Neglecting Privacy and Security…A Recipe for Financial Disaster (S3 E7)

Transcript

If you are over the age of 25 and haven’t experienced some type of fraud, data breach, or just flat-out theft of your financial data, then consider yourself lucky. I saw a stat somewhere that over 55,000 Americans fall victim to some type of scam every single day. Wow!! Well, I don’t know about you, but that’s all the proof I need to know that no matter what we do, there are bad people out there trying to steal from us daily. However, I don’t worry about this because I feel good about what I’ve done to minimize my risk. And quite frankly, it isn’t too difficult. But, it does take time and effort.

Disclaimer: I am not a cybersecurity expert; I’m just an investment guy. But hopefully this episode will get you to think about privacy and security best practices and take better measures to protect your personal data—and your financial well-being.

Welcome to the third season of Invested Poorly: Sad Tales of FInancial Fails, now part of the Bold Departure Network. Invested Poorly is a short-form podcast designed to help everyday investors make wiser investment decisions by learning what NOT to do with their money. Host Jeff Harrell shares timeless stories from his former life as a financial advisor, about the poor—and irrational—choices he witnessed investors make that disrupted their journey to financial independence, or FI. Your ability to recognize, and avoid, similar mistakes could make all the difference for you along your path to reach FI.

Check out the “Introduction” episode for more background on Jeff, why he created this podcast, and how it can guide you to becoming the hero of your own investing story. Now, on with the show.

Fraud prevention was a major issue when I was working as a financial advisor. As the years went on, the amount of paperwork and multifactor authentication steps required to access someone’s financial information or send money out on their behalf became greater and greater and greater. Clients often complained about the seemingly redundant steps we had to put them through, but of course, if anything ever went wrong, the blame would fall squarely on us.

So, before I go any further, I want to remind everyone listening that although it can be frustrating to deal with financial institutions due to the heightened level of privacy and security protocols, they are all in your best interest. Just remember, when it comes to financial matters, you can never be too safe.

Now, despite the best efforts made by financial institutions, things can still fall through the cracks. It’s scary how much information scammers can get on you nowadays. Not to mention how sophisticated scamming techniques are getting, especially with the use of AI. Go to YouTube and watch some videos on how scammers operate. It will blow your mind when you find out scamming people out of money is a global industry.

The most memorable scam attempt I ever witnessed was thwarted when I noticed something that just didn’t look right. When I was a portfolio manager, I would review the transactions in our client accounts daily. One day I noticed a number of sells in an account that was being managed by our firm, which despite the client having access to trade their own accounts, since they were paying us to manage it, they really shouldn’t have been messing with it. My initial reaction was one of frustration. I’m thinking, this guy saw something on the news and now he is freaking out about it. I emailed him asking if we could talk about his recent trades. It was almost creepy when he sent back an email basically saying…"what trades?"

Uh oh, now my antenna went up because if he didn’t make those trades, who did? First, I thought maybe we had made an error. I went through our trading log for the previous day to see who might have placed these trades on our end. Nothing. Okay, so if we didn’t place them, and he didn’t place them, who did? What I was about to discover was mind-blowing.

His accounts were with Schwab, so I immediately called our Schwab representative to investigate. The Schwab rep could see the trades were placed by the client over the phone. Now I’m even more confused. I told the Schwab rep that these trades were not placed by the client and we needed to immediately freeze the account because something fishy was going on. The Schwab rep was great, took immediate action, froze the account, and then told me he would investigate the matter and get back to me.

Later the same day, I got a phone call from Schwab with a full explanation of what happened. They were able to pull a phone recording of the conversation between the, quote, unquote, client and a Schwab representative. The so-called client on the phone called in requesting the trades be placed and, as is standard procedure, the Schwab rep began asking security questions to verify the caller’s identity. Somehow the caller knew the answer to every single question. If that doesn’t scare you, I don’t know what will.

In case you’re wondering, Schwab fixed the situation like it never happened. They cancelled the fraudulent trades and absorbed the small loss, making the client whole. Just something to be aware of in terms of how brokerage firms should handle a situation like this if it ever happens to you.

To this day, I don’t know exactly how the scammer obtained all that personal information, but more than likely he hacked into my client’s email and was able to familiarize himself with who my client was. Obviously, my client had no idea this was going on and for who knows how long. I told him he needed to immediately change all his passwords across all of his online accounts. Certainly not fun, but, needless to say, he was eternally grateful I had prevented the situation from getting even worse.

As much as I’d like to think this was an isolated event, it isn’t. One of my favorite podcasts is called Choose FI. This is the financial independence podcast that helped lead me down my location independent, FI lifestyle path. I never miss an episode, and they did one related to fraud and cybersecurity with updates and advice from a former FBI agent. I highly recommend a listen for more tips on how to keep yourself from becoming a victim. I’ve included a link in the show notes to the Choose FI episode, as well as links to other cybersecurity-related resources.

Unfortunately, the steps you need to take to protect yourself from scams and fraudsters can seem daunting. Technology is rapidly evolving. There are massive data breaches and security risks that happen beyond our control. But spending at least a little time and effort to implement basic measures to safeguard your finances—controlling what you can control—is better than doing nothing at all. I’m going to give you an outline of a couple steps I’ve taken to lower my risk of becoming a victim. Some of this requires a meaningful time commitment, but the added peace of mind when it comes to security should be well worth it.

The first step I highly recommend you take is freezing your credit. There are three agencies that financial institutions pull credit reports from: Equifax, Experian, and Transunion. All three offer the ability to freeze your credit. When your credit is frozen, these agencies will deny the financial institution access to your records, which inevitably results in a hard decline of the loan or account someone is trying to open. This is one of the best ways to prevent a fraudster from setting up any type of financial arrangement in your name without your knowledge.

I’ve included links to all three credit reporting agencies in the show notes. Their websites also offer resources for educating yourself about fraud prevention and identity protection. As a side note, remember to review your credit reports annually, for free.

Now keep in mind, after you freeze your credit, you will need to unfreeze it every time you are doing something legitimate that requires a credit check. The most common situations include opening a new financial account, taking out a loan, or opening a credit card. All three agencies offer the ability to temporarily remove the freeze, which is what you want to do before starting the process of anything that will require a credit check. Conveniently, you can set a start and end date for unfreezing your credit. So make sure you remember how to log in to your accounts with all three credit reporting agencies before proceeding with any activity that requires a credit check.

And that is a perfect segue into my next recommendation. Use a dedicated password manager. Freezing your credit should take less than an hour to set up, so you seriously have no excuse not to do that one. The password manager, on the other hand, is a bigger commitment.

I bet everyone listening has heard of a password manager, but if somehow you haven’t, it’s a tool to securely store the login credentials for all your password-protected online accounts. They have powerful features to help protect your most important information and account data. The good ones offer apps and extensions to install on your phone and web browsers to make things super easy to log in to your various accounts, and they provide a place to keep sensitive notes and documents.

And all you have to remember is one master password to access all of your online account passwords. Of course, that one master password should be unique and complex, and, if stored anywhere (besides just your memory), in an extremely secure location. But, as I said, to set this up involves a commitment. As my adorable little niece would ask, “Is that a long time?” The answer is definitely, yes; it can take a long time.

When my wife and I committed to the process, we spent an entire day logging our credentials for every online account we could think of. Of course, we didn’t think of everything, so every time we visit a website with a login we don’t already have stored, we quickly save the new credentials into our password manager.

Now as much as I love using a password manager, they’re not fool-proof. In fact, in today’s world, password managers are increasingly under attack. Yet cybersecurity gurus still recommend using a password manager for creating and storing strong, unique passwords. They’re much safer than the alternatives used by most people to remember credentials, like unprotected spreadsheets and post-it notes, or having the same simple password for every account.

Here are some best practices to help keep your passwords safe with a password manager:

• First, be sure to choose a reputable, dedicated password manager, not the free built-in browser options

• Make the master password very strong and unique, and change it periodically

• Enable two-factor authentication and consider activating biometric authentication

• Don’t share login credentials, or any sensitive information for that matter, by email or anywhere online that isn’t encrypted

• Finally, be sure all your devices are locked and require authentication to access; this includes smartphones, tablets, laptops, desktop computers, etc.

And I’ve got a few more reminders about how to reduce your cybersecurity risk:

• Never click on suspicious links in your email or text messages. And proactively delete suspicious emails.

• Never provide personal information over the phone or via online channels when you didn’t initiate the conversation.

• Never download unverified, unrecognizable software or web browser extensions

• Keep your device operating systems and software versions up to date and make sure your home internet network and wi-fi are strongly secured.

• Always use a virtual private network, or VPN, when connecting to public Wi-Fi.

• Update security preferences with all online financial accounts to turn on enhanced features, such as security text and email alerts.

• Lastly, be sure to set up your device’s “find my device” feature or other software to help locate or factory reset your device in the event it gets lost or stolen. This is an especially good one for couples.

I’ve got a funny story. My dad and I were playing golf and my mom was just hanging out with us, riding in the golf cart. At some point she realized she didn’t have her phone. She started to panic when I asked my dad if they had set up the “locate my device” feature I’d previously asked them to install. My dad smiled, whipped out his phone and clicked on the app. It took them right back to where she left it.

I know I’ve already bombarded you, but some final best practices I want to mention are to:

• Set a reminder to perform regular data backups to a secure external hard drive and/or cloud location, so you don’t lose that data if you lose your device.

• Store all sensitive paper documents in a secure location such as a fireproof safe or bank safety deposit box.

• And I can’t stress this one enough, when trashing old paper documents with non-public information, please use a shredder!

The last piece of advice I’ll leave you with before ending this episode is in addition to the Do Not Call Registry, which most people have heard of, there are paid subscription services that work to remove your personal information from unwanted sources across the web. Two such companies include Delete Me and Incogni; I’ll link to them in the show notes, along with several other security-related resources.

Obviously, this is a rabbit hole you can go down as far as you want. I’ve seriously only scratched the surface of privacy and security with this episode, but I’m sure many of you are not doing some of the simple things I mentioned when it comes to protecting your identity—and thereby your financial life. It’s your choice…how much time and effort are you willing to spend to protect yourself from becoming the next victim?

I sure hope you enjoyed this episode of Invested Poorly and will be able to take something from it to improve your decision making as you navigate the twists and turns of your personal investing adventure. Be sure to check out my website at AreYouFI.com (that’s A R E Y O U F I dot com) where you can find resources and show notes with the charts and graphs I mention during the episodes. These are like little treasure maps that can help you choose more wisely along your quest to reach FI, or financial independence.

Never forget, in the short-term the stock market is unpredictable, and as my mischievous little nephew likes to say, “things just happen!” So focus on the long-term, by controlling your emotions, simplify your investments, and always… ignore the noise.

I’m your host, Jeff Harrell. Thanks for listening.

Invested Poorly: Sad Tales of FInancial Fails was created for informational purposes only and should not be relied on for specific tax, legal, or investment advice. You should consider consulting a qualified professional to review your situation before engaging in any transactions. Investing involves risk, including loss of principal and past performance is no guarantee of future results.

This podcast was produced by Ted Cragg. Learn more about creating podcast mini-series like this by visiting QuickEditPodcasts.com.