Steve Chepp

Fraud & Cyber Cheat Sheet

December 17, 2022774 words

In an effort to educate people on how to have a safer experience in their financial and digital lives, I am putting together a guide or "cheat-sheet" if you will, on ways to help prevent victimization. Its important to note that there is no "magic bullet" and nothing is fool-proof when it comes to this area of expertise, but if you follow some of the tips provided in this post, it can help mitigate your risk in these areas.
NOTE: This will be a living document, so check back often for the most up to date information regarding this matter.

For Consumers:

  • Follow the "Red Flag" rules. Some of the more critical Red Flag Rules are;
    • If an email has multiple grammatical errors, this can be a red flag
    • If a communication is too generic or no specifics are given, this can be a red flag
    • If critical information is misspelled (e.g., names) or is generic (e.g., "Dear, schepp as opposed to Dear, Steve") this is almost certainly a red flag
    • If a domain or sender is one you do not recognize, then this can be a red flag
    • If the sender's email is a long string or seemingly random characters or if it does not match the person claiming to be the sender (e.g., receiving an email from Microsoft tech support but the email is Microsoft@gmail.com) this is a red flag
    • Limited time or urgent emails, especially if you receive them after the alleged due date is a growingly common form of social engineering and is most likely a red flag.
  • Do not provide financially or personally identifying information (PII) to strangers or unverified sources
  • Always verify links in an email by right-clicking on them, copying the link, and pasting it into notepad, or...
  • Just avoid clicking links all together and manually go to the source. For example, if you get an email from your bank asking you to login to your account and do something, instead of clicking on the link provided in the email, go directly to your bank's website by manually typing the url into the browser and login that way.
  • NEVER store passwords in an unsecured manner, especially digitally on your device. There are a number of good tools for securing your passwords digitally. Use one.
  • Use a mainstream email service like gmail. Sure privacy is great, but the private solutions out there typically come with a cost, both financially and in terms of technical knowledge. To be frank, the average user does not posses the knowledge to setup, let alone maintain most secure, privacy focused technology. Unless you posses this knowledge, we suggest using a mainstream, non-privacy focused solution
  • Use a mainstream browser. Sure, like the above bullet point, this can lead to your search history being tracked and other privacy concerns, however, commercial software comes with one
  • If an account allows for Multi-Factor Authentication (MFA (or sometimes referred to as 2FA)), use it. There is a fairly steep learning curve on this security measure, so we suggest either educating yourself on the topic of MFA or hiring a consultant on this matter. If you are hiring a consultant, reach out to us as we are happy to help with this subject.

For Businesses, Organizations, Entities, etc...

  • Always have safeguards/checks & balances in place for normal operations
  • Create an SOP for handling of sensitive information
  • NEVER store passwords or other sensitive documents in an unsecured manner.
  • Setup and maintain a secure digital storage infrastructure. Then digitize your documents and upload them to your secure storage. If this is done correctly, this is far safer and more secure than the keeping of physical documentation.
  • Utilize "best-of" standard Multi-Factor Authentication. In an organization, this is best achieved via physical security keys that utilize FIDO2.
  • If you have a website in which sensitive data is exchanged, ensure you have an SSL certificate. NOTE: The easiest way to check if your site has an SSL is to open your site in Google Chrome, then look at the URL bar. If there is an HTTPS preceding your URL and there is a little padlock icon that is in the locked position, then you do. If there is anything but, then you don't. NOTE: Many of the above topics have fairly high learning curves, so we suggest either taking the time to educate yourself on these topics, or hiring a consultant. If you are looking for a consultant on these matters, let me know and my company would be happy to help.
React to this post
👍❤️🫶👏👌🤯🤔😂😍😭😢😡😮

You'll only receive email when they publish something new.

More from Steve Chepp
All posts