Financial Safety In Retirement: A Cybersecurity Webinar For Seniors

Financial Safety In Retirement – A Cybersecurity Webinar For Seniors: Welcome to the Webinar (0:00)

Alex Call: My name’s Alex. I am a financial advisor here at Peterson Wealth, and this is Tyson.

Tyson Bottorff: I’m Tyson, I’m a technical account manager over at Equinox IT Services. We do the IT support here for Peterson Wealth Advisors and help them when it comes to cybersecurity and any other IT-related needs.

Alex Call: Part of the reason why we wanted to do this presentation on cybersecurity is Tyson has done presentations at our office for our employees here to help make sure that your money is being protected with your accounts, so many cybersecurity-related things. We’ve gained that knowledge here to help protect your money, and so we wanted to make sure that you also had the opportunity to hear how you can protect your information on your end.

That’s what we’re going to go ahead and do, and that’s why I wanted to bring Tyson in here because he knows this stuff like the back of his hand, much better than I ever will. This is what he does for a living, so we’re happy to have you Tyson.

Tyson Bottorff: Thank you. Yeah, I’m happy to be here.

Alex Call: As we get going into this, today there are really two main things that we want to go over today. One is teaching you how to spot scams, how to spot and recognize them. And as you’ll see, there are really two different types of scams out there.

One is going to be tech scams where they use technology to hack your information and to manipulate, and then also people scams.

It’s kind of people scamming on people, and the people ones, these have been around since the beginning of time. So we’ll go through those, through both of those types. And then what we also want to get into is how to protect yourself, specifically your accounts, whether you’re on wifi with software, and then also any payment methods that you have.

Before jumping into it though, we don’t want to scare you with what’s out there and the type of scams that are going on. How I like to think of it is driving a car, there’s an inherent risk of getting in an accident. But just because there’s that risk doesn’t mean you don’t do it. It doesn’t mean that you should be scared of getting into a car. The reason why is because you know if you follow the speed limit, wear your seatbelt, and avoid reckless driving, the chances of you getting hurt drop-down severely to where it’s very, very slim.

And just like driving, there are these inherent risks when using technology and using the internet. But if you follow some of the guidelines that we talk about today, you’re going to be in a position where you’re able to better protect your accounts, and you’ll be more aware. So you’re gonna be much less likely to get hurt.

Business Email Compromise (3:06)

Going into it, when it comes to those tech scams, the main type of tech scam is called Business Email Compromise.

These are scams where hackers are trying to get into your personal email accounts, and they’re trying to pretend to be you on your device so that they can scam your friends, family, or even yourself, into actions that will benefit them. It says Business Email Compromise, that’s the technical term for it, but it really can be used for personal as well.

Tyson Bottorff: Yeah absolutely, bad guys nowadays really try to prey on our trust. And so they want to pretend to be those people, those friends, family members, even coworkers that we trust to try to defraud us, right? They try to get some money because that’s their whole goal.

Alex Call: Really, there are three main types that you go through or part of this business email compromise, what they’re trying to do. One is by spoofing your email accounts and websites using fake email addresses and just having subtle differences between them.

Tyson Bottorff: Really common ones that we see out there is they add an extra ‘S’ or they put a number or change a letter just slightly. So that way, hopefully, we miss it. So we’re looking and we’re seeing, oh, that’s mortgage.com, and they throw a ‘S’ at the end saying mortgages.com, just hoping that we don’t catch that.

Alex Call: Yeah, thank you. The other one’s going to be what we call spear-phishing. These are going to be emails from trusted contacts that might be scams. And so this is where you’re going to get an email that appears to be from someone you trust, a friend, a family member. It’s just important to always double-check directly with that person.

Tyson Bottorff: Yeah, this one, bad guys do a little bit of recon. They really try to target that attack on us so that we’re more likely to trust it.

Alex Call: Then the other one, this is where they’re using software to get into your devices such as your personal emails, and be able to steal data there. This is how they go about doing it and these are the different specific types that they have.

Specific types of Business Email Compromise (5:20)

The first one is, and a lot of these you’ve probably received emails like these in the past where you get a suspicious bill. You receive a random bill and they want you to verify something before paying that bill.

And so this can be very popular, whether it’s with your bank, I know I personally have gotten a bunch from Geek Squad, or a repair subscription saying, hey, you owe us a few hundred dollars, go ahead and give us a call to pay to make that payment.

Tyson Bottorff: The tricky thing is what they like to do is say, hey, call us right now, otherwise, you’re gonna get charged. And then when you call them, let’s say it looks like it’s from Chase Bank or something like that, they’re going to answer the phone pretending to be Chase Bank. So they try really hard to trick you into giving them what they want.

Alex Call: The next one is going to be a friend’s plea for help. It might be an email saying, hey, I’m stuck in, Mexico. I can’t get money. I need to get this X amount of dollars wired to this account so I can come home.

We’ve seen it with one of our clients that the scammers were pretending to be their grandchild, their granddaughter saying, hey, we need to do this. We need to get back, go ahead and wire it to this account, or send a Venmo to this Venmo account. And so that’s another way that they try to get into your accounts and exploit your trust.

So then the last one that we’re going to talk about is these legal threats or appeals. So this might be, again, an email from someone claiming to be a lawyer or a police officer suggesting that you owe money or you’re going to face some type of consequence. So it’s important to not panic but to always double-check their claim.

SLAM method (7:12)

So the next thing is the SLAM method. So we talked about some of the things that they use to get to us, well this is how we can help protect ourselves. And that’s through this, it’s called the SLAM method.

Tyson Bottorff: The greatest part about the SLAM method is it helps us break down those communications that come in and just helps us have a nice and easy acronym to remember how we can break these things down.

So ‘S’, that’s the sender. Let’s look at where this is coming from, whether it be the email address or the phone number, or what have you, and say, hey, does this look right? Does this line up with where it should be coming from?

The ‘L’ is links. You can hover your mouse over links on your computer to check and see where is this actually trying to take me. Five years ago we used to be able to say just don’t click on links and things. But nowadays, links are everywhere. They’re just in every form of communication, and so we can’t really say that anymore.

So instead we say let’s verify this link. If you’re on your mobile device, you can click and hold and it’ll pop up and then you can copy it into like a notepad or into a notes app or something like that. Just to see where this link actually trying to take me.

The attachments, be careful. There are some attachments that if you’re not expecting it there should just be a little flag saying I’m not really expecting this kind of attachment here. This could be fishy.

And then last is the messaging. Bad guys sometimes have broken English or they just don’t really worry about typing things out properly. And so there are misspellings in there, some phrases that don’t make sense. And then also just ask ourselves why would this person be asking me to do things this way. That’s kind of different from how we’ve done things in the past. So just things like that are good things to analyze when it comes to the message itself. It’s also good to look for flags like what are they trying to get me to do, and what are they trying to ask me to share with them. So things like that.

Real-Life Examples of Phishing Attempts

I’d love to kind of go through a couple of examples here. So I actually have a couple of examples of phishing emails and things like that, that we can go through. And so we can go through these and kind of analyze these emails together so you can understand what I’m saying.

So here’s one that at first glance you’re like this totally looks like it’s from Walmart. If we use the SLAM method and look at the sender address, even though it has Walmart in there, it’s not coming from Walmart’s actual website or domain which would be walmart.com. And so that sender, that’s the first thing that we notice. If we keep going and we look at the link, the next thing we notice here is, okay, I’m going to hover over this. Obviously, they’ve got three links in here. They’re really wanting us to click on something in this email, and I hover over that and I see this is trying to take me to a package tracking portal.com. That doesn’t have anything to do with Walmart either. So, these are some of those flags.

If we look at this, there are no attachments, so nothing for us to analyze there. But we do see that there’s some stuff in messages saying we want to confirm this, we want you to do this, instead of saying, here’s the Walmart website, or contact Walmart directly. It’s like, only contact us through these links. And those are some more flags for us to kind of pay attention to.

These next ones, this is a good example of that spam invoice or that fake invoice that we see here. And so this one is from Geek Squad, and you can see when you look at this, it’s saying you’re going to renew today. You’re going to get charged almost $400. Call these numbers so that we can fix this. You’ll notice that those numbers are in red. They’re really trying to get you to call those numbers. If you were to look up Geek Squad’s actual support number, through a separate, I call it going out of band, you’d see a completely different number there. And so those are the ones to call. But if you call that, that’s going to be the bad guy.

This one in the top right is someone pretending to be your boss. So a couple of things to look at here. It’s a Gmail account, obviously, we want to make sure we understand and know what accounts things should be coming from. If it’s your boss, it probably should be coming from your business account and things like that. So these are just a couple more examples.

For this fake invoice scheme, I follow this YouTube channel called Scammer Payback. It’s a really great channel, and they really go out there to try to stop bad guys from scamming people. It’s really great, a lot of the scams that come up are fake invoice scams that are going around.

Alex Call: Yeah, and that’s where I think it’s so important just to, again, remember that SLAM method. So whenever you’re getting an email from someone that you’re not expecting or from someone asking you to do something, just kind of slow down, look at the sender, double check the links, don’t click on them, just hover over them. If there are any attachments, it should be definitely a red flag that something’s going on. And then just really being focused on the messaging and like why are they asking you this? Why are they asking you to do that?

Tyson Bottorff: Does it sound too good to be true? Because it might be too good to be true.

Alex Call: I know for me personally, working in a business being a financial advisor, we have people all the time saying like I came into a like a hundred million dollars that we want you to manage. And that is typically too good to be true. And so it’s just like, okay, probably not real. We’re going to have to pass it along or go ahead and get out of it.

Social Engineering (13:00)

That’s the tech side part of it. Now I want to talk about the people side. This is people scamming people, and that’s what we call Social Engineering. And so really this just involves manipulating individuals through those human interactions, tricking you into giving them security, into giving them information for you. So it’s just people preying on other people.

So here’s a really good video that just kind of walks through how this might happen.

– Start of video –

When you hear the term social engineering, this is the security industry’s way of referring to a con or a scam technique. It’s basically the art of gaining access to buildings, systems, or data by exploiting human psychology rather than breaking in or using technical hacking techniques.

Famous hacker, Kevin Mitnick, helped popularize the term social engineering in the 1990s, although the idea and many of the techniques have been around as long as there have been scam artists.

But how does a social engineer work? Here are some examples. A social engineer might lurk near a secure doorway with several boxes and pretend they can’t reach their access card or key to get in. They’ll ask, can you hold the door for me?

And an unsuspecting office worker will let them in. The worker never realizes they’ve just given a criminal access to their company’s office. On the phone, a social engineer calls employees and pretends to be the IT help desk trying to trick workers into giving them their password.

Social engineering is dangerous to corporate and personal data because once a data thief has gained access, there’s no telling what he’ll do with it.

So how can you avoid becoming a victim of social engineering? First, be aware, awareness of the types of ploys these criminals use is your number one defense. Second, look around, pause, and ask questions before doing anything. If something doesn’t look or sound right, chances are you are being played by a social engineer.

– End of video –

Tyson Bottorff: This video is really great because it talks about a couple of the ploys that they use. In the IT world, we see this type of stuff all the time where people call in pretending to be a patient asking for patient information, just trying to get as much information as they can from the receptionist. We’ve actually seen people call our office pretending to be an administrator saying hey, I really need this password. Can you provide me with this password?

And so if you don’t have the right tools in place, you could potentially put people in in harm’s way. Like this says, it talks about Kevin Mitnick. He wrote a really great book called Ghost in the Wires which talks about his foray into social engineering. Companies would hire him to go in and prove that he could access their data, and they’d be like there’s no way you can get in. And he would show up pretending to be an employee and get immediate access to all their data. This was back in the nineties, but this was still how social engineering kind of came to be.

A lot of employees out there, the big thing to look at is what are they trying to manipulate you with. A lot of times they create this context or pretext to like their phone calls that includes a sense of urgency. It can include just preying on our overall helpfulness. It can even include things like fear, as we talked about, or respect for authority, pretending to be a lawyer or the government, or things like that.

So, these social engineering attacks on employees have been around for a long time, and we’re just starting to see them continue to build and grow out there in the world and not just on the business side. It’s happening all the time in the consumer world as well.

PASS method (17:05)

Alex Call: And that’s where there’s another little acronym that we have for you to help you be aware and to know what are some things that you can do to make sure that you don’t get involved with that.

I’m a big basketball guy, so we have SLAM for the first one, and the next one’s going to be PASS. The first one is privacy. So with social engineering, they might look you up online and get some information that you have online on Facebook, Instagram, and some of these social media accounts, and then try to create a sense of authority that they have by just giving you a little bit of, yeah, I know what your birth date is. And because they have that, then that kind of builds some of that trust.

So that’s where that first one is privacy. Work on shielding your personal online data, and making your social media accounts private to truly try to work on that privacy.

The next is authentic. Are these people authentic, they might be acting as your friend, again, family member, and you just have to think, is this how my friend or family member would act? Or is this scenario realistic? Is it too good to be true? Because usually if it is too good to be true, it probably is. So see how authentic and sincere the request is.

Next, the source, just don’t trust it immediately, verify and check the source. I know when I’ve gotten scammed with phone calls, people pretending to be Social Security, or something like that. There can be, sometimes you can just take the phone number and I’ll even just put it into Google, and there’s usually like a form saying, hey, this is a scam number, this is a number that you shouldn’t have. Or what Tyson was saying, like for Geek Squad, they tell you to call a number. You can say  is this number legit? Or what is the Geek Squad number? So always look for the source.

Tyson Bottorff: Yeah, I always recommend taking that out of your existing band of communication. So if they’re sending you an email saying I want you to do this stuff, take this out of that band, out of that email and look online, or make a phone call, or send a text message separately outside of that chain to your family member or whatnot. So take it out of that existing band to help you authenticate it.

Alex Call: And then the last one, I would say just slow down. These bad guys rely on a sense of urgency to manipulate. And if we just take our time, slow down, and then really think through it and think through the PASS acronym or the SLAM acronym, that’s going to really help make sure that you don’t get caught up in any of these scams.

How to prevent scams (20:04)

So now that we’ve looked at the main types of scams, both on the tech and the personal, what are some proactive things that we can do now to help prevent that?

The first is protecting your account, and I think of specifically your email. I know Tyson you’ve talked a little bit about like the importance of your email account.

Tyson Bottorff: Yeah, absolutely. I think email nowadays, it’s funny because a lot of times people treat their Social Security numbers as the holy grail. It’s like no, that’s mine, nobody else can touch that. And nowadays our passwords and email are starting to become almost as important as those Social Security numbers. Those are the digital keys to our lives. And so we need to treat them with the same amount of care that we treat our Social Security numbers and even our credit card numbers and banking information. Because they have just as much value, if not more, sometimes to the bad guys.

Alex Call: And that’s where passwords are going to be such a big thing. And I know for a while I was always thinking I need to get my passwords really complex with lots of different characters, numbers, capital, and lowercase, and make it this really complex password where that’s really not the case.

Tyson Bottorff:  Yeah, things have changed a little bit over the years. Nowadays with passwords, it’s really about how long that password is, even if it’s just a few words strung together, that is actually more secure nowadays than one that’s shorter and has all this complexity to it.

Alex Call: So when you’re thinking of passwords, length is strength. So if you can get it up to the 12, 13, or even 15 characters, that’s going to be great. That’s where you want to go.

Tyson Bottorff: Yeah, I like to kind of rephrase it in my brain where instead of a password, it’s a passphrase. So I kind of like to take that and say, let’s make a passphrase for this. And that gives me the length that I need to keep my account secure.

Alex Call: And on top of that, because we know that if you’re like anybody, you probably have hundreds of different accounts, and it’s almost impossible to know your passwords or passphrases for each of those if you’re doing something different for each and every one of them. And so there’s probably a lot of people that say, I’m just going to use the same two or three passwords and just rotate those between all of my different accounts.

Well, to help you with that, there are these password managers that allow you to have different passwords for different accounts.

Tyson Bottorff: With password management, anytime we talk about cybersecurity, you’re dealing with this ongoing battle between security and convenience. And so, they often are at odds. It’s like the more secure I am, the less convenience I have.

Password managers are this perfect blend of the two where it helps me remember all of my passwords and even auto-fill them for me at websites while being secure. So it’s that perfect combination of the two.

Alex Call: And we’ll provide you with a sheet of some recommendations on some of these password managers that we think do a really good job. And so that’s the first thing, just securing your accounts with your password.

The next is going to be this Multi-Factor Authentication. And so this is something that is being rolled out more and more. You’ve probably been asked, whether it’s your email or you open up an account, they want to text you a secure six-digit number or something like that.

I think we are already very familiar with multi-factor authentication. Anytime you try to go fill up your gas, that’s what they’re asking. You have your credit card, something you have that you put in, and then they’re asking you something that you know, usually it’s your zip code for it.

Tyson Bottorff: Yeah, MFA (Multi-Factor Authentication) is really great because I like to think of it like this. When you talk about your house and you talk about your front door, your password is kind of like the main lock on your door. Everybody’s got it, it’s there. If we obviously don’t have it, the door kind of swings wide open. But multifactor is like that digital deadbolt, which gives us a little bit extra security and locks that door to our lives, keeping things out.

So yeah, there are three types of authentication. Something that you have, which is typically like your phone or your credit card or something like that. Something you are, which is biometrics, it’s my face, it’s my thumbprint. And then something you know which for most accounts is my password. Or in Alex’s case of gas, it’s I know my pin or my zip code, something like that.

Alex Call: And I know that it can be annoying, the multifactor authentication, I know it is for me and it usually takes maybe a week or two to kind of get into the habit, and then it just becomes normal. Like, okay, yep, this is the way it is. I log into my email and have my phone on me, I gotta click verifying that it’s me or it’s going to send me a code.

But if you can have that multi-factor authentication, that may be the most important thing to protect you or your accounts.

Tyson Bottorff: There’s a stat where multi-factor authentication blocks 99% of password-related attacks. And so that’s why we push it so hard. This really is a good way, probably the best way currently to protect your passwords.

Alex Call: So, that’s with the account protection. Next, we’re going to talk about some of the risks of using public wifi and why that’s not good. I’m going to play this little video.

– Start of video –

We’ve been warned repeatedly that using free public wifi can put our personal information at risk, but facing a choice of using up our data or connecting with free wifi, most of us take the gamble.

So what is the risk? WBZ’s Christina Hager got a lesson from a real-life hacker.

The risk for the public networks is because they’re out there, they’re open, unencrypted, and an attacker can join it just as easily as you can.

And that’s exactly what we did with the help of hacking expert, Steve Walker.

I can see all the different networks out there, all the different clients, and which one I want to look like.

Wicked Free wifi is available here on the Boston Common, and Steve created his own imposter version with a laptop and small device anyone can buy online.

And that didn’t take too long.

No, it didn’t take long at all.

Anyone closer to his signal than the one the city is blasting out will only see the fake Wicked free Wi-Fi option. And if your device connected to the real system in the past, it could even automatically join this rogue Wi-Fi network.

So you just called it the same thing?

Yeah.

Or is there any slight difference?

No.

Well, the name is exactly the same. The login page is different.

And that’s the login page that I gave you

For Steve’s fake wifi, he created these two phishing links to Facebook and Gmail.

I could sign in here and now you know my Facebook password.

That’s right. The password was Hager.

Yeah, C Hager. That’s my name.

Steve sees every letter as I type it.

Could you be a fake business and take someone’s credit card information?

Yep.

And even if you don’t fall for the links, once you’re connected to the imposter wifi, he knows your every online move.

You’re going to Google.

Anything I’m reading, you can see what I’m interested in.

Yep.

This vulnerability can be exposed through any free and open wifi at coffee shops, stores, airports, hotels, and anywhere.

There’s always a risk when you join any type of public wifi.

If you do join, cyber defense expert Peter Tran recommends turning off any file-sharing apps. And for iPhone users, this means airdrop.

And if you’re gonna be on public wifi, make sure you’re not working with sensitive data or things that you normally would not want to just share with everybody.

And before typing in credit card numbers or passwords, look at the address bar and make sure you see this lock, meaning the website is secure. On Steve’s fake Google page, the address bar didn’t even have that lock. And instead of google.com, you only see a series of numbers. That’s a big red flag. All of this adds up to the reason for this advice.

If you don’t have to get on public wifi, don’t do it.

Christina Hager, WBZ News.

– End of video –

Alex Call: I think the takeaway there, just at the very end, if you don’t have to get on public wifi, don’t get on public wifi.

Tyson Bottorff: Yeah, exactly. It’s funny because a lot of people don’t really understand all the inherent risks, and so they just think, oh wow, free wifi, this is great. I can do whatever I need to on here. You know, no risks. Unfortunately because of these bad guys and them wanting to be malicious, there’s always this inherent risk that you have when you join these unsecured networks.

Alex Call: And one thing that is nice though is that as technology has advanced, there’s much less of a need to use public wifi. And so that’s why, as far as recommendations, we would recommend first and foremost, just using your cellular network.

So if you’re on your phone, just don’t jump on the wifi. Most people have unlimited data, you can be on 5G now, which is supposed to be about just as fast as wifi. So that would be kind of very, something easy to do. Just turn your wifi off and use your cellular data.

Tyson Bottorff: Yeah, what you said there’s key. When you aren’t using your wifi, turn it off. Because like we saw there in that video, your wifi, your phone is always broadcasting that signal. So if it ever were to get closer to a bad guy’s network, it would automatically connect to that network. And so if you have it turned off, that risk is removed.

Alex Call: The next one is similar to using your cellular network, but this is, if you need to hop on a laptop, hop on your computer, you can use your hotspot. And all this is, this is just your ability to use your cellular data and connect your computer to it so you can use your computer with your cell data.

Tyson Bottorff: If you’re someone who travels frequently, a lot of times, your phone providers will even have separate devices that you can purchase or add to your account that you can take with you while you travel to kind of give you that cellular data on the go. So even if your phone may not have the greatest signal, these have a little bit better antennas in there, so you can actually get one of those and take it with you as you travel.

Alex Call: And then if you need to use public wifi, the recommendation would be to have a VPN or this Virtual Private Network.

Tyson Bottorff: There’s always going to be those circumstances where it’s like I just don’t have another choice. I really have to get something done, or I need to get on this public wifi. And for those situations, a VPN is key. And what makes it so vital is a VPN basically creates a tunnel so that all of your network traffic goes through this tunnel, rather than going out through the public internet to where bad guys can see it, it kind of shields all that in this tunnel so that way they can’t actually see what you’re doing and where you’re going.

Alex Call: And to do that, you’ll download an app for it, and again, we’ll send out some recommendations of types of VPN apps that you can use, you just click on that and then that will put you into that tunnel or that Virtual Private Network.

Tyson Bottorff: I personally use a personal VPN when I travel in case I have that odd chance where I have to get on that public wifi.

Alex Call: Next, we want to talk about software.

Tyson Bottorff: It’s interesting because nowadays a lot of people hear these terms like updates, firmware, patching, and all of this is kind of related to the same thing. Your phone, your laptop, or any other devices. The manufacturer, whether it be Apple, Samsung, or Google, they’re always kind of testing their devices to look for holes. So they’re like can a bad guy exploit this software or exploit this hardware in any way? And if they find any, they release an update or a patch that fixes that, it patches that hole. And so that’s why it’s extremely important to make sure that your devices and software are always up to date. So that’s why that’s so key.

Alex Call: I know for me, I just thought that Apple would send out all of these updates to my phone just so my phone would slow down if it was old, and I’d have to get a new one. Well, that may be a benefit for Apple for this. It’s actually much more than that. They really are trying to protect you from these holes.

Tyson Bottorff: The other thing we consider is antivirus and anti-malware. So even though some devices come with built-in antivirus and anti-malware, and before you ask, there really is no difference between Android and Apple when it comes to which one is more secure. Neither, they can both be hacked. It used to be in the past there were just fewer Apple users, so Apple had fewer viruses being written for it, but that’s not the case anymore. And so nowadays, it’s important that even though it may come with it, I highly recommend finding a really solid antivirus to install on your device, whether it be a computer, a phone, or a tablet.

Alex Call: Again, we’ll have some recommendations on that for you that we’ll email.

Different payment methods (34:00)

Next are these different payment methods. So I know that most people pay for things with either their debit or credit card, and there are some pros and cons to both. But as far as protection, credit cards have much better fraud protection allowing you to dispute unauthorized purchases or purchases of goods that are damaged or lost during shipping.

If you use debit cards, it’s much more difficult to get reimbursed, kind of have to go through a whole process. And then they’ll decide whether or not, who is at fault at that point. With credit cards, a lot of times you just give them a call if your card was lost and you see unauthorized charges. Give them a call, they’ll reimburse you, and it’s very simple.

The next one, this is where a lot of fraud comes in, is with these wire transfers. And this is where people are trying to, they’re using the tech scams and then also the social engineering of those people scams in order for you to wire money out to their account. This is where you just want to be very careful whenever you are wiring money, and that is making sure that you’re wiring it to the correct account, that you’re calling the person that you’re really verifying and double checking that this is the correct process to wire the money out.

Tyson Bottorff: Yeah, I highly recommend doing that. Whenever you’re dealing with a high volume of wire transfers, do that out-of-band communication. Because sometimes bad guys are really clever trying to be like, well, let me call you to verify. Let me have my accountant call you to verify. And so if you can take it out of band and call the bank directly or call the company directly that you’ve been dealing with, that’s the best way to get those bad guys out of the loop.

Alex Call: You can just go ahead and Google the company that they’re claiming to be, and then just use the number on Google.

Next is going to be your credit score, just protecting your credit. And this is where I would say the easiest is just to do a credit checkup. So you have access to the three different types of credit agencies, and you’re able to look at a free credit report from each one once a year. So you can check your credit three times a year with these credit checkups, one with each agency just to make sure that nothing has happened, nothing is on there that should not be on there.

And then if you want to take it one step further, you can have what’s called this fraud alert. This is where you contact one of the credit agencies and then just ask them to put this fraud alert on there. And that’s just going to make it harder for someone to open a new credit account in your name. If you give it to one credit agency, they’re going to let the other two know. So you don’t have to tell each of them.

The most extreme way of protecting your credit is just to go ahead and freeze your credit. This is where you’re unable to get any line of credit at this point. So if you’re applying for a credit card, a loan, or anything like that, you’re just not able to get it if you freeze your credit.

To do this, you actually need to contact each individual agency. You need to contact each agency individually and set it up with them, so you have to do that three times. And they’re still able to check your credit if like you’re renting an apartment or something like that, but you’re not able to open up a new line of credit at that point.

Summary (37:50)

Lastly, I just want to again, review the top six things to remember from this presentation to help protect yourself.

  1. SLAM. Remember the sender, links, attachments, and messaging.
  2. PASS. Privacy, make sure it’s authentic, know the source, and then just slow down.
  3. Set up MFA or Multi-Factor Authentication on all your important accounts. And most of them will be urging you to do that. Even your Netflix account or your email, definitely your email, make sure you have that multi-factor authentication. The best part about MFA is it’s free. It’s free to set up everywhere. You just have to go into your account and enable it, or a lot of times they’ll prompt you for it, so you just have to follow the prompts, but that’s the best part. t’s a little inconvenient at first, but then you get used to it and it’s just normal at that point.
  4. Keep your software up to date. You get a software update on your phone, just go ahead and update it when you can.
  5. And Try to avoid public wifi as much as possible. When you use your cell phone, turn wifi off when you’re out in public.
  6. Lastly, make sure to monitor your accounts regularly, whether it’s your credit card accounts or your bank accounts. Just monitor them so you can know if anything is going on there.