How to Avoid Scams – Practical Tips for Preventing Fraud

Scams are a major concern for everyone. Every day, people are falling victim to scams. Occasionally, a client of ours will contact the office because their data has been breached. 

Just in the last week, two clients have reached out to us because they were scammed. 

Let’s go through some tips to help you avoid scams and have peace of mind that you’re taking the steps to avoid falling victim to one of these scams. 

Remember, millions of people fall victim to identity theft, fraud and scams each year, so it can happen to you.

Client 1 Example 

The first client clicked on something that led to a notice that said: 

  • You have a problem with your computer 
  • Call the Microsoft number on your screen for help to fix the issue 

If you ever encounter this situation, do not call the number on the notice. Go to a computer repair specialist and they’ll help you because these notices are from scammers who scare people into doing exactly what our first client did. 

Unfortunately, the client called the number on the screen, and they did share some information with the person on the phone. While some things were shared, the person’s identity has not been breached yet. However, they are now going through the necessary steps to circumvent any issues if the scammers do use this information. 

Client 2 Example 

In scenario two, the client clicked on something and divulged some of their information. It resulted in $4,800 being removed from their bank account. Fortunately, the person caught the withdrawal quickly and the bank was able to reverse the transaction before the client suffered a major loss. 

We’re seeing an influx of clients get caught up in these scams, and if your thought is, “I just won’t go online,” that’s not always a realistic option. 

You can be safe online, and learning what the latest scams are and how they work can help you avoid being scammed in the first place. 

3 Things to Keep at the Top of Mind When Working with an Advisor 

1. Good, Safe Practices to Working with Your Advisor 

If you’re working with an advisor as part of your retirement planning, you must have good, up-to-date, safe practices in place. Your advisor is a trusted person who you share some of your most private data with, such as: 

  • Financials 
  • Social Security number 
  • Account numbers 
  • Date of birth 

Talk with your advisor to understand how they protect your information and assets. For us, we have ongoing cybersecurity training, encryption, backup software, and numerous other safeguards. 

We’re continually trying to improve our security measures as security risks evolve to keep client information safe and secure. 

You also need to keep your advisor up to date when you: 

  • Change your email address 
  • Move to a new address 
  • Change your phone number 

Keeping your advisor up to date can prevent your important documents from going to someone other than you.  

We require verbal verification to make changes to this type of information because going by email requests only can be very risky. If your email was hacked, the verbal verification requirement is an extra step we have in place to help keep you and your information safe.  

2. Expect a Verification Call 

If you send us an email asking us to send you money or to change addresses, expect a call from us. Speaking with you allows us to verify you made the request and confirm the details of the request so that we’re 100% positive before sending the money, changing emails, and so on. 

While a call may be an extra step that you don’t want to take, it’s much better than the alternative. 

3. How Custodians Protect Your Security 

Custodians, such as Schwab or Fidelity, take security very seriously. Some of the many ways that custodians will verify you with is: 

  • Voice 
  • Two-factor authentication 

If you want to protect yourself, two-factor authentication is one of the most secure measures you can take with your accounts. You’ll receive either an email or text with a code that you need to verify the log-in, or you may have to download an authentication app. 

From our understanding, the authentication app is the best, and the text is really good, too. 

Two-factor authentication prevents your account from being hacked so that even if a hacker gains access to your email, they can’t access your accounts without these codes. 

11 General Best Practices of Cybersecurity 

1. Be Suspicious of Everything 

To avoid scams, you should be suspicious of texts, phone calls, and emails. If you do pick up calls from phone numbers that you don’t recognize, be cautious when they ask for any identifying information.  

If, for example, the person asking for your identifying information states that they’re from Chase, hang up the phone and call a verified Chase number rather than trusting the phone call. 

2. Remain Diligent on Social Media 

People share a lot of life updates on social media, such as their date of birth, contact information, favorite vacation spots, and other data that a scammer or hacker can use to gain access to even more of your data.   

Once you share this data with the world, it’s out there. 

3. Be Cautious of Money Movement Instructions Via Email 

If you receive any money movement instructions over email, you need to be extremely cautious. You might receive an email from UPS asking you for payment to ensure that your delivery arrives or PayPal asking you to click a link because someone deposited money into your account.  

4. Avoid Clicking Links Because Phishing Attempts are HUGE 

Phishing attempts are on the rise, and people are more willing than ever to try and steal your personal information. You want to avoid clicking on any unknown links because it’s too easy to fall into a phishing trap and have your information or money stolen. 

If the link is to PayPal or a bank account, go to the verified website rather than clicking on the link in the email. This will help circumvent the risk of clicking on a phishing link. 

5. Avoid Disclosing or Entering Confidential Information on a Device in a Public Area 

Hackers can use man-in-the-middle attacks when you’re on public Wi-Fi to intercept your data and steal your identity. Public Wi-Fi is usually found in places like airports, cafes, and malls. Instead of using public Wi-Fi, you’ll either need to use a VPN or wait until you’re on a private, encrypted Wi-Fi network before entering private data or log-in credentials into an app or website.  

6. Monitor Account Statements and Emails 

If you make it a habit to log into your accounts and check your financial statements regularly, it will help you avoid unauthorized charges. Acting fast to dispute a credit card charge or withdrawal can save you a lot of heartache in the long term. 

Check your emails and accounts often to make sure that you have a pulse on your balances and transactions. 

7. Keep Your Technology Updated 

Your technology is a major security risk because if a vulnerability is discovered, hackers will take advantage of it to gain access to your accounts or devices. You want to keep any technology (and its software) that you use updated, which includes: 

  • Computers 
  • Laptops 
  • Tablets 
  • Smartphones 
  • Apps 
  • Browsers 

All computers should have updated anti-virus, anti-malware, and anti-spyware. If you don’t have these installed, be sure to work on that. 

Enable security settings within your browser, too. 

If you go somewhere that offers you a free USB device, it’s not worth using because it does pose the risk of having malicious software on it. 

8. Avoid Throwing Your Computer Away 

Your computer has very valuable information and log-in data on it. If we are no longer using a computer, we use a service that will destroy the computer so that it can never be restored. Never just throw your computer in the trash because it is a security risk.  

9. Try to Avoid Using Public Computer 

If you use a public computer at a library or other location, do not log into your accounts. Anyone who sits down at the computer can see the history and potentially access your account if you didn’t properly log out of all your accounts before you left. 

You should also clear the browser history when you are finished if you do need to use a public computer. 

10. Use Wireless Networks That You Know and Trust 

Public Wi-Fi is simply not secure. You should use networks that you know and trust. Password protection and encryption can prevent a hacker from accessing the information you transmit over the network. 

If you turn on a mobile hotspot on your phone, it will increase your security when using a public network. 

It’s also not good practice to update your device or computer on a public network. 

11. Be Strategic with Your Log-in Credentials and Passwords 

No one likes to remember 20 different logins and passwords, but it’s one of the best security practices that you can follow. When creating a password: 

  • Create a unique password for each account 
  • Avoid using your date of birth or other personal info 
  • Consider using a password manager for password creation and storage 
  • Never share or text your password with someone else 

Every time that you have a chance, be sure to enable two-factor authentication to keep your account safe. 

More About Phishing Attempts 

But we already covered phishing scams! Well, we are seeing such an increase in phishing attempts, it’s worth a deeper dive. Understanding the strategy of phishing attempts can be helpful to keep in mind as you answer calls or open emails and texts. Often, phishing scams will: 

  • Dangle something, like money, if you give over information 
  • Create a sense of urgency to get you to supply your data 
  • Threaten you to get you to click on a button 

As we’ve said before, never click on a link in an email that you don’t know or trust. For example, if Schwab emails you your statement, you can open your browser and go to the verified website to login and access these documents rather than click the link in the email. 

If you see a suspicious link, hover it and look in the status bar on your browser to see the real web address. 

Also, check the sender’s domain name. Often, scammers will send what looks like a legitimate email until you look at the sender. The sender may actually be from somewhere like Gmail or Yahoo and not the real company email address. 

Carefully read the sender email address. Sometimes, the name will look very similar to a real account, such as @PayPai instead of @PayPal.com.  

Examine the entire email before clicking on any link or button inside of the email. 

Scammers may even use a name that you know for the sender’s name to trick you, so be very vigilant because scammers are smarter than ever. 

We know that this is a lot to digest, but protecting your identity and sensitive information is a must when doing anything online. 

If you have any questions, please feel free to contact our office. 

Click here to schedule a consultation with us. 

Protect Against Identity Theft and Fraud

Did you know that over 33% of adults in the US have already experienced identity theft? It’s a scary thought. When you work diligently to pay your bills and eliminate debt, the last thing you want to do is deal with identity theft.

We’re not trying to scare you by any means, but it’s more important than ever to protect against identity theft on the Internet-connected world that we live in.

Scammers are becoming more sophisticated, but you can still take steps to reduce your risk of theft and fraud. As financial advisors who work on retirement planning on a daily basis, we would like to share with you two stories before we go through our checklist on how to protect against identity theft and fraud.

Story 1: Fraudsters are Nearby

One time, we received an email from one of our clients asking us to transfer money to a particular account. We knew this account, but we called the client before a transfer because that’s an additional step we always take for our clients.

We never transfer money because of an email that we receive.

The client was happy we did call because someone hacked their email and found out their:

  • Mortgage information
  • Retirement information
  • Insurances
  • Etc.

Emails were sent to the numerous contacts in the person’s list trying to steal their identity. The client opened an investigation with authorities, and the culprit was someone living on their street who went through their trash to steal their identity.

Story 2: Duke Energy Call

In our second story, a scammer came close to tricking us, and it began with a phone call. The call came from “Duke Energy,” my energy provider. The provider told me that my electricity would be turned off within an hour.

Being out on vacation at the time, I was almost tricked until asking the person on the other end of the line a question or two.

Auto-pay is set up on my account, and I hung up and called Duke Energy. The scammer hoped that I would provide a credit card to avoid getting my electricity turned off.

Common Mistakes People Make That Increase the Risk of Cyber Threats

Cyber threats are constantly evolving, but the biggest ones that we’re seeing right now are:

Using the Same Password Across All Sites

A basic yet vital way to protect your identity and accounts is to use different passwords. According to security experts, 91% of people know that using the same password on websites is a security risk, yet 59% of people use the same password on all websites.

All it takes is a single security breach to gain access to all of your accounts.

Just think about it. If you use the same password and email for Twitter as you do for all of your other accounts, a single breach could lead to others gaining access to your:

  • Email account
  • Bank accounts
  • Retirement accounts
  • Social media
  • Etc.

You can use password lockers that can help you create and store unique passwords for all sites with high-end encryption, too.

Not Using Two-Factor Authentication

When you log into your account, two-factor authentication can add an additional security measure to your account. For example, when you log into your bank account, you enter your username and password, and then you will have to:

  • Access an email for a code, or
  • Access a text message, or
  • Get the code via phone

If you set up two-factor authentication, if it’s available, this will provide you with an additional layer of security that makes your account safer.

Sharing Your Password with Others

Do you share your password with other people? If so, you’re increasing your risks of fraud drastically. The individual may not be personally responsible for the fraud, but what if their device has malware that steals your account information?

Failing to Update Your Devices and Software

Your device, whether it’s a personal computer, tablet, smartphone or any other device, may be a weak point in your overall security. For example, a security hole on iPhone was recently discovered that could allow hackers to access the phone’s contents.

Updating the operating system fixes the issue, but a lot of people skip these vital updates.

You want to be sure that you update your:

  • Operating system
  • Web browser
  • Anti-virus
  • Etc.

Anti-virus updates are crucial because they work to prevent breaches in real-time.

Opening Unsolicited Emails

Email is one of the most common ways that theft occurs. If you receive an unsolicited email or something doesn’t seem right with an email, delete it. Following a link or downloading an attachment in the mail can lead to you unknowingly giving a scammer access to your computer.

Hackers can spoof an email so that it looks like it’s been sent from Amazon, Facebook, friends or others.

Remain diligent with your email and even texts because scammers routinely send messages with:

  • Tracking links
  • Download links
  • Etc.

If something doesn’t seem right, delete the mail, or call the sender to verify that it’s really them.

Being Too Open on Social Media

People share far too much information on Facebook, Instagram, Twitter and other social media accounts. When you have the following information out there, hackers will use this information to gain access to your accounts, such as your:

  • Email
  • Birthday
  • Name
  • Address

Hackers can use this information to answer security questions on certain accounts to gain access to them. For example, a person posts a picture of their first-grade class and on their bank account, the “Name of Your Elementary School” is your security question.

It’s easy for a hacker to look at the photo, do some digging and find the school’s name.

For your own safety and security, don’t post too much personal information on social media accounts.

Opening Emails from Friends and Family

Friends and family are being used to trick people into downloading files, sending money or following links. Just imagine that a close friend sends an email asking to donate to their fundraiser, and you enter in all of your information to help this friend.

But your friend’s email was hacked, and you only find out months later.

If someone doesn’t email you often or even if they do, there’s no harm in calling them to ensure that the mail is legitimate.

We’re also seeing hackers do this to elderly individuals. The hacker will message them saying that their grandchild needs money or something similar because they found the child’s name on their social media accounts.

In short, don’t send money or follow instructions through email unless you’re 100% positive that the sender is not scamming you.

Not Paying Attention to Breaches or Hacks

Since you use a variety of sites and platforms, one may be hacked. For example, if you have a Chase account and a breach just occurred, you can request that your account be frozen. You should be taking a proactive approach to freeze your accounts and get ahead of potential identity theft.

Not Changing Your Password Periodically

Using the last point, if a breach occurs and someone gains access to your password, you may circumvent the risk due to your password changing habits. Security experts suggest changing passwords every 60 to 90 days.

Following this schedule will help you minimize your risks of someone stealing and using your password.

Common Phone Scams We’re Seeing Right Now

Phone scams are growing in popularity, too. A few of the scams to be cautious of are:

  1. The Social Security Administration will never give you a call. It’s a scam.
  2. The IRS will never give you a call. It’s a scam.
  3. Someone calls you saying that you won money. Probably not. It’s a scam.
  4. Microsoft calls and says that something’s wrong with your computer. It’s a scam.
  5. Credit card companies call and say they’ve detected fraud. Maybe. But hang up and call the number on the back of your card to make sure it’s not a scam.

We just want you to be careful to protect your identity. We’re not trying to scare you. Rather, we want you to be prepared and know how to keep your identity safe.

If you want to grab our free checklist that covers all these points, simply call our office at 919-787-8866 and ask for Laura or Morgan. They’ll send out the checklist for you to follow to ensure you’re taking proactive steps to keep your identity safe.

Want to learn more great information from us? We have a podcast where we discuss great topics, just like this, twice a week.

Click here to sign up for our podcast.