Good Fellows
Security & Fraud Awareness
With the world ever-more connected, digital vulnerabilities have become a magnet for unlawful individuals looking to exploit and steal sensitive information for personal gain. Cyber criminals and fraudsters are becoming more cunning and deceptive, using manipulation techniques to trick people into engaging with suspicious links, downloading dubious attachments, or accepting questionable social media connections. Such strategies often serve as conduits for acquiring sensitive information. These fraudsters may impersonate trusted organizations such as the Sovereign Wealth Fund Institute (SWFI) or the GOOD Fellows Initiative, creating false websites, sending deceptive emails, or making scam phone calls to elicit monetary payments.
The GOOD Fellows Initiative, as part of the SWFI, prioritizes cybersecurity and fraud prevention, implementing programs and technical safeguards to protect member accounts and information. To enhance your personal cybersecurity stance, we provide the following information about cyber threats and guidelines to prevent you, your loved ones, and your employer from becoming victims of cyber-attacks or fraud scams.
Recognizing Cybersecurity Threats
Any entity or individual can fall victim to cyber criminals. Here are some common strategies and attack types these actors use:
Deceptive Emails and Websites
An unassuming email from your bank or preferred retailer might actually be a covert attempt to steal your identity or personal information. “Phishing” is a popular method used by cyber criminals, employing deceptive emails or fraudulent websites that mimic reputable ones to gather personal and financial information or infect your system with malware and viruses. This stolen data can be used to commit identity theft, credit card fraud, and other crimes. Phishing can also occur via phone and is becoming increasingly common on social media and professional networking sites.
When you click a malicious link, you may unintentionally install malware on your device. Malware is software intentionally designed to harm a digital device. Viruses, the most common form of malware, are typically designed to provide criminals with access to the infected devices. Ransomware, another prevalent type of malware, locks and encrypts a victim’s files, demanding a ransom to unlock them. This is essentially “digital kidnapping” of valuable data – from personal photos to client information, financial records, and intellectual property. Any individual or organization could be a potential target for ransomware.
Credential-based Attacks
If you use the same username and password combination across various websites or services, you’re particularly susceptible to this cybercrime technique where stolen account credentials are used to gain unauthorized access to various online accounts. Credential stuffing attacks often go unnoticed until funds are transferred.
Social Media Impersonation
Increasingly, criminals use social media to build relationships with victims and ultimately steal data. They often create fake accounts that appear to be official accounts for an individual or organization. Social media impersonation can also involve the takeover of real accounts. These accounts can be used for phishing activities or causing reputational damage to an individual or a company.
How You Can Protect Yourself
To safeguard yourself from such cyber threats, consider the following:
- Establish Secure Email Protocols: Emails remain a popular entry point for hackers. Avoid clicking on links or opening attachments from suspicious-looking emails. Verify sensitive information, such as wire instructions, in person or by telephone. Typically, the GOOD Fellows Initiative and SWFI will never send wiring instructions via email.
- Use Strong Passwords: Employ complex, unique, and lengthy passwords to stave off attackers. It’s a good practice to use long, memorable, and hard-to guess passwords. Avoid reusing passwords. Consider using a password management application, such as LastPass, 1Password or Dashlane, to manage multiple complex passwords.
- Enable Two-Factor Authentication: Use two-factor authentication (2FA) for account login wherever possible. This adds an extra layer of security by requiring a secondary form of identification, often a PIN sent over text message or email. It’s most securely implemented via a hardware token or phone application. At the least, enable this for your email, cellular provider, financial websites, password manager, cloud file storage, and social media.
- Secure Social Media: Regularly review and adjust social media account settings to better control who can view your posted content. Cyber criminals often extract critical information about a target from social media sources. Be mindful of the potential risks associated with the information you post online.
- Minimize Your Online Footprint: Periodically review all your online accounts. Limit or obscure personal information on the internet, remove unnecessary data, delete unused accounts, and avoid sharing or reusing passwords across accounts to minimize exposure.
- Safeguard Critical Data: Know where all your sensitive personal information is stored. Ensure that your sensitive data is always stored encrypted, to prevent unauthorized access in case your device is lost or stolen. Consider having a second encrypted backup of your sensitive data, whether on a flash drive stored in a safety deposit box or in the cloud using a reputable service such as Dropbox, iCloud, or Google Drive.
- Protect Your Devices: Set up your devices securely, considering the potential risks if your device were stolen. Use a complex passcode as a backup to biometric security such as a thumb print or Face ID, and ensure your device is encrypted. Be sure that sensitive data, such as email, does not display on the lock screen.
- Regularly Update Your Software: Keep all of your software up to date. Apply software updates as soon as they become available. Consider enabling automatic updates where available.
- Secure Wi-Fi Access: Be aware that using public Wi-Fi can expose your communications and devices to risk. If you must use public Wi-Fi, consider a virtual private network (VPN) to protect your communications, especially when traveling and using public Wi-Fi at an airport or hotel. Alternatively, consider using a mobile hotspot to protect sensitive information. At home, use a guest network for visitors.
- Freeze Credit Lines: Prevent identity theft and minimize fraud risk by contacting major credit-reporting bureaus Experian, TransUnion, Equifax, and Innovis, to set a security freeze on your credit reports. Consider signing up for an identity theft protection service such as LifeLock, Kroll, or Experian, which also offers credit monitoring. Apply these suggestions to all family members.
Understanding Financial Fraud
Financial fraud occurs when someone illicitly obtains money or other assets from you through deception or criminal activity. Common examples of financial fraud include:
- Investment Scams: Investment scams involve coercing you or your business to participate in a financial transaction based on the promise of a dubious financial opportunity. Scammers often approach victims via email, websites, or phone calls, investing considerable effort to gain the victim’s trust. These “too good to be true” offers are typically low risk-high reward investments. To evaluate whether you’re the target of an investment scam, consider the following:
- How were you contacted? Any contact with the GOOD Fellows Initiative or SWFI will come from an official email address, not a free email account such as Yahoo or Gmail.
- Did you find the investment opportunity through an unrelated website?
- Have you shared your personal information on a non-affiliated website?
- Have you received unsolicited contact offering a low risk–high return investment opportunity?
- Does the communication contain numerous spelling errors or misprints?
- Have you provided photo ID or proof of address documentation? If so, consider notifying the organization that issued them and
- contacting your regional fraud prevention service. Did you feel pressured into transferring money to avoid missing an opportunity?
- Identity Theft: Identity theft happens when someone steals your personal information and uses Federal Trade Commission, FINRA, Anti-Phishing Working Group, Better Business Bureau.