We do love it when someone refers a family member or friend to us. Sometimes the question is, “How can we introduce them to you?” Well, there are multiple ways but a very easy way is to simply forward them a link to this webpage.
Here are this week’s items:
Portfolio Update: Murs and I have recorded our portfolio update for June 17, 2024
How to Avoid Scams in Retirement – Practical Tips for Preventing Fraud
Radon and Murs discuss practical tips on how to safeguard your information and prevent cybersecurity fraud. Fraudsters are continuously evolving their tactics, making it easy to fall victim with a simple click, which is why keeping yourself educated is important.
How to Avoid Scams in Retirement – Practical Tips for Preventing Fraud
Scams are a major concern for everyone. Every day, people are falling victim to scams. Occasionally, a client of ours will contact the office because their data has been breached.Just in the last week, two clients have reached out to us because they were scammed.Let’s go through some tips to help you avoid scams and have peace of mind that you’re taking the steps to avoid falling victim to one of these scams…
Scams are a major concern for everyone. Every day, people are falling victim to scams. Occasionally, a client of ours will contact the office because their data has been breached.
Just in the last week, two clients have reached out to us because they were scammed.
Let’s go through some tips to help you avoid scams and have peace of mind that you’re taking the steps to avoid falling victim to one of these scams.
Remember, millions of people fall victim to identity theft, fraud and scams each year, so it can happen to you.
Client 1 Example
The first client clicked on something that led to a notice that said:
You have a problem with your computer
Call the Microsoft number on your screen for help to fix the issue
If you ever encounter this situation, do not call the number on the notice. Go to a computer repair specialist and they’ll help you because these notices are from scammers who scare people into doing exactly what our first client did.
Unfortunately, the client called the number on the screen, and they did share some information with the person on the phone. While some things were shared, the person’s identity has not been breached yet. However, they are now going through the necessary steps to circumvent any issues if the scammers do use this information.
Client 2 Example
In scenario two, the client clicked on something and divulged some of their information. It resulted in $4,800 being removed from their bank account. Fortunately, the person caught the withdrawal quickly and the bank was able to reverse the transaction before the client suffered a major loss.
We’re seeing an influx of clients get caught up in these scams, and if your thought is, “I just won’t go online,” that’s not always a realistic option.
You can be safe online, and learning what the latest scams are and how they work can help you avoid being scammed in the first place.
3 Things to Keep at the Top of Mind When Working with an Advisor
1. Good, Safe Practices to Working with Your Advisor
If you’re working with an advisor as part of your retirement planning, you must have good, up-to-date, safe practices in place. Your advisor is a trusted person who you share some of your most private data with, such as:
Financials
Social Security number
Account numbers
Date of birth
Talk with your advisor to understand how they protect your information and assets. For us, we have ongoing cybersecurity training, encryption, backup software, and numerous other safeguards.
We’re continually trying to improve our security measures as security risks evolve to keep client information safe and secure.
You also need to keep your advisor up to date when you:
Change your email address
Move to a new address
Change your phone number
Keeping your advisor up to date can prevent your important documents from going to someone other than you.
We require verbal verification to make changes to this type of information because going by email requests only can be very risky. If your email was hacked, the verbal verification requirement is an extra step we have in place to help keep you and your information safe.
2. Expect a Verification Call
If you send us an email asking us to send you money or to change addresses, expect a call from us. Speaking with you allows us to verify you made the request and confirm the details of the request so that we’re 100% positive before sending the money, changing emails, and so on.
While a call may be an extra step that you don’t want to take, it’s much better than the alternative.
3. How Custodians Protect Your Security
Custodians, such as Schwab or Fidelity, take security very seriously. Some of the many ways that custodians will verify you with is:
Voice
Two-factor authentication
If you want to protect yourself, two-factor authentication is one of the most secure measures you can take with your accounts. You’ll receive either an email or text with a code that you need to verify the log-in, or you may have to download an authentication app.
From our understanding, the authentication app is the best, and the text is really good, too.
Two-factor authentication prevents your account from being hacked so that even if a hacker gains access to your email, they can’t access your accounts without these codes.
11 General Best Practices of Cybersecurity
1. Be Suspicious of Everything
To avoid scams, you should be suspicious of texts, phone calls, and emails. If you do pick up calls from phone numbers that you don’t recognize, be cautious when they ask for any identifying information.
If, for example, the person asking for your identifying information states that they’re from Chase, hang up the phone and call a verified Chase number rather than trusting the phone call.
2. Remain Diligent on Social Media
People share a lot of life updates on social media, such as their date of birth, contact information, favorite vacation spots, and other data that a scammer or hacker can use to gain access to even more of your data.
Once you share this data with the world, it’s out there.
3. Be Cautious of Money Movement Instructions Via Email
If you receive any money movement instructions over email, you need to be extremely cautious. You might receive an email from UPS asking you for payment to ensure that your delivery arrives or PayPal asking you to click a link because someone deposited money into your account.
4. Avoid Clicking Links Because Phishing Attempts are HUGE
Phishing attempts are on the rise, and people are more willing than ever to try and steal your personal information. You want to avoid clicking on any unknown links because it’s too easy to fall into a phishing trap and have your information or money stolen.
If the link is to PayPal or a bank account, go to the verified website rather than clicking on the link in the email. This will help circumvent the risk of clicking on a phishing link.
5. Avoid Disclosing or Entering Confidential Information on a Device in a Public Area
Hackers can use man-in-the-middle attacks when you’re on public Wi-Fi to intercept your data and steal your identity. Public Wi-Fi is usually found in places like airports, cafes, and malls. Instead of using public Wi-Fi, you’ll either need to use a VPN or wait until you’re on a private, encrypted Wi-Fi network before entering private data or log-in credentials into an app or website.
6. Monitor Account Statements and Emails
If you make it a habit to log into your accounts and check your financial statements regularly, it will help you avoid unauthorized charges. Acting fast to dispute a credit card charge or withdrawal can save you a lot of heartache in the long term.
Check your emails and accounts often to make sure that you have a pulse on your balances and transactions.
7. Keep Your Technology Updated
Your technology is a major security risk because if a vulnerability is discovered, hackers will take advantage of it to gain access to your accounts or devices. You want to keep any technology (and its software) that you use updated, which includes:
Computers
Laptops
Tablets
Smartphones
Apps
Browsers
All computers should have updated anti-virus, anti-malware, and anti-spyware. If you don’t have these installed, be sure to work on that.
Enable security settings within your browser, too.
If you go somewhere that offers you a free USB device, it’s not worth using because it does pose the risk of having malicious software on it.
8. Avoid Throwing Your Computer Away
Your computer has very valuable information and log-in data on it. If we are no longer using a computer, we use a service that will destroy the computer so that it can never be restored. Never just throw your computer in the trash because it is a security risk.
9. Try to Avoid Using Public Computer
If you use a public computer at a library or other location, do not log into your accounts. Anyone who sits down at the computer can see the history and potentially access your account if you didn’t properly log out of all your accounts before you left.
You should also clear the browser history when you are finished if you do need to use a public computer.
10. Use Wireless Networks That You Know and Trust
Public Wi-Fi is simply not secure. You should use networks that you know and trust. Password protection and encryption can prevent a hacker from accessing the information you transmit over the network.
If you turn on a mobile hotspot on your phone, it will increase your security when using a public network.
It’s also not good practice to update your device or computer on a public network.
11. Be Strategic with Your Log-in Credentials and Passwords
No one likes to remember 20 different logins and passwords, but it’s one of the best security practices that you can follow. When creating a password:
Create a unique password for each account
Avoid using your date of birth or other personal info
Consider using a password manager for password creation and storage
Never share or text your password with someone else
Every time that you have a chance, be sure to enable two-factor authentication to keep your account safe.
More About Phishing Attempts
But we already covered phishing scams! Well, we are seeing such an increase in phishing attempts, it’s worth a deeper dive. Understanding the strategy of phishing attempts can be helpful to keep in mind as you answer calls or open emails and texts. Often, phishing scams will:
Dangle something, like money, if you give over information
Create a sense of urgency to get you to supply your data
Threaten you to get you to click on a button
As we’ve said before, never click on a link in an email that you don’t know or trust. For example, if Schwab emails you your statement, you can open your browser and go to the verified website to login and access these documents rather than click the link in the email.
If you see a suspicious link, hover it and look in the status bar on your browser to see the real web address.
Also, check the sender’s domain name. Often, scammers will send what looks like a legitimate email until you look at the sender. The sender may actually be from somewhere like Gmail or Yahoo and not the real company email address.
Carefully read the sender email address. Sometimes, the name will look very similar to a real account, such as @PayPai instead of @PayPal.com.
Examine the entire email before clicking on any link or button inside of the email.
Scammers may even use a name that you know for the sender’s name to trick you, so be very vigilant because scammers are smarter than ever.
We know that this is a lot to digest, but protecting your identity and sensitive information is a must when doing anything online.
If you have any questions, please feel free to contact our office.
We do love it when someone refers a family member or friend to us. Sometimes the question is, “How can we introduce them to you?” Well, there are multiple ways but a very easy way is to simply forward them a link to this webpage.
Here are this week’s items:
Portfolio Update: Murs and I have recorded our portfolio update for January 29, 2024
Listen in to learn the importance of staying informed and taking precautions when using the internet instead of avoiding it. You will also learn the importance of having strong passwords, changing passwords when you suspect maliciousness, setting up two-factor authentication, and more.
On the Secure Your Retirement podcast, we had a very special guest to discuss cybersecurity safety in retirement. You’ve worked your entire life to retire one day, and with how everything is digitally connected, it’s scary how in a split second, someone can steal your identity.
Retirement planning in the digital age really requires a discussion on cybersecurity and what you can do to protect yourself.
On the Secure Your Retirement podcast, we had a very special guest to discuss cybersecurity safety in retirement. You’ve worked your entire life to retire one day, and with how everything is digitally connected, it’s scary how in a split second, someone can steal your identity.
Retirement planning in the digital age really requires a discussion on cybersecurity and what you can do to protect yourself.
Note: Our employees and firm must go through training to protect our clients and maintain our license. We all train in cybersecurity to better protect clients and reduce the risk of working with us financially.
Phishing Emails – A Growing Concern
Phishing emails, voicemails, or text messages can be fraudulent. Scammers hope that you “take the bait” when they call or send these messages. For example, you may receive an email that appears to be from someone you know asking for money or from your child asking for your bank account password.
The emails may match up to the person’s email and look 100% real.
But someone may have hacked into your child’s email account and is now trying to “phish” for you to take the bait so that they can steal your identity and/or money.
Phishing emails often have:
Threat
Urgency
You may click on a link that looks like Amazon, enter your credit info, and then submit that information to the hacker without even knowing it.
It’s common for these emails to say things like:
Someone accessed your credit card account. Can you verify it?
Your Amazon package is missing. Please log into your account.
In either case, links in these messages never lead to a legitimate website.
Determining What is Phishing and What’s Not?
Text messages, calls, and emails have become so convincing that it’s very challenging to know what’s real and what’s not anymore. Even tech-savvy people and those trained in cybersecurity may be tricked into handing over their information.
How do you tell what’s real or not?
If you think, “I have an anti-virus, I’ll be fine,” you’re not safe. Phishing emails do not fall under the umbrella of the anti-virus. Phishing emails are difficult to protect against because human responses are involved. If there’s a “threat,” such as you’re over balance, it’s a threat in the sense of urgency.
If you find yourself receiving an urgent message like the examples we’ve shared, it’s important to:
Step back from the computer or email app
Call the bank or lender directly (not using the info provided in the email)
You should consider everything as being unsafe when it comes to emails like this and fall back to traditional phone calls or other forms of communication.
The minute you trust an email, it’s a foothold for the hacker to have you:
Send information
Fill in your passwords
Even if you receive a call saying, “Your Amazon card has been charged $3,220,” hang up and call Amazon. You always want to call:
The number on the back of your credit card
The number of your bank
Never, ever click on the link in the email or call the number in the email because these can all be made to look legitimate, but in reality, be very elaborate fakes.
The “I Fear All the Problems of Being Online, So I’m Just Not Going to Be Online” Attitude
We have clients in all age groups who are afraid to be online and tell us that they’re just not going to participate because the risks are too high. This response is similar to driving a car: you may be in an accident, but do you stop driving?
Often, you continue to drive or ride in cars but remain diligent and take necessary precautions, such as:
Insurance
Braking early
Checking each direction twice
Your best security is to be informed because even if you don’t use the Internet, when you go into stores to use a credit card, there is a data point created on you.
Plus, staying off the Internet also makes it more difficult to find information or interact with the world.
Fraud happens online and offline, and we’re seeing more texts and phone calls come in that are phishing for your information. You may receive a very convincing call about your bank account and provide things like your last four digits of your Social Security Number. But what’s really happening is:
The person is logging this data
The person plans to call your bank using this data
The person wants to steal your identity or transfer your money to themselves
Unfortunately, we live in a world where there are scammers who will leverage anything they can for financial gain of some sort.
Navigating Data Breaches and What Happens If You’re a Victim
Data breaches happen a lot. If you become a victim, there are often millions of other names on the list who are also at risk of their identities being sold. We also only have so much time. While you may know that you should have different passwords for all your accounts, it’s not uncommon for people to use the same passwords across multiple accounts because it’s easier.
The problem?
One password can unlock multiple accounts in a data breach if you reuse the password often. Even Joe has reused the same password across multiple accounts, and when that happens, you risk the password hitting the dark web at some point.
23andme had a recent data breach, due to a weak password, and it had a cascading effect on other people’s information being stolen. The hacker used the person’s password, which was likely a:
Kid’s name
Password1234
Anything else that’s easy to guess
If you do receive a notice to change your password or are notified of a data breach, be sure to change this password on all accounts that it’s associated with. Hackers may know your 23andme password, but if it’s the same as your bank and email account, they can also gain access to these accounts.
Whether the account is your Facebook, email, bank, or something else, be sure to enable two-factor authentication.
Yes, it’s an extra step to take, but it will safeguard your account.
If you don’t know what two-factor authentication (sometimes multi-factor, MFA or 2FA) is, it’s when the website will send you a text to verify that the person logging in is really you. Since a hacker won’t have your phone, it’s one of the best security measures that you can take.
Effectively, two-factor authentication will require you to enter your email and password, and then it will:
Call your phone, or
Send an email with a password, or
Send the code on an authentication app, or
Send you a text
Hackers are stopped cold in their tracks when you have two-factor authentication in place.
Using Password Managers
You may have heard of LastPass, Bit Warden, 1Password, Google’s password manager and others. These managers allow you to use sophisticated, complex passwords on multiple accounts and you only need to remember the password to the manager.
If you do use a password manager, you want to be sure that the data is encrypted.
Joe doesn’t recommend that you use a browser password manager unless it’s for something that isn’t really important, such as your New York Times account or something like that.
Cybersecurity is a topic that we’ll be discussing throughout the year to help you protect your accounts and identity online.
We do love it when someone refers a family member or friend to us. Sometimes the question is, “How can we introduce them to you?” Well, there are multiple ways but a very easy way is to simply forward them a link to this webpage.
Here are this week’s items:
Portfolio Update: Murs and I have recorded our portfolio update for August 14, 2023
This Week’s Podcast – Protecting Against Cybersecurity Threats
Listen in to learn the importance of having strong and complex passwords for your home and office networks and avoid using one password for multiple sites. You will also learn the importance of being mindful when opening emails, using public Wi-Fi, sending sensitive data, and more to avoid cyber-attacks.
This Week’s Blog – Protecting Against Cybersecurity Threats
Cybersecurity threats are a major threat to your retirement planning. Thirty or more years ago, protecting against cybersecurity threats wasn’t an issue. Today, institutes are hacked, data is leaked, and it can put your retirement at risk as a result.
We don’t want this episode to scare any of our listeners. Instead, we want to empower you by providing the steps that you need to take to secure your retirement against a potential cyberattack.
Cybersecurity threats are a major threat to your retirement planning. Thirty or more years ago, protecting against cybersecurity threats wasn’t an issue. Today, institutes are hacked, data is leaked, and it can put your retirement at risk as a result.
We don’t want this episode to scare any of our listeners. Instead, we want to empower you by providing the steps that you need to take to secure your retirement against a potential cyberattack.
Understanding Our Obligation to Clients as a Financial Advisor
Before we dive deep into how you can protect against cybersecurity threats, we must mention that as a financial advisor, we must do everything in our power to protect our clients and ourselves.
The Securities and Exchange Commission (SEC) requires that, as financial advisors, we’re always being trained to ensure that we protect our clients against cybersecurity attacks to the best of our ability.
Unfortunately, there are always risks of cyber threats, but we can make it a big challenge for hackers. We know that if you follow the keys steps below, you will not be an easy target for hackers that would love to obtain your information or gain access to your accounts. Using the following list can help you remain safe on the internet.
14 Steps to Protecting Against Cybersecurity Threats
1. Create a Different Password for Each Site That You Use
Passwords are the gateway to your email, social, banking, retirement and other financial accounts. If you have a weak password, it can easily be cracked using a brute force attack. However, and more importantly, you want your password to be:
Long and include upper- and lower-case letters, numbers, and a special character
Different for all sites that you use
Why?
Imagine someone figuring out your Facebook account’s password and then they look through your account settings, find your email address and try logging into your email account. If the passwords are the same, they’ll now have access to your email and can request password reset links and take over many accounts at once.
If you’re like most people and know it’s going to be a real challenge to remember passwords for dozens of websites, you can use what is known as a password manager. A few options are:
LastPass
1Password
Bitwarden
NordPass
On top of having a unique password for all your accounts, we do recommend changing your passwords every 30 days and at the very least, once a year.
If an institute gets compromised, changing your password every quarter, six months, or when a site asks you to will help protect you if a leak does occur.
2. Enable Two-Factor Authentication
If a site offers two-factor authentication, enable it. Why?
Two-factor authentication takes time to get used to, but it adds an extremely powerful level of protection to your account. We like using text messages for authentication because that means the person would need to hack your phone in person, which is extremely unlikely.
You’ll need to:
Put your password into a site
Verify it’s you through a text message, email or application that sends you a code that changes every time
You’ll still need to redo your password every six months. These two simple steps go above and beyond in terms of assurance that you have as low of a risk of having your account compromised as possible.
3. Keep Software and Devices Updated
All your Internet-connected devices should be updated as soon as a patch or update is available. Keeping your PC, mobile phone, tablets, laptops, and other internet connected electronics updated ensures that your device has the latest software, which may add useful features, but more importantly often eliminates bugs and security holes.
4. Beware of Phishing Attacks
Phishing attacks have been around since the creation of email, yet they still accounted for 40% of breaches in 2022. Be aware of phishing emails and social media messages.
The hacker will be “phishing” for information and even include dangerous links that load a virus onto your device. Hackers will make the email look like it’s official and from:
Friends or family
Financial institutions
USPS, FedEx, or other delivery services
Some hackers will even send you a text with one of these links. Do not click on those links. Instead, go to the official website and see if there’s an issue. Amazon emails and texts are one of the most faked and they often say there was a “problem with your delivery,” along with some sort of link for you to click.
Log into your Amazon account to confirm there’s a problem because these links are often malicious.
NOTE: The IRS will never contact you via e-mail or text.
5. Secure Your Home Network
For a moment, consider all the devices that you have logged into your home network. Your Wi-Fi, router, Nest (ecobee), Alexa devices, cameras, and so on connect to your home network. Smart devices can be hacked.
You want to have strong, unique passwords on your router and change to a high-end encryption when available.
6. Be Mindful of Public Wi-Fi
We learned about this issue from a cybersecurity professional that we talked to in the past. You may log into a public Wi-Fi at Starbucks, hotel, or at the airport, but the hacker can create a Wi-Fi that they control that allows them to access your information.
This hack is a little more advanced. Imagine that a hacker sitting in Starbucks creates a Wi-Fi name “Starbucks Guest,” and you log into it. Now, they can filter your traffic and gain access to your accounts.
If the Wi-Fi requires a password, it’s often encrypted and safe. However, if you can log into the Wi-Fi without a password, this is where the real risks exist.
7. Backup Important Data Regularly
Important files can become corrupt, you may delete them, or someone else may access them. You may also lose a device with important files. You can and should backup your data regularly. There are options to do this offline, but most people use a cloud service or something like:
Dropbox
Carbonite
Box
OneDrive
Amazon Cloud Drive
iCloud
Regular backups will also help preserve data if you fall victim to ransomware.
8. Educate Yourself
Spend time educating yourself on recent advancements in cybersecurity. A little education can go a long way in helping you protect against new attacks that may circumvent old security measures.
9. Secure Social Media Accounts
More than half of the world’s population is on social media – that’s a lot of people. You want to secure your:
Facebook
Instagram
Twitter (X)
Navigate to your account’s settings and adjust your privacy settings. Some people put a lot of information on their social media accounts, and a hacker or thief can use this information to exploit you in some way.
For example, there are stories of people posting vacation pictures on a public social media account, and a thief finds their house number and breaks into their home. You can avoid this by strengthening the privacy settings on your account and posting less identifying information about yourself.
10. Encrypt Sensitive Data
Encryption is a bit of a complex topic for anyone who isn’t tech-savvy, so we recommend a simple approach: avoid sending sensitive data online. If you call us and ask us to send you a statement, we won’t send it directly via email because it’s risky.
Using secure financial portals that are encrypted is an option, but you can install encryption on your devices, too.
In the body of your email, never ever send:
Account information
Password
Identifying information
11. Secure Mobile Devices
If you’re on your cell phone playing with apps, talking to your grandkids or spouse, there’s a good chance that you have a lot of sensitive data on your device. We recommend adding a layer of security to access your smartphone and mobile devices, such as:
Pin number
Password
Biometric face recognition
Thumbprint
Securing your phone so that you’re the only one who can use it is very important. We also recommend setting up the “Find my Phone” setting on the phone so that you can remotely erase data on the phone and locate it if it has been stolen.
12. Limit Access to Personal Information
If someone asks you to provide personal information, such as your name, address, or date of birth, be very cautious when providing this information. While this information may not be enough to do anything too malicious to your account, anything else may be a security risk.
Hackers will take this information and use it to try to find more, to learn as much as they can about you.
Unless you know the person that you are talking to and can verify it’s them, be very cautious of providing any information. Hackers may even call you with scary news, such as “your grandchild Stephanie has been in a car accident, and we need your credit card information on file.”
Instead, be cautious of these calls, texts, or messages and be 100% positive that you know the person you’re giving your information to on the phone, in email, via text or so on.
13. Use Secure Browsing Practices
Be wary about information that you send online and be sure to use safe browsing practices. For example, you’ll want to:
Visit only trusted websites
Look for the “https” in the website URL
Be wary of pop-up ads
Don’t download anything from unofficial sources
14. Regularly Review Account Activity
A regular review of the activity on your account will help you:
Identify if an account is compromised
Freeze accounts before serious damage occurs
If you go six months without reviewing your accounts and information, you risk allowing someone to steal your data for this length of time.
While we covered a lot in this article (you can listen to the podcast here), it’s important to go through each step one at a time. Following these simple steps will help you protect your data and identity online.