Defending Your Digital Domain
You unsuspectingly pick up a call and hear “Hello, I’m calling from Amazon (or Apple or Microsoft or McAfee). You placed an incorrect order (or your computer is infected) and we need to fix it immediately.”
If this sounds familiar, I’m sorry you had to deal with that call. If it doesn’t, I’m also sorry because you probably will have to deal with it at some point in the future. This is the beginning of one of the most common phone scams that led to over 59 million Americans losing their hard earned money in 2021 [1]. The person calling, of course, isn’t with any of the tech companies they claim to be calling from and your computer isn’t infected nor did you place the wrong order. These are scammers who are just trying to swindle you. So how do you know what’s real and protect yourself? Here are a few steps you can follow.
1. Hang up and call back
It may seem trivial, but if a call you’re receiving is claiming something that doesn’t quite sit right with you, then you can always hang up, call the company back at a number you look up yourself (not from an email they sent you), and ask them. Tech companies primarily reach out to their customers by email, text, or app notifications these days so a phone call out of the blue to “help” you “fix” something may already seem odd. Apple and Microsoft, for example, will never call their customers to notify them of new issues about personal devices. The IRS doesn’t call to notify taxpayers of issues either; that’s all done by mail. If you do think the call may be legitimate, be wary of following instructions that require you to give them your personal information, follow links to allow anyone to access your computer, or provide any kind of specific payment instructions – the mention of gift cards should be reason enough to hang up immediately.
The major cell phone carriers also offer free apps for your iPhone or Android device that can help identify spam or scam callers. They can be helpful to identify fake calls and warn you or block them altogether. You can find out how to download them and use them from the sites for Verizon, AT&T or T-Mobile/Sprint. We at Quantum also have strict rules to call our clients to verify requests that sound atypical.
2. Use separate passwords … and a password manager
One of the primary ways malicious actors get access to online platforms outside of scam calls is by trying the same username and password they find from another data breach that’s been leaked to the internet. Do you use the same password for your bank that you use on Target.com, which was hacked in 2013? How about the same password for your investment accounts as your Yahoo email account that was one of 3 billion accounts breached between 2013 and 2016? Lists of this information circulate the internet and are tried across many other sites in the off chance the same information works.
At the very least, make sure to use a different password for your primary email account and your banking information from any other site or account you use online. In the case of your email, this is where all other sites will likely need to send you a password reset link or verify your information. While credit cards have the potential to rack up thousands of dollars in charges, they also have processes to fight fraudulent transactions in a straightforward way. Your bank on the other hand, can be one of the hardest to reclaim lost funds because of the nature of bank transfers.
If keeping track of different passwords is daunting, consider using a password manager. 1Password, Bitwarden, LastPass, or Dashlane are all well known products to help keep track of things and all have “Help” or “Support” sections that can help show you how to use them. If you do try one out, make sure to choose a password for it that you don’t use anywhere else. Anywhere.
3. Setup two-step authentication
A short jump from passwords is two-step authentication (or “two-step verification” or “two-factor verification”). This uses an additional method to verify you when you login. Sometimes it’s only when logging in from a new location and in some cases it’s every time. So, should you use it? Yes. On every site you ask? Every site that offers it, yes. Every site? Yes, but at the very least use it on your primary email account and your bank account logins.
For two-step authentication codes that require an additional application (instead of those that send a code by text message), most password managers can also help keep track of two-step authentication codes for you.
4. Freeze your credit
This may sound intimidating, but the credit bureaus have made improvements in the last few years that have made freezing your credit, and more importantly, unfreezing your credit when you need it more manageable. Each lets you apply the freeze online and remove the freeze completely or lift it temporarily just when you need it without the need to remember to go back and reapply it. Each one has a slightly different process, but you can find out more directly from the areas related to credit freezes on the sites for Equifax, Experian and TransUnion.
If you receive a code to unfreeze your credit later, it’s important to keep this in a safe, memorable place. It can require some calls to customer service if you lose it and potentially waiting for a letter in the mail before you’re able to get access to your account again. If you have young kids, freezing their credit can also be helpful. Since children have a clean credit history (as in, not one at all), they can also be the target of fraud that doesn’t become apparent until years later.
The future is bright
While passwords, password managers, two-factor authentication, and credit freezes can all be enough to put you to sleep (or scream) luckily there is hope on the horizon. Major technology companies are already working on how to do away with passwords altogether (most of us already carry fingerprint readers or facial recognition in our pockets on our phones). Until then, we’ll do our best to help you stay safe online and avoid the need of buying gift cards for a person on the phone.
[1] TRUECALLER INSIGHTS 2021 U.S. SPAM & SCAM REPORT: https://truecaller.blog/2021/06/28/us-spam-scam-report-21/
DISCLOSURE: Quantum Financial Advisors, LLC (“Quantum”) is an SEC registered investment adviser with its principal place of business in the State of California. Quantum may only transact business in those states in which it is notice filed or qualifies for an exemption or exclusion from notice filing requirements. The article is for educational purposes only; and contains the opinions of the author, which are subject to change, and should not be considered or interpreted as a recommendation to participate in any particular trading strategy or deemed to provide investment recommendations, and it should not be relied on as such. Any subsequent, direct communication by Quantum with a prospective client shall be conducted by a representative that is either registered or qualifies for an exemption or exclusion from registration in the state where the prospective client resides.
For information pertaining to the registration status of Quantum, please contact us or refer to the Investment Adviser Public Disclosure website (www.adviserinfo.sec.gov).
Investments involve risk and, unless otherwise stated, are not guaranteed. The Information was based on sources we deem to be reliable, but we make no representations as to its accuracy. Past performance is not indicative of future results. Readers of this information should consult their own financial advisor, lawyer, accountant, or other advisor before making any financial decision.
