Have Your Been Pwned?
June 7, 2019 - During nearly 35 years in financial services, I’ve seen a lot of great changes for the better: improved investment selections, faster technology, lower fund fees. There also have been a few changes for the worse, including the rise of online financial fraud.
While financial fraud has been around long before it went online, it’s now so rampant that my office can no longer accept clients’ emailed fund requests without strong, additional verification. It’s too easy for an imposter to hack into our clients’ email accounts and pose as them.
They’re getting increasingly sneaky about it, too. If a fraudster hacks into your email account, they’ll read through it, looking for conversations you’ve had with your advisor. Then they’ll reach out to us and pick up right where you left off, referencing your kid’s name, or a recent vacation you took before requesting a money transfer. Since the account has been hacked, we can’t simply reply and ask if it’s really you. The fraudster will assure us all is well.
How can you avoid this unsavory scenario? Your email address is hard to hide or change, but if you haven’t changed your password in a while, go to it.
This is especially important if you’ve ever been “pwned.” You can check here to see if you have: https://haveibeenpwned.com/.
Rhyming with “owned,” this tech-slang term means a hacker has gained access to your email address or (worse) your password. Given how many huge, infamous breaches have happened, odds are, your email address already has been pwned. That’s worrisome, although not as bad as your password being pwned. Either way – really – go change your password before you finish reading this sentence.
OK, welcome back from that. Now, note that being pwned does not necessarily mean your account has actually been hacked, but it does mean your information is probably floating around out there, at risk. So, while I don’t suggest you panic, I do urge you to regularly change your email password as a best practice for staying one step ahead of a fraudster. Think of it as you pwning them.
Written by John A. Frisch, CPA/PFS, CFP®, AIF®, PPC®