Web Content Viewer


Are You Vulnerable to Financial Cybercrime?

Aug 04, 2020 5 min read Sheila Olsen

Key Takeaways

  • 13 million Americans were victims of financial cyberfraud in 2019.
  • Children are easy targets for identity thieves.
  • COVID-19 has opened the door to more cybercrime.


Financial cybercrime is a global crisis, costing hundreds of billions of dollars a year. In the U.S. alone, 13 million consumers fell victim to identity fraud in 2019. While that total has fallen recently, the price tag ($16.9 billion in losses last year) has been rising.1 Experts say the COVID-19 pandemic has opened the door even wider for cybercriminals.2 And their tactics grow more sophisticated every day.

It's no wonder, given the number of "fraud delivery systems" the average American uses: mobile phones, tablets, laptops, banking and payment apps, electronic health records, social media platforms, and even smart speakers and home devices.


If you think financial cybercrime isn't something that happens to people like you, think again. You've probably never even considered all the novel ways you're vulnerable to financial fraud. Here are just a few:


First there was phishing, with criminals sending emails that appear to be from reputable businesses — often ones you already have a relationship with — to get you to reveal sensitive personal information. (Bad guys also set up phishing websites — often, these days, with a coronavirus theme — that can send dangerous malware into your computer.3)

But another threat is smishing, an evolved cousin of phishing. Instead of emails, the fraudsters send SMS text messages to your phone, typically in the form of an urgent alert from your bank or credit card company. One of the most common (and ironic) smishing attacks informs you that your credit card is locked due to suspected fraudulent activity — and asks you to reset your PIN or passcode. Once you click the link to do so, the criminal steals your account information.

What you can do:

Delete and block any text messages that come from numbers that aren't in your address book. Use your financial institution's app to manage your account and configure it to accept notifications. Although it's not 100% foolproof, notifications through your bank's mobile app are significantly more secure and reliable than SMS texts.


How often do you pay for gas at the pump or withdraw cash from an ATM? Every time you do, you're potentially in the crosshairs of a skimming attack.

Skimming involves attaching a device to the card reader at the pump that captures your credit card data. ATM skimming devices usually include a pinhole camera or touchscreen overlay that captures your PIN, as well.

The FBI estimates Opens in new window that skimming costs consumers over $1 billion a year.

What you can do:

Aside from checking your bank and credit card accounts on a regular basis, it's very difficult to prevent criminals from skimming your information. Although it's not as convenient, pre-paying inside the gas station significantly decreases your risk. Avoid ATMs that aren't in well-trafficked, well-lit areas. Criminals avoid detection by placing skimming devices on ATMs in out-of-the-way places.

Child identity theft

People like to think of identity theft as an adult problem, but thieves tend to target children more. A 2018 study found that 39% of notified identity fraud victims were minors, vs.19% of adults. Worse, six in 10 child victims knew their identity thief personally (think family friend or preschool teacher). And kids who were bullied online were nine times likelier to become victims than those who weren’t.3

What you can do:

Don't hand out your child's Social Security number without good reason; not every entity that asks for it actually needs the information or has a right to it — even the pediatrician's office and summer camp registrar.

You may also be able to “freeze" or “lock” your child's credit reports (not to mention your own) so that no one can inquire or open accounts in his or her name until after you lift the freeze/unlock the reports. Check with your state attorney general's office or any of the major credit bureaus (Equifax, Experian and TransUnion) to learn more.

WiFi "evil twins"

Evil twin attacks are particularly pernicious because they're impossible to recognize. Here's how they work:

A cybercriminal goes to a place with free public WiFi (coffee shops are common sites for evil twin attacks) and sets up a WiFi access point with the same network name and service set identifier (SSID) as the free business network.

Next, he waits for you to drop in for your morning latte, connect to WiFi, shop, pay your bills, or do anything else that allows him to collect your personal data. He can even redirect your browser to a malware site without your knowledge.

What you can do:

Unfortunately, not even wireless encryption can protect you against this type of attack. A virtual private network (VPN) is the only sure-fire way to protect yourself against evil twin and other types of public WiFi attacks.


Social spear-phishing

Social spear-phishing takes email phishing up a notch or two, faking out even the savviest of Internet users. Hackers no longer ask you to send your information over a social platform. Instead, they create bots or ghost accounts that post content similar to the type you typically engage with on social media, and then steal your information when you “like" or “share" a post.

The hackers even comb your friends list and newsfeed to identify accounts you trust and then post the content using those names. Security experts suggest that social spear-phishing has a 66% success rate4; after all, who wouldn't “like" a Facebook post or a Twitter retweet from her mom or best friend?5

What you can do:

Aside from leaving social media entirely, there's very little you can do to prevent an attack if you're targeted by a determined cybercriminal. At a minimum, avoid clicking on links in posts from people or businesses you don't recognize.

Smart speaker eavesdropping

You may have heard about a little girl who inadvertently ordered an expensive dollhouse and mountains of cookies using her family's Amazon Echo device — and the local TV host who triggered dozens of similar orders by repeating her words on air.

Neither part of that story has been proven.5 But activating smart speaker devices remotely does have real security implications: Clever hackers can use audio files to unlock doors of a connected home, make fraudulent purchases or even transfer money.

What you can do:

For maximum privacy and security, experts suggest disconnecting the device when you're not using it. It might seem inconvenient to wait 10 or 20 seconds for the device to power up each time you need it, but the extra security may be worth it.


What you can do next

Freeze or lock your (and your kids’) credit reports until a financial entity you’re working with needs to access them. Secure devices with screen locks and encryption, and avoid public WiFi. Use “two-factor” authentication instead of a single password to access financial sites if available (if not, use strong passwords or a password manager). Set up automatic alerts from financial providers, and consider identity theft and other cybersecurity monitoring services, which may be offered through your benefits department. And share all of our tips with family members and friends — the more vigilant they are, the safer everyone will be.


Sheila Olson is a Charlotte-based financial writer specializing in investing, personal finance, technology, and retirement and estate planning. She is a regular contributor at Investopedia and writes frequently for the banking and consumer credit industry.



  1. 1Javelin Strategy and Research, “2020 Identity Fraud Study”
  2. 2Cybersecurity Ventures, “Cybercrime damage costs may double due to Coronavirus (COVID-19) outbreak,” March 19, 2020
  3. 3The SSL Store, “Coronavirus Scams: Phishing Websites & Emails Target Unsuspecting Users,” March 12, 2020
  4. 4Javelin Strategy and Research, “2018 Child Identity Fraud Study”
  5. 5John Seymour and Philip Tully, “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter,” 2016
  6. 6Snopes.com, “Did Amazon’s Alexa Order Unwanted Dollhouses for a Little Girl and TV Viewers?,” Feb. 7, 2017


For Compliance Use Only:1038297-00001-00

If you secure tomorrow, you can enjoy today.

Help make sure your loved ones are protected if something happens to you, with Prudential Life Insurance.

Get a Free Quote

Web Content Viewer


Find What Interests You

Web Content Viewer


Web Content Viewer


Web Content Viewer