Protecting Your Online Identity


With the increasing number of people conducting all sorts of business and personal tasks electronically, cyber fraud and identity theft are growing at alarming rates.  Identity theft is now the fastest growing crime in America, with someone’s identity being stolen every 2-3 seconds.  The financial sector continues to be a very attractive target.   There are a myriad of ways cybercriminals plan and carry out cyberattacks on unsuspecting victims.  Here are seven primary ways you can be vulnerable:

1. EMAIL ACCOUNT TAKEOVER: This method is also called e-mail hacking and is probably the most common way criminals steal personal information.  Once your e-mail has been hacked, the cybercriminal then impersonates you (sometimes very successfully) through the hacked e-mail account in an attempt to make wire transfer requests, steal personal information and passwords, spam your contacts, etc.  These attempts are not always easy to detect as fraudsters are getting increasingly sophisticated in their communications and strategies.

2. PHISHING: Cybercriminals pose as a trustworthy source requesting sensitive personal information via e-mail.  These phishing e-mails request private information such as user names, passwords, account numbers, social security numbers, etc.  Victims of phishing schemes may then have malware installed on their computers/systems or have their identities stolen.  Approximately 70% of cyber-attacks use a combination of phishing and hacking strategies.

3. MALWARE: Malicious software is installed on a computer or network when a user clicks unsafe links, opens infected file attachments, or visits websites containing malicious adware.  Malicious software is used to damage or disable computers and systems, steal data or gain unauthorized access to networks and files.

4. CREDENTIAL REPLAY: Cybercriminals obtain re-used usernames and passwords, test them in large numbers against financial institution websites and request fraudulent transfers with successful logins.  This stolen login credential information can also be sold to other cybercriminals on the dark web.

5. SOCIAL ENGINEERING: This tactic involves manipulating or impersonating others in an effort to persuade the target to divulge sensitive, private information, and then demanding financial transactions be executed to avoid consequences.   The cybercriminal commits fraud, steals money and then disappears.

6. CALL FORWARDING: Cybercriminals take over your cell phone number, reroute calls to their cell phone and subsequently impersonate you in an attempt to steal money.  Cybercriminals can easily do this by scamming phone companies into forwarding calls, cloning your phone identity or selling fictitious ringtones/apps/gadgets to gain phone access.

7. SPOOFING: Cybercriminals use fake e-mail headers so the message appears to be from a legitimate source with the goal of tricking recipients into opening or responding to the email.  Either opening or responding to spoofed e-mails often times leads to identity theft or subsequent fraudulent wire requests.

So, how can you protect yourself from these growing threats?  Here are some tips to keep you from becoming another target for cybercriminals:

1. BE STRATEGIC WITH USERNAMES AND PASSWORDS: Create passwords that are long and contain a variety of characters and mixed case letters.  Don’t use personal information in passwords that can easily be found online such as family names, birthdates, addresses, etc.  Change your password often and use two-factor authentication when available.

2. SURF SAFELY: Only use protected and trustworthy wireless networks.  Never use a public computer to access personal or financial information.  Do not click on unfamiliar website links in e-mails or on social media sites (Facebook is notorious for embedded malware in “news” stories).  Also, when surfing websites such as, be very careful when clicking article or pop-up news links, this site and many others like it contain malware within these links.  Be aware that secure websites begin with https and not http.

3. PROTECT YOUR FINANCIAL ASSETS: Review your credit card, cell phone and financial statement records as soon as they are available and contact the appropriate party about suspicious activity immediately.  Never send personal or account information via unsecured electronic means, this data should always be encrypted when transmitted over the web.  Also, never respond to unsolicited requests for personal information through phone, e-mail, or text communications.  These solicitations are almost always scams.

4. LIMIT WHAT YOUR SHARE ONLINE: Be selective about information you share on social media sites and always keep your personal information (address, phone number, birth date) private. Be sure to check privacy and security settings on social media sites frequently to monitor what’s being shared.  Providers like Facebook and others tend to frequently change the way these settings work, many times unbeknownst to the end user.

5. SAFEGUARD EMAIL ACCOUNTS: Exercise caution when reviewing unsolicited e-mails.  Never click on links, pop-up ads or open attachments in unsolicited e-mails, as they may contain viruses or malware.  It’s important to also be cautious when reviewing e-mails from known senders.  Many times, viruses or malware can be embedded in forwarded jokes, attachments or news article links, even from friends and family.  Always review e-mails with a critical and suspicious eye no matter where they come from.

6. KEEP EQUIPMENT UP TO DATE AND SAFE: Be sure the most up-to-date anti-virus, anti-spyware and patching software is installed on any device connecting to the internet.  Each device should be set up to run scans and updates regularly.  Dispose of old equipment safely by removing and wiping hard drives of all data and removing SIM and SD cards from your mobile device before disposal or destruction.

Be sure to check our firm blog and website regularly for updates and information,

*Special thanks to Charles Schwab for providing much of the information in this article.


  • Stacey Godwin

    Stacey has primary responsibility for the firm’s compliance program. As CCO, she also participates in overall firm management and steering matters. A MONTAG staff member since 1998, Stacey has served in various capacities over the years leading up to her current role. Her experience includes managing the client service team, client reporting, performance analytics, office technology, and overseeing the day-to-day operations of the firm.

    View all posts