It’s virtually impossible to go about our daily lives these days without doing things online in some fashion. Buying stuff, connecting with others, making travel plans; these are just a few of the many activities that the Internet has made both ubiquitous, simple, and quick. But with convenience comes risk. The downside is that if some miscreant can get hold of any of your personally information or passwords, the risk of having your identity and/or money stolen increases significantly. However, if you focus on doing just two things right, the odds of that occurring – at least within the current generation of technology – are greatly reduced.

The first thing to do is to protect yourself against phishing, a type of social engineering relying on deceptive email or text messages designed to trick you into revealing personal information (such as account numbers or passwords) or downloading malware. According to Akamai, a cybersecurity company, phishing is the most common source of cybercrime. In 2023 they estimated over 3 billion malicious emails had been delivered every single day! These messages use emotional appeals (fear, greed, curiosity) and/or a sense of urgency to psychologically manipulate you into responding. They may appear to be from your employer, the government, or a financial institution with which you do business. Or the sender’s address might look like that of a close friend, and the text might include some personal information further suggesting that the message is legitimate.

The way to protect yourself from this risk is to treat every email as a possible fake. Do not respond or click on any embedded link without first following these steps:

• Hover the cursor over the sender’s email to determine if it appears to be legitimate. (Even if it does, email addresses can be spoofed.)
• If the message appears to be from a company or institution, look for any misspellings or grammatical errors.
• If the message appears to be from a friend or family member, make sure the style and grammar is familiar and consistent.
• If in any doubt, do not respond. Delete the message.

What if the message appears to be legitimate after the above checks? Do not provide any personal information in your response regardless of whom it’s from. Email is an unsecure medium.

What if the message has a link or attachment? Before clicking on it:

• Hover the cursor over the attachment link without clicking to determine if the address appears to match the sender’s address. If it doesn’t, delete the message without responding.
• If the message appears to be from a business or organization, do not click on the link. Instead visit the organization’s website by typing the address into your browser.
• If the message appears to be from a friend or family member, call them first to make sure it’s really from them.

A similar approach should be followed for phone text messages.

What’s the second thing you should do to keep yourself protected? Set up two-factor authentication with all online accounts. If you’re not familiar with the term, it’s a security measure that requires you to provide a second form of identification to gain access to your account. Most commonly it involves receiving a code via text message on your phone that you must enter after logging in. This simple approach makes it harder for someone else to access your account even if they’ve somehow gotten your password.

There are other more sophisticated tools and actions you can take to protect yourself online. But if you utilize just these two, you will likely reduce the risk of theft significantly.

(Artie Green is founder of Cognizant Wealth Advisors dba Perigon Wealth Management, LLC, a registered investment advisor. For more information visit cognizantwealth.com. More information about the firm can also be found in its Form ADV Part 2, which is available upon request by calling 877-977-2555 or by emailing compliance@perigonwealth.com).