Protect Your Information with Team Hewins’ Security Tips

Back in college, when I studied with friends at the library, it was common practice to ask a friend to keep watch over my laptop and belongings as I snuck out to grab a bite or coffee refill. The main thing I had to worry about was locking my computer screen so that, upon my return, I didn’t discover funny typed notes or a queued Rick Astley music video playing loudly the moment I logged back in (that happened to me on more than one occasion). 

I didn’t have to concern myself with my friend stealing my logins or going to a website that would infect my computer with a virus. Physical access to my device was of the utmost importance. Cybersecurity, protecting against digital threats, while important, was an afterthought. 

Fast forward to today, and the emphasis has changed. While it is commonly known not to leave your phone or computer unattended, it is paramount that you proactively protect your data and information. With the advent of the internet has come a flurry of cybercriminals who are proactively looking for ways to gain access to your device(s) to load malicious software or trick you into divulging your personal or financial information with the ultimate goal of stealing money.

Below are examples of a few recent, sophisticated threats, along with ways to protect yourself and actions we are taking to protect your information. 

New Threats on the Horizon 

1. Protecting Yourself from Tech Support Scams: A pop-up, a technician, and a phone call.
   You are browsing the internet and a pop-up message containing references to Microsoft or Apple appears warning that your computer is compromised. They suggest you call a “tech support” number to have a technician assist with regaining control of your computer. Upon calling the number, the technician asks to be invited onto your computer to help fix it. Once you allow them onto your computer, they install malicious software to steal your data. As a follow-up, you might receive a separate call from someone saying that because of your computer issue, your financial accounts have been compromised; to protect your assets, you should temporarily transfer them into “federal custody.” After the safekeeping period (when your computer is fixed), the funds will be returned.

    

2. Protecting Yourself from Phishing Calls: A fake call to action.You receive a phone call from someone. purporting to be from your financial advisor team or financial institution. They say there is an urgent issue with one of your accounts and that in order to immediately remedy this, they need you to provide additional personal or financial information.You haven’t met this person before, but they sound convincing because they reference other names you may have heard of. This phone call may also be accompanied by an e-mail or text message with an attachment or link to open.
3. Protecting Yourself from Fraudulent Mail: You’ve got fictitious mail.
   You receive a letter in the mail from the government, or a provider you are subscribed to. They reference parts of your personal information like name, address and date of birth. They then inform you that there is an issue with your records and that you need to call them to resolve it. They may even list what appears to be reputable names or have a signature block that looks legitimate. When you call, the bad actor on the other end has a kind demeanor and convinces you to provide them additional personal/financial information.

These three scenarios are intricate schemes that cybercriminals have spent time preparing and rehearsing. They urge you to take “quick” action to avoid “loss.”

If you ever find yourself in a similar situation, here are a few tips to protect yourself:

1. Time is on your side. Institutions usually provide a grace period before acting. Do not let anyone rush you into taking action. Urgency is often a sign of a scam.
2. Who are you, really? When in doubt, tell them you will call them back. Look up and call the actual number of the institution. If they direct you back to that individual, then you know you spoke to the right person.
3. Don’t open Pandora’s box. Be wary of opening attachments to e-mails or text messages unless you know it is a trusted sender from whom you are expecting something. Even then, check to make sure the message is legitimate. Is this the type of e-mail you would expect from them? If in doubt, call your contact to confirm they sent the message.  It is possible for a trusted sender’s e-mail to be compromised too.
4. Check for red flags. Scammers use many of the same tactics to trick their targets. Check the “From” email address and URLs for misspellings and incorrect grammar. If it’s a text message, is it from the number you usually receive messages from?
5. Deny access to your computer. Never grant remote access to anyone unless you are 100% sure who they are.

Finally, here are some highlights of what Team Hewins is doing to protect and secure your information.

1. We will call to verify certain money movements and transfers. This may delay processing; however it is to ensure we know you are the one who requested it and it is going where it should. This extra step may seem frustrating at times, but it is for your protection.
2. We will only share your sensitive information using password-protected links/attachments or through a secure portal.
3. When sending forms, we will default to use the custodian’s (e.g., Schwab’s) preferred transmittal method (e.g. secure portals, electronic signature platforms like DocuSign or Box Sign, etc.). Their technology teams have invested time and resources into creating secure channels for distributing and intaking forms and data.

Gone are the days when a strong pop-up blocker and anti-virus software were all that was needed to protect your online presence. As cybercriminals become more creative and sophisticated, protect your data and information proactively. When in doubt, take a moment to clearly evaluate the situation.  

If you suspect you have been targeted, let us know and we can help guide you through a series of steps to confirm your data is safe. As always, please let us know if we can be of assistance. 

Here are some additional resources to learn more about avoiding potential scams and fraud: 

– How to Protect Yourself Online
– How to Recover If There Is a Breach 

Team Hewins, LLC (“Team Hewins”) is an SEC-registered investment adviser; however, such registration does not imply a certain level of skill or training, and no inference to the contrary should be made. We provide this information with the understanding that we are not engaged in rendering legal, accounting, or tax services. We recommend that all investors seek out the services of competent professionals in any of the aforementioned areas. Certain information provided herein is based on third-party sources, which information, although believed to be accurate, has not been independently verified by Team Hewins. Team Hewins assumes no liability for errors and omissions in the information contained herein. Certain information contained herein constitutes forward-looking statements. Team Hewins does not guarantee the achievement of long-term goals in the portfolio review process. Past performance is no guarantee of future results, and a diversified portfolio does not guarantee a positive outcome. Nothing contained herein may be relied upon as a guarantee, promise, assurance, or a representation as to the future.