January 29, 2024 Weekly Update

We do love it when someone refers a family member or friend to us.  Sometimes the question is, “How can we introduce them to you?”   Well, there are multiple ways but a very easy way is to simply forward them a link to this webpage.

Here are this week’s items:

Portfolio Update:  Murs and I have recorded our portfolio update for January 29, 2024

Cybersecurity Safety in Retirement

Listen in to learn the importance of staying informed and taking precautions when using the internet instead of avoiding it. You will also learn the importance of having strong passwords, changing passwords when you suspect maliciousness, setting up two-factor authentication, and more.


Cybersecurity Safety in Retirement

On the Secure Your Retirement podcast, we had a very special guest to discuss cybersecurity safety in retirement. You’ve worked your entire life to retire one day, and with how everything is digitally connected, it’s scary how in a split second, someone can steal your identity.

Retirement planning in the digital age really requires a discussion on cybersecurity and what you can do to protect yourself.

Cybersecurity Safety in Retirement

On the Secure Your Retirement podcast, we had a very special guest to discuss cybersecurity safety in retirement. You’ve worked your entire life to retire one day, and with how everything is digitally connected, it’s scary how in a split second, someone can steal your identity.

Retirement planning in the digital age really requires a discussion on cybersecurity and what you can do to protect yourself.

Joseph O’Donnell of Terrapin Technology Group was happy to sit down with us and answer a lot of the questions that we had about cybersecurity.

Note: Our employees and firm must go through training to protect our clients and maintain our license. We all train in cybersecurity to better protect clients and reduce the risk of working with us financially.

Phishing Emails – A Growing Concern

Phishing emails, voicemails, or text messages can be fraudulent. Scammers hope that you “take the bait” when they call or send these messages. For example, you may receive an email that appears to be from someone you know asking for money or from your child asking for your bank account password.

The emails may match up to the person’s email and look 100% real.

But someone may have hacked into your child’s email account and is now trying to “phish” for you to take the bait so that they can steal your identity and/or money.

Phishing emails often have:

  • Threat
  • Urgency

You may click on a link that looks like Amazon, enter your credit info, and then submit that information to the hacker without even knowing it.

It’s common for these emails to say things like:

  • Someone accessed your credit card account. Can you verify it?
  • Your Amazon package is missing. Please log into your account. 

In either case, links in these messages never lead to a legitimate website.

Determining What is Phishing and What’s Not?

Text messages, calls, and emails have become so convincing that it’s very challenging to know what’s real and what’s not anymore. Even tech-savvy people and those trained in cybersecurity may be tricked into handing over their information.

How do you tell what’s real or not?

If you think, “I have an anti-virus, I’ll be fine,” you’re not safe. Phishing emails do not fall under the umbrella of the anti-virus. Phishing emails are difficult to protect against because human responses are involved. If there’s a “threat,” such as you’re over balance, it’s a threat in the sense of urgency.

If you find yourself receiving an urgent message like the examples we’ve shared, it’s important to:

  • Step back from the computer or email app
  • Call the bank or lender directly (not using the info provided in the email)

You should consider everything as being unsafe when it comes to emails like this and fall back to traditional phone calls or other forms of communication.

The minute you trust an email, it’s a foothold for the hacker to have you:

  • Send information
  • Fill in your passwords

Even if you receive a call saying, “Your Amazon card has been charged $3,220,” hang up and call Amazon. You always want to call:

  • The number on the back of your credit card
  • The number of your bank

Never, ever click on the link in the email or call the number in the email because these can all be made to look legitimate, but in reality, be very elaborate fakes.

The “I Fear All the Problems of Being Online, So I’m Just Not Going to Be Online” Attitude

We have clients in all age groups who are afraid to be online and tell us that they’re just not going to participate because the risks are too high. This response is similar to driving a car: you may be in an accident, but do you stop driving?

Often, you continue to drive or ride in cars but remain diligent and take necessary precautions, such as:

  • Insurance
  • Braking early
  • Checking each direction twice

Your best security is to be informed because even if you don’t use the Internet, when you go into stores to use a credit card, there is a data point created on you.

Plus, staying off the Internet also makes it more difficult to find information or interact with the world.

Fraud happens online and offline, and we’re seeing more texts and phone calls come in that are phishing for your information. You may receive a very convincing call about your bank account and provide things like your last four digits of your Social Security Number. But what’s really happening is:

  • The person is logging this data
  • The person plans to call your bank using this data
  • The person wants to steal your identity or transfer your money to themselves

Unfortunately, we live in a world where there are scammers who will leverage anything they can for financial gain of some sort.

Navigating Data Breaches and What Happens If You’re a Victim

Data breaches happen a lot. If you become a victim, there are often millions of other names on the list who are also at risk of their identities being sold. We also only have so much time. While you may know that you should have different passwords for all your accounts, it’s not uncommon for people to use the same passwords across multiple accounts because it’s easier.

The problem?

One password can unlock multiple accounts in a data breach if you reuse the password often. Even Joe has reused the same password across multiple accounts, and when that happens, you risk the password hitting the dark web at some point.

23andme had a recent data breach, due to a weak password, and it had a cascading effect on other people’s information being stolen. The hacker used the person’s password, which was likely a:

  • Kid’s name
  • Password1234
  • Anything else that’s easy to guess

If you do receive a notice to change your password or are notified of a data breach, be sure to change this password on all accounts that it’s associated with. Hackers may know your 23andme password, but if it’s the same as your bank and email account, they can also gain access to these accounts.

Whether the account is your Facebook, email, bank, or something else, be sure to enable two-factor authentication.

Yes, it’s an extra step to take, but it will safeguard your account.

If you don’t know what two-factor authentication (sometimes multi-factor, MFA or 2FA) is, it’s when the website will send you a text to verify that the person logging in is really you. Since a hacker won’t have your phone, it’s one of the best security measures that you can take.

Effectively, two-factor authentication will require you to enter your email and password, and then it will:

  • Call your phone, or
  • Send an email with a password, or
  • Send the code on an authentication app, or
  • Send you a text

Hackers are stopped cold in their tracks when you have two-factor authentication in place.

Using Password Managers

You may have heard of LastPass, Bit Warden, 1Password, Google’s password manager and others. These managers allow you to use sophisticated, complex passwords on multiple accounts and you only need to remember the password to the manager.

If you do use a password manager, you want to be sure that the data is encrypted.

Joe doesn’t recommend that you use a browser password manager unless it’s for something that isn’t really important, such as your New York Times account or something like that.

Cybersecurity is a topic that we’ll be discussing throughout the year to help you protect your accounts and identity online.

Click here to schedule a call with us to talk about securing your retirement.

Securing Yourself Online and at Home

We live in an online world, where security has completely changed and evolved. There was a time when our clients only had to worry about their home security, but now, you need to add in online security as well.

Imagine working hard to secure your retirement, finally executing all of the steps of retirement planning, and then someone upending all of it in minutes.

We recently had the chance to sit down with Andy Murphy, the owner of The Secure Dad, to discuss ways that we can keep ourselves and our families safer both online and offline.

We’ll be breaking this article into two sections, just like we did on the podcast, to discuss two main points:

  1. How to secure your main home, vacation home, etc.
  2. How to secure yourself online

Andy was nice enough to discuss security with us to help folks live a happier, safer life.

Andy’s Background and Starting The Secure Dad

When listening to an expert, Andy was asked, “What is one thing you can do every day, all day and not get tired?” For Andy, the answer was: family safety. The question led him to create The Secure Dad because it is something he’s obsessed with, and he wanted to share his expertise with the world.

Now, Andy helps people:

  • Take proactive steps to protect their investments
  • Take proactive steps to protect their families
  • Add security in life in a non-intimidating way

How to Secure Your Home(s)

Andy made clear that if you’re proactive about home security, you can keep bad things from happening. Being a little proactive can help you avoid:

  • Major expenses
  • Replacing stolen items
  • Filing a claim with insurance
  • Etc.

Proactive security helps you avoid emotional and financial stressors. Your home is your castle, and while you may have an emotional attachment to it, thieves look at your home as just another potential target.

Instead of relying on just home security, you want to make your home less attractive to thieves. You don’t want someone breaking into your home in the middle of the night while you’re asleep. So, what can you do?

Add lighting.

Thieves want to be concealed and protected. If you add lighting to the perimeter of the home, you can lower the risk of theft. If a thief believes that they’re going to be seen, they’ll go to another house.

Lighting is a major deterrent to thieves.

Ring cameras and security cameras work great, but they’re often not seen until someone walks up to your door or peers through your window. We’ve all seen commercials where someone already breaks into a home and then the alarm starts blaring.

You don’t want to wait until an intruder is in your home to scare them away. Ideally, you’ll scare them away before they even walk into your yard.

Andy recommends taking a multi-layered approach to your security, starting with:

  1. Discipline. Habits and routines, such as making sure your doors and windows are locked, are just the start. You’ll also want to keep your garage closed, lights on outside, etc. 
  2. Responsibility. Proactiveness will go a long way in securing a home. Take responsibility. Close the garage door with expensive gym equipment behind it, and work on making your home less of a target.

Contrary to popular belief, the most common time a theft occurs is during the day. Thieves do not want a confrontation, so they’ll target your home when they think you’re on vacation or at work.

If you just follow the discipline step above, you’ll greatly improve your home’s security.

How to Secure Your Online Data

There was a time when our clients were a bit reluctant to sign documents online or perform any transactions online. In recent years, most of our clients have become comfortable using online portals, but they really don’t know much about online security.

We’ve also been a target for scams, but through our systems in place, we’ve been able to stave them off from being a success.

One close call occurred when someone sent us an email from a client’s account and asked us to withdraw money. We then went through our internal systems. We always:

  • Double verify with the client
  • Ensure they haven’t been hacked
  • Etc.

Ultimately, the client didn’t send the email, and we recognized that they were hacked. 

However, not everyone has security measures to protect their online data. So, we asked Andy what he recommends our readers and listeners do to enhance their online security:

  • Be aware of phishing emails. These emails look legitimate, and they contain links. The person clicks the link and is somehow swindled into giving over their information.
  • Google is great, but if you type in a company name, be sure what you’re clicking on is the actual company that you’re wanting to use. Frequently, ads are disguised to look like Chase or Bank of America, but they lead you to non-official websites.
  • Online banking is often safer than traditional banking at this time. Now, people are engaging in mail fraud, stealing checks and then writing out fraudulent checks. You just need to be sure that the website you’re using is the bank’s official site and has real-time malware and virus scanning.
  • Enable two-factor authentication. While two-factor authentication may seem annoying, it adds an additional layer of security that makes it very difficult to hack into your accounts. Ideally, you’ll use a text message rather than an app for two-factor authentication because it’s safer. One issue that happened to Andy himself is he got a new phone and never transferred his two-factor authenticator to the new device. Unfortunately, he was digitally locked out of his accounts. So, learn from Andy: use a text notification.
  • Be cautious when using a password manager. While these platforms are well-known and used, there are rare cases when the master password is changed, or something happens and you can’t access anything.

Even someone like Andy has made the mistake of not copying their authenticator app to their new device and was locked out of his account. However, if you follow the tips and advice above, you’ll greatly strengthen your online security.

However, there’s one thing left to consider here: family security.

How to Begin Protecting Your Family’s Security

Family security is a very detailed process, but a few things you can do are:

  • Explain to your kids that online friends may not be who they think they are.
  • If an online friend wants to bring conversations to new platforms for no reason, this is often a red flag.
  • Freeze your child’s credit when they’re under 18. They can’t use it until that point, but hackers may try to use their information. Data breaches happen all the time, causing Social Security numbers to leak and may impact your kids.

One question Andy asked us is this: If someone in retirement has the finances not to take out credit, should they freeze their own credit?

And our answer was:

  • Why not? It’s an easy process that can save a lot of heartache. It couldn’t hurt to freeze credit.
  • You can always unfreeze your credit if you need to access it in the future.

Andy has a lot of educational resources, courses and books that you can use to dive into this subject matter far greater than we were able to in the podcast.

Click here to sign up for our podcast if you haven’t done so already.

Cybersecurity 101: How to Secure Your Financial Accounts, Phone and Email

Are you trying to secure your retirement? If so, a lot of clients we have are majorly concerned about cybersecurity. In an instant, a hacker can get into your bank account, transfer your savings over to their own accounts and leave you to pick up the pieces.

These individuals or groups may also hijack your email account and try mailing your financial advisor to make changes to your portfolio or give them access to your accounts. Additionally, someone can log into a retail account and rack up a ton of debt.

In our recent podcast, we had the opportunity to sit down with Nick Espinosa, CEO of Security Fanatics, a cybersecurity expert, to ask him a lot of questions to help protect our clients. Nick has worked with Fortune 100 companies and small businesses. He is a writer and even has Ted Talks where he teaches people about cybersecurity.

And he was more than willing to share some knowledge with our audience.

How to Keep Your Data Safe When Shopping Online

Shopping online is something a lot of people do. It’s a lot easier to go on Amazon and simply order a new pair of pants. However, in the middle of these transactions, you put a lot of trust in a third party that now has access to your credit or debit card information.

How can you stay safe when shopping online?

Nick claims it’s a “loaded question.” Everyone is online, and the pandemic accelerated online shopping and even working from home. The best way to protect yourself is awareness. Technology is constantly innovating, but the threats out there to steal your information or gain access to your accounts are also accelerating with its own technology.

A few questions to ask are:

  • What happens if someone breaks into your phone?
  • What happens if someone gains access to your computer?
  • What information would be found on these devices?

For most people, a lot of information may be accessible in these situations, and maybe you even saved passwords to the device, opening up a treasure trove of data to a hacker.

Protecting against these threats requires some diligence.

Enable Encryption or Set It Up

If someone steals your PC or phone, encryption ensures that they cannot read any of the data on the device. Unfortunately, a pin code isn’t enough to stop someone from potentially accessing files on these electronic devices.

Late-model iPhones and Android devices have automatic encryption, but it doesn’t work well with pin codes.

It’s easy to clone a phone and continually try cracking the pin code.

Instead, you want to use:

  • Long passwords
  • Biometrics, such as thumbprint

If you use these advanced security settings, you’ll encrypt your phone using a method that is very difficult or impossible to break.

Storing Passwords in a Password Manager

Many people rely on password managers because we know that people shouldn’t reuse their passwords across sites. Password managers can help you manage site passwords by:

  • Generating very secure passwords
  • Remembering the passwords for each site
  • Storing passwords using encryption

However, many password managers also synchronize across devices, so the passwords are available on your smartphone, PC, etc.

Hackers are working to break into these password managers because they’re a treasure trove of data. One thing to understand is that if you do use a password manager and there’s an update available for it, download the update immediately.

A security flaw may be the main reason for the update, and if you say, “Well, I’ll update that later,” you’re inviting hackers to steal your information.

Two-factor Authenticator

Two-factor authentication is changing the way people secure their accounts. Using this authenticator adds an extra layer of protection to your account, making it exponentially safer.

Hackers are lazy, and they will go after low-hanging fruit to hack.

Enabling multi-factor authentication requires you to verify the person logging into your account is you. Even if a hacker knows your password, without having access to your phone or wherever the authentication is received, they can’t get into your account.

Threat Detection Systems

A threat detection system sounds so advanced, but it’s crucial to realize that you have a minicomputer in your pocket if you have a smartphone. Your mobile devices are powerful, and they need the same protection as your PC:

  • Antivirus 
  • Antimalware
  • Anti-phishing
  • Etc.

We’re downloading things all the time. However, it’s easy to infect someone on Facebook or Twitter because these platforms do not actively scan files we upload to friends. It’s as simple as a hacker sending a blurry image of you from your mom’s Facebook account, asking if it’s you and then infecting you when you open the image.

The image may even be a doctored image of you, so you would reply, “Yes, awesome picture, mom,” and not realize that your smartphone is now infected with a virus.

Protecting Against a Phishing Scam

Phishing can take on many forms. For example, a Nigerian Prince may email you stating they have millions of dollars they want to transfer to you. Of course, most people are aware of these types of scams and will not fall for them, although some people still lose their entire retirement in these schemes.

There is also something called “spearfishing,” and Nick sees this often in the corporate and individual world.

The main problem retirees face is that they didn’t grow up with the technology that we have today. Nick claims that the vast majority of phishing victims are over age 60 and are the main target of hackers.


Let’s use an example. A hacker starts looking through someone’s email and sees that this person is a 22-year-old male named Johnny. As it turns out, Johnny often sends emails to his grandmother, and she’s the perfect target for phishing.

The hacker may use Johnny’s email to:

  • Send an email to grandma
  • Craft a story about how he’s stranded in London, and someone stole his wallet
  • Grandma sends the money

Grandparents will do anything for their grandchildren, and since grandma knows Johnny is in London, she doesn’t even realize that the mail may be from a hacker. Verifying that the person sending an email is real is as simple as picking up the phone and calling Johnny on his usual phone number.

If you call Johnny, you’re using two-factor authentication to verify that Johnny is really in trouble and can send him money.

Phishing can also happen on fake forms online. For example, someone may own Amazzon.com, and the site looks exactly like the real Amazon. However, when you type on your account information, it may redirect to Amazon, and you don’t realize anything was amiss.

The problem is that the hacker captured all of the form information and can now access your Amazon account and make purchases.

Sometimes, there’s an infection on a smartphone or PC. When you’re on your device and on Facebook, a pop-up may appear on the screen that says, “Call 1800 scamm-me.” You call, and the person steals your information.

Additionally, someone may text you from Bank of America saying there’s an issue with your account, so you click on the link and don’t realize it’s not a legitimate one. In this case, it’s crucial to call the bank yourself or log into your account by going to the official site yourself and verifying that there’s an issue with your account.

It’s far too easy to recreate a site, create this sense of an urgent problem with your account and fall into the grasp of a hacker who wants nothing more than to hack into your bank account. You need to do your due diligence to keep your information safe when logging into your bank account or receiving emails.

The key to keeping yourself safe online is to educate yourself and don’t make it easy for hackers to hack you. Use complex passwords and two-factor authentication, and always verify that the person mailing you for money is actually the person you want to help.

A healthy retirement is one that you actually get to enjoy. If you’ve worked hard, did everything right and then lost everything in an instant, it would be a horrible feeling. Focusing on your cybersecurity and just following the basics above will protect your retirement from hackers.

If you’re saving for retirement and want expert advice, schedule a call with us to see how we can help.