Cybersecurity: How to Stay Secure Online

Speaker 1 (00:00):

Bad news, everyone on the cybersecurity front. In 2023, over $10 billion was stolen from consumers through fraud and identity theft. And that was a 14% increase from 2022, where $8.8 billion was stolen from consumers according to the FTC. Welcome everyone to the Retirement Power Hour. My name's Joe Allaria, and this is episode 27. And as I mentioned today, we are talking about how to protect yourself from identity theft and from fraud. And with all of our information online these days, unfortunately this is something that we all bear the responsibility of and protecting our identity, protecting our financial accounts, and our lives are all on the internet, and so we need to be aware, we, we, we cannot afford anymore to put our head in the sand and not be aware of how to protect ourselves online. And the truth of it is, it's, it's hard enough to save money and invest money and work only to see your money go out the window because of a preventable mistake.

Speaker 1 (01:03):

So we want to help you prevent that, and I wanna help you prevent that by explaining and showing you some very easy common sense, easy to implement strategies that can help you. The sad thing about this is when you actually look at the FTC numbers, and you look at all of the statistics around this, this is happening with online shopping. This is happening with investments, with prizes and sweepstakes, competitions, you know, business opportunities. There were over 2.6 million fraud reports in 2023 in all of these areas. If you look at the numbers from 2019, the median loss per reported crime was $3,000. And fast forward to 2023, that median rose to $7,000. So the consequences of these crimes are becoming more and more significant every single year. Let's jump in and talk about some of these strategies, these tips and tricks that you can use to help protect yourself against these scams.

Speaker 1 (02:05):

And the first thing that you wanna be aware of are phishing scams. And this is basically when someone is trying to get information out of you, but you are the one providing the information. And a lot of times, like we said, this does come in the form of an email. Um, it could be a phone call. There's lots of different types of phishing. There's text messages, and this is basically, again, someone sends you a fraudulent text message and they're claiming to be someone that they're not. You know, for example, you may get an email, uh, regarding a transaction you made but you didn't make a transaction. And they have a link here to, you know, make sure you click this link to claim your refund or something like that. You click it, it wants you to log in and, and you're actually giving your login information to a third party, and it's not actually the company that they're claiming to be.

Speaker 1 (02:54):

A lot of times you hear people claiming that the IRS is calling you. Many of you have received that phone call. This is the IRS and you've got a warrant out for your arrest because you didn't pay your taxes agents on the way to your house right now unless you give me your information and clear this up. Now, if you do that, you won't go to jail. I mean, these things, these are the type of things that happen. You see 'em through emails, you see 'em through text messages, you see 'em through phone calls, and you also see them regards to wire transfers where people are trying to, maybe, maybe you have a real estate transaction that's about to go through and people are fraudulently emailing you the wrong wire information. Maybe they know you have a transaction coming up, you're closing on a, a property closing on a house, and they know that.

Speaker 1 (03:42):

And in fact, these are real stories that we've heard from clients and friends and family members where this has happened and they've lost large amounts of money because of this. So these are things that all you wanna be aware of. Another, another type of phishing that you have to be aware of is called spear phishing. And that's where someone will impersonate someone that you do know and act like that person. And this actually happened in our office where there was a fraudulent email sent from a third, an outside party to an employee of ours, and the scammer was impersonating one of our senior people here at our office. You get an email, which looks like it's from your boss saying, Hey, I need you to run a quick errand for me. I'm in a meeting, I can't take calls. Go buy these gift cards and mail 'em to this address.

Speaker 1 (04:31):

Right? And, uh, it's not actually who you think it is, who's giving those instructions. So it all comes down to you need to verify the identity of the person that you're talking to or the person who's emailing you or the person you're texting. And you know what, you don't have to respond, you don't have to answer it. You don't have to do the things that they say that you have to do. Being aware of phishing, phone calls, phishing text messages, phishing emails, those are key to, uh, protecting yourself online and to protecting your identity. Another type of scam that you have to be aware of is called content injection. And we heard a story about this as well, and this was from a family member of mine who, uh, that this happened to. So they were on their computer, they get a popup that comes up on their computer, and it basically told them that they had a, a virus on their computer and that they needed to call Microsoft to stop the virus or stop the attack that their computer was being attacked.

Speaker 1 (05:36):

Phone number pops up on the screen, individual calls the number on the screen. They say, well, we can certainly help you with that. We're gonna need to access your computer. Victim gives the scammer access to her computer. They are, you know, going through things. They're supposedly resolving the issue, uninstalling some software that they planted themselves and, uh, at the end charging a fee of $140. So they said, well, your information's still out there is, if you don't pay the money, then we can't completely stop this attack. And they're, you know, these criminals are getting your more, your information every second, so you're at risk here. But the victim said she needed to think about it, talk to her husband. So she hangs up. The person called back two times after that and the victim picked up the first time, reiterated that she needed to talk to her husband.

Speaker 1 (06:29):

And when the person called back again, the red flags start going off in the victim's mind and thank God just ended it there. Had a computer professional come out, make sure her computer was not compromised, and, uh, reset passwords and all that good stuff. And you have to be so careful about these content injection scams because if you give access to your computer to someone else, they can go in any of your files, they can log in. If you have your password saved and your bank accounts, they can get into your bank accounts, they can transfer money, and they've got programs to do all this very, very quickly. So before you give access to your computer, you need to verify the identity of the person that you're giving access to and be very careful before you act. The third thing you can do to protect yourself is to simply not give your information out via email by attaching things that have your personal identifiable information, your social security number, your date of birth, your address, things that your account numbers, your passwords, and you know, usernames.

Speaker 1 (07:34):

Don't email that information. So when you're emailing people, make sure you're using a secure link or you're using some sort of encrypted document, especially when you're interacting with your financial professionals, your, your realtors or your lenders, your bank, your accountants is a big one. Whenever you're sending information, don't include those documents as a simple attachment with no encryption. If you send it and you send it online digitally, then make sure there's a way to send files securely. Our firm uses Citrix share file to upload secure documents, and we have it in our email signature, and you can upload 'em that way. Be sure you do that because if you send them as a regular attachment and your email gets hacked, my email gets hacked, whomever the person you're sending it to, either email can get hacked. Now all I have to do is open that attachment.

Speaker 1 (08:25):

Well with share file, it is again, another step of encryption. And if your email gets hacked, just because that happens, it doesn't mean that that person's now gonna have access to every document you've ever sent because you just sent it as an attachment. Fourth thing to be aware of, don't use public and unsecure wifi. When you use wifi, make sure that it is encrypted. Make sure that it has a lock next to it. When you log in, it has a lock, and that means it has a password. So make sure you're using it at home. Make sure you have your wifi encrypted with a password when you go out in public hotels, restaurants, you know, if you take your computer with all your financial information and you, you pop it on the, uh, free wifi at Starbucks, you don't know who's sitting in there, you don't know who's on that network, and they can hack into your computer if you're sharing that same wifi.

Speaker 1 (09:13):

And number five is a credit freeze. When a criminal steals your identity, maybe they apply for a credit card in your name or something of that nature. They cannot do so if you have a credit freeze, because every time you do that, you open a new credit card, you buy a piece of furniture, and you finance it. You know, you buy a car, they're gonna run your credit to check your credit score. So you may have good credit and a scammer gets a, gets ahold of your information, they, and they go and buy thousands of dollars of furniture at furniture store down the street on your dime, and you don't even know what's happening. If you have a credit freeze, that won't happen. And it can't happen because you have to unfreeze your credit so that your credit can even be run. And this will happen if you do do a credit freeze and you try to go buy something, a car, a piece of furniture, get a new credit card, it's gonna come back and say, sorry, this request was denied because your credit is frozen and you need to first unfreeze your credit.

Speaker 1 (10:12):

So this would help prevent these things from happening in advance rather than a lot of the credit monitoring programs out there, they don't really stop anything from happening, they just let you know that something has happened after it's happened. So credit freeze stops it at the beginning, and you'd have to do it with all three credit monitoring systems. That's Equifax, that's TransUnion and Experian. All three organizations, you'd have to do a credit freeze at each one. So we have phishing, we have content injection, we have using secure email tools. We have number four, public and secure wifi. We don't wanna use that. We only wanna use secure wifi. And number five was credit free. So continuing on when you go and do transactions, the sixth thing you can do to protect yourself is use your credit card and not your debit card. Credit cards offer greater protection against fraud than debit cards.

Speaker 1 (11:05):

So there's a maximum liability of $50 for credit card fraud if reported in a timely manner. Whereas debit cards, the liability rises to $500 after 48 hours and after 60 days, there's no limit to what you're liable for. So you think about this way, if someone went and spent a thousand dollars on my debit card four days ago, you could be liable for $500 of that thousand $1,000 bill that they racked up because you didn't check your debit activity every single day. Whereas a credit card, you, you don't have to have those, those type of restrictions. You can still wanna check your statements on a monthly basis, but again, if it's reported in a timely manner, you only have that limit of $50. So it's a lot easier to work with. And if someone does get ahold of your credit card, that's gonna be easier to resolve than if you use a debit card.

Speaker 1 (12:00):

And I've heard cybersecurity experts basically say, no one should have a credit, should have a debit card. Excuse me, you should not carry a debit card. You should not use a debit card because of the lack of protections. Credit cards work just fine. And in most cases, they're all that you need. Maybe just with a little, a little cash on hand as well. Okay, and number seven, let's talk about passwords and using secure passwords. This goes without saying don't use the same password for everything that you have in your life. And you know, it's the same password, 1, 2, 3, 4, or whatever it is. There are ways that you can create passwords that are more secure through encrypting, you know, your own passwords using different methods. There's a couple different methods. You can use some sort of a passphrase method where you, you combine three to four words and you just combine them together, like as an example, tiger pie, tree flag, totally unrelated words, and just combine them together.

Speaker 1 (13:03):

And then you can add some more encryption by using special characters in place of certain letters. For example, instead of an, I use an exclamation point. And so you can do that again, tiger pie tree flag with all encrypted characters or you know, special characters to make that a little bit more secure. You can also use the sentence method where you say, um, you use a sentence like, I like to hike with my wife on vacation. That's your password sentence. And you use the first letter of each sentence or the first two letters of each sentence as your password. So it ends up looking like something that's not common at all, would be very hard to guess. Again, as opposed to your oldest child's name and the year that they were born, that's gonna be pretty easy to crack. Or again, password, 1, 2, 3, 4. That's also gonna be easy to crack.

Speaker 1 (13:55):

So there's, there are programs out there where hackers can quickly go through a lot of different examples on your passwords and try to hack your password. The next one along that line is on top of using a secure password, you want to use two-factor authentication. This is almost more important even than the password because if someone does steal your password and you have two-factor authentication, it's going to send that code to your phone or your email, and you're gonna have to then have that code as well. So if someone has my password and they're trying to hack into my bank account and, and I have two-factor authentication, they're not gonna be able to do it. If they don't have my phone, if they don't have access to my phone or my email or whatever, my two-factor authentication a method is if they don't have that, they can't get into my account.

Speaker 1 (14:42):

So you have the password, but then you have two-factor authentication. It's almost like a, a lock behind a lock, you know, they have to have a key for the first lock and they have to have a key for the second lock, which makes it much less likely that they would be able to break through both of those levels. Okay, number nine, you can still sign up for those bank account and credit card fraud alerts. That way if something does happen, you can put a stop to it as soon as possible. And if it's a suspicious transaction that happens outta state or a large transaction, for example, with Chase credit cards, they text you, this is a su suspicious transaction, was this, you, you reply, yes or no? And again, if it's not you, then you can put a stop to that. They'll, they'll terminate your card immediately.

Speaker 1 (15:28):

So it's free to sign up for that. Just like the credit freeze we talked about earlier. Also free, it's free to sign up for the, uh, credit and bank alerts. So another method that people sometimes use is to create a secret email address for financial accounts with the highest level of security. So, you know, we have emails for a lot of different things. So another thing that people do is that they'll sometimes create a separate email address for financial matters. So rather than you going and giving your email one email to everyone out there, restaurants, your accountant, your advisor, your work, you create a separate email address and that just limits the amount of people who have access to that and again, would hopefully limit the probability that that account could get hacked. Another one, if you do have children, you may not think about it if they're younger, but you, you want to also monitor your child's credit because sometimes, uh, identity thieves can, will target a child's identity with the thought of their credit reports not being monitored.

Speaker 1 (16:30):

And, uh, that makes them sometimes an easy victim. So you can go to the FTC website and see tips from them on how to check your child's credit as well. And there's resources everywhere. But we have an article on our website, carsonallaria.com that goes through, uh, 15 tips and it does have some links that you can go and, and, and see. And this is one of them. And last but not least, you have to be aware of SEO scams. SEO stands for search Engine optimization. And this is basically when you are going in to try and get information for a company and you go to Google and you type in that company's name perhaps, and we got an alert on this regarding Charles Schwab, and this has nothing to do with Charles Schwab, the company, but scammers have actually tried to do this with Charles Schwab, where they've go on and create fake websites that look like Charles Schwab.

Speaker 1 (17:27):

And when you type in Charles Schwab and you're just Googling that and you just blindly click the first thing that you see, you have to be sure that the URL is actually Schwab Alliance or schwab.com or whatever the, whatever the site is that you're trying to go to, you have to make sure that that actually matches up. And you have to be very vigilant about that. And I would recommend not clicking any ads. And you know, when you search in Google, the top few they say sponsored or they say ad, those are, those are ads. So that's something someone's paying to get that high up on that search result. So what these scammers were doing is creating these websites and having people having it look like Schwab and then going in and having people type in their login information. And obviously that's incredibly dangerous because you've got a lot of money in your investment accounts.

Speaker 1 (18:21):

So when you are going to or trying to go to a website, one thing you can do is type in the URL directly. For example, if you're a Schwab customer or client wanting to go to schwab alliance.com, just type in schwab alliance.com. You know, when you Google that, we used to think that was at least a safe way to get an alternative contact information, you know, alternative phone number, alternative email or something anymore. You have to be very, very careful. You have to ensure that the site that you're on is actually representative of the company you're trying to research. So you just have to verify, we have to be a little more vigilant these days and verifying where we're getting information from and not immediately going out and googling something and clicking the first thing that pops up and then entering our login information to a fake website.

Speaker 1 (19:12):

What I want you to focus on are these little things and taking a little extra time, thinking twice. If something doesn't seem right, then take a pause. It's probably not right. If it doesn't seem right, the worst thing that happens is you rush into something and you give your information out to someone that you didn't want to have your information. So take an extra second, think through these things. This is the first step is just educating yourself. And I would do this on an ongoing basis and we try to do our best to educate our clients. It's hard enough to save your money, let alone have people steal it from you after you've already saved it and accumulated. This was a bit of a different topic today, but I still think an important topic. And if you have questions on this, if you wanna watch past shows or more importantly, if you have questions about your own financial situation, about your retirement, whether you can retire on time, how much can you live on when you retire?

Speaker 1 (20:04):

How can you limit taxes when you retire? When should you take Social Security? Is this actually Social Security calling me? Please go to our website, retirement power hour podcast.com. You can click submit your question or you can click work with me. If you click work with me, the first step will be to schedule a call. We will go through and see what you need help with to see if we're a good fit to help you. So do that. Go to retirement power hour podcast.com and click work with me, or you can submit your question and we will cover it on a future show. With that, I appreciate you watching. Make sure you tune in next time. Give us a review if you can on YouTube, on Spotify, on Apple Podcast. We look forward to seeing you again here on the Retirement Power Hour, where we help listeners invest weer and retire better. Take care.

Speaker 2 (20:51):

Thank you for listening to the Retirement Power Hour podcast. All material discussed on this podcast is for educational purposes only and should not be construed as individual tax, legal, or investment advice. Investing involves risk of loss and investor should be prepared to bear potential losses. Past performance may not be indicative of future results. Joe Allaria is an investment advisor representative of Carson Allaria Wealth Management, a registered investment advisory firm. Information discussed on this podcast may be derived from third parties that are believed to be reliable, but Carson Allaria Wealth Management does not control or guarantee the accuracy or timeliness of such information and disclaims all liability for damages resulting from such sources. Any references to third parties are provided as a convenience and do not constitute an endorsement.