Tips for Preventing Fraud
Cybercrime and fraud are serious threats and constant vigilance is key. While PDS plays an important role in helping protect your assets, you can also take action to protect yourself and help secure your information. This checklist summarizes common cyber fraud tactics, along with tips and best practices. Many suggestions may be things you’re doing now, while others may be new. We also cover actions to take if you suspect that your personal information has been compromised. If you have questions, we’re here to help!
Cyber criminals exploit our increasing reliance on technology. Methods used to compromise a victim’s identity or login credentials – such as malware, phishing, and social engineering – are increasingly sophisticated and difficult to spot. A fraudster’s goal is to obtain information to access to your account and assets or sell your information for this purpose. Fortunately, criminals often take the path of least resistance. Following best practices and applying caution when sharing information or executing transactions makes a big difference.
How we can work together to protect your information and assets
Safe practices for communicating with PDS Planning
- Keep us informed regarding changes to your personal information.
- Expect us to call you to confirm email requests to move money, trade, or change account information.
How Schwab protects your account
Schwab takes your security seriously and leverages protocols and policies to help protect your financial assets. Below are actions you can take to reinforce their efforts and resources to assist you in keeping your account safe:
- Confirm your identity using Schwab’s voice ID service when calling the Schwab Alliance team for support.
- Use two-factor authentication, which requires you to enter a unique code each time you access your Schwab accounts.
- Review the Schwab Security Guarantee, which covers 100% of any losses in any of your Schwab accounts due to unauthorized activity.
To learn more, visit Schwab’s Client Learning Center.
Follow general best practices
- Be suspicious of unexpected or unsolicited phone calls, emails, and texts asking you to send money or disclose personal information.
- Be cautious when sharing sensitive information and conducting personal or confidential business via email, since it can be compromised and used to facilitate identity theft.
- Do not disclose personal or sensitive information on social media sites, such as your birthdate, contact information, and mother’s maiden name.
- Be cautious when receiving money movement instructions via email. Call the sender at their known number (not a number provided in the email) to validate all instruction details verbally.
- Check your email and account statements regularly for suspicious activity.
- Do not verbally disclose or enter confidential information on a laptop or mobile device in public areas where someone could potentially see, hear, or access your information.
Keep your technology up to date
- Keep your web browser and operating system up to date, and be sure you’re using appropriate security settings.
- Install anti-virus and anti-spyware software on all computers and mobile devices.
- Enable the security settings on your applications and web browser.
- Do not use free or found USB thumb drives—they could be infected with viruses or malware.
Be cautious with public networks
- Avoid using public computers. If you must use one, go to the browser settings and clear the browser history (cache) and cookies when you’re finished.
- Only use wireless networks you trust or that are protected with a secure password.
- Do not accept software updates if you are connected to public Wi-Fi.
Be strategic with your login credentials and passwords
- Do not use personal information such as your Social Security number or birthday as part of your login ID.
- Create a unique password for each financial institution you do business that are long and contain a combination of characters, numbers, and symbols. Consider using a password manager to create, manage, and store passwords that are unique and secure.
- Use two-step verification whenever possible.
Be sure you’re on a secure website
- Check the URL to see if it’s a secure connection. Secure sites begin with https rather than http, and are generally considered safer.
- Download apps only from the Google Play™ Store or the Apple App Store®.
- Do not visit websites you don’t know—for example, websites advertised on pop-up ads and banners.
- Log out completely to terminate access when you’ve completed a secure session, such as with online banking or a credit card payment.
Beware of phishing
- Do not click on links or attachments in emails and text messages if you question the validity of the sender. Instead, type the real web address.
- Hover over questionable links to reveal the site’s full URL and see where the link really goes. Do not click on links that don’t match the sender or don’t match what you expect to see.
- Check the sender’s domain name in the email address (email@example.com, or john.doe@Schwab.com) to see if it matches what you would expect to see.
- If you have questions about an email from Schwab or personal information you entered about your Schwab account after clicking an email link, call your advisor at PDS (614-481-8449) or the Schwab Alliance team immediately (800-515-2157).
What to do if you suspect a breach
- Call PDS Planning (614-481-8449) directly or Schwab Alliance immediately (800-515-2157) so we can watch for suspicious activity and collaborate with you on other steps to take.
Two-step verification (aka multi-factor authentication) – A method of confirming your identity using a second step to verify who you are. For example, the first step might be to enter your username and password, and the second step might be to enter a randomly generated number sent to you via email, text, phone call, or token.
Phishing – The fraudulent practice of sending emails or text messages appearing to be from reputable companies or trusted individuals in an attempt to get individuals to reveal personal information such as passwords and credit card numbers. Phishing attempts are usually urgent-sounding, legitimate looking emails or texts designed to trick you into disclosing personal information or installing a virus on your device. These scams can be sent as attachments or links that, when opened or clicked, may trigger malicious activity or take you to fake sites that resemble the real business websites.
Password manager – An encrypted online or cloud-based program that generates, retrieves, and keeps track of random passwords across countless accounts and also protects information such as passwords, PINs, credit card numbers and their three-digit CVV codes, and answers to security questions.
Domain name – As it relates to an email address, this is the information that comes after the @ symbol—for example, schwab.com in firstname.lastname@example.org.
Spam filter – A program that detects unsolicited and unwanted emails and prevents them from reaching your email inbox. Usually these types of emails are instead sent to a spam folder.
Malware – Software that is intended to damage or disable computers and computer systems.
- Visit these sites for more information and best practices:
- StaySafeOnline.org: Review the STOP. THINK. CONNECT™ cybersecurity educational campaign.
- OnGuardOnline.gov: Focused on online security for kids, it includes a blog on current cyber trends.
- FDIC Consumer Assistance & Information, https://www.fdic.gov/consumers/assistance/index.html.
- FBI Scams and Safety provides additional tips, https://www.fbi.gov/scams-and-safety.
Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that any specific investment, strategy, or product or any non-investment related content, made reference to directly or indirectly in this newsletter, will be suitable for your individual situation, or prove successful. This material is distributed by PDS Planning, Inc. and is for information purposes only. Although information has been obtained from and is based upon sources PDS Planning believes to be reliable, we do not guarantee its accuracy. It is provided with the understanding that no fiduciary relationship exists because of this report. Opinions expressed in this report are not necessarily the opinions of PDS Planning and are subject to change without notice. PDS Planning assumes no liability for the interpretation or use of this report. Consultation with a qualified investment advisor is recommended prior to executing any investment strategy. No portion of this publication should be construed as legal or accounting advice. If you are a client of PDS Planning, please remember to contact PDS Planning, Inc., in writing, if there are any changes in your personal/financial situation or investment objectives. All rights reserved.