Dinner party conversations these days often include a discussion about a friend or family member who has been the victim of fraud and/or identity theft, or about an elaborate ruse they read about in the news. You have also probably received a letter from a company, medical provider, or credit card company informing you that their network has been breached and your personal information may have been inadvertently shared with bad actors. The SEC issued an Investor Alert last year warning people how artificial intelligence can be used to separate you from your money.
Essential Credit Protection Measures
Freeze Your Credit Record – To protect your credit history and protect against identity theft, freezing your credit record is a proactive and FREE step to safeguard your financial information. If you freeze your credit, no one will be able to open a new line of credit using your social security number, and it eliminates the need for credit monitoring services. Placing a credit freeze will impact your ability to open new lines of credit; however, it is relatively easy to unfreeze your credit permanently and even for a specified period (i.e., 24 hours to allow a credit card company to check your credit history).
Annual Credit Check – Set a reminder to order a free credit report annually to check your credit history. Take the time to review the report for any suspicious activity and close any credit lines you no longer need. The Federal Trade Commission requires each of the three credit agencies (Experian, Equifax, and TransUnion) to give you a free credit report once per year, and they have joined forces so you can request a report through AnnualCreditReport.com.
Digital Security Best Practices
Strong Password Practices – Creating and maintaining secure passwords is one of your most important defenses against fraud. Follow these essential guidelines:
- Use unique passwords for every single account—never reuse passwords across different sites.
- Create complex passwords using a combination of uppercase and lowercase letters, numbers, and special characters; the longer the better.
- Never share your passwords with anyone.
- Avoid using information readily found on the internet about you, such as addresses, birthdates, spouse names, pet names, or other personal details.
- Change your passwords regularly.
- Consider utilizing a password manager to store all your passwords in one place, accessible through a master password or Face ID. Keep your username and master password for your password manager somewhere safe (i.e., in a safe!), in case you forget it.
Two-Factor Authentication – Use two-factor authentication (i.e., authenticate your identity using two distinct methods) when accessing financial accounts. This is an effective way to deter hackers since they will need not only your password but also access to a one-time code generated by an authenticator app on your phone or computer.
Secure Networks – To protect your financial information, never access a financial website using an unsecured or public wireless network (i.e., airport, hotel, coffee shop). Unsecured networks are vulnerable to hackers stealing your personal information or install malicious software on your device without your knowledge.
Update Software Regularly – Update the software on your electronic devices regularly to ensure access to security fixes and stymie hackers looking for vulnerabilities.
Use Official Apps When Available – If your bank, custodian, or other financial institution offers a mobile app, use it instead of accessing their website through a browser. Mobile apps are safer because websites can be cloned and promoted so that they appear at the top of search engine results through techniques like SEO poisoning, making it difficult to distinguish legitimate sites from fraudulent ones.
The Power of the Pause – Remember that “there’s power in the pause.” Bad actors will encourage you to act quickly and create artificial urgency. Don’t rush into any financial decisions. Take time to verify information, consult with trusted advisors, and think through the situation carefully.
Communication Security Protocols
Protect Your Mobile Devices and Carrier Account
Secure your mobile devices from compromise by implementing strong device security measures. Contact your mobile carrier to establish login credentials protected by a unique PIN and multi-factor authentication (MFA). This crucial step prevents fraudsters from creating unauthorized profiles using your personal information, which could otherwise allow them to access your phone services, forward calls, and redirect text messages to their own devices. The unique PIN acts as an additional security barrier, blocking fraudulent attempts where scammers impersonate you to complete unauthorized phone transfers or call forwarding.
Beware of AI-Generated Investment Scams
Exercise extreme caution when encountering investment opportunities online, particularly those involving cryptocurrency. Fraudulent websites now use artificial intelligence to create highly convincing, legitimate-looking platforms that can be difficult to distinguish from real investment sites. These sophisticated scams often feature deepfake technology to create fake video testimonials from celebrities, financial experts, or other well-known figures endorsing fraudulent investment schemes. Always verify investment opportunities through official channels and be skeptical of any investment that promises unusually high returns.
Monitor Your Financial Accounts Vigilantly
Regular Account Monitoring – Monitor your accounts online regularly and don’t rely solely on automated fraud detection systems. While banks and credit card companies have fraud detection systems, they can’t catch every suspicious transaction—especially smaller amounts or purchases that appear normal—and once fraudulent activity goes undetected for an extended period, it becomes much harder to recover your money and prove the charges were unauthorized. Set up account alerts for transactions, logins, and other account activities to catch suspicious activity quickly.
Safe Shopping Practices – Don’t save your credit card or bank account information on shopping sites. While convenient, storing payment information creates additional vulnerabilities if those sites are compromised.
Advanced AI and Deepfake Protection
Voice Cloning Awareness – Be aware that it takes only 10 seconds of your audio for your voice to be cloned and used in deepfake technology. Be judicious about what you post on social media and other platforms where your voice might be captured.
Detecting Deepfake Communications – If you suspect you’re being contacted by a deepfake, ask the “person” to hum a tune or follow specific verbal instructions, such as “Can you tap your phone three times?” Current AI technology is not yet sophisticated enough to handle these spontaneous requests convincingly.
Physical Security Measures
Check Writing Security – When writing checks, use a gel pen to prevent alterations, never send checks in window envelopes where account information is visible, and mail them directly from the post office rather than leaving them in your mailbox. The Financial Industry Regulatory Authority, Inc., or FINRA, has recently listed a more comprehensive list of tips to avoid mail-theft related check fraud.
Keep Personal Information Personal – Never send personal or financial information (social security or passport numbers or account numbers) via email, and never share personal or financial information with anyone whose identity you can’t confirm. For example, the IRS will never contact you by email, text, or social media and will rarely call without first sending you postal mail regarding a delinquent payment. If an email looks suspicious, scrutinize the sender’s email address, as it is often a clue that it is a phishing email. Block and delete immediately.
Verify Financial Communications Independently – Never act on urgent financial requests received through email, text, or phone calls without independent verification. If you receive communications claiming to be from your bank, credit card company, or other financial institutions requesting immediate action, account verification, or personal information, contact the institution directly using official phone numbers or websites. Legitimate financial institutions will never ask for sensitive information like passwords, PINs, or Social Security numbers through unsolicited communications.
Always Confirm Identities and Information – If someone sends you wire instructions via email, take the extra step to call and confirm the instructions verbally. If someone calls identifying themselves as a family member or financial institution requesting money and/or personal information, take the time to call them back at a verifiable phone number. Consider a family code word as additional verification.
When in Doubt, Reach Out
If you see something suspicious or have any doubts about a financial communication or investment opportunity, don’t hesitate to reach out for a second opinion. Contact your financial advisor, trusted family member, or friend before making any decisions based on unsolicited communications or investment pitches. Sometimes a fresh perspective can help identify red flags you might have missed. Remember: if anyone pressures you with urgency tactics like “act now” or “limited time offer,” this is typically a red flag indicating a potential scam. Legitimate financial opportunities rarely require immediate action without time for proper consideration and consultation with others. The “power of the pause” should not be underestimated.
Additional Resources and Final Thoughts
The Federal Trade Commission is a good resource for more information, and you can sign up for emails from the AARP Fraud Watch Network to keep informed about the latest fraud schemes.
If you are a victim of identity theft, take swift action to prevent further financial harm, including, but not limited to, contacting the three credit agencies (Experian, Equifax, and TransUnion) and your financial institutions and credit card issuers to report the breach, and changing your passwords to all financial sites.
Caution and informed decisions are our greatest allies in preserving financial security and personal well-being. To create a more secure online community, we each need to tighten our online identities, so we invite you to share these tips with family and friends as we collectively build a safer digital landscape for all.