Scams are a major concern for everyone. Every day, people are falling victim to scams. Occasionally, a client of ours will contact the office because their data has been breached.
Just in the last week, two clients have reached out to us because they were scammed.
Let’s go through some tips to help you avoid scams and have peace of mind that you’re taking the steps to avoid falling victim to one of these scams.
Remember, millions of people fall victim to identity theft, fraud and scams each year, so it can happen to you.
Client 1 Example
The first client clicked on something that led to a notice that said:
- You have a problem with your computer
- Call the Microsoft number on your screen for help to fix the issue
If you ever encounter this situation, do not call the number on the notice. Go to a computer repair specialist and they’ll help you because these notices are from scammers who scare people into doing exactly what our first client did.
Unfortunately, the client called the number on the screen, and they did share some information with the person on the phone. While some things were shared, the person’s identity has not been breached yet. However, they are now going through the necessary steps to circumvent any issues if the scammers do use this information.
Client 2 Example
In scenario two, the client clicked on something and divulged some of their information. It resulted in $4,800 being removed from their bank account. Fortunately, the person caught the withdrawal quickly and the bank was able to reverse the transaction before the client suffered a major loss.
We’re seeing an influx of clients get caught up in these scams, and if your thought is, “I just won’t go online,” that’s not always a realistic option.
You can be safe online, and learning what the latest scams are and how they work can help you avoid being scammed in the first place.
3 Things to Keep at the Top of Mind When Working with an Advisor
1. Good, Safe Practices to Working with Your Advisor
If you’re working with an advisor as part of your retirement planning, you must have good, up-to-date, safe practices in place. Your advisor is a trusted person who you share some of your most private data with, such as:
- Financials
- Social Security number
- Account numbers
- Date of birth
Talk with your advisor to understand how they protect your information and assets. For us, we have ongoing cybersecurity training, encryption, backup software, and numerous other safeguards.
We’re continually trying to improve our security measures as security risks evolve to keep client information safe and secure.
You also need to keep your advisor up to date when you:
- Change your email address
- Move to a new address
- Change your phone number
Keeping your advisor up to date can prevent your important documents from going to someone other than you.
We require verbal verification to make changes to this type of information because going by email requests only can be very risky. If your email was hacked, the verbal verification requirement is an extra step we have in place to help keep you and your information safe.
2. Expect a Verification Call
If you send us an email asking us to send you money or to change addresses, expect a call from us. Speaking with you allows us to verify you made the request and confirm the details of the request so that we’re 100% positive before sending the money, changing emails, and so on.
While a call may be an extra step that you don’t want to take, it’s much better than the alternative.
3. How Custodians Protect Your Security
Custodians, such as Schwab or Fidelity, take security very seriously. Some of the many ways that custodians will verify you with is:
- Voice
- Two-factor authentication
If you want to protect yourself, two-factor authentication is one of the most secure measures you can take with your accounts. You’ll receive either an email or text with a code that you need to verify the log-in, or you may have to download an authentication app.
From our understanding, the authentication app is the best, and the text is really good, too.
Two-factor authentication prevents your account from being hacked so that even if a hacker gains access to your email, they can’t access your accounts without these codes.
11 General Best Practices of Cybersecurity
1. Be Suspicious of Everything
To avoid scams, you should be suspicious of texts, phone calls, and emails. If you do pick up calls from phone numbers that you don’t recognize, be cautious when they ask for any identifying information.
If, for example, the person asking for your identifying information states that they’re from Chase, hang up the phone and call a verified Chase number rather than trusting the phone call.
2. Remain Diligent on Social Media
People share a lot of life updates on social media, such as their date of birth, contact information, favorite vacation spots, and other data that a scammer or hacker can use to gain access to even more of your data.
Once you share this data with the world, it’s out there.
3. Be Cautious of Money Movement Instructions Via Email
If you receive any money movement instructions over email, you need to be extremely cautious. You might receive an email from UPS asking you for payment to ensure that your delivery arrives or PayPal asking you to click a link because someone deposited money into your account.
4. Avoid Clicking Links Because Phishing Attempts are HUGE
Phishing attempts are on the rise, and people are more willing than ever to try and steal your personal information. You want to avoid clicking on any unknown links because it’s too easy to fall into a phishing trap and have your information or money stolen.
If the link is to PayPal or a bank account, go to the verified website rather than clicking on the link in the email. This will help circumvent the risk of clicking on a phishing link.
5. Avoid Disclosing or Entering Confidential Information on a Device in a Public Area
Hackers can use man-in-the-middle attacks when you’re on public Wi-Fi to intercept your data and steal your identity. Public Wi-Fi is usually found in places like airports, cafes, and malls. Instead of using public Wi-Fi, you’ll either need to use a VPN or wait until you’re on a private, encrypted Wi-Fi network before entering private data or log-in credentials into an app or website.
6. Monitor Account Statements and Emails
If you make it a habit to log into your accounts and check your financial statements regularly, it will help you avoid unauthorized charges. Acting fast to dispute a credit card charge or withdrawal can save you a lot of heartache in the long term.
Check your emails and accounts often to make sure that you have a pulse on your balances and transactions.
7. Keep Your Technology Updated
Your technology is a major security risk because if a vulnerability is discovered, hackers will take advantage of it to gain access to your accounts or devices. You want to keep any technology (and its software) that you use updated, which includes:
- Computers
- Laptops
- Tablets
- Smartphones
- Apps
- Browsers
All computers should have updated anti-virus, anti-malware, and anti-spyware. If you don’t have these installed, be sure to work on that.
Enable security settings within your browser, too.
If you go somewhere that offers you a free USB device, it’s not worth using because it does pose the risk of having malicious software on it.
8. Avoid Throwing Your Computer Away
Your computer has very valuable information and log-in data on it. If we are no longer using a computer, we use a service that will destroy the computer so that it can never be restored. Never just throw your computer in the trash because it is a security risk.
9. Try to Avoid Using Public Computer
If you use a public computer at a library or other location, do not log into your accounts. Anyone who sits down at the computer can see the history and potentially access your account if you didn’t properly log out of all your accounts before you left.
You should also clear the browser history when you are finished if you do need to use a public computer.
10. Use Wireless Networks That You Know and Trust
Public Wi-Fi is simply not secure. You should use networks that you know and trust. Password protection and encryption can prevent a hacker from accessing the information you transmit over the network.
If you turn on a mobile hotspot on your phone, it will increase your security when using a public network.
It’s also not good practice to update your device or computer on a public network.
11. Be Strategic with Your Log-in Credentials and Passwords
No one likes to remember 20 different logins and passwords, but it’s one of the best security practices that you can follow. When creating a password:
- Create a unique password for each account
- Avoid using your date of birth or other personal info
- Consider using a password manager for password creation and storage
- Never share or text your password with someone else
Every time that you have a chance, be sure to enable two-factor authentication to keep your account safe.
More About Phishing Attempts
But we already covered phishing scams! Well, we are seeing such an increase in phishing attempts, it’s worth a deeper dive. Understanding the strategy of phishing attempts can be helpful to keep in mind as you answer calls or open emails and texts. Often, phishing scams will:
- Dangle something, like money, if you give over information
- Create a sense of urgency to get you to supply your data
- Threaten you to get you to click on a button
As we’ve said before, never click on a link in an email that you don’t know or trust. For example, if Schwab emails you your statement, you can open your browser and go to the verified website to login and access these documents rather than click the link in the email.
If you see a suspicious link, hover it and look in the status bar on your browser to see the real web address.
Also, check the sender’s domain name. Often, scammers will send what looks like a legitimate email until you look at the sender. The sender may actually be from somewhere like Gmail or Yahoo and not the real company email address.
Carefully read the sender email address. Sometimes, the name will look very similar to a real account, such as @PayPai instead of @PayPal.com.
Examine the entire email before clicking on any link or button inside of the email.
Scammers may even use a name that you know for the sender’s name to trick you, so be very vigilant because scammers are smarter than ever.
We know that this is a lot to digest, but protecting your identity and sensitive information is a must when doing anything online.
If you have any questions, please feel free to contact our office.