Cyber fraud and identity theft is on the rise. How can you protect yourself and your financial accounts?
Hear Darrell Tierney, Drew Osborne and Brandy Ward discuss common scams they’re seeing, how you can protect yourself, and ways Windward protects clients.
This content is provided by Windward Private Wealth Management Inc. (“Windward” or the “Firm”) for informational purposes only. Investing involves the risk of loss and investors should be prepared to bear potential losses. No portion of this blog is to be construed as a solicitation to buy or sell a security or the provision of personalized investment, tax or legal advice. Certain information contained in the individual blog posts will be derived from sources that Windward believes to be reliable; however, the Firm does not guarantee the accuracy or timeliness of such information and assumes no liability for any resulting damages.
Windward is an SEC registered investment adviser. The Firm may only provide services in those states in which it is notice filed or qualifies for a corresponding exemption from such requirements. For information about Windward’s registration status and business operations, please consult the Firm’s Form ADV disclosure documents, the most recent versions of which are available on the SEC’s Investment Adviser Public Disclosure website at www.adviserinfo.sec.gov.
Good afternoon, thank you for joining us today.
As we talk about, as we discuss cyber fraud and identity theft, along with ways to protect yourself.
Today, I’m Brandy Windward and not just today, I’m always Brandy. Today, I’m joined by Darrell Tierney a Certified Public Accountant and CERTIFIED FINANCIAL PLANNER™ at Windward, as well as Drew Osborne, a CERTIFIED FINANCIAL PLANNER™.
As we are going, oh boy, OK. As we’re going through today’s discussion, please drop any questions you have as they come up. You can see on your screen what the question box looks like. Just type in the box and click Send. We’ll have a few minutes at the end of the webinar to answer a few questions we receive.
OK, now to the fun part. First, I wanted to spend a few minutes talking about what scams we’re seeing today and give a few examples.
So, your trash is someone else’s treasure and mail theft I’ve pulled up here together because fraudsters are really looking for the same thing in both of these. Paper documents they can use to gain access to your accounts.
This could be a pre-approved credit card statement, a bank statement, or even a medical bill.
Drew will be talking in a few minutes about ways to protect yourself, but the main thing here is just to dispose of sensitive documents properly and watch your mailbox.
At Windward, we often joke that I’m the resident United States Postal Service representative since my husband works for the post office. So, I’ll cover that now.
Um, to avoid mail theft a couple of considerations. One, consider getting a post office box instead of using your mailbox at your front door.
There is a cost associated with this but a PO Box is more secure because they are securely monitored at the Post Office and they are only accessible by a key or lock combination.
They also help with keeping your home location private when you’re putting your mailing address on various applications.
The other thing to consider is when you’re traveling, get your mail placed on hold.
So your postal carrier will hold your mail at the Post Office until you return.
This helps from getting your mail piled up while you’re gone and it also is good because thieves might see your mailbox suddenly getting a lot fuller, assume you’re not home, and then that could lead to a whole other source of issues.
Next, we have phone scams.
So we hear on the news frequently about IRS or Social Security fake calls. So that’s the first example that always comes to mind for me for this.
But another example that is unfortunately common is what’s called the “grandparent scam”, which involved a grandchild calling from college saying they need bail money or some money to help them get out of trouble. And they just say, please, don’t tell my mom and dad, I just need the money now.
Criminals are really preying on a helping heart from Grandma and Grandpa and they know that when people are under a time constraint they are less, or they’re more likely to make mistakes.
This actually happened to my grandma a few years ago and she assumed the call was coming from my brother because there was a man on the other end of the phone and she only has one grandson and she actually just told him, “absolutely not, you’re a ding dong, you can sit there and think about whatever dumb mistake you made” and hung up the phone. That Sunday at dinner she was like, “What did Nate do?” and we were like, “Wait, what?”. And uh, I’m glad she didn’t fall victim to this scam.
And, uh, I love my grandma. She doesn’t put up with any funny business.
Your financial accounts. You know, at the end of the day, all of these scams are out to affect your financial accounts and your good name in one way or another. This could be stealing a debit or credit card in an attempt to impersonate you to withdraw funds from your accounts or take credit out in your name.
OK, technology hacking.
The most common example of this is phishing spelled with a P-H and we probably have at least 50 of these in each of our junk inboxes right now.
An example would be an e-mail from “Amazon” claiming your credentials have expired or have been part of a hack. And so you just “click here to update them”.
I’m sure you know, but that’s not actually an e-mail from Amazon. There, they have a false link there, and they’re trying to gain access to your account.
If the hacker is lucky, you’ve named you’ve had the same password for multiple accounts and now they have access to even more of your information.
Then one other example of technology hacking comes in the form of e-mail and interception. A few years ago, a Lawrence dentist (I listened to this on my favorite talk radio show in Kansas City). A few years ago, a Lawrence dentist was closing on his home and he received an e-mail from the title company he was going through with instructions on where to, where to wire his $90,000 down payment.
He happily did so, but the e-mail eventually came actually had come from hackers and they used the company’s letterhead for the e-mail, the signature blocks, you know, all looked legitimate.
And the e-mail addresses were “confusingly similar to legitimate addresses”. He ended up losing the whole $90,000 and he had to withdraw money from his retirement accounts to complete the transaction.
There are definitely big risks out there, especially with wire. It’s very hard to get it back once it’s gone.
Next, is tax fraud, which you know we’re in the heat of tax season right now, so we’re seeing this more and more. It’s when criminals use your Social Security number to fake, to have a fake W2, generate a tax refund and then file the return in your name before you’ve had a chance to file your actual tax return.
Criminals have the refund sent to a different bank account, and then leave you to deal with the mess of filing your actual return later.
Then lastly, higher unemployment benefits in 2020, unfortunately resulted in a major uptick and false unemployment claims.
Criminals have filed fraudulent unemployment benefits using stolen identities or especially a lot of Kansas residents. Although I’m sure it’s a lot of other places in the country.
We’ve seen this a lot like I said, for Kansas residents, and then they’re normally notified by their employer or they’ll get a letter from the state.
You know, this is a perfect example of, you know, an opportunity to get in and make some extra money with the higher unemployment benefits, fraudsters are just right there looking for it. So, I feel like I’ve talked a lot. Darrell, Drew, do you have anything to add to this list?
I might be showing my age here.
But, but one thing, you know, as we start start talking about these scams, you know, my first reaction is, all of these are going to be electronic, of some kind, you know, we’re talking about e-mail, you know, fraud, internet fraud, And it’s interesting.
We’ve had multiple situations where clients know their mail is being stolen and said, “hey, look, we don’t, I don’t wanna get statements from, from the, from the brokerage firm showing what my account balance is in my mailbox”, you know, and I think we don’t think about things that way. So, I think that, that’s a really interesting point. And then, the other one that I got, I was thinking about when you were talking about phone scams.
Another one to be aware of, we’ve had two different incidents where clients have received phone calls that, the caller said they were from Microsoft, needed to update some things on their computer. Basically, online, got control of the client’s computer, and, you know, who knows what they, what they took. But they were convinced, in both cases. Both the client thought it was a legitimate you know, I think the ruse was, your computer is out of date. It’s exposed to hackers. We need to help you get the security patches on here, blah, blah, blah. So, not good. I mean, these guys can go to all lengths.
Yeah, no doubt.
And as you’re talking about the paper, Darrell, one thing that stood out to me is, when you have paper that has your information on it, it is not enough to throw it in the trash.
It is not enough to rip it in half and assume that that is safe.
It needs to be disposed of properly. So, I know, Darrell, you have a shredder at your house. Winter time is good. For me. That’s when I burn extra paper as kindling in the fireplace.
But going the extra effort to do it the right way, make sure that it doesn’t get hung out there in any way is usually the right call.
And then the other thing I was gonna say, relative to the technology hacking, you’re right Brandy that Gmail and Outlook do a better job now of looking for the bad stuff and sending it directly to Spam.
And so, one thing that we know is, if it’s in Spam, it probably belongs there. Be extra extra careful.
And that the other thing to note, is, just because they’ve gotten better, don’t assume that the stuff not in spam is OK, because, as they have gotten better, so, have the hackers.
So, it’s, it’s an ugly game of cat and mouse that keeps happening out there.
Yeah, that’s, that’s exactly right.
OK, so, now that we’ve talked about some of the risks we’re seeing clients face, Drew will discuss some ways to protect yourself.
Yeah, so, to protect yourself thing, number one is to be on alert. You can see my youngest son Oakley there. He went, we went hiking together in Colorado this summer and we did see a bear sign and said, “be on the lookout for bears”. He staged this photograph, we’ll see if he has a career in acting or not, but he really did see that sign, look at me and go, “seriously Dad?”. And the thing applies to us today. We really do need to have our guard up.
We are being attacked from all angles. Your text messages, I’m sure you’ve seen phony Amazon, gift card texts, phone calls. We’ve talked about some of those examples, your e-mails, obviously, your mail, and sure enough, all the different places on social media. So more than anything, I’ve just turned into, not to be pessimistic about the world, but in so many ways, just to assume the things coming at me are bad. Don’t respond unless I have to. Don’t click it, don’t touch it, don’t mess with it. So, that is the thing for me that has changed the most over the last year is just be on guard.
Create the sign in my head that “Hackers are out there, danger is ahead”. The next big picture point, one way to protect yourself more than anything, is to get better about passwords.
I look around, I know that I’ve improved a lot in this way, and on staff we’ve worked to do this. And in our family we’ve just said, OK, we’re going to have password managers to help us do it instead of having one relatively simple password that gets used on a lot of websites. There is so much danger there. If that gets compromised, hackers are going to use that password and go check a lot of other places to see if they can get access to your account, o, password manager simply is an app, either through like an app store or online, that can create a master password, that you can remember that’s at least slightly difficult, that then opens up and then has a place where you can store all your other passwords. It can create difficult passwords. And we’ve found that it’s best to pay some money. A lot of these are recommended from $10 to $30, or, you know, $50 bucks a year, or something, but paying a little money is usually worth it to protect yourself when it comes to something as important as your online passwords.
The other idea is to set up multi-factor authentication on as many important accounts as you can.
So the idea is, if you’re on a site or an IP address that you haven’t logged in before, that you need to have more than one way to confirm that it’s really you.
So you would enter your normal password but then the site would kick to you either through a text message or through an authenticator type app and say, hey, is this really you? Send in the six digit code here to prove that it’s you.
We’ve heard it’s best not to have the multi-factor be your e-mail, because if they get your e-mail, then they kind of have both of the authentication pieces to it, but set it up as much as you can. A little extra annoyance is worth avoiding a bigger pain event. That feels like the theme of a lot of this stuff. A little extra annoyance can prevent something really bad from happening.
So. The social media is just an important reminder.
More than anything, you know, I had my Facebook and my Twitter and my Instagram used to be public.
And then I realized, woof, that’s probably bad idea because there’s a lot of folks out there that don’t have good intentions that are trying to use information that they can gather, whether it’s my birth date, my mother’s maiden name, to try to use and eventually try to hack into other accounts. So, if it doesn’t need to be public, don’t. Try to limit it as much as you can to avoid folks trying to get access to it.
Then, kind of the final piece would be alert, are a couple of just quick tips. So using secure sites on the internet is really, really important. If you ever on a browser type in a site and it gives some kind of a warning, either red or yellow, it is best to not enter, to click away, to avoid it.
Public Wi-Fi has pretty much universally been accepted as danger zone.
If you’re at Starbucks or the airport or at a hotel, best to use your digital, 3G, 4G, 5G and not use the Wi-Fi, those sometimes hackers will set up as fake public Wi-Fis.
Or if you’re on public Wi-Fi, which you probably shouldn’t do, don’t enter any sensitive financial information.
It is highly, highly, likely to be trouble if you do that.
And then that final piece is software updates, just to say, most software updates on phones, and on computers especially, are almost all designed to protect you security wise.
So, almost always best to set those to automatically upload or download, so to speak those updates so that you don’t run yourself the risk of not being as secure as you possibly can.
Um, any comments on those things?
You know, the one thing I was going to mention, that’s just a simple thing but it always surprises me.
You know, if you, if you’re on your computer, if you hover over incoming e-mails, the sender, hover over that name and you’ll find you know you some some phoney Amazon e-mail comes in and you hover over it and you can see it’s not coming from Amazon at all.
And then, same thing, if you, for example, if you’ve got an Apple device, if you hit on the sender, it’ll pull up a contact page, and you can see the e-mail address it came from.
It is worthwhile doing that because amazingly, sometimes the e-mail address isn’t even close. So it’s really easy to decide if it’s, if it’s fraudulent. And sometimes, frankly, they’re really clever. They slip in a period, they change 1 or 2 letters. So it’s, you know, it’s not always a dead giveaway, but it’s, it works frequently.
I could have saved my Lawrence dentist, if he was reviewing his e-mail. Yup. Yup. Yup.
Yeah, and when we had sent out this, that we were doing this webinar, a North Kansas City business person who’s, who’s well known, he had responded to Steve and described his own situation where they fell for a wiring issue. And had money wired that ended up in, like, Estonia or something, amazingly, he told us in this e-mail, the Estonian police had caught the criminal and the money was still in the criminal’s account, and they were able to get their money back. Pretty unbelievable story.
Yeah. In their case, it worked out.
OK, so, then, the next section is, is talking about what can you do to protect yourself?
It is really to be good at reviewing. Here’s Oakley again he is reviewing his schoolwork. So whether your hat sideways or your hat is forward or backwards, there are things you can do. The first is, oh, my gosh, review account transactions monthly. It’s so boring. It’s, we all know it.
It’s painful to do, but this would include, obviously, in your bank accounts, your credit card accounts.
And something that sometimes gets overlooked is looking at your financial accounts of like your retirement accounts or investment accounts, looking over those things, more than anything, just to make sure there’s a reasonableness because if stuff gets missed and it doesn’t get reported, you might set yourself in a position where you may not be able to get things fixed.
So reviewing your stuff as frequently is really important.
It also is important to monitor your credit, your credit score, your credit history. There are a lot of ways to do this. For Windward clients we’re happy to send you your credit report three times a year.
You just need to let us know if you’re not already on the list. And you’re looking for people opening accounts in your name that you don’t know about.
It’s a lot easier to proactively deal with it than have a lien on something and try to clean up the mess.
But if there’s one thing from this section, that to me is the most important, it is the idea that you are able to freeze your credit at no cost. It’s a simple exercise, but this is the best and easiest way to try to slow people down from opening up accounts in your name and causing trouble.
Darrell, you have done this, I’d love you to maybe talk a little bit about that.
Yeah, yeah. I feel like it’s important, you know, frankly.
Then, you know, we’ve got, we’ve got the three major reported credit reporting agencies, Equifax, TransUnion, and Experian.
If you’re going to freeze your credit, you literally are going to have to go to each one of these credit reporting agencies and do it.
And kind of, the procedure is, they give you a pin number.
That the only way anybody can open up that your, your credit and be able to inspect your credit is with a pin number.
Frankly, you know, the way the way I look at this, I think a little bit of this is a holdover from many, many years ago when we didn’t have this rampant identity theft.
The way the system is set up, you can opt to close your credit, so nobody can see it.
Frankly, I think if they set the system up today, and what I suggest to all of you, is to close your credit, and only open it up when it’s requested.
And so, for example, you know, if you want to apply for a credit card, what you need to do is, you need to say to the credit card company, or let’s say you’re buying a car, you, you, talk to the finance people and say, where are you going to check my credit? I’m gonna open it up for three days. You put in your pin number and it opens it up.
I think it’s really good.
As Drew mentioned, I’ve closed it at all of them and not long ago, I got, I got a, an e-mail from one of the credit report reporting agencies, Experian, and they said, “hey, somebody is checking out at Cabela’s and tried to open up a credit card in your name and it was denied” and they just, they, I, they let you know that.
But I will say this I think it’s a relatively good assumption that all of our personal information is now out in the public domain.
No not it’s very important to try to protect yourself.
But there have been so many major hacks that I think you should operate as though hey my social security number, my birthday, my mother’s maiden name, those things are floating around out there and so you need to protect yourself. And and I think this is a really good way of doing it, is the credit freeze.
So, you’ve convinced me, and as we’ve prepared for this, but my hope for everybody that listens to this is, there’s at least one thing you can do one action to take. Mine, is to freeze my credit.
I kind of feel silly that I haven’t done it yet, but you’ve motivated me, Darrell. So, there’s something, Brandy, any other, kinda comment, or go ahead.
Not sure, I was just gonna say, you know, you make a good point. We’ve talked in the past, I’ve told people, you know, make sure you’re really reviewing and your statements and they say, oh, yeah, we’re doing that.
But, the compliment to that is looking at those credit reports, because there’s two different objectives. One is somebody’s hacked into your accounts, and you’re looking for transactions, you don’t recognize.
But what’s most important if you’re not checking your credit report, somebody could have taken credit out in your name, and you don’t know about it, and we have seen that across our client base, you know that somebody’s take a payday loan is in somebody’s name and they had no idea had they not checked their credit report, so it’s important.
Brandy, any other thoughts?
Oh, I was just gonna say, I know, you know, Drew said, reviewing those things monthly sounds so boring, and I couldn’t agree more.
But how quickly you identify an issue, especially when it comes to like your debit card or your credit card, um, can really affect the consequences of that. If you’re able to identify it quickly, tou’re going to be out a lot less money.
So, that’s encouragement to do it monthly. Yeah, totally.
Yep. All right, so then, my last section is, the idea of, what can you do to protect yourself? You can get ahead.
So there’s a picture of my daughter, Andy, middle school runner cross-country, she was getting ahead there and we want to get ahead in protecting ourselves by doing a couple of things. One, you can establish online accounts wherever you have accounts. I totally understand if you are a paper person, that is fine.
But it was news to me recently when I had read, even if you only get paper accounts on certain things, you should still set up the online account if they offer that so that hackers don’t set it up for you. Hackers are going around looking for online accounts that haven’t been set up yet and then falsifying it in your name as a way to get in there.
That really caught my attention. I had kinda my online medical stuff I hadn’t set up. I was like, oh, whatever, they send me. The statements, I’m OK there.
I don’t really need another online account. Well, that was enough of a reminder to me. It’s best to still set it up so someone else doesn’t try to impersonate me with it.
So that’s the point on that. Filing tax returns as early as possible.
Brandy kinda talked about the reason why, and right now, finally, tax returns is just weird. We’re in a weird tax season, period.
But we will help you navigate that, when it makes sense to file, A, just for your tax situation but also as quickly as you can to try to protect your identity.
And then finally, utilizing bill-pay as much as possible. We couldn’t recommend highly enough, and that really ties into the idea: get ahead by sending as few checks as you can around, because your checks have your information on it. It has the routing number and account number of your bank, it has your name, it has your signature. It is just ripe to be stealing your identity.
And so, utilizing bill-pay, which almost all banks do, banks are great at creating that service.
So, if you can utilize that as much as possible, it reduces the likelihood of you getting your information out there fewer times. So, I think that is a good thing.
Brandy? Darrell, what else?
Know? I kind of continue with my theme, it. All of our information is out there in the public domain.
You know, Drew mentioned five filing tax returns, and we’ve got the, you know, the hacking into the tax system. Filing false returns and unemployment claims.
So, to me, you know, if you freeze your credit, and you’re reviewing your account statements, and you’re and you’re looking at your credit report.
You’re doing all of those things, but if your information is out there in the public domain, they’ll still accept, the taxing authorities will accept the fraudulent tax return, or a fraudulent unemployment claim.
So, it, you know, fortunately, we’ve had, on a false unemployment claims, I think I’ve had two or three times people have filed trying to help under my name trying to collect unemployment, and I am still working. And so, yeah, but, but, you know, I think I think it’s really important. What happens is, the state, in both of those cases, reached out to Windward, our company, to see if I had legitimately filed unemployment. I know we’ve had other employees get a letter in the mail that says somebody has filed for unemployment. You have to follow up. You need to reach back out to the to the state unemployment department and make sure they understand that that’s fraudulent, So.
Yeah, the tax return thing has actually, the filing of tax returns early fraudulently, has become such an issue that just in 2021 for the first time, the IRS now makes it like an opt in program for you to obtain an Identity Protection Pin.
That allows you to file your tax return, using a pin number instead of your Social Security number, prior to this year. Though.
Those have only been given out to people who were the unfortunate victims of this tax thing, but going forward, you can opt into the program, which is pretty cool.
Yeah, another proactive way to just try to stop bad things from happening.
And we know we have probably, like Darrell had mentioned this earlier, that we think we have about 10% of our tax returns that we do have that. So, it’s common.
It’s normal and it your return will get bounced immediately if you’ve opted in and that’s not included on the return. So, just one more way to try to protect yourself.
So, that covers kinda my section, Brand, I’ll let you keep us moving forward.
So, next, we’ll have Darrell kind of present and talk to us about how you can help Windward keep personal information safe.
Right, so, so, really I think what I want to emphasize is this is kind of a duet, a duet.
We need to work with you guys, for those of you on the call that are clients in, particular, the, those of you on the call that are wealth management clients, there’s definitely things you can do to, to help keep your personal information safe in dealing with us. And, so, I want to talk about those. And then, we’ll talk about the things that Windward’s doing here in a second.
But, kind of the top of the list is, if you’ve been a victim of identity theft, please let us know.
We sometimes find out, in other words, sometimes we can see that a client’s e-mail has been hacked. We see unusual requests coming in from the client and we find out that way. But sometimes maybe you’ve got something that’s happened on a credit card that you may think is unrelated to the financial accounts we’re managing.
Make sure you let us know, you know, and kind of back to this theory, for example, if you’ve had some kind of a password theft on a Facebook account or something like that, they may be trying to use that to get into your financial accounts, and we want to be aware of it, so that that’s one. And then the second one and I probably should have put this one at the top of the list because I think this to me is, is about the most important.
On, on our Windward website, our clients have the ability to use a portal to login and use a portal and that is we feel like that is probably about the most secure way there is to deal with us. If you visualize this as a lead pipe that runs from your computer to our servers that nobody can see and it’s an encrypted portal, it’s a great way to get us documents. So you can get a sensitive documents by uploading documents onto the portal, will post sensitive things out there.
We feel like that is the most secure thing, and, you know and skipping down you can see, we say, never e-mail us an account number or social security number.
We frequently get an e-mail, somebody says, hey, I need some money out of this account. They’ll spell out the account number, and we just don’t think that should be floating around out there.
Or, e-mailing us sensitive tax documents. That is really what the portal is for.
I would encourage you to take the time to learn how to use it.
That’s probably the best way you can protect yourself in dealing with sensitive financial data. So, we’re happy to, if you don’t know how to do it, please reach out to one of us, and we’ll give you a little tutorial and walk you through it, because we think it’s really important.
Checks on your brokerage account. So our wealth management clients, we keep their accounts, at TD Ameritrade that’s where the physical money is. The stocks and bonds and investment assets, and if you’ve been a client with us long enough in the early days.
We obtained checking accounts on these brokerage accounts so that you could easily get your money out of the account and you wanted to write a check on it.
We’re discouraging, with an important exception, we’re discouraging clients from using checks on their brokerage account. As Drew mentioned earlier, it’s really insecure. It’s kind of an older technology where it’s got addresses, there’s account numbers, there’s your signature that could be copied is on there.
And frankly, most of our clients’ wealth is in their brokerage account, it’s not their bank account they maintain. You know, some people carry big bank accounts, but, but really most of it is an IRA accounts and big brokerage accounts.
The criminals know that, and so that’s frequently become a target.
And so we just don’t like the idea of having the checks floating around on these large accounts.
And when we talk about what we’re doing, we’ll, I’ll explain to you how we think it’s better to access the accounts.
And then lastly, I mentioned about e-mail and being careful with your e-mail.
But finally, specifically, Drew had mentioned it’s important to review your statements.
One of the things I want you to think about is if you’re a client and we’ve got TD Ameritrade if you’re a wealth management client with a TD Ameritrade account set up, that’s what’s known as your custodian. That’s where your assets physically are.
So for example, we have a Windward website that you can log on to advisorclient.com to look at your portfolio and see how the performance is.
Even if that website was hacked, your assets aren’t there. I mean, it’s obviously, it’s an invasion of privacy. They can see your know, how much you have in your IRA account, or whatever, but they can’t get any money out. TD Ameritrade is where your money physically is. And so it’s very, very important in reviewing your statements. I think it’s great to use our website to monitor performance and things like that, but check in and compare it to what is showing at TD Ameritrade that I think is really important. So, Drew, any, and Brandy, anything else you can guys can think of in terms of what the clients can do to make, make it a little bit safer in dealing with us?
Oh, Drew, you’re muted, OK.
The simple comment is, if something has happened to you and you wonder whether or not you should let us know, you should let us know.
Yeah, it, it’s just important to keep us in the loop.
And by the way, I thought Drew was going to say this because he reminded me of his earlier, but I want to state this, and I alluded to it.
One exception on writing checks on your brokerage account, we do have clients that are over 70.5, where we have set up a specific IRA for them to make charitable contributions with and we’ve given them check writing on that account.
The reason we set up a separate IRA is so we can control the size of the account.
So in other words, if you’re making $5000 a year in charitable contribution, we’ll move five grand a year over into that account to write checks on.
And the reason we do the separate account is so that we don’t have checks floating around on your big brokerage account so that was the exception.
I was going to mention. Brandy, anything from you on this?
No, that’s what I was going to chime in with, you got it.
- So now let’s just talk for a minute about what Windward is doing to keep your information safe.
Hey, you know, there’s a handful of things here.
So one, if you, you notify us that you changed your address, whether it’s physical or electronic e-mail address, we’re going to confirm with the old address and the new address to make sure that’s legitimate. So, you know, that that’s an important thing. If there’s any kind of an account change, we’re going to do that.
Additionally, some of the wealth management clients may have initiated third party withdrawals but we’ve adopted a policy where we’re not going to send money out of your brokerage account to a third party. So what we’ll do is we will get checking account information from you that we know is legitimate. And we will set up, you know, kind of a pipeline to wire money or to ACH money into your bank account that we know is a bank account, a legitimate bank account.
But if, for example, if you’re buying a piece of real estate and want us to wire the funds to, to the title company, we won’t do that. We’ll wire the money to your bank account, and then you can make arrangements with them. And so that you can make sure that’s done correctly, because we, we, we don’t want to take the chance of sending the money to a third party that, that’s incorrect. So that, that’s really important.
And don’t be surprised if you call, and say, hey, I need some money out of my account. Don’t be surprised if we. Frequently people will send us an e-mail saying, hey, could you transfer X, you know, $10,000 to my checking account?
Don’t be surprised if we call with wanting a verbal verification. Leave us a voicemail or somebody if it’s large enough you may get a call from one of our wealth managers that wants to talk to you about it.
We’re not trying to discourage you, it’s for your protection.
Windward is still of a size that we know our clients and so we will be able to verify that at you and so that that’s important.
Red Flags program. That’s basically just kind of a program that we’ve adopted that says hey, if there is a known identity theft, either we discover it or a client identifies it, we take specific steps. And so, back to the way you can help us is to let us know that you’ve been a victim of identity theft.
We may do specific follow up account monitoring to make sure things are in good stead.
We might go as far, we had a one serious hack where we literally, you know, the routine thing is change your password, we will monitor the account. This one was serious enough.
We actually had TD Ameritrade set up all new accounts for this particular client with a new new account numbers, you know, little bit of a hassle, but we felt like it was an important step in that case. Because it was a very serious breach. And that example was that the client had a serious hack.
We didn’t have a hack, but right. There hack was serious enough. We said, we are going to change all of your accounts.
Then, you know, final couple of things.
So, one, as a firm, we have got a specific Data Security plan that we follow. It’s updated annually, it’s tested, so, so, for example, as we’ve made some changes, we’ve actually hired a firm to, to, to try to hack into our servers. So, you know, it’s a common thing.
There are firms out here, kind of good guy firms that are very knowledgeable and they try to hack in and give you a report on any vulnerabilities you have.
We’re very careful to the extent we use portable devices, laptops, and phones, things of those nature of that nature where they’re encrypted so that if somebody were to steal a Windward laptop, they wouldn’t be able to access to data on it.
We’ve got controls in our offices, so, so, for example, our server rooms are locked. Combination lock so that people can’t get into them.
Then, this, this wasn’t always true, but as we’ve added employees, so for example, we have, we have some, some seasonal interns that help us with tax season.
Basically, what we tried to do is put in controls, so they only have access to the information they need. They can’t get in and see trade confirmations and look at accounts online of our clients and things like that.
We try to make the information within the firm only available on a, on a need to know basis.
And the last comment and no thumb drives to transfer files. We’re going to be really careful about the way you give us data. Back to where, what I’d mentioned earlier, you know, about using our portal, that’s a very secure way of doing things. We’ve had clients say, hey look, I’ve got an Excel spreadsheet of all my financial accounts on, on this thumb, drive, here you go, if you want to load this in.
We’re not going to use any, we’re not going to use those in our network system just because of kinda the insecurity of that.
Then I think it’s also worth mentioning.
Kind of as a final point on this, as I mentioned, client’s assets are physically at TD Ameritrade. Our, our wealth management clients. This would be true, you need to know who the custodian is of all your accounts.
TD Ameritrade, then the question comes, what happens if TD Ameritrade is hacked and somebody gets money out of my account?
And these large brokerage firms participate in the SIPC. They have SIPC insurance which is somewhat similar to FDIC insurance.
It protects your account.
Your accounts are protected up to $500,000 kinda per like-titled account.
And then additionally, TD Ameritrade, through Lloyd’s of London has an additional just south of $150 million coverage per account.
So there’s a substantial account and I should be clear, that insurance is for theft of assets out of your brokerage account. It is not ensuring you from loss due to bad investments. Your account falls in value or let’s say you’re working with an scrupulous broker that, you know, get you into investments, you don’t belong in. That’s not the insurance for that. This is literally theft for insurance. So there may be other means of recourse on that.
So, uh, Brandy, Drew, anything? You know, you guys have been through the, the data security testing, e-mail testing. Anything you want to add on us?
Yeah, two things, that I was gonna say, that I just thought about, we always require verification. But the other thing is, we will never respond if you say, hey, I need $10,000, call me at this number or e-mail me at this account. We will only go by what we have on file because we know people might want to impersonate you and then give a phone number for that’s impersonating you.
So that’s just a simple double-check that, more than anything, that was one point, but the other point is, through our Data Security plan, through our IT resource, he is training us and coaching us and testing us. We get fake e-mails that look so stinking real all the time because he’s testing us and training us to not fall for it.
And so we’re going through the ringer doing our best to be on alert all the time to protect our clients because this is your money. It’s so valuable. It’s our job to do the best we can with it.
You know and the best, if you want to tell it, for those of you who know Caitlin and our office, I think this is a funny, funny story, but one of our tasks was we hired a guy to come in and try to talk his way into the server room and convince her that he needed to come in and examine the server. So, you know, it’s an important part of what we do, frankly, and, and, uh, you know it’s good to know, but it’s, it’s definitely a duet.
You have to work as hard at this as we do to keep your information safe.
Yes, absolutely. All right, well, thanks, Darrell and Drew. I will once again remind you to please drop any questions you have and we have received a couple. So, we have a few minutes, I’ll start with this one.
Do you recommend getting your own VPN, which can be a virtual privacy network?
Yeah, I don’t honestly know enough about it.
In every case, I know that a virtual private network is a way to try to be more secure, especially through Wi-Fi. And so we have VPNs for some of our folks who work remotely a lot. And we know that that’s a more secure setup than just using a program like GoToMyPC, which sometimes is helpful.
But a VPN can be a good thing.
I honestly, just don’t know enough if it’s something that should be considered on an everyday level all the time.
Um, I don’t know.
Same here, I will say, in my limited research, it seems like if you have home Wi-Fi with a secure password on it, that is a great first step.
If, from there, you’re really worried about maybe your service provider, or, you know, a host of other things than a VPN is, OK.
And the next question is, do you recommend services like Life Lock?
Hmm, hmm, that’s also a good question.
And, you know, it’s one of the fun parts about being an advisor and working with a lot of different people, we get to see what a lot of other folks do. And so, we have a little bit of a sample size of folks who have used it and a lot of it, this isn’t an indictment on any specific company Life Lock and you know those type of services, they’re not the only one, that they will try to essentially lock your credit and then have alerts for you. And then they say they will provide extra resources if something bad happens to help you get it unwound and work through it.
So, I don’t know, exactly, but most of our folks have said, they had it and then they stopped doing it once they locked their credit, started getting their credit reports and started just more frequently looking at their stuff.
If you have done nothing today, I would say it would be better for you to lock your credit and to get a password application.
And then, if you still want to, then maybe if you want to do something like Life Lock, go for it, but it wouldn’t be at the top of my priority list.
And, you know, what I would add to that is, to me, the protecting yourself to kinda in addition to the password manager, but the 3 big things that come to mind are reviewing your accounts carefully, checking your credit, looking for things that you don’t know about that, or somebody’s taken out in your name and freezing your credit. And you need to do all those. So if you freeze your credit, you still want to monitor your credit reports, and you still want it because you don’t know when things were taken out or whatever.
My sense of the service like Life Lock, you can protect yourself the same way.
The value on any of those things would be undoing if you’ve been hacked.
And that’s, you know, if, if you’ve been the victim of identity theft, I feel like that’s something that it can be very time consuming. If there’s any value to it, to me, that’s where it would be.
I think that protecting yourself, you could do yourself and certainly you can try to unravel it yourself.
But, it’s just, it’s, it’s frustrating and so, you know, it may be worth it just to pay to have somebody to help you unravel things.
I know we’ve had lots of clients deal with the unemployment issue and luckily the FTC has a great website with step by step instructions on how to do that, but, you know, that’s just one example. And it would be nice to have some help.
I did see one thing that they companies like that broadcast is that they will look for your information on the dark web and not to sound like Darrell, but it’s probably out there.
OK, and then the last question for today is, as a single person, who and how can I share my passwords so that they have backup access?
I love that question. Whether you’re single or you are married, I think there needs to be a plan in place.
A lot of families, one person runs point on a lot of the websites and maybe another person runs point on some other websites.
However, it’s dealt, no matter who you are, if you’re single or have a partner, that there should be a way that somebody else knows your big picture system.
And maybe that means if you have a password manager that you have it written down, what that master passcode is what app you use, how they could access that on your phone, or your main device, and that you give that to a person. And that person is on. I have an annual reminder that pops up every year to update kind of my, I don’t change my master password, which maybe I should, but I always give that list to my dad and to my brother and sister-in-law.
So that, if in the event something tragic happens to both my wife and I, somebody else could have access. But ,there’s a bigger issue at stake there that there is legality issues involved, getting access to other people’s stuff.
Even if you handed them a note to say, if I go down, you can access my stuff. Legally, it, it may not be legal by the letter of the law to do that. So, it becomes in estate issue.
If you haven’t updated your state documents, here is a good reason to do it and motivate you to do it, because almost all attorneys have updated language with how to deal with digital assets, including digital passwords.
And, that is included in the update of estate documents.
So, it’s explicitly and follows the hoops of your specific state to make sure that if something goes wrong, people can access it A. legally and B. there’s an avenue to do it.
Yup. Absolutely. It’s always good to have your estate documents reviewed.
Um, but you’ll need to update your password list a little more frequently than you’re going to do those estate documents.
OK, well, I think that covers it for today.
This webinar has been recorded and will be available on our website in the next few days.
If you enjoyed it, feel free to share it with your friends and family. We’d really appreciate it. We plan to hold more webinars in the future so if there’s a specific topic you’d like us to cover, please let us know and we may do it in the future.
If you have any questions about anything you’ve heard today or if you’d like to hear more about how Windward can help you, please reach out and we’d love to hear from you. Have a great evening. Thanks, guys!