accounts for unauthorized changes. Examples of unauthorized changes include changes made to login credentials, verification methods, or contact information. If any changes are detected, reverse them immediately.

Laptop message shows it is secured after running an antivirus software.

8. Run a scan using your antivirus software

The cybersecurity attack could have installed malware or infected your device with a virus. Therefore, you should run an antivirus scan of any infected or potentially infected devices. Your antivirus software should have the capability to remove any malicious software or files from your devices.

Explore More Information About Cybersecurity

Cybersecurity Checklist

Defend yourself from the new risks and vulnerabilities of cyberattacks. This checklist outlines strategies in several key areas to improve your cybersecurity.

Explore Cybersecurity Checklist

How Fort Washington Protects Clients

We partner with our parent company, Western & Southern Financial Group, to ensure information security is a top priority.

Learn About Client Protection

Cybersecurity Program

In our tech-driven world, cybersecurity is a critical part of any successful company. We strive to achieve and maintain the highest level of security, through a comprehensive cybersecurity program.

Learn About Cybersecurity Program

Overview