Security and Fraud Awareness
As our reliance on the internet and digital devices for business and personal use increases, so do opportunities for criminals seeking to steal information for financial gain. Cyber criminals and fraudsters are also becoming more savvy in their attempts to lure people into clicking suspicious links, downloading email attachments, or “connecting” on social media, which are often gateways to stealing sensitive information. Fraudsters may pose as legitimate organizations, like Hamptons Group, and create fraudulent websites, send emails, or make phone calls to solicit monetary payments. These scams are complex as the perpetrators often use genuine real employee names and replicate proprietary documentation.
Hamptons Group places great importance on cybersecurity and fraud prevention and has programs and technical controls in place to protect client accounts and information. To help improve your personal cybersecurity posture, we offer the following information about cyber threats and guidance to help protect you, your family, and your employer from falling victim to a cyber-attack or fraud scam.
Understanding Cybersecurity Threats
Any organization or individual can be a target of cyber criminals. Here are some of the most common tactics and types of attacks employed by these actors:
Malicious Emails and Websites
- An unsuspecting email from your bank or favorite retailer may secretly be an attempt to steal your identity or personal information. “Phishing” is a common tactic of cyber criminals that relies on “spoofed” emails or fraudulent websites (that look and feel like a well-known website) to collect personal and financial information or infect your machine with malware and viruses. Criminals use this stolen information to commit identity theft, credit card fraud and other crimes. Phishing can also occur by telephone and is becoming increasingly prevalent on social media and professional networking sites.
- When you click a malicious link, you may unknowingly install malware on your device. Malware refers to software that is intentionally designed to cause damage to a digital device. The most common form of malware is a virus, which is typically designed to give the criminals who create it some sort of access to the infected devices. Ransomware is another type of malware that is becoming increasingly prevalent. Ransomware accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back.
- Ransomware is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, financial records and intellectual property. Any individual or organization could be a potential ransomware target.
- If you use the same username and password combination across different websites or services, you are particularly susceptible to this cybercrime technique where stolen account credentials are used to gain unauthorized access to a user’s various other online accounts. Credential stuffing attacks can often go unnoticed until funds are transferred.
Social Media Impersonation
- Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these actors create fake accounts that appear (and claim) to be official accounts for an individual or organization. Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities or causing an individual or a company reputational damage.
Investor and Team Member Login Matters
- Do not share your Hamptons Group password or login ID with anyone, including anyone who claims to be from or associated with Hamptons Group. Certain Hamptons Group online environments are private, available only to investors or team members through secure login procedures. Apart from allowing you to use your password and login to enter an authorized portion of the Website, Hamptons Group will never ask you for your password or login information in an unsolicited email or phone call. (If you forget your password or login, we will issue you new ones.)
- Do not communicate or deal with any person who claims to be a Hamptons Group employee or representative but who is not affiliated with Hamptons Group.
In addition, unsolicited telephone calls that appear to be coming from Hamptons Group may be “spoofed,” and actually may originate from another number. Imposters can use the Hamptons Group name in furtherance of a variety of criminal activities. If you encounter any such circumstance, you may wish to call the Hamptons Group employee or representative you regularly deal with to be sure.
How You Can Protect Yourself
- Establish Secure Email Protocols: Emails continue to be a common entry point for hackers for performing online fraud. Do not click on links or open attachments from suspicious-looking emails. Expand your communication protocol to verify sensitive information, such as wire instructions, in person or by telephone. Generally, Hamptons Group will never send wiring instructions via email.
- Employ Password Management: Use lengthy, unique, and complex passwords — a great first step toward stopping bad actors. In fact, cybersecurity best practices suggest utilizing long, memorable, and hard-to guess passwords such as a favorite song lyric. Avoid reusing passwords. Consider using a password application, such as LastPass, Password or Dashlane to help manage multiple complex passwords.
- Enable 2-Step Authentication Measures: Where available, use 2-factor authentication for account login (2FA), aka two-step verification or multi-factor authentication, commonly done via a PIN sent over text message or email and done most securely when a hardware token or phone application is used. At a minimum, enable this capability for your email, cellular provider, financial websites, password manager, cloud file storage and social media.
- Lock Down Social Media: Periodically review and adjust social media account settings to better control who can view the content posted. Hackers and social engineers frequently obtain critical information about a target from social media sources. When posting, always consider how that information can be used against you.
- Reduce Your Public Online Footprint: Periodically review all your online accounts. Reduce and/ or obfuscate personal information on the internet, remove unnecessary data, delete unused accounts, and avoid sharing or reusing passwords across accounts to minimize exposure.
- Protect Critical Data: Know where all your sensitive personal information is stored. Ensure that your sensitive data is always stored encrypted, to prevent someone from viewing it if your device gets lost or stolen. Also consider having a second encrypted backup of your sensitive data, whether on a flash drive stored in a safety deposit box or in the cloud using a reputable service such as Dropbox, iCloud, or Google Drive.
- Protect Your Personal Devices: Configure devices securely, considering what your risks would be if your device were stolen. Use a difficult to guess passcode as a backup to biometric security such as a thumb print or Face ID, and be sure your device is encrypted. Ensure that sensitive data, such as email, does not display on the lock screen.
- Update Your Software: Keep all of your software up to date. Apply software updates as soon as possible once they become available. Consider enabling automatic updates where available.
- Secure Wi-Fi Access: Be aware that using public Wi-Fi can expose your communications and devices to risk. If you must use public Wi-Fi, consider a virtual private network (VPN) solution to protect your communications — particularly when traveling and using public Wi-Fi at the airport or hotel. Alternatively, consider using a mobile hotspot, to protect sensitive information. At home, use a guest network for visitors.
- Freeze Credit Lines: Thwart identity theft and minimize fraud risk with a call to major credit-reporting bureaus Experian, TransUnion and Equifax, as well as Innovis, the unofficial fourth credit bureau, to set a security freeze on your credit reports. Considering signing up for an identity theft protection service such as LifeLock, Kroll, or Experian, which also offers credit monitoring. These suggestions apply to all family members.
Understanding Financial Fraud
Financial fraud occurs when someone takes money or other assets from you through deception or criminal activity. Here are some common examples of financial fraud:
Investment scams involve getting you or your business to agree to a financial transaction on the promise of a questionable financial opportunity. To perpetrate these scams, fraudsters typically present the opportunity to make contact by email, through a website, or by phone. These offers are typically low risk –high reward investments that typically sound “too good to be true”— because they are!
To evaluate whether you are the target of an investment scam, you should consider:
- How were you contacted? Any contact with Hamptons Group will come from a @hamptonsgroup1.wpengine.com email address (not from a free email account such as Yahoo, Gmail or any other domain outside of “@hamptonsgroup1.wpengine.com”) and/or be found on the www.hamptonsgroup.com Website
- Did I find the investment opportunity through a website not associated with Hamptons Group, e.g., a comparison website?
- Have I provided my personal information on a website not associated with Hamptons Group?
- Have I been contacted by cold call or email offering a low risk – high return investment opportunity?
- Does the email or documentation contain numerous spelling errors or misprints?
- Have I provided photo ID or proof of address documentation? If you have, consider notifying the organisation that issued them and contacting your regional fraud prevention service
- Was I pressured into making a money transfer to avoid missing an opportunity?
Identity theft occurs when someone steals your personal information and uses it without your permission. Examples of how your information could be used include opening bank accounts, taking out credit cards and loans or applying for government benefits and documents in your name.
There is no definite rule on how to protect yourself from identity theft however, in addition to the cybersecurity good practices listed above, you can protect yourself by:
- Not sharing your personal data with anyone/any site you’re not familiar with
- Safely disposing of unwanted documents such as utility bills or bank statements
Business Email Compromise
Business Email Compromise (BEC) scams are carried out when a cybercriminal compromises legitimate business or personal email accounts to intercept the communication between the victim and their business partner or to conduct unauthorized transfers of funds. Fraudsters commonly tend to intercept email wire instructions from investments firms, real estate agencies, and art dealers to then impersonate a trusted source.
In addition to the cybersecurity good practices listed above, protect yourself by:
- Confirming the payment instructions with the recipient verbally, not by email
- Watching for irregularities when receiving transfer instructions or sudden change of payment information via email
If you receive a cold call or email from Hamptons Group that you are uncertain about, or which you believe to be fraudulent, please forward it to firstname.lastname@example.org. Hamptons Group will endeavor to investigate the email and respond back to you. If you are a client of the firm, please notify your sales representative or investment professional, as well.
For general guidance on avoiding internet crimes, visit:
- the FBI webpages on common fraud schemes and recent e-scams at https://www.fbi.gov/scams-safety/fraud/internet_fraud
- the U.S. Securities and Exchange Commission webpage on avoiding fraud at https://investor.gov/investing-basics/avoiding-fraud
For other general information on scams, frauds, and identity theft, visit:
- the general U.S. government webpage regarding scams and frauds at https://www.usa.gov/scams-and-frauds
- the Federal Trade Commission webpage regarding identity left at https://www.identitytheft.gov/#/
If you think you have been the victim of internet crime, you may file a complaint with the following government entities:
- The Internet Crime Complaint Center (IC3), https://www.ic3.gov/default.aspx
- The Federal Trade Commission, https://www.ftccomplaintassistant.gov/
- The U.S. Postal Service (for crimes involving U.S. Mail), https://www.uspis.gov/report
Hamptons Group provides links to these resources for informational purposes only and is not responsible for their content.
Contact Hamptons Group
If you have any questions about the above, the security of any Hamptons Group communication, or have concerns about a website or e-mail communication that you suspect may be fraudulent, please contact us at email@example.com.
© 2011—2022 Hamptons Group, LLC. The Hamptons Group lighthouse and beacon symbol is a trademark of Hamptons Group, LLC. All Rights Reserved.