Staying Safe in a Digital World

Planning Reflection | November 11, 2022

Today’s digital-first world can present unfamiliar challenges and risks. It seems like every day the world is becoming more automated and less personal as businesses shift to online accounts and interactions. Gone are the times when you could get help from a real person on the phone without waiting in line for hours and repeating your “problem” to an automated voice system. As change happens rapidly, it can feel difficult to keep up. Unfortunately, this hesitancy to keep up, along with other factors, increases the risk of fraud and identity theft. Sadly, senior citizens are disproportionately targeted in these attacks, and according to the FBI, fraud involving senior citizens result in three billion dollars in losses annually¹, which is equal to the annual budget of UC Berkeley.²

In this article, we share a few ways you can better protect yourself against identity theft and other common online pitfalls. 

A phishing attack is when a malicious actor or group pretends to be something it’s not, for example, a bank, a major store, the IRS, your financial advisor, or even a family member over email, text, or phone call. These days, scams are sophisticated, and their methods often look convincing. So, how can you spot a phishing scam when it arrives?

First, slow down. Were you expecting this email, text, or phone call? If yes, does the email address or phone number match what you’re expecting? Look beyond the sender’s name and look closely at their email address. I recently received a phishing attempt that appeared to be from the financial institution where I bank, but instead of having an official email address, it showed an email address with the bank’s name misspelled—a hint that it’s fraudulent.

In addition to the email address or phone number, look at the language in the communication. Does it sound like it was written by the person or company it’s claiming to be? Does it sound urgent? If something doesn’t seem right, that is a good sign to pause. Most phishing emails contain a link—do not click on the link before verifying the email’s legitimacy.

Trust your instincts and voice your concern. If you receive an email that doesn’t sound right from a financial institution, contact them using the phone number on your last official statement and ask about the email in question before clicking anything. If you receive an unexpected phone call, slow down and ask for more information or tell them that you’ll call back later. Saying no to a convincing fraudster on the phone is easier said than done. Remember that you are the consumer here, and you are entitled to ask questions. Channel your inner advocate and pause. 

You can better protect yourself (and make your digitally savvy relatives proud) by using a password manager – a service that lets you create strong, unique passwords and remembers them for you. Most online services require you to create an account, so it is natural to end up reusing passwords instead of remembering hundreds of different ones. However, apart from phishing emails or texts, scammers can also access to your account through your password. You are especially at risk if – like the majority of Americans³ – you reuse similar passwords for multiple websites.

A scammer can directly ask for your password through phishing emails or the phone, or they can hack into a large company, such as Target or Home Depot, that already has your information. Once they obtain passwords from those accounts, they can try to reuse the passwords at a different website – your bank, for example. According to researchers at Virginia Tech, one year after a data breach, more than 70% of people are still reusing their leaked passwords on other websites.³ Only slightly modifying the leaked password does not help much. The researchers also found that all reused passwords and a third of slightly modified ones obtained in a data breach can be guessed by a hacker within just ten guesses.³

Using a password manager solves the problem of remembering passwords and better protects you from fraud by making it easy to have unique strong passwords for every account. It’s much harder for someone to guess a string of random letters and characters than more common ones such as “password,” your date of birth, or your children’s names. It’s even better if you don’t reuse your passwords, so a breach at one website will not affect your account on another website. 

There are many options for password managers. Here is a New York Times article that walks you through the step-by-step process and provides a few recommendations. When I first started using a password manager a few years ago, it was a daunting process to set up, but now I cannot imagine remembering more than one password! 

Another way to protect yourself is to freeze your credit. Freezing your credit prevents anyone from opening a credit card, a loan, or any line of credit with your Social Security number without your permission. The biggest drawback is remembering to “thaw” your credit when you need to, for example, opening a new home equity line of credit or a new credit card. This can be an additional step, but it is worth it for the improved protection. 

Federal law mandates credit bureaus provide credit freezes for free, so it should not cost anything to protect yourself from identity theft. Here are step-by-step articles on how to place these freezes: Transunion credit freeze, Equifax credit freeze, and Experian credit freeze. In addition to the three big credit bureaus, there is also ChexSystems, which is a similar system to the credit freezes offered by the three credit bureaus, but it prevents anyone other than you from opening a checking or savings account in your name. You can place a freeze on their system here. Once you place security freezes, don’t forget to save the information on your password manager. It makes it much easier to manage and “thaw” the freezes as needed. 

Despite our best effort, sometimes attacks still happen. If you become a victim of identity theft or a scam, don’t be ashamed. It is, unfortunately, more common than you think. The first step is to tell someone about it. Our team at North Berkeley is a resource for our clients; we can help to identify next steps and specific actions needed to secure your accounts. If the fraud involves a financial institution, such as your bank, you can reach out to their official number or a physical branch for help. Another option is to call the Elder Fraud hotline from the Department of Justice or the Identity Theft program by the Federal Trade Commission. The sooner you reach out, the faster the situation can be resolved.   

You don’t have to be perfect to safeguard your identity and accounts in the digital world. By taking these steps, you will be better positioned to protect yourself against online threats. 

Resources

¹ Elder Fraud. Accessed 11/1/2022. FBI

² Budget 101. Accessed 11/8/2022. UC Berkeley

³ The Next Domino To Fall: Empirical Analysis of User Passwords Across Online Services. 3/1/2018. Virginia Tech University