On the Secure Your Retirement podcast, we had a very special guest to discuss cybersecurity safety in retirement. You’ve worked your entire life to retire one day, and with how everything is digitally connected, it’s scary how in a split second, someone can steal your identity.
Retirement planning in the digital age really requires a discussion on cybersecurity and what you can do to protect yourself.
Joseph O’Donnell of Terrapin Technology Group was happy to sit down with us and answer a lot of the questions that we had about cybersecurity.
Note: Our employees and firm must go through training to protect our clients and maintain our license. We all train in cybersecurity to better protect clients and reduce the risk of working with us financially.
Phishing Emails – A Growing Concern
Phishing emails, voicemails, or text messages can be fraudulent. Scammers hope that you “take the bait” when they call or send these messages. For example, you may receive an email that appears to be from someone you know asking for money or from your child asking for your bank account password.
The emails may match up to the person’s email and look 100% real.
But someone may have hacked into your child’s email account and is now trying to “phish” for you to take the bait so that they can steal your identity and/or money.
Phishing emails often have:
You may click on a link that looks like Amazon, enter your credit info, and then submit that information to the hacker without even knowing it.
It’s common for these emails to say things like:
- Someone accessed your credit card account. Can you verify it?
- Your Amazon package is missing. Please log into your account.
In either case, links in these messages never lead to a legitimate website.
Determining What is Phishing and What’s Not?
Text messages, calls, and emails have become so convincing that it’s very challenging to know what’s real and what’s not anymore. Even tech-savvy people and those trained in cybersecurity may be tricked into handing over their information.
How do you tell what’s real or not?
If you think, “I have an anti-virus, I’ll be fine,” you’re not safe. Phishing emails do not fall under the umbrella of the anti-virus. Phishing emails are difficult to protect against because human responses are involved. If there’s a “threat,” such as you’re over balance, it’s a threat in the sense of urgency.
If you find yourself receiving an urgent message like the examples we’ve shared, it’s important to:
- Step back from the computer or email app
- Call the bank or lender directly (not using the info provided in the email)
You should consider everything as being unsafe when it comes to emails like this and fall back to traditional phone calls or other forms of communication.
The minute you trust an email, it’s a foothold for the hacker to have you:
- Send information
- Fill in your passwords
Even if you receive a call saying, “Your Amazon card has been charged $3,220,” hang up and call Amazon. You always want to call:
- The number on the back of your credit card
- The number of your bank
Never, ever click on the link in the email or call the number in the email because these can all be made to look legitimate, but in reality, be very elaborate fakes.
The “I Fear All the Problems of Being Online, So I’m Just Not Going to Be Online” Attitude
We have clients in all age groups who are afraid to be online and tell us that they’re just not going to participate because the risks are too high. This response is similar to driving a car: you may be in an accident, but do you stop driving?
Often, you continue to drive or ride in cars but remain diligent and take necessary precautions, such as:
- Braking early
- Checking each direction twice
Your best security is to be informed because even if you don’t use the Internet, when you go into stores to use a credit card, there is a data point created on you.
Plus, staying off the Internet also makes it more difficult to find information or interact with the world.
Fraud happens online and offline, and we’re seeing more texts and phone calls come in that are phishing for your information. You may receive a very convincing call about your bank account and provide things like your last four digits of your Social Security Number. But what’s really happening is:
- The person is logging this data
- The person plans to call your bank using this data
- The person wants to steal your identity or transfer your money to themselves
Unfortunately, we live in a world where there are scammers who will leverage anything they can for financial gain of some sort.
Navigating Data Breaches and What Happens If You’re a Victim
Data breaches happen a lot. If you become a victim, there are often millions of other names on the list who are also at risk of their identities being sold. We also only have so much time. While you may know that you should have different passwords for all your accounts, it’s not uncommon for people to use the same passwords across multiple accounts because it’s easier.
One password can unlock multiple accounts in a data breach if you reuse the password often. Even Joe has reused the same password across multiple accounts, and when that happens, you risk the password hitting the dark web at some point.
23andme had a recent data breach, due to a weak password, and it had a cascading effect on other people’s information being stolen. The hacker used the person’s password, which was likely a:
- Kid’s name
- Anything else that’s easy to guess
If you do receive a notice to change your password or are notified of a data breach, be sure to change this password on all accounts that it’s associated with. Hackers may know your 23andme password, but if it’s the same as your bank and email account, they can also gain access to these accounts.
Whether the account is your Facebook, email, bank, or something else, be sure to enable two-factor authentication.
Yes, it’s an extra step to take, but it will safeguard your account.
If you don’t know what two-factor authentication (sometimes multi-factor, MFA or 2FA) is, it’s when the website will send you a text to verify that the person logging in is really you. Since a hacker won’t have your phone, it’s one of the best security measures that you can take.
Effectively, two-factor authentication will require you to enter your email and password, and then it will:
- Call your phone, or
- Send an email with a password, or
- Send the code on an authentication app, or
- Send you a text
Hackers are stopped cold in their tracks when you have two-factor authentication in place.
Using Password Managers
You may have heard of LastPass, Bit Warden, 1Password, Google’s password manager and others. These managers allow you to use sophisticated, complex passwords on multiple accounts and you only need to remember the password to the manager.
If you do use a password manager, you want to be sure that the data is encrypted.
Joe doesn’t recommend that you use a browser password manager unless it’s for something that isn’t really important, such as your New York Times account or something like that.
Cybersecurity is a topic that we’ll be discussing throughout the year to help you protect your accounts and identity online.