Your financial assets are at greater risk than they have ever been. That's because most of your assets are accessible online. Hackers and fraudsters know that and will invest significant resources to steal from you.
There are basic steps you should take to protect yourself. None of these steps is hard, and no one step on its own guarantees your safety. But together, they provide strong protection. Hackers and fraudsters are looking for easy targets. If you have built a layer of security around your assets, they will likely look for an easier mark.
Most critically, protecting yourself requires ongoing effort. Every day, you should be vigilant about suspicious emails, phone calls, and texts. Sadly, hackers and fraudsters never rest.
We created a white paper with 11 specific suggestions. Below, I have highlighted what we believe are the top 5. If you want more details on these or other suggestions, please email me at firstname.lastname@example.org, and I'll send the 6-page paper.
Here are our key recommendations.
Freeze your credit.
Everyone's credit profile is maintained by three credit bureaus: Experian, Equifax, and TransUnion. To obtain a mortgage or personal loan or to open a credit card, the bank will check your credit report at one of these three agencies. If you have frozen your credit, almost no lender will approve your application. So, a fraudster who has stolen your identity – perhaps your Social Security number, address, date of birth, and other basic details – cannot open a credit card or loan in your name.
Here's a link with more info from the Consumer Financial Protection Bureau on how to freeze your credit.
Create hard-to-hack passwords, use a password manager, and consider passkeys.
Most websites now require you to have a complex password with upper- and lower-case characters, numbers, and symbols. If they don't, you should do it anyway.
The easiest way to manage your passwords is with a password manager. There are dozens of products available – google for a list of recommended products. If you don't already use a password manager, you will be amazed by how much easier it makes working online. As soon as you have one and have populated it with your passwords, shred the list you keep in your drawer with your passwords. The only password you will need to remember is the password to your password manager. Keep that somewhere very safe, make it complex, and share its location with your spouse or a trusted friend in the event you are incapacitated or die.
Most websites are moving from passwords to passkeys. They serve a similar purpose but use fingerprint or facial recognition technology to allow you to log in.
Use 2-factor authentication for the most sensitive logins.
Different websites use different types of 2-factor authentication ("2FA"). Some will send a code via text to your mobile phone or email. Some use more sophisticated tools, which are even more secure.
At a minimum, you should use 2FA for the most sensitive logins, i.e., to any financial institutions where you have significant assets.
Think before you click on any hyperlink.
One of the common ways hackers can gain control of your computer is by you clicking a malicious link. Emails and websites are full of links. They make life easier. This blog has several hyperlinks. Sadly, hyperlinks also make life easier – and more profitable – for hackers. Before clicking on any link, ask yourself: Is this email or online source legitimate? Am I sure the link is not malicious?
Hovering over the link reveals its destination, letting you know if it's safe or malicious. Our incoming email protection system identifies dozens of malicious emails every day.
At Old Peak, we use a service that periodically tests each of us by simulating a phishing attack. Phishing is an online scam that targets email users – i.e., all of us -- by sending them an email that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Then, a scammer uses the information to open new accounts or to invade the consumer's existing accounts.
Like so much else in life, you can avoid mistakes by slowing down.
If you pick up a call from an unknown party claiming you need to provide them with your Bank of America account number, the best first step is to pause and think. Get a number and call them back. Then ask yourself: how can I determine if this is a legitimate call? Get help from a friend or call the number at Bank of America listed on their website.
If you receive an email with a link that seems suspicious, stop and ask yourself: do I know and trust the sender? Am I sure the email is legitimate? Do I really need to click on the link?
If you need to send your financial advisor an account number, ask yourself: what is the most secure way to do it? Can I use a secure portal or call them with the info?
These kinds of steps are easy to follow. They only require you to slow down.