It has recently come to our attention that the clients of some of our colleagues have reported a jump in the number of phishing attempts on their investment accounts. Although we haven’t heard this from any of our clients recently, we understand that becoming a cyber-security victim can be very painful and costly. We continually upgrade our systems and procedures to help prevent and detect unauthorized access, but hackers are getting smarter and bolder. Because security is a shared responsibility, we think our clients and others need to know what a phishing attack looks like and what steps they can take to defend themselves.

What is “Phishing”?

Phishing is an attack where a legitimate looking message or phone call tricks you into giving up private information like a password, credit card number, or social security number.

The most frequent phishing attacks occur through email, disguised to appear as though they came from a reputable financial institution and company, like Schwab or Fidelity. Phone calls from those claiming to be an IRS agent are also common.

What the attacks look like?

There are many phishing attacks active on the Internet. Phishers frequently succeed by getting consumers to act quickly without thinking. Here are a few indications:

• An email contains an "urgent" or "shocking" tone requesting your immediate action on an account-related matter.

• An email or call, claiming that your account (bank or credit card) will be suspended unless you confirm your account number or social security number.

• An email, phone call or text message from a seemingly legitimate email address or number instructs you to click on a link to take action (e.g., “validate your account,” “confirm your identity,” “access your tax refund”). The link brings you to a website requiring you to enter your personal information.

• An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.

• A pop-up window appears from a user falsely claiming to be a legitimate company’s Web site asking for personal information.

What’s the impact?

Victims of phishing often have their identity stolen which results in fraudulent credit cards or lines of credit opened in their name. Also, victims typically have malware installed on their computer systems to steal even more information from their workplace or family members.

How can we defend against it? Protect the security of your computer:

• Keep your computer and browser software current with security updates.

• Install and update anti-virus and anti-spyware software and use personal firewalls to protect your computer.

• Be alert to the threats posed by malware--short for malicious software, this form of software is designed specifically to damage or disrupt a system, or to secretly record information such as keystrokes. Malware types include key logging tools, Trojan horses, hijacking programs, and dialer programs that may reside on your personal computer. While these threats constantly evolve, you can help protect your personal information and computer by using a personal firewall, maintaining up-to-date anti-spyware and anti-virus programs, and by immediately reporting any suspicious activity involving your personal information.

• Do not enable any application features that would automatically log you in to your Schwab account or pre-fill the Login ID or Password fields.

• Change your password periodically and avoid using passwords for Schwab and Fidelity that you commonly use for other purposes.

• For more information on how to protect your personal computer, including links to vendors providing anti-virus and anti-spyware software, please visit the Federal Trade Commission’s computer security site at http://onguardonline.gov. Microsoft Corporation provides additional information specific to the Windows operating system at http://www.microsoft.com/security. Users of Apple computers can find security information at http://www.apple.com/support/security.

When using your computer

• Your username and password are for your use only. Do not share them with anyone.

• Check to make sure you are interacting with a secure Web site.

• Always log off after accessing your Schwab or Fidelity account. This prevents someone else from accessing your account if you leave your computer unattended while the session has not yet "timed out," or automatically shut down.

• Be careful about using third-party computers or computers that you are not familiar with, such as those in Internet cafes.

If you do use a third-party computer, be particularly careful to ensure you have fully logged out. Schwab and Fidelity’s systems are set to prevent browsers from saving account information in a computer’s Internet cache, but as an extra precaution you may want to clear the cache of any public computer on which you have accessed your Schwab accounts. Please check the browser’s help section to learn how to manually clear its Internet cache.

Recognizing and fighting fraud

• Do not provide personal or financial information in response to an email request or by clicking on a link, unless you are able to verify the authenticity of the site to which you are taken through the SSL padlock or other means.

• Do not enter personal information into a form within an email message or a pop-up.

• Note that Schwab & Fidelity will never ask you to provide personal financial information in an email.

• Do not open an email from a sender that you do not recognize. Be particularly cautious of any attachments to emails from unrecognized sources.

• Hover over questionable links to reveal the true destination before clicking.

• Beware of cloned websites that may appear to be legitimate. Note that secure websites start with https, not http.

• Alert our team at Financial Alternative immediately upon receiving suspicious email or finding any unusual activity regarding your accounts. Our number is 858-459-8289.

Suspect Fraud? Contact Us Now!

If you suspect fraud or identity theft, the faster you act the better. Here is what you need to do, right now.

1. Contact us by calling 858-459-8289 as well as the financial institution directly:

• Charles Schwab 800-515-2157

• Fidelity Investments 800-544-6666

1. If we confirm unauthorized activity, let the credit bureaus know.

• Equifax-Call 800-525-6285 or visit equifax.com, or write P.O. Box 740250, Atlanta, GA 30374

• Experian-Call 888-397-3742 or visit experian.com, or write P.O. Box 9556, Allen, TX 75013

• TransUnion-Call 800-680-7289, or visit transunion.com, or write P.O. Box 6790, Fullerton, CA 92634

1. After contacting the credit bureaus, notify the appropriate government agency. Go to FTC.gov for additional consumer resources and to report identity theft

Resources

• Go to org and review the STOP. THINK. CONNECT.™ cybersecurity educational campaign

• Visit gov, also a part of the STOP.THINK. CONNECT.™ campaign, that focuses on online security for kids and includes a blog on current cyber trends

• Visit https://www.fbi.gov/scams-safety/fraud to learn more about common fraud schemes

Report a Cybercrime:

• Forward suspicious emails to: nophishing@cbbb.bbb.org

• Visit identitytheft.gov to report identity theft and to get a recovery plan

• Go to gov for additional consumer resources and to report identity theft

• http://www.ic3.gov/default.aspx is another website where you can file cybercrime complaints