How to Fight Phishing

Phishing, fraudulent emails designed to trick people into divulging passwords or downloading malware, continues to rise.  The reason is simple. It is easier to trick a user than hack an encrypted password.  These types of attacks remain one of the most significant risks in the financial services industry. With that in mind, we wanted to give you a few tips on how to protect yourself and your finances.

As we discover newer and better ways to secure our money and data, scammers are relying more and more on tricking users. That is essentially the goal of phishing scams which use fake emails or texts to obtain your personal information. Sometimes real looking emails send you to real looking fake websites to trick you into entering your login credentials.  They then use this information to hack the accounts you thought were secure. Sometimes real looking emails trick you into opening files that download malware onto your computer.

A friend recently shared a story in which hackers were able to break into his email and begin sending emails on his behalf to his financial advisor. When the advisor responded, the hacker was able to reroute the emails before my friend even saw them – essentially communicating with the financial advisor without leaving any traces. Luckily, the financial advisor had his guard up and as soon as he suspected something fishy, contacted my friend over the phone. The scary thing is that this is all too common. All it takes if for you to click on a seemingly innocent link planted in an email from a scammer. Clicking on the link allows the hacker to access your computer where they can do anything from read your emails to changing the rules on your email account. So what can you do to protect yourself?

Don’t Click on Links!

Scammers are getting more and more savvy in the ways they try to trick you. That’s why it’s critical that you keep your guard up. Be skeptical of any email that looks phishy. Only a few months ago I received an email from a financial organization I work with. I was expecting an important update from them but I noticed that the email address was a little off. Instead of using “o”s they have used “0”s and instead of the usual .com, the email ended with a .org. I contacted the organization and learned that they had no record of sending such an email. Luckily, I caught it and no harm was done but it did wake me up to the realities of phishing.

Call to Verify

Even emails from close friends and family can get hacked and hackers are getting better and better at mimicking the way we communicate with others. With that in mind, if something sounds weird – verify. If your grandma is suddenly asking for large sums of money – give her a call. It’s possible someone has hacked her email and she doesn’t know it.

Turn on Two-Factor Authentication

This is a great way to protect your information that is become more widely available. Two-factor authentication requires you to verify your identity when logging into an account by having the website you’re logging into send a pin number to your phone or email that you then use to verify it’s you. I prefer to have the two-factor authentication code texted to my phone rather than emailed to my computer. For those of you who are clients, Schwab has added this feature to their Schwab Alliance portals.

As always, your security remains one of our top priorities and we continue to look for new and improved ways to protect your information. Of course, we can’t do it without your help. If you’d like to learn more about phishing and how best to protect yourself, check out the following resources from the Federal Trade Commission:

https://www.consumer.ftc.gov/articles/0003-phishing