Ep. 267 – How to Avoid Scams in Retirement – Practical Tips for Preventing Fraud


In this Episode of the Secure Your Retirement Podcast, Radon and Murs discuss practical tips on how to safeguard your information and prevent cybersecurity fraud. Fraudsters are continuously evolving their tactics, making it easy to fall victim with a simple click, which is why keeping yourself educated is important.

Listen in to learn the importance of regularly updating your personal information with your financial advisor and only making changes with verbal verification. You will also learn the importance of being suspicious of unsolicited emails and phone calls, avoiding sharing sensitive information on social media, and verifying money movement instructions via secure methods.

In this episode, find out:

  • Never call numbers from suspicious pop-ups claiming to be from reputable companies and instead seek professional help.
  • Best practices for working with your advisor: Provide regular updates and verbal verification of any changes to personal information.
  • The advanced verification methods used by financial custodians like voice recognition and two-factor authentication.
  • How to be suspicious of unsolicited phone calls, avoid sharing sensitive information on social media, and verify money movement instructions securely.
  • Things to do to keep your phone and computer technology up-to-date to prevent security breaches.
  • Avoiding risks with public networks – use personal devices and secured connections when conducting sensitive transactions in public.
  • Password management – create unique passwords for different accounts and use password managers for enhanced security.
  • The importance of verifying the authenticity of emails and links to avoid falling victim to phishing attempts.

Tweetable Quotes:

  • “We would never change your email, never change your address, never change your phone number without going through the right protocol, which is going to be able to verify you verbally.”– Radon Stancil.
  • “Phishing is scammers trying to bait you somewhere or the other by creating urgency by saying, if you don’t do this, then something is going to happen to your computer.”– Murs Tariq.
  • “At the end of the day, try to be vigilant and ask yourself,  “do I truly know where this is coming from, and is it worth clicking this button?”– Murs Tariq.


If you are in or nearing retirement and you want to gain clarity on what questions you should be asking, learn what the biggest retirement myths are, and identify what you can do to achieve peace of mind for your retirement, get started today by requesting our complimentary video course, Four Steps to Secure Your Retirement!

To access the course, simply visit POMWealth.net/podcast.

Here’s the full transcript:

Radon Stancil:

Welcome to Secure Your Retirement Podcast. Today we’re going to talk about this dreaded topic that we cannot talk about too much, but it can be something that can be stressful, and that’s going to be talking about tips for preventing fraud. Now, we’ve done a few episodes on this topic. We’ve had some guests come on about this topic, but yet we frequently still have a client that will call the office in a frantic state of mind saying that they just got breached. We had two of those in the last week where different situations, and you could listen to it and say, “I would never do that.” Just remember that the folks that are out there trying to do this are changing up their tactics all the time. And there’s things that can occur that you click on before you even think, and we’ve got a problem.

And so what we wanted to do is kind of go through some tips. Just as a reminder, there’s going to be a blog written on this too so you can use it as kind of like a checklist if you want by going to the blog. But ultimately the situation’s a little different, but similar. One of them, they had evidently clicked on something that allowed the little notice that comes up on their computer and it says, “You’ve got a problem. You need to call Microsoft to get this resolved. You’ve basically got something on your computer, you need to call Microsoft to get it off.” So they call this number, by the way, I’m just going to say this right up front. If that ever comes up on your computer, never ever, ever call that number. That is not real. Don’t do it that way. Go find somebody else to help you, go somewhere with a computer specialist that can look at your computer and see if it’s got anything on it. But they called the number.

Fortunately, nothing really happened out of this case other than the fact that now they did share some information that they should not have shared, and so now they’re going through all the things they need to go through to make sure that nothing happens with any of their accounts. Nothing’s been breached yet for them, other than that conversation where some things were shared because before they knew it, they were on the phone asking and verifying information that they should have never, ever verified.

Had another scenario where the person clicked on something and it brought them to a site. They put a little bit of information in. That one did result in about $4,800 getting moved out of their bank account. Fortunately, they were able to catch it really quick, called the bank, the bank was able to stop the transaction. And I think the whole thing here is, is that we’re seeing a tremendous amount of activity via your email. And I want to be clear as we talk through this, this is not about a website not being safe. This is about the user making their information not safe. Sometimes misunderstand that and think, “Oh, I don’t want to do online anything.”

Well, it’s already online. All we need to do is make sure we’re doing it safely. And so the point of this conversation today is to set it up so that we can say, “Here’s some things to think about. Listen to this, and just let it be top of mind. That’s how dangerous it is. Let’s make sure it’s top of mind.” So we’re going to hit a few topics. Like I said, just listen through this. If you have questions or you want to read about it, we’re going to give you a way to do that. So let’s just hit our first topic.

Murs Tariq:

All right, so the first topic is having good safe practices for working with your advisor. Your advisor is a trusted person that you share a lot of information with. Financials, account numbers, personal information like date of birth, social security numbers, all these different things. So you want to make sure you’ve got a good working relationship, a good understanding on how to keep your information safe. So talk with your advisor to understand how they protect your information and assets. For us, we have quite a bit of cybersecurity training that we have to go through. We have a lot of different encryptions, we have a lot of different backup types of software and all these different things that as this world develops and changes, we have to stay on top of which we encourage our clients as well to stay on top of it. That’s why we do podcast episodes like this. So talk with your advisor, understand how they’re keeping your information safe.

Also, you need to keep your advisor up to date as far as changes in your personal information. A big one that jumps off the list is if you change your email address or you move and you don’t let them know, well then information could be going somewhere where you don’t want it to be going. So keeping your advisor up to date with your current information is going to be helpful. And then this one is huge.

Radon Stancil:

I just want to say, I’m sorry.

Murs Tariq:


Radon Stancil:

On that one, do keep your advisor updated and you can email him. But I just want you to know that as an advisor, we’re never going to change your email and we’re never going to change your address and we’re never going to change your phone number without verifying with you verbally first. Just so you know. So don’t think, “Hey, I sent you an email” and he didn’t change it right away. Think about that. We could get an email from somebody who’s hacked your email and then all of a sudden, if we change your email, all we’re doing is just redirecting. So I just want you to know we would never change your email, never change your address, never change your phone number without going through the right protocol, which is going to be able to verify you verbally.

Murs Tariq:

Yeah, so that was going to be going into my next point was expect us to give you a phone call. Expect us, and we are very particular about this. If you send me an email or you send Nick an email that says, “Hey guys, I need some money.” Or “Hey guys, I just moved,” expect someone in our office to give you a call to verify you verbally with a couple pieces of your own personal private information before we’re going to update our system with your address. Before we’re going to click the button to make the trade to send you the money, we’re going to verify you verbally. We know that that can sound like a little bit of a pain, but the alternative and some of the stories that we have heard are much, much worse. So if it’s an extra step, that’s okay. We’re going to reach out to you and so expect that. It’s for your own security. So I think those are some of the highlights on working with someone that you trust and making sure you both are on the same page when it comes to your security.

Radon Stancil:

All right, our next topic is how does our custodians, and if you think about that, custodian could be Charles Schwab, it could be Fidelity, it could be a number of different places that you might have money. So how are they working? Because this is a big deal for the custodians. This is a big deal for banking. This is a big deal for any of those places because they don’t want your information to be breached, they don’t want their information to be breached. So whenever you call into many institutions today, they are implementing a couple of different ways to verify you, but one of those is actually your voice, which your voice is very unique. Some people feel that that might not be as safe as they want it, but they are doing that. It’s just another layer of the service that they have there.

But the other thing that almost across the board everyone is doing, and we tell people hands down, this is a great way to be able to protect yourself is to do a two-factor authentication. And typically the way this works is when I go to log in somewhere, it’s going to have to send me a text message to my phone or I’m going to use an authenticator app. From our understanding, the app is the best. Text is good, text is a great way to do it, but if I can use an authenticator app, that’s way better because I am even safer in that than I am on the text. So just keep that in mind. Please make sure you have two-factor on everything when you log in, because that’s going to cut down a person, if they hack your password and they don’t have the app or your phone, they can’t get into the system even if they know your password.

Murs Tariq:

All right, so some general best practices in navigating the world of cybersecurity, navigating the online world that we live in. One is you always want to be suspicious. Be suspicious of emails, phone calls that you may receive. A lot of our cell phones today do a nice job of saying potential spam phone call and I just don’t even pick those up anymore. But if you are going to pick up phone calls that you don’t know, be very suspicious about the person on the other line. And be cautious, especially if they’re asking you questions around sensitive information. You need to have some way to verify who is on the other line. A lot of times a good practice is just to hang up and call them back on a verified phone number rather than trusting the phone call that came in.

Try not to disclose information on social media sites. And social media is a big part of our lives. It is how you keep up with your grandkids and the kids and everything that’s going on in everyone’s lives, but it’s become way too public. And so we want to be careful about what we’re sharing. Things like dates of birth, contact information and other important pieces. We want to be very careful about sharing that to the world because once it’s out there, it’s out there.

Be cautious when receiving money movement instructions via email. So you get an email and you’re not sure about it. The most common one I’ve heard is usually from PayPal or maybe UPS asking for payments to make sure your delivery gets there. Or PayPal saying you’ve got some money that was deposited into your account, click this link. Be cautious of … They want you to click on it and they want to entice you by saying there’s money on the other end of this link. So be cautious when there is money involved.

Phishing attempts are huge. Malicious links, clicking on links that are not familiar. There’s a lot of ways to try to see if the link is good before actually clicking on anything, but if there’s something you don’t recognize, in most cases it’s best not to click it.

And then verbally, let’s try to avoid disclosing or entering confidential information into a laptop or a mobile device, especially in a public area. I don’t know how hackers work. I don’t understand that world well enough, but they have access especially on public Wi-Fis and things like that. So just be very careful when you’re in public.

And always monitor your account statements, check your emails, make sure the account … So if I have an account at Wells Fargo, let me go log into my Wells Fargo account or my Schwab account and look at transactions. Be in the habit of monitoring that stuff. I think too often we just let things ride on autopilot and we don’t discover things until much later. So anything I missed there, Radon?

Radon Stancil:

Nope, I think you’re good. All right, the next one is keep your technology up to date. Now think about this for a second, because what can happen is if I don’t keep it up to date, it could allow hackers to actually have access or viruses to get in. So make sure you update your operating system, make sure you update your browsers because they can have updates on there. You want to make sure that you have antivirus, anti-malware and anti-spyware up to date on all computers and mobile devices. Make sure that you’ve enabled your security settings. You can do that in your browsers to make sure that you’re looking at that. That’ll block a lot of things for you. If you ever go to a place and they give you a free USB drive and maybe they say there’s something on there that’s free, it’s just not worth trying that unless it’s coming from a real trusted source. Do not take those as handouts or anything of those natures because people could just slip in something that they shouldn’t have on there.

And then if you have a computer that you are putting to rest and you’ve updated your computer, do not just throw your computer away. There’s different services. I know for us when we’re getting rid of a computer, we use the same companies that do shreds for your documents, they actually will destroy your computer in such a way that it can never ever be a problem. So make sure that you take that extra step to securely do that.

Murs Tariq:

Okay, so if you’re ever on a public network, you want to be careful about a few things. One, try your best to avoid using public computers. Anyone can just go sit down and use them. So if you have to use it, try to avoid doing anything that is going to involve your personal or financial or sensitive information. If you have to go to that extent, one recommendation if you’re in that position is that you would clear the history, the web browser history, the cookies, all those things that could link back to some of the websites you visit. But the bottom line is try to avoid public computers.

Use wireless networks that you know and trust and typically protected by encryption or a password. And a lot of times if you are in public and you don’t want to use the Wi-Fi, a lot of times you can turn on your mobile hotspot on your own phone to keep it a little bit more secure. You get to set the password to that hotspot and you definitely don’t want to accept software updates while you are connected to a public Wi-Fi because you just don’t know where that update is coming from. So those are just a couple of things on public networks.

Radon Stancil:

All right, this one’s a thorn in everyone’s flesh. Be strategic with your login credentials and passwords. And you think, “Man, I’ve got so many different places I have to log in. I hate having different passwords.” We’re going to talk a little bit about that. But first and foremost, do not use personal information that could be readily found. And I know this might sound like a duh statement, just don’t make a password your social security number. Don’t make a password a date of birth. Don’t use either one of those for a user ID. That would not be good as well. Create unique passwords for different websites.

Now, this is the part where you go, “My goodness, I can’t keep up with it all.” There are very good password managers that you can utilize that does a great job. They’re heavily encrypted. You have to do a couple of different things to even get into that type of system so you’re rather safe there. Change your password to that regularly. But that helps you to just manage all those different passwords. Don’t share your password with anybody. Don’t text your password to anybody. That would not be good either. And we’ve said this one already, in everywhere possible, use two-factor authentication. Everywhere possible, put on two-factor.

Murs Tariq:

All right, the last section is probably the most important. That’s where we are getting these phone calls from clients that had that email from PayPal or got that email from UPS or the Microsoft thing that Radon was talking about is beware of phishing. Phishing is they’re trying to bait you somewhere the other, either by creating … They’re saying that there’s a carrot on the other end of the line, money or valuable things. Or maybe they are creating urgency by saying, “If you don’t do this, then something is going to happen to your computer.” So almost threatening you to click the button. So be aware of that.

Try not to click on links or especially attachments and emails that you’re just not sure of. A lot of ways to verify a link. So Schwab sends you an email that says your account statement is ready. Instead of clicking on the link in the email, you can always just go to schwab.com. You can go directly to the website, go log in yourself through the website that you know, and then go find your statement that way. You can hover over questionable links to see what their true address is and go see if that address actually makes sense, that web address.

And check the sender’s domain name. I’ve seen this quite a bit. We get plenty of emails that are trying to impersonate another company or another vendor that we may work with. And then it says, so let’s just go, for example, it’s PayPal. And PayPal is sending me an email that says, “Hey, I’ve got money. We’ve just put this deposit into your account.” You would think that email would come from something at paypal.com. Well, it’s actually coming from something that’s at gmail.com or at yahoo.com. So look at the entire email and if it doesn’t make sense as to where the at and the rest of it is or what’s called a domain, it probably is a phishing or a scam. So just at the end of the day, try to be vigilant and ask the question of, do I truly know where this is coming from? And is it worth the risk of clicking this button?

Radon Stancil:

Yeah, and that is what’s kind of funny. So what they’ll do sometimes, I don’t know how they do this, but they’ll go get an email and then when you get it, it looks like it’s coming from somebody. So for example, in the office, very regularly I get an email that looks like it’s coming from somebody else in the office. It could be Murs, it could be Nick, it could be Ben. And it says right there. And then you’ll read it real quick and it says, “Please update my account information for my direct deposit on my checking account for payroll.”

And they’ll just say that, which I know they’re right here in the office. They would just come tell me this. It’s not like they would have to actually send this email to me. So I know it’s fake automatically, but when I click on it, instead of it being their email address, it’s some weird Gmail account somewhere but slick because it says their name at the top. And then if you weren’t thinking, you reply back and say, “Hey, where do you want me to send your paycheck?” And all of a sudden now the money is being diverted.

So anyway, we know this is not fun to have to deal with. We understand it, we live in that world, but technology has made things nice and easy, but we’ve also got to be cautious. So we hope this has been helpful. If you have any questions whatsoever, feel free to go to the website, top right-hand corner, click on schedule a call. We would love to be able to chat with you, anything you’ve got, any kind of problems you’ve got around this or anything else. We hope this has been helpful. Have a great week. We’ll talk to you again next Monday.