Avoiding Financial Scams and Identity Theft

Financial Planning: Cybersecurity Tips

Author: Matthew Williams CFP®, RICP®, CEXP®, CASL® | Director of Financial Planning at Impact Advisors Group

It’s Saturday afternoon, and you are watching a movie at home or running errands, and your phone vibrates.

You take a peek and see a text from a phone number and area code you don’t recognize. “Hey Jackson, when are you coming to my house to fix my a/c? It’s hot in this place.”

Or the message may read, “Let’s get together tomorrow for a cup of coffee.”

There are no typos. It seems friendly, but you don’t know the person or simply assume the sender mistakenly entered your phone number.

The temptation may be to kindly inform the person that he/she has the wrong number. Or you sheepishly reply and ask if this is someone you know. Both responses seem harmless, right?

Wrong!

Losses Rise

Every day, the FBI’s Internet Crime Complaint Center (IC3) receives thousands of complaints reporting a wide array of scams, many of them targeting the elderly.

In 2023, the FBI’s Elder Fraud report stated that losses reported to the IC3 by those over the age of 60 topped $3.4 billion, an 11% increase in reported losses from 2022. The average dollar loss was $33,915.

There was also a 14% rise in complaints filed with the IC3 by elderly victims. But this is only the tip of the iceberg, as many simply are too embarrassed to report or don’t believe they will ever see their money again.

Let’s Continue With Our Real-Life Example

According to consumer advice from the Federal Trade Commission (FTC), it’s not rude to ignore “Hi, how are you?” text messages from strangers.

Let me explain. In the past, it wasn’t uncommon to occasionally receive a call from someone who misdialed. A quick “You must have the wrong number,” followed by, “Oh, I’m sorry,” ended the call. The exchange lasted less than 30 seconds.

Today, a scammer is sending the message, hoping you’ll answer and take the bait.

According to the FTC, scammers will probably apologize and then engage you in friendly and playful banter to keep the conversation going because they want to gain your trust.

Once they have your trust, they’ll offer advice on investing in cryptocurrency or some other investment… for a fee. But it’s a scam. If you take the bait, it will turn into a costly lesson.

In other instances, scammers may send a photo of “themselves” from a unique location. Be careful. The photo contains malware.

Download the picture, and hackers can gain access to your phone, keystrokes (including passwords), financial information, and more.

Even if you quickly break off the conversation, scammers now know they have a live number and are likely to ramp up fraudulent and annoying attacks.

If you see such a message, it’s best not to open it. Just hit “block and report SPAM.”

Never call an unknown number back, even if it looks like a local or U.S. phone number. In what’s called the one-ring phone scam, fraudsters use international numbers that look like American numbers to trick you into returning the call. They’ll do their best to keep you on the line, leaving you with huge charges.

Nowadays, it may be best not to answer calls from numbers you don’t recognize. If it’s important, they will leave a voicemail.

Impersonation

Have you ever received a text that claims to be from Netflix or PayPal? Most of us have.

The message alleges something is wrong with the account, and you must click on a link to re-establish service. But do you notice the link is simply a long string of nonsensical characters? It’s a message designed to defraud you.

Messages claiming to be from FedEx or UPS inform you that a package is being held at a warehouse because they don’t have your address. Again, scammers want you to click on a nefarious link that will only lead to heartache.

Meanwhile, the grandparent scam tugs at your heartstrings, which is the scammer’s goal. You may receive a phone call from a scammer posing as the victim’s grandchild, purportedly in jail. Money is needed immediately.

Even if scammers insist you keep it a secret, the FBI recommends that you first verify the story with a family member.

The Romance Scam

Scammers prey on those of any age, including the elderly. According to the FBI, a criminal uses a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic relationship to manipulate and steal from the victim.

Scammers may discuss meeting in person, but that won’t happen. Eventually, when you are most vulnerable, they will ask for money. At its worst, victims have willingly given hundreds of thousands of dollars to these criminals.

The bottom line: Never send money to anyone you’ve communicated with online or by phone.

How To Recognize Phishing

According to the FTC, scammers use emails or text messages to steal your passwords, account numbers, and Social Security number. Scammers launch billions of phishing attacks every day—and they’re successful more often than you think.

Otherwise, they wouldn’t take the time if such activities weren’t profitable.

Despite the official appearance, here are signs that can help you spot fraudulent messages.

  • The email has a generic greeting. It doesn’t address you by name.
  • It’s from an unknown email address that doesn’t reflect the company’s name.
  • The email says your account is on hold due to a billing problem.
  • The email requires that you click on a link to update your payment details.

Be careful! With the advent of AI (artificial intelligence), emails may appear legit and devoid of typos and misspelled words, which are obvious signs of a scam.

If in doubt, call the company. But don’t use a number provided in the email. Be sure to find a statement or obtain the phone number directly from the company’s website.

Play Defense

Let’s explore several FTC recommendations that will help you avoid being victimized.

1. Protect your computer and phone using security software that automatically updates.

2. Protect your accounts using multi-factor authentication, which requires additional credentials to access your account. These can fall into three categories:

  • A passcode, a PIN, or the answer to a security question.
  • A one-time verification passcode you get by text, email, or from an authenticator app.
  • A scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they obtain your username and password.

If you receive a phone call from someone asking for the PIN or passcode, HANG UP! No one from your bank, financial institution, or legitimate company will EVER call you and ask for this information.

After hanging up, immediately change your password and user ID and speak to someone at that company so you may report your encounter.

3. Protect the data on your phone and computer by saving data to an external hard drive or in the cloud.

4. Limit the amount of personal information on social media. It’s best not to share family and personal information. Major platforms, including Facebook, have hundreds of millions of users. Any one of them in the U.S. or overseas can follow and target you.

5. Don’t let your guard down and use common sense.

What If…

We’re human. We make mistakes. What if you slip up and provide the requested information?

1. Change your password and always use strong passwords. Better yet, use a unique password for each account.

2. Check your financial statements and call your financial institution.

3. If you have not frozen your credit report with the three credit bureaus, do so now. What is a credit freeze? A credit freeze prevents creditors from accessing your credit report, preventing a scammer from taking out a loan or credit card in your name.

Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze
Experian: https://www.experian.com/freeze/center.html
TransUnion: https://www.transunion.com/credit-freeze

It’s easy to do, and you may temporarily lift a credit freeze when applying for credit.

Final Thoughts

October is Cybersecurity Awareness Month. We want you to stay safe online.

Much of what we’ve discussed may sound like common sense, and it is. But in the moment that we least expect it, mistakes can occur.

Hackers are becoming increasingly sophisticated, but knowledge and common sense are a strong defense. Keep your security software updated and stay alert; you’ll greatly reduce the odds of being victimized.

If you have questions, we’d be happy to provide additional resources.

Impact Advisors Group LLC (“[IAG]”) is a registered investment advisor offering advisory services in the State of Massachusetts and in other jurisdictions where exempted. Registration does not imply a certain level of skill or training. The information on this site is not intended as tax, accounting or legal advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. This information should not be relied upon as the sole factor in an investment making decision. Past performance is no indication of future results. Investment in securities involves significant risk and has the potential for partial or complete loss of funds invested. It should not be assumed that any recommendations made will be profitable or equal any performance noted on this site. The information on this site is provided “AS IS” and without warranties of any kind either express or implied. To the fullest extent permissible pursuant to applicable laws, Impact Advisors Group disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability, non-infringement, and suitability for a particular purpose. IAG does not warrant that the information on this site will be free from error. Your use of the information is at your sole risk. Under no circumstances shall IAG be liable for any direct, indirect, special or consequential damages that result from the use of, or the inability to use, the information provided on this site, even if IAG or a IAG authorized representative has been advised of the possibility of such damages. Information contained on this site should not be considered a solicitation to buy, an offer to sell, or a recommendation of any security in any jurisdiction where such offer, solicitation, or recommendation would be unlawful or unauthorized.
Skip to content