How To Protect Your Financial Information Online

You’ve worked hard to save and plan for a healthy financial future. Unfortunately, cybercriminals are also hard at work — devising ways to steal your login information or trick you into transferring money.

Keeping your brokerage account secure is of the utmost importance to our team, but we believe it’s important to keep clients up-to-date on the latest scams so they can avoid compromising any of their online accounts. By the end of this article, you’ll know why you should: 

• Never use a USB charging station at an airport or hotel
• Never use a search engine to access your bank login
• Never use real words in your passwords

We’ll also share simple but effective ways to safeguard your hard-earned savings and investments from bad actors.

IN THIS ARTICLE:

• How can I protect my financial information online?
• How do I keep my brokerage account secure?
  
• Related Reading

Cybercrime Stats

Source: FTC (Federal Trade Commission)

• More than 2.6 million cyber crimes were reported in 2023 
• The average loss was $500 per person
• Some of the highest losses came from bank and wire transfers

The Wall Street Journal warns cybercriminals are also targeting personal retirement accounts. One victim lost more than $240,000, and getting the money back isn’t as simple as disputing a credit card charge.

How can I protect my financial information online?

Be Vigilant! 

• Stay up to date on the latest scams
• Follow the best practices described in this article
• Don’t click links in suspicious emails or texts

Protect Your Devices

Public Wi-Fi networks and charging stations are a buffet for bad actors. Never use USB charging stations at hotels, airports, etc. Cybercriminals use charging ports to inject malware and monitoring software into laptops and phones. Always charge using an electrical outlet and keep your anti-virus software up to date.

Avoid making purchases or logging in to financial institution websites while connected to public Wi-FI. If you have to make a transaction over a public network, use a VPN. 

Beware of Search Engines

For years, cybercriminals stole bank logins and other confidential information by infecting computers with malware — typically via an email attachment. But in 2023, malvertising (malicious advertising) became popular. Here’s how it works:

1. Scammers create Google ads for well-known companies such as Amazon and pay to have them appear at the top of search results
2. An unsuspecting consumer sees “amazon.com” at the top of their search results and clicks through
3. The consumer lands on a page that looks like Amazon’s login screen and enters their username and password — which are promptly delivered to a cybercriminal

Password Do’s and Don’ts

DON’T: 

• Re-use the same password across multiple websites
• Use real words, names or your user ID
• Substitute numbers for letters (ex. 1likec@ts) — cybercriminals are familiar with this tactic
• Use a number sequence (12345) or repeating numbers (555)

DO: 

• Use complicated passwords that include letters, numbers and special characters
• Ensure passwords are at least 16 characters long 
• Change passwords frequently, at least every 120 days

Here are some additional ways to create a strong password. The article also includes tips for remembering those extra-long passwords.

Scrutinize Emails

Email is the number one way scammers connect with victims, according to the FTC. Cybercriminals trick people by sending a fake message from a government agency or well-known company. For example, the “From” name may say “Amazon Customer Support,” but the email address is: customerservice@amazom.com  — can you spot the error?

Businesses are also a target. A “vendor” (in reality, a scammer) will send an email to update their mailing address or bank information, ensuring payments bypass the real vendor and go to the cybercriminal instead. Another common scam involves an email or a text from the CEO asking an employee to transfer money or purchase gift cards. Understandably, most people don’t say “no” to the big boss.

Messages asking you to verify or update your account information and urgent requests for money are almost always a scam. If you are concerned about your account status, visit the company’s website and use their contact form or customer service phone number. Don’t click any links or use the contact info in a suspicious message.

Outsmart AI Imposters

Email is the most common way criminals cheat people out of their hard-earned money, but imposter scams have the largest negative financial impact. Cybercriminals stole $2.7 billion in 2023 by manipulating people over the phone.

Imposter scams can include someone pretending to be:

• The fraud department of your bank or credit card company
• A government employee (often the FTC or IRS)
• Someone from a well-known company
• A friend, family member or even a celebrity

According to computer security company McAfee, “voice-cloning tools are capable of replicating how a person speaks with up to 95% accuracy.” Even more troubling? Only three seconds of audio is required to clone someone’s voice — and an app that costs five dollars. 

Cybercriminals glean the audio they need to clone someone’s voice from videos posted to social media, YouTube and elsewhere. You may not post videos to social media or YouTube, but how many people in your family do? If you receive a phone call from a friend or family member claiming they’ve been in an accident or lost their wallet, it could be a scam.

Here’s how to outsmart the imposters:

• If the call is from an unknown number, hang up and call back using verified contact info.
• Don’t get caught up in the moment. If the caller claims to be from a well-known business, take a moment to search for “[business name] scam” online. If the caller insists you have to send money now, ask them questions only the real person could answer.
• Establish an emergency code word among family. Choose something a scammer couldn’t glean from social media (avoid pet names, sports teams, schools, etc.).

How do I keep my brokerage account secure?

Always type in the web address of the bank or investment site you want to visit or use the company’s app. 

• Don’t use a search engine; you could end up on a fictitious website 
• Never click on ads for financial institutions
• Enable two-factor authentication (if available)
• Use strong, unique passwords

Financial institutions invest heavily in cybersecurity measures and millions of people manage billions of dollars in assets online. At Assembly Wealth, we take extra steps to protect you and your money from financial fraud:

• We will call to verbally verify certain transactions so please ensure you keep your contact information up-to-date
• New requests require online authorization or authentication with the custodian so, again, we strongly recommend two-factor authentication
• We take time to get to know you and your habits so stay in touch

If you ever have a question or receive a request that sends up a red flag, please call us at 415-541-7774 and speak to a trusted member of our team. Do not use the phone number provided in a suspicious email. 

Below are some additional resources you can use to stay vigilant:

Related Reading:
8 Tips for Protecting Your Retirement Savings Online (US Dept. of Labor)
Common Internet Scams and Crimes (FBI)
Consumer Alerts (FTC)