Today I’m sharing details about a (new) popular financial scam.
To help you stay safe, I’m also sharing 3 ways to stay safe and protect yourself.
(Hint: your “complex” password may not be as secure as you think. 😲)
If you want to learn about this sophisticated financial scam + tips for protecting your family, this episode is for you.
How to Listen to Today’s Episode
Episode Links & Resources:
- Need a One-Time Retirement + Tax Analysis?
- Credit Freezes
- Free Credit Monitoring
- Password Managers
- Hive Cybersecurity
- Password Guru Regrets Past Advice
- The Grandparent Scam
Financial Scam Alert + 3 Ways to Protect Yourself (and Your Loved Ones!)
Taylor Schulte: Welcome to the Stay Wealthy podcast! I’m your host Taylor Schulte and today I’m sharing important information about an increasingly popular financial scam.
To help you take action and stay safe, I’m also sharing 3 important tips for protecting your identity and hard-earned financial assets.
For all the links and resources mentioned today, head over to youstaywealthy.com/151.
I’m not sure if I’ve ever shared this publicly, but about 10 years ago, my grandfather received a phone call from someone pretending to be me.
It’s a version of the grandparent scam or the “family in trouble” scam.
When the phone is picked up, the scammer simply says “hi grandpa”, and waits for them to say something along the lines of, “Taylor, is that you?”
Now the scammer has my name, says yes, and proceeds with his scam.
In this case, the scammer told my grandfather my voice might sound funny because I was in an altercation in Canada and they gave me pain meds. And, as a result of this altercation, I’m in trouble and need $7,000 in cash ASAP. The kicker is that the grandparent is told by the scammer that they can’t tell anyone about this, that I’ll get into even more trouble if anyone else gets involved or knows about this.
So, my grandfather, believing it was me on the other end of the phone, rushed to a few different banks to gather $7,000 in cash, put it in an envelope addressed to the scammer, and dropped it off at post office. It wasn’t until he got home that my mother sensed something was wrong, started asking questions, and then called me only to find out I was on vacation sitting poolside with my wife and not in any sort of trouble.
Thankfully, she was able to take my grandfather down to the post office and retrieve the envelope of cash before it was mailed off.
I immediately called my grandfather – who was rightfully very spooked by the whole thing – and, in addition to assuring him I was ok, I let him know that I was very happy to learn that I was worth at least $7,000 cash to him.
Now, it might sound like a simple scam that any of us think we could spot a mile away, and that victims of these scams just aren’t very smart. But that’s not necessarily true. My grandfather, even today, at 92 years old, is extremely sharp. These scammers are just really good, and any one of us can easily fall victim to these increasingly complex scams.
Which is why I wanted to bring a relatively new one to your attention so you can be prepared and warn loved ones in your life who might be more vulnerable.
Here’s how it works:
Scammers have found a way to mimic your bank's customer service or fraud hotline phone numbers.
The scam starts by sending you a fake text message alerting you of a potentially fraudulent charge on your account. If you’ve ever received a legit version of this, you know that the text message typically asks you to text back with a “YES” or “NO” to let them know if you recognize the charge in question. And that’s exactly what the fake text message does as well, so it feels in line with what many of us are used to from our bank or credit card company.
Given that this is a scam, you aren’t going to recognize the charge, so you will respond back by typing “NO.” At which point, the scammer will call you from a number that is masked as your bank's actual phone number, so it looks like it’s coming from your bank.
Just like your actual bank would do, the scammer asks you to verify your personal account information, and from there they have everything they need.
Given that these scams are getting more and more sophisticated, I want to share 5 very important tips to help you stay safe, protect your identity, and avoid sending $7,000 cash (or more) to a fraudster.
Tip #1 - If your bank, credit card company, insurance company, the IRS, or even the social security office ever calls you asking you to answer a question, politely tell them that you will hang up and call them right back. Don’t let them give you a callback number, go to the institution's website or look at the back of your credit card, find their customer service number, and call them back.
In the scam I just referenced, if you respond to the scammer with this approach, they will tell you that there’s no need and that you can just look at the back of your credit card or do a quick Google search and see that the number they are calling from is the same. Again, they’re masking their actual number with your financial institution's phone number, and it’s impossible to know that unless you actually hang up and call the correct number back. And if it’s actually your bank calling you, they will be very supportive of you hanging up and calling back.
Another version of this, especially as it relates to the grandparent scam, is to come up with a family code word for everyone to use. So, if someone calls pretending to be a family member and something feels off, you can ask them for that code word to prove it's them. You can also ask them a personal question only they would know, even something as simple as “what is my dog's name.”
In the end, if something just doesn’t feel right, it probably isn’t. Trust your instincts and do your very best not to let the caller rush you into anything.
Tip #2 - Freeze your credit, and your spouse's credit if applicable, with all three credit agencies. This is one of the easiest ways to protect your identity and yet ¾ of the people I meet with for the first time still haven’t frozen their credit. Their reason is either that they wrongfully assumed freezing their credit would cause unwanted issues in their financial life (which I can understand based on the word credit freeze) or that the process to freeze credit was just too much of a hassle so they kept putting it off.
The good news is that those assumptions aren’t true. In addition to freezing and unfreezing your credit being completely free, it’s also much much easier to process today than ever before. You simply create an online account at the three major credit rating agencies, Transunion, Equifax, and Experian, and select the “freeze credit” option.
If you ever need to obtain a loan, or someone needs to run your credit, you simply ask them what agency they need access to, and then temporarily unfreeze your credit online with that agency by logging into your account. You can even download the app and do it on your phone.
I just processed a temporary unfreeze the other day, and was able to log into the TransUnion website and indicate how long to keep my credit unfrozen for. In other words, unlike years past, I didn’t have to log in once to unfreeze and then remember to log in a few days later to freeze it again. It was just one quick login to temporarily unfreeze for the period of time I established and then it automatically froze after that date.
If you want a simple step-by-step guide to freezing your credit, I’ve linked to one in the show notes which you can find by going to youstaywealthy.com/151. Set aside 15-20 minutes on a lazy Saturday morning, and you will have checked a very important financial planning box.
I know we have some younger listeners here, and yes, freezing your credit applies to you as well. This is not just a recommendation for those in or nearing retirement with seven figures in savings. Everyone should have their credit frozen. That way, if anyone ever gets a hold of your sensitive information, they aren’t able to take out loans or open accounts in your name.
To avoid any confusion, I just want to note that freezing your credit does NOT protect you from identity theft. But if someone does happen to steal your identity, it greatly limits the fraud they can commit against you.
Similarly, if someone steals your credit card number, they can of course still use your credit card to make unauthorized purchases. Freezing your credit isn’t going to prevent that. Also, if someone steals your Social Security number, a credit freeze won't prevent them from filing fraudulent tax returns and health insurance claims in your name. So, you still need to remain alert and stay vigilant in all areas of your financial life, a credit freeze isn’t a magic bullet.
Two quick things on this before I move on:
Number one, before you freeze your credit, be sure you have established some method of monitoring your credit. And that’s because once your credit is frozen, you won’t be able to sign up for monitoring. You can sign up for free monitoring through something like Credit Karma or Credit Sesame, although many banks and credit card companies now offer it as well.
As I’ve shared before on the podcast, credit monitoring is like an alarm system on your home, it notifies you AFTER someone has broken in. Freezing your credit is like putting a lock on your front door, and preventing someone from breaking in.
Number two, I often get asked about Lifelock when bringing up this topic. If you sign up for free credit monitoring and freeze your credit with all three agencies, there’s really no need for Lifelock. Lifelock is basically a fancy credit monitoring system coupled with an insurance policy. If the $300-$400 per year just helps you sleep better at night, perhaps you can justify it. But when credit monitoring and freezing is free for everyone, there isn’t a giant need to pay for something like Lifelock.
TIP #3 - So far, the two scams I’ve referenced involve either a phone call or a text message, but as we all know, email scams are quite prevalent as well. I think it goes without saying that you shouldn’t click on any links or download any email attachments, but that’s easier said than done sometimes. These emails often look like they are legitimately coming from your bank or credit card company, with their logo in the body of the email and the email address appearing to be from the correct domain.
So, we have to be extra careful here, and similar to hanging up the phone if our bank calls, one way to do that is to visit our bank's website by typing in their domain into the browser ourselves versus clicking on the link an email.
For example, if you get an email from Bank of America that says you need to “click here” to log in to your account to address an issue, don’t click on the link in the email. Instead, go to Bank of America’s website in a separate tab or window and log in to your account there. Clicking on a fraudulent link will take you to a login page that looks very much like your bank's website but it’s actually a scam and a fake page they worked up to get your login credentials. So, to be safe, go straight to the bank's website, or even call them directly if it’s easier.
In a similar vein, casually browsing the web can lead to harmful websites that can infect your computer and steal sensitive information. For that reason, I’m a fan of using a VPN (virtual private network) when and if I’m using unsecured internet at a coffee shop or airport. Express VPN is a popular app, but there are dozens that are out there and they are all relatively inexpensive.
Also, if you can avoid unsecured connections altogether, that would be wise. One example is to use a password-protected hotspot on your phone versus free public wifi.
I’m also a fan of browser plugins like Avast (A-V-A-S-T) that will automatically secure your browser against real-time online threats, trackers, and scams. Avast also has a VPN, so you could package everything up with them if you want to keep it simple.
Lastly, as some of you know I’m a huge fan of password managers like Dashlane and Lastpass, however, I’ve found that many people fail to adopt them properly because there is a bit of a learning curve. If that’s you, I’ve got good news and a simple solution.
According to Hive Systems, a popular cybersecurity firm, if your password is comprised of just 18 lowercase letters, it will take a hacker an estimated 2 million years to brute force hack your password. By brute force, I mean they are using trial and error to guess what it is versus breaking into your home and finding it on a post-it note, or hacking into your computer and finding it.
So through trial and error, it would take a hacker 2 million years to guess your 18 letter all lowercase password. And, according to Hive, if you use lowercase AND uppercase letters, it will take them 467 billion years. What if you sprinkle in a few numbers as well? In that case, they estimate it would take a hacker 11 trillion years to guess your password through trial and error.
But get this, a highly complex password with numbers, uppercase, lowercase, AND symbols that only has 10 characters can be brute-force hacked in 5 months. In other words, a password like N1!asQ#67? is less secure than “Ilovethestaywealthypodcast”.
In fact, Bill Burr, the author of an influential guide to computer passwords, regrets the advice he gave 19 years years ago when he published his famous manual. A key recommendation at that time was for users to change their password every 90 days and muddle up words by adding capital letters, numbers, and symbols.
But, today, he acknowledges that users shouldn’t change their passwords frequently, because people tend to only make small altercations. For example, they might change their password from Ilovestaywealthy1 to Ilovestaywealthy2. In other situations, people will often come up with a weaker password when they are forced to change it just so they can complete the task and move on.
So what this all means is that you may not need a password manager. If you can come up with a memorable phrase, or maybe a few memorable phrases, that include uppercase and lowercase letters and a few numbers, you might be more secure and save yourself the headache of learning how to use these fancy password applications that, in some cases, produce passwords that aren’t as secure as some think.
I’m still a huge fan of password managers and personally use one for my family, but perfect is the enemy of good, and I’d rather see someone take action with securing their financial life than do nothing at all.
For all the links and resources mentioned today, including the step-by-step guide for freezing your credit, just head over to youstaywealthy.com/151.
Thank you as always for listening, stay safe out there, and I’ll see you back here next week.
Episode Disclaimer: This podcast is for informational and entertainment purposes only and should not be relied upon as a basis for investment decisions. This podcast is not engaged in rendering legal, financial, or other professional services.