Fakes, Fekus and Frauds

Amar Pandit , CFA , CFP

On Sunday night, I got a call from 12 friends and well-wishers in a span of a few minutes. I returned a few calls and all of them said “Your Facebook account has been compromised or hacked. This guy is now chatting and asking for Rs.30000 through Facebook Messenger”. I immediately went online and realized that my Facebook account was not hacked but someone had created a Fake Profile using my photo. This guy then sent friend requests to some of my existing contacts (a gap in my security /privacy settings) and some of them had accepted his request. However, they were alarmed as soon as he started asking for money.

This is a common modus operandi like the one shown in the serial Jamtara on Netflix and falls under something called Wire Fraud (people asking you to wire money to an account). The unique thing that this guy did was say “PayTm Karo” to his account number. You would be surprised (rather shocked) to know the reported (to FBI) US Wire Fraud number of 2019. The number was $ 1.7 billion (Rs.12,500 Crore). Now this is only the reported number, so one can only imagine what the unreported numbers can be. FBI to their credit managed to recover more than ($300 million = Rs.2200 Crore), but more than 75% of the money will never be recovered. Cybercrimes are not only getting bigger, and creative but they are increasingly becoming common. The stuff that we had thought only happens to others is now staring at us in the increasingly online world that we now live in. Thus, cybersecurity becomes so critical and there are many simple steps that we can all take to protect our loved ones and ourselves. A point to note is that cybercrime is a very broad topic including ransomware, malware, security breach, identity theft, cyber extortion and is beyond the scope of this post. The objective of this post is to share some simple yet powerful steps each one of us must take today to live safely in an online world. Just like we secure our homes and ourselves, we should secure our online homes and our online world.

  1. Set at least a 12 Character Password

    I can tell you how important and critical this one step is. Yet many of us including me earlier did not bother on creating a complex password. We always kept a simple password that was easy to remember and most of the time the password would be 7-9 characters. According to cybersecurity experts, any 7-character password can be cracked in 9.5 minutes, an 8-character password in 4 hours 7 minutes and a 9 character one in 4 days 11 hours. On the other hand, a 10-character password would take 3 months but even a simple 12-character password will take 2 centuries to crack. A complex 12-character password is thousands of years away so you can take birth several times and yet find your complex 12-character password intact. The more the better but even a simple 12-character password saves the day for you.  This simple step is worth a million bucks.

    All it takes is a few minutes for you to change all your key passwords for your Email, Social Media, Banking/Financial Services, and Online Shopping Accounts. Change it Today.

  2. Enable Multi Factor Authentication (MFA)

    Multi Factor Authentication is an electronic authentication method in which a device user is granted access to a website/application only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism. The 3 types of factors are

    a. Knowledge – something only the user knows

    b. Possession – something only the user has – such as your mobile phone
    c. Inherence – something only you are – fingerprint, eye scan, voice etc.

    Credit Cards have a 2 Factor Authentication (a type of MFA) wherein you first enter all your credit card details and then you get a text on your mobile (something you have) with a 6 digit code to enter. Bank account transactions have this too. You should enable this for all your online accounts so that if someone gains unauthorized access to your password, they won’t be able to log in to your account from any other device (than the ones you have been using) without this 2nd factor. Do this for your email and social media accounts Today.

  3. Do not blindly accept Friend Requests

    Let us say you got a friend request. First think if this person is already a friend. If he /she is, check on the new friend request and see whether this is a fake account. You will easily be able to know this. Reject the request. Period. Prevention is better than cure so just reject it.

  4. No one you know will ever ask money online. No one will also call you and give you Free Money.

    When in doubt (a friend requesting money), kindly call and ask. Do a video call if necessary. Never ever wire money to any such request even if you have won 1 million dollars.  Be Smart and ask yourself “Is this likely?” I was overwhelmed to see the prompt response of so many friends and well-wishers.

  5. Use a Password Manager application such as 1 Password, LastPass, Keeper etc.

    They not only securely store all your passwords but help you to create a unique and strong password for every website you use. Make sure that you create a complex 12+ character password for your password manager.

  6. Finally a few parting thoughts.

    a. Never click on unknown links.
    b. Do not post any sensitive information on social media sites. Be careful of what you post on social networks. Do not send sensitive information even via email.
    c. Cancel unnecessary credit cards.
    d. Use Credit Cards and Not Debit Cards whenever possible.
    e. Never respond to unsolicited emails or click here and there. It is fine NOT to have Inbox (0).
    f. Backup your system as much as possible. Even if your device gets lost you can remotely wipe all your data
    g. Get anti-virus protection and keep it updated
    h. Download and stream from proper sites only
    i. As I have mentioned above the best is to pick up the phone and talk.

The above is by no means a comprehensive list, but it is a great few simple steps and rules that can give you peace of mind as you navigate the digital landscape.

By the way, I have written about protecting yourself from Fakes and Frauds. You might wonder what about the Fekus. Sadly, there is no Anti Feku Virus yet, but we continue to find them everywhere. When I think of Fekus, I am reminded of a short, but brilliant (not to mention funny) book titled “The Basic Laws of Human Stupidity” that I will discuss in one of my future columns. In the book, the author “Carlo M.Cipolla” has a law that reads “ A Stupid Person is the Most Dangerous type of person .” The corollary of the Law is that “A Stupid Person is more dangerous than a Bandit.” When a Bandit does something, he benefits, and the other person loses. Even if all members of a society were perfect bandits, the society would remain stagnant but there would be no major disaster. When stupid people are at work, everyone Loses. Likewise, when Fekus are at work, everyone loses. For now, all I can just say is “Be Aware of the Fekus and protect yourself from them, the Fakes and the Frauds.