Young or old, wealthy or poor, online or in person … Nobody is immune from financial scams and identity theft slams. No matter who you are or how well-informed you may be, the bad guys are out there, daily devising new tricks for every fraud we fix. Even we financial professionals are at risk, which I’ll get to later on. First, some facts, and acts you can take to protect yourself.

Who Are They? Fraudsters and Thieves

  • Financial fraudsters are after your assets.
  • Identity thieves want to steal your personal information – usually, so they can commit financial fraud by posing as you and breaching your security.

What Do They Want? Your Money and Your Life

Some of your most treasured personal information includes:

  • Social Security Numbers, passports, driver’s licenses and similar identifying information.
  • Financial account and credit card numbers.
  • Passwords (or insights about you that help them guess at weak ones).
  • Your and family members’ contact information (name, address, phone, email).
  • Your and family members’ birth dates.
  • Details about your life (interests, travel plans, relationships, your alma maters, etc.).

How Will They Get It? However They Can!

Criminals come in all shapes and sizes, and will use anything and everything that might work:

  • Most mayhem occurs the same, old ways: the real or virtual equivalent of strong-arm theft; breaking and entering; and increasingly, scams that trick you into giving your goods away.
  • They may be strangers. They may pose as someone you know. Unfortunately, they can be someone you do know. (Elder abuse, for example, is often perpetrated by family members.) 
  • They may commit their crimes online, by phone, in the mail (to a lesser extent) or in person.
  • Phishing emails and deceitful or compromised websites try to trick you into clicking on bad links or opening infected attachments. This exposes you to malware which infects your device with anything from harmless pranks to damaging viruses to serious security breaches.

What Should You Look For? Ten Red Flags

Criminal techniques may be new-fangled, but the tactics – the red flags to look for – are mostly unchanged. Whether online, in the mail, on the phone or in person, be on extra alert whenever:

  • An offer sounds too good to be true.
  • A stranger wants to be your real or virtual best friend.
  • Someone you know is behaving oddly, especially via email or phone. (This may mean it’s an identity thief, posing as someone you know.)
  • Someone claiming to represent a government agency, financial or legal firm, police department or other authority contacts you out of the blue, demanding money or information.
  • You’re feeling pressured or tricked into responding RIGHT AWAY to a threat, a temptation or a curiosity.
  • You’re prioritizing easy access over solid security (weak or absent locks and passwords).
  • You’re sharing personal information in a public venue (including social media).
  • Facts or figures aren’t adding up; bank statements, reports or other info is missing entirely.
  • Your defenses are down: You’re ill, injured, grieving, experiencing dementia or feeling blue.
  • Your gut feel is warning you: Something seems off.

An Action Plan (Hint: It’s a Lot Like Evidence-Based Investing)

The more of these sorts of alarm bells are sounding off, the more suspicious you should be. What then? The hardest part may be deciding where to begin. We recommend approaching your personal security the same way you approach investing: Instead of feeling you must immediately chase every defensive action out there, start with a plan.

  • Base your plan on how and why identity theft and financial fraud occurs, as described above.
  • Include broad strokes as well as specific action items.
  • Pay extra attention to the risks that pose the greatest threats to you and your lifestyle.
  • Whenever new tricks, techniques and technologies emerge, refer to your plan as a dependable framework in which to consider your next best steps.

What Else Can You Do? Quite a Lot!

While criminals are forever finding new ways to foil our defenses, there are still plenty of sensible steps you can take to protect yourself and your money.

Online Protection

  • Virus software: Install anti-malware and anti-spyware software on all of your devices. Keep it and your operating system current!
  • Backups: Use backup software for system and/or file recovery as needed. Allow for multiple version backups, in case you need to go back in time for a safe recovery.
  • Passwords: Create strong, unique passwords for each of your devices and accounts (long, random combinations). Periodically change them, especially on financial and other sensitive accounts, and whenever you may “smell a rat.” Consider using password management software to securely track them.
  • Extra security: Employ extra security when available, such as two-step verification or biometrics (fingerprints).
  • Hyperlinks and attachments: In emails or on websites, be incredibly cautious about clicking on links or opening attachments, especially from unfamiliar sources. Refer to our “Ten Red Flags” to help spot the most suspicious ones.
  • Social media: Privatize your social media profiles and activities so only those you allow in can see them.
  • WiFi: Be extra careful on public WiFi connections outside of your home or business. Don’t conduct sensitive transactions on them; assume the world can see anything you’re doing. 

Suspicious Phone Calls

  • Identify: Whenever a stranger calls you out of the blue demanding or enticing you into sending money or sharing information, it’s probably a scam. Even when a caller claims to be someone you know, if their requests seem urgent, unusual, or emotionally charged – watch out. It’s probably an identity thief in disguise. 
  • End the call: Your best line of defense is to immediately hang up. Don’t engage in conversation; you may accidentally divulge information a con artist can then use against you.
  • Don’t cooperate: Unless you initiated the call, never share your credit card number or any other sensitive information, especially in response to an urgent threat or enticing “prize.”
  • Investigate: Do what you can to verify the caller’s legitimacy. For example, if they claim to be from the IRS, end the call and contact the agency directly to inquire further. If they claim to be a family member in distress, tell them you’ll call them back and then call a close relative to double check. Google the suspicious number to see if others have reported it.
  • Report: Report the suspicious number to federal authorities.

Credit and Records Management

  • Watch for inconsistencies: Whether you’re receiving banking, credit card and investment statements online or in the mail, scan each one for odd or unfamiliar transactions.
  • Watch for missing statements: If statements you were expecting to receive suddenly stop arriving, a financial fraudster might have pirated your account and redirected it elsewhere.
  • Monitor your credit reports: Take advantage of your right to request free annual credit reports from AnnualCreditReport.com. Review them carefully for inaccuracies. 
  • Consider a credit freeze: If you rarely apply for loans, you may want to freeze your credit, unlocking it only when needed. It costs a bit, but shuts out identity thieves cold.
  • Follow up promptly: If something seems “off,” immediately change any login passwords, and promptly contact the service provider and appropriate federal authorities.

Personal Security

  • Remain on guard: Don’t assume you’re safe just because you’re not online. There is still plenty of old-fashioned theft going on.
  • Secure it: Secure any paperwork you must keep. Lock up your home, desk, file cabinets, car, mailbox and trash bins. (Identity thieves will “dumpster dive” to steal your stuff.)
  • Shred it: Use a shredder to destroy any paperwork you do not need to keep.
  • When you’re out and about: Keep a close eye on your purse or wallet (at work and social events, in the gym and stores, and so on). Avoid keeping personal identification in your car.
  • Filling in forms: When filling out medical forms, credit card applications and similar paperwork, only provide what is essential. Don’t provide your Social Security Number on initial request, and push back if pressed for it. It’s rarely actually required.
  • Banking: When using an ATM machine, be aware of others around you and avoid using one that looks like it might have been tampered with.

What About Your Financial Advisor’s Security?

As a financial advisor, we must not only keep a tight eye on our personal information, but we must be even more vigilant with our clients’ sensitive records and transactions, regularly revisiting and refreshing our firm-wide cybersecurity best practices. 

Firms large and small must be on constant guard – including your advisor, your account custodian and your fund managers. While you as an individual must defend against the occasional attack, most financial institutions must ward off multiple daily attempts.

At The Cogent Advisor, we hired a national security firm to audit our potential risks on an ongoing basis and create solutions to protect our proprietary data. We also attend ongoing presentations by national and international enforcement groups and cybersecurity experts, to remain abreast with the latest best practices. On top of that, our affiliation with The BAM ALLIANCE helps us exchange additional ideas and expertise with a wide range of like-minded firms.

What If They Succeed? Act Promptly

If you believe you’ve been exposed to identity theft or financial fraud, time is of the essence.

  • Online: If it’s an online event, immediately change the passwords on any affected accounts. It may help, and it certainly can’t hurt. Your multi-version backups might come in handy too.
  • In general: Check in with any bank or other institution involved, and the government agency responsible for overseeing the breach: the IRS for tax fraud, or the FTC for anything else.
  • Financial: If you feel your financial security has been compromised, we’ll want to hear from you as well! We’ll do all we can to help you fix the breach and minimize any damage done.