Phishing and identity theft are on the rise, not just through email but phone calls, texts, and even in person. In 2020, the FBI received nearly 800,000 reports of phishing, totaling $4.1 billion in losses for the victims of those schemes. The number of reports increases each year. As a financial advisor, preparing your clients to avoid common scams and protect their accounts from these financial losses is an important service you can provide. Here are a couple of the most common phishing attempts and ransomware attacks and some tips that you can share with your clients to keep them safe from these scams.
3 Most Common Methods Scammers Use to Steal Money or Data
Here are some of the most common ways scammers gain access to your information, install harmful ransomware, or steal money from their victims. Send your clients periodic reminders of these common methods along with the tips on how to avoid becoming a victim to them.
Hacking Login Credentials
More often than not, scammers will simply guess someone’s login credentials through trial and error. Once they have those credentials, they can get into your accounts as they please—often without you ever being alerted to suspicious activity.
Here are the best ways you and your clients can protect your accounts from this method:
Set strong passwords. Avoid using basic personal information like your name, birthday, or address. Scammers can often find these basic details through social media or public records. Use a mix of upper and lowercase letters and add numbers and special characters.
Enable multi factor authentication whenever possible. This is a method of having two or more steps to login into your account. For example, after inputting your login credentials, you might have to input a short code sent to your phone or email. This second step ensures that even if someone guesses your login credentials, they still can’t get into your account without that randomly generated code you received.
Change your passwords regularly. Ideally, you should change all of your passwords every 60-90 days. This way, even if a hacker does get your login credentials, the credentials they have will soon be invalid.
Email phishing is another popular way scammers will gain access to your data or your accounts. By using deceptive email subject lines or impersonating trusted brands or agencies, scammers try to get unsuspecting victims to click links or download files that either secretly install spyware on their computer or redirect them to a scammers website where they give their personal information under the belief that they are on an official, trusted website.
Here are some of the best ways to avoid falling prey to email phishing:
Hover your cursor over the sender’s email address before opening an email. Hackers can disguise their email addresses to make them look legitimate. But when you hover your cursor over it, the sender’s contact information, including the real email address, will be displayed. Use this to check that the addresses match.
Copy link URLS before clicking through. Hackers can also disguise URLs inside the email. To see where a link is really taking you, right click it and copy the URL. Paste it inside a word document to see what the actual URL is. Again, you can use this trick to make sure the URL matches what the email claims it is.
Contact financial institutions, agencies, or businesses you have accounts with directly rather than through the email. Since hackers will sometimes manipulate victims by impersonating their bank or service provider, contacting those institutions directly if you get an email from them is the best way to avoid falling prey to attacks. If you get an email claiming suspicious activity was reported on your credit card or that you owe money to a service provider, for example, don’t rely on the links or contact information provided in the email. Instead, call the company directly or open a new window in your browser to log into your online account directly.
Never open files from contacts you don’t recognize. If an email address you don’t recognize sends you an attachment, do not open it. Just delete the email. If you’re feeling uncertain about whether it’s legitimate, call the institution or individual it claims to be from and ask if they emailed you an attachment.
Scammers can use similar tactics that they use in email over the phone or text message as well. They can even go so far as to disguise their caller ID to display a name and phone number that you know and trust (like the IRS or your bank). Once you answer, they’ll use similar manipulation tactics to try to coerce you into handing over money or personal information.
Here are some of the best ways to avoid becoming a victim of mobile scams:
Hang up and call back. If the caller really is from the institution or agency they claim to be from, they will have no problem letting you hang up, go over to the institution’s official website, and call the customer service number listed on that website to continue discussing the matter. By hanging up and calling the official company number, you confirm that you’re really on the phone with that company. You can also expose red flags. If the caller is pressuring you to stay on the line rather than call back, for example, that’s a serious red flag. If you call the company number and the representative can find no record of the issue the original caller was talking about, that’s another serious red flag.
Don’t rely on contact information or links sent through text. Just as with emails, don’t click through links or use contact details provided by text. When you receive a text claiming to come from an institution you know, call the official customer service number, head over to the app, or log into your account directly via your browser rather than clicking through a link.
Verify charities. Scam charity calls prey on your kindness and empathy to get you to donate to a fake charity. If the cause is something you genuinely care about, do your own research. Be aware that many fake charities will set up websites. Instead, check the charity on sites like charity navigator or charity watch to see if there are complaints of fraud. If they’re not listed on either site, take that as a red flag.
Be alert to red flags. If you’re uncertain about a caller, watch for common red flags. Callers who are extremely pushy, pressuring you to give money or information on the spot are likely scams. Callers who use threats or intimidation to scare you into doing what they want are also likely scams. Callers who insist you pay with gift cards, prepaid debit cards, or wire transfers are almost certainly scams. Even if you owe money or are dealing with a legal problem, a legitimate organization will not pressure you to take any action immediately and definitely will not insist on payment via gift cards or wire transfer. Instead, they will send written notices, provide deadlines, or schedule appointments.
As a financial advisor, one of the best ways you can help your client is sending out reminders with these tips periodically to keep clients alert to possible fraud and make sure they know how to protect themselves from phishing and identity theft. While the threat exists all year round, research shows that attacks spike in the weeks leading up to the holidays and during tax season. So, sending out quick reminder emails with these tips in early fall and another around late January or early February is a great way to keep your clients safe and demonstrate the value you provide as an advisor.
And if you prefer, you can receive updates from us when we hear about the latest attempts via our weekly blog newsletter. Provide us your email address at the bottom of this blog or the sidebar.