Don't Take the Bait

Identity theft is a scary thing and these days it’s all too possible for it to happen to you. One of the routes in for fraudsters is through so-called “phishing” emails. You’ve probably heard about these as they’ve been around for years. Early phishing emails were fairly easy to spot. They were plain text, perhaps with misspellings or grammatical errors, or the format just didn’t seem right. Now, however, these emails are much more sophisticated and dangerous.

For whatever reason over the past several months or so I’ve been getting pummeled by phishing emails. I’m guessing this is because my email address has made it onto a bunch of different lists. Most of the emails are of the old variety and are obviously fake, but others are good. Really good. Take a few emails I received from “Apple” as an example.

I have an Apple Developer account that goes along with the app clients can use to access their portfolio information. Several months ago, I received a few emails that looked exactly like other emails I’d received from Apple. The font and colors were right, and so was the general tone of the email as it asked me to click a link to update my account. I don’t know what it was about the email, but something just didn’t feel right, even though it looked good and generally coincided with my Apple relationship and experience. I decided to:

  • Slow down a moment and not simply click the email link as per muscle memory.
  • Read the email again to see if I could clarify what didn’t feel quite right.
  • Log into my Apple Developer account on my own by going directly to the website (not clicking the link in the email) to see if there were any popups or other flags that would indicate my account needed updating.

Seeing nothing, I decided to do nothing – at least in terms of clicking the link in the email. Instead, I contacted Apple. They hadn’t heard of this particular phishing attempt yet, so I sent a copy of the email to a special department. After a few days they confirmed the email was fraudulent. It turns out this email wasn't just sent to me, but pobably to thousands of others - phishing by casting a wide net. What would have happened had I clicked the original email link? My guess is I would have been taken to an Apple-look-alike website and asked to provide my personal information. Or, perhaps a file would been downloaded on my computer allowing fraudsters into my system. (By the way, I once saw a live demonstration of how this works, and it took only minutes for the hacker to start rummaging through the person’s computer.)

Another example is a slew of fake emails I’ve been receiving purporting to be from DocuSign, a system I use regularly. These emails are also very good in that the wording is professional and matches up with how DocuSign operates. I followed a similar process with these emails and ultimately simply deleted them.

I share this information with you so you can understand, if you don’t already, just how sophisticated these phishing emails can be. We’re all super busy these days and the fraudsters know this. My suggestion is to be extremely careful about clicking anything unless you’re already aware of it and ideally expecting it. Otherwise, it’s probably best to navigate to the website yourself and log in on your own. Yes, this takes extra time and might seem a little paranoid, but you’ll kick yourself for not doing so should you get hacked.

For our purposes while working together, here’s some information about receiving emails from me:

I’ll never send you an unsolicited email from DocuSign. If we haven’t just discussed it via phone, I typically send a separate email letting you know the DocuSign email is on its way. When in doubt simply ask for clarification prior to clicking anything. Worse case, you accidently delete the email and we have to recreate it, no problem.

If you receive a Quarterly Summary from me regarding your investment portfolio, you’ll get an email with a link to access your portal. You don’t need to click this link. Instead, you can simply login directly at www.ridgeviewfp.com and click on “Client Portal” in the Clients dropdown area.

I use encryption whenever I send anything that might include your personal information. In turn, I suggest that you also use my encryption tool to send me anything containing personal information. This is far safer than attaching a tax return, for example, to a regular email because if your email has been hacked someone can easily grab your documents. I can send you a link to upload files securely when needed, or you can do so yourself by clicking “Secure File Upload” in the Clients dropdown on my website.

If you feel like you’ve been hacked, compromised, or are simply nervous, make a habit of checking your bank and credit card statements at least monthly. Look for anything odd and report it to the company immediately.

Also, here are the three primary credit reporting agencies to monitor your credit report. You can contact them via phone or even via snail mail and ask for a “security freeze” on your account. If you provide your mailing address, they’ll send you a PIN to unfreeze and refreeze as needed. Some even have apps to help with this freeze/thaw process.

Equifax: Equifax Security Freeze, P.O. Box 105788, Atlanta, GA 30348 - 800-685-1111

Experian: Experian Security Freeze, P.O. Box 9554, Allen, TX 75013 - 888‑397‑3742

TransUnion: P.O. Box 2000, Chester, PA 19016 - 888-909-8872

Have questions? Ask me. I can help.

  • Created on .

Contact

  • Phone:
    (707) 800-6050
  • E-Mail:
    This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Let's Begin:

Ridgeview Financial Planning is a California registered investment advisor. Disclaimer | Privacy Policy | ADV
Copyright © Ridgeview Financial Planning | Powered by AdvisorFlex