#cybersecurity

The holiday season is a time when people are especially vulnerable to scams. This is because they are busy and often have their guard down. Criminals take advantage of this by circulating fake e-gift cards, posing as charities, targeting specific demographics, and so on. We will discuss Google’s five most popular scams being circulated this holiday season.

1) E-gift card scams. With the holiday season in full swing, so are gift cards and prize scams. These scammers will often lie about being a known contact of yours to try and get you to buy them a gift card, or they may offer an amazing prize in exchange for your credit card information. If you receive any suspicious emails like this from someone claiming to be your friend, make sure to confirm it with them through another method before doing anything further. And as always, if something seems too good to be true, it probably is.

2) Charities. Be wary of scammers and phishing attempts; they actually worsen during the holiday season. This would not only hurt those who fall for the scams, but also charities that could’ve benefited from donations. For example, an attacker may pretend to be associated with a charity related to current events or one with a familiar name. If someone contacts you asking for money via personal email or another method, beware that it might be fraudulent.

3) Demographic Targeting. With more people shopping online and sharing personal information this holiday season, scammers are taking advantage by targeting consumers with fraud that seems more realistic.

For example, you might get an email from what looks like your child’s school PTA about a holiday fundraiser. But if you click on the link in the email, it could take you to a fake website where you’re asked to enter sensitive information like your credit card number or Social Security Number.

These types of scams can be difficult to identify because they seem so personalized. But if you’re aware of potential threats and know what to look for, you can help protect yourself against them.

4) Subscription Renewals. Scammers love to target people at the end of the year, and one particularly nasty version of these emails spoofs antivirus services. They lure victims with promises of improved security, but if you take a closer look at the sender’s email address, you can usually spot these scams pretty easily.

5) Crypto Scams. Cryptocurrency-based scammers are more prevalent during times of high crypto usage, like now. They often use a cryptocurrency wallet to collect payment and may threaten their victim if they don’t receive the funds. Some key things to look out for that signal fraud include typos, strange email addresses, and demands for payment.

By being aware of these five popular scams circulating this holiday season, you can protect yourself and your loved ones from potential fraud. Also, check out our cybersecurity guide for ten things you should be doing now to protect your data.

Disclosure: BFSG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to BFSG’s website or blog or incorporated herein and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly. Please remember that different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment or investment strategy (including those undertaken or recommended by Company), will be profitable or equal any historical performance level(s). Please see important disclosure information here.

We have all watched the crisis in Ukraine unfold in the media over the last two weeks. There is concern that the sanctions imposed may lead Russia to seek retaliatory action via an increase in cyber-attacks targeting industries and businesses worldwide. When the world feels unstable, we want to reassure you that your assets are safe, and we are on high alert.

While this is not a comprehensive list, we wanted to share some ways BFSG is protecting your information:

• Our 3^rd party IT consultant just completed a security audit of our network (these occur quarterly);
• Last year we had a separate firm complete a penetration test to try to find any weaknesses in our systems;
• We maintain cyber-insurance and have an incident response plan in place if there was a breach;
• We continuously train staff on security awareness through cyber-training modules, phishing test emails, and we have scheduled a cyber-incident tabletop exercise with another 3^rd party, which will occur in a few months;
• We utilize encryption software for sensitive documents when transmitting files; and
• We verbally confirm all money movement requests as well as any requests for account updates.

The safety and security of client assets is job number one at Schwab and Fidelity as well. Their cybersecurity teams have enhanced monitoring and continuously test the resilience of their platforms and cyber technology capabilities against various threat scenarios, including those related to the Eastern European conflict. In addition, both Schwab and Fidelity insure your account against losses from unauthorized access.

Security is a partnership, and the best protection is possible when we work together to protect your information. We have a number of support materials to help safeguard your sensitive information and prevent fraud:

• Cyber Security Guide
• Tips for Preventing Fraud

Like many of you, we are searching for ways we can help while we hold out hope for an expedient end to the situation. If you are looking for ways to help, you can find information and a list of charities responding to the conflict from Schwab Charitable and the Center for Disaster Philanthropy.

Thank you for your trust and confidence.

Disclosure: BFSG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to BFSG’s website or blog or incorporated herein and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly. Please remember that different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment or investment strategy (including those undertaken or recommended by Company), will be profitable or equal any historical performance level(s). Please see important disclosure information here.

Phone scams are on the rise, costing Americans over $20 billion in 2020.(1) In the US, 27% of aging adults live alone,(2) and they’re the most likely to be targeted for scams.(3) Unfortunately, many people don’t discover scams until it’s too late. If you find yourself on the other line with a fraudster, will you hang up or be swindled out of your hard-earned savings? Learn some tips to protect yourself from phone scammers.

What are the Three Top Phone Scams

To protect yourself against future phone scams, it’s important to understand them. Here are three of the most effective approaches used against aging adults.

1. Government impostor

The last organization we want to get a call from is a government agency. A government impersonator might even give you their “employee ID number” to sound official. They might even have information about you, like your name or home address.

Why this works

If we think a government official is calling, it’s natural to think we might have done something wrong. Did I forget to send or sign a required form? Scammers often say they work for the Social Security Administration, the IRS, or Medicare. They’ll give you a compelling reason why you need to send money or give them personal information immediately.

2. Grandparent scam

The victim gets a call from someone posing as his or her grandchild. This person explains, in a frantic-sounding voice that he or she is in trouble and needs money (e.g., there’s been an accident, arrest, or a robbery). To add to the urgency, the caller might claim to be hospitalized or stuck in a foreign country. They may even throw in a few family particulars, gleaned from the actual grandchild’s social media activity to make the impersonation even more convincing.

Why this works

The impostor offers just enough detail about where and how the emergency happened to make it seem plausible and perhaps turns the phone over to another scammer who pretends to be a doctor, police officer, or lawyer to back up the story. The scammer impersonating a “grandchild” implores the target to wire money immediately, adding an anxious plea: “Don’t tell Mom and Dad!”

3. Robocall phone scam

These computer-generated calls are first trying to verify that you are a real person. This may entail just recording your “Yes” answer to “Can you hear me?” for further use, possibly to authorize bogus charges. They may leave a voicemail about an Amazon purchase made on your account, asking to call back to clear up a problem. If you answer the phone and there is a long pause, that could be because the call is being switched to a call center of trained phone scammers—that is a good time to hang up.

Why this works

If you get a voicemail about a problem with your Amazon purchase, we might be relieved someone found the problem. If you call back, a scammer will seem willing and able to help solve the problem. While they may seem friendly and helpful, they’ll be trying to gather personal information to swindle their victims’ money.

Tips to Help Protect You from Phone Scams

Train yourself to avoid answering calls from unknown numbers. If it’s important and relevant to you, such as a call back from someone that you telephoned, the caller will leave a message. If you do pick up the phone, use suggestions from this list:

1. If a caller asks who you are, or if this is [your name], ask them to identify themselves and their company first, and where they’re calling from. If you don’t recognize them, ask for a phone number you can use to call them back. (In many cases, you won’t get one—a red flag.) You can also google the company “calling” you then call them to confirm their legitimacy.
2. Be cautious about caller ID numbers that seem legitimate. You may not be able to tell right away if an incoming call is using Caller ID spoofing. Beware: Caller ID showing a “local” number does not necessarily mean it’s a local caller.
3. If you answer the phone and the caller, or a recording, asks you to hit a button to stop getting the calls, hang up. Scammers often use this trick to identify potential targets.
4. Don’t respond to any questions asked by a robocall that tries to verify your name. For example, “Is this Robert?” answered with “Yes.” They may record your response and use it to authorize purchases.
5. Set a password for your voicemail. If a hacker gets your phone number, they may be able to gain access to your voicemail if it’s not password protected.
6. Talk to your phone company about available call-blocking tools and check into apps that block unwanted calls on your phone.
7. Realize that it’s highly unlikely that a government organization would ever contact you by phone. If you get a call from someone posing as a government official, hang up. If needed, they’ll contact you by mail.

Protect Yourself

Don’t answer calls from unknown callers. If it’s a legitimate caller, they’ll leave a message. Explore settings on your mobile phones and try turning on the “Silence Unknown Callers” feature.

Also reference our prior blog post on “Tips for Preventing Fraud” and BFSG’s client alert “Protect Yourself, Protect Your Data”.

1. Protecting Older Consumers, Federal Trade Commission, 10/18/20
2. Older people are more likely to live alone in the U.S. than elsewhere in the world, Pew Research Center, 3/10/20
3. People who live alone among the likely to be scammed, Cadillac News, 10/17/19

Prepared by Hartford Funds, “The Data Doesn’t’ Lie – Raise Your Phone Scam Awareness”, March 5, 2021. Author: Laurie Orlov is a tech industry veteran, writer, speaker, and founder of Aging in Place Technology Watch.  Edited by BFSG, LLC.

Disclosure: BFSG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to BFSG’s web site or blog or incorporated herein and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly. Please see important disclosure information here.

Cyber criminals exploit our increasing reliance on technology. Methods used to compromise a victim’s identity or login credentials – such as malware, phishing, and social engineering – are increasingly sophisticated and difficult to spot. Constant vigilance is key. This checklist summarizes common cyber fraud tactics, along with tips and best practices. Many suggestions may be things you’re doing now, while others may be new. We also cover actions to take if you suspect that your personal information has been compromised. If you have questions, we are here to help.

How We Can Work Together to Protect Your Information and Assets

• Keep us informed regarding changes to your personal information.
• Expect us to call you to confirm email requests to move money, trade, or change account information.
• Establish a verbal password with our firm to confirm your identity or request a video chat.

How Your Custodian Protects Your Account

Our custodians, Schwab and Fidelity, takes your security seriously and leverages protocols and policies to help protect your financial assets. Below are actions you can take to reinforce their efforts and resources to assist you in keeping your account safe:

• Confirm your identity using Schwab’s voice ID service or Fidelity’s MyVoice when calling for support.
• Use two-factor authentication, which requires you to enter a unique code each time you access your accounts.
• Review the Schwab Security Guarantee and Fidelity Customer Protection Guarantee, which covers 100% of any losses in any of your accounts due to unauthorized activity.

Follow General Best Practices

• Be suspicious of unexpected or unsolicited phone calls, emails, and texts asking you to send money or disclose personal information. If you receive a suspicious call, do not accept it, hang up, and call back using a known contact number.

• Be cautious when sharing sensitive information and conducting personal or confidential business via email, since it can be compromised and used to facilitate identity theft.

• Do not disclose personal or sensitive information on social media sites, such as your birthdate, contact information, and mother’s maiden name.

• Be cautious when receiving money movement instructions via email. Call the sender at their known number (not a number provided in the email) to validate all instruction details verbally before following instructions or providing your approval.

• Protect yourself from phishing attempts and malicious links.

• Check your email and account statements regularly for suspicious activity.

• Do not verbally disclose or enter confidential information on a laptop or mobile device in public areas where someone could potentially see, hear, or access your information.

• Verify payment requests you receive by phone or email. Requests for you to make payments using prepaid debit cards, gift cards, or digital currency are frequently associated with fraud or scams.

Keep your Technology Up to Date

• Keep your web browser and operating system up to date and be sure you’re using appropriate security settings. Old software, operating systems, and browsers can be susceptible to attack.

• Install anti-virus and anti-spyware software on all computers and mobile devices.

• Enable the security settings on your applications and web browser.

• Do not use free or found USB thumb drives—they could be infected with viruses or malware.

• Turn off Bluetooth when it’s not needed, to protect against individuals gaining access to your devices using Bluetooth connections.

• Safely and securely dispose of old hardware.

Be Cautious with Public Networks

• Avoid using public computers. If you must use one, go to the browser settings and clear the browser history (cache) and cookies when you’re finished.

• Only use wireless networks you trust or that are protected with a secure password.

• Use your personal Wi-Fi hotspot instead of public Wi-Fi.

• Do not accept software updates if you are connected to public Wi-Fi.

Be Strategic with your Login Credentials and Passwords

• Do not use personal information such as your Social Security number or birthday as part of your login ID.

• Create a unique password for each financial institution you do business that are long and contain a combination of characters, numbers, and symbols. Consider using a password manager to create, manage, and store passwords that are unique and secure.

• Do not share your passwords.

• Use two-step verification whenever possible.

Be Sure you’re on a Secure Website

• Check the URL to see if it’s a secure connection. Secure sites begin with https rather than http, and are generally considered safer.

• Check the address bar for site validity indicators whenever you log in to a website. Some browsers use green text or security symbols to indicate a secure and verified site.

• Download apps only from the Google Play^™ Store or the Apple App Store^®.

• Do not visit websites you don’t know—for example, websites advertised on pop-up ads and banners.

• Log out completely to terminate access when you’ve completed a secure session, such as with online banking or a credit card payment.

Beware of Phishing

• Do not click on links or attachments in emails and text messages if you question the validity of the sender. Instead, type the real web address, for example https://www.schwaballiance.com, in your browser.

• Hover over questionable links to reveal the site’s full URL and see where the link really goes. Do not click on links that don’t match the sender or don’t match what you expect to see.

• Be suspicious of emails that have grayed-out Cc: and To: lines—they may have been sent to a mass distribution list.

• Check the sender’s domain name in the email address (john.doe@gmail.com) to see if it matches what you would expect to see.

• Activate the spam filters in your email settings tab. This will help prevent unsolicited emails from coming to your inbox.

Learn More

Visit these sites for more information and best practices:

BFSG’s Protect Yourself, Protect Your Data: Ten things to do now to protect yourself.

StaySafeOnline.org: Review the STOP. THINK. CONNECT™ cybersecurity educational campaign.

OnGuardOnline.gov: Focused on online security for kids, it includes a blog on current cyber trends.

FDIC Consumer Assistance & Information, https://www.fdic.gov/consumers/assistance/index.html.

FBI Scams and Safety provides additional tips, https://www.fbi.gov/scams-and-safety.

What to do if you Suspect a Breach

• Call our office or your financial institution immediately so that they can watch for suspicious activity and collaborate with you on other steps to take.

• Freeze your credit. Freezing your credit reports prevents criminals from taking out credit cards or loans in your name.

Disclosure: BFSG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to BFSG’s web site or blog or incorporated herein and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly. Please see important disclosure information here.