What Do Financial Scams Look Like in 2020?
The Boogeyman is very real... in the virtual world
When I was growing up in Western Massachusetts, I remember one evening sitting around a campfire listening to the adults tell ghost stories. I was so scared that I spent the night quivering in fear in my tent with my flashlight on waiting for the Boogeyman to come for me. The purpose of this missive is to inform you that the Boogeyman is very real. He lurks in the darkest space of the Internet and lays traps to lure his victims. He is the purest form of evil and his sole objective is to take everything you have – your worldly possessions, your money, your identity…your very soul.
I wish I was being overly dramatic, but, unfortunately, I am not. The scope and sophistication of cybercriminals is beyond scary and consumers should no longer casually dismiss the threat as a low probability event. I see examples of it nearly every day in the form of phishing scams that come through my inbox and I am increasingly hearing from clients who have been victimized.
To make the threat tangible I will share two examples in the past month involving extortion attempts from what I am told are organized crime syndicates based outside the united states. One targeted an FPH client and one targeted me.
Example 1
A client of mine who does a fair amount of business internationally received an official looking message from what appeared to be Interpol indicating that he had been linked to an organized crime syndicate. The email contained detailed information about his financial transactions including credit card accounts that he had and passwords he had used.
The message informed him that he was under investigation and that an international warrant for his arrest had been issued. The message did not ask for money, but rather instructed him to call a phone number that had been provided.
The email caught my client off-guard and he was compelled to call the number in order to be read the terms of warrant and to make arrangements for his interrogation. He spent more than an hour on the phone being bounced from person to person with each interrogating him and sharing more personal information that they had on him and eventually demanding payment to avoid prosecution. My client was so shaken that he walked into his attorney’s office unannounced and handed the phone to him – at which time the scammers hung up.
This client is no rube. He is an experienced, sophisticated international businessman, but what made him almost fall for this scam – aside from how convincing the scammers were on the phone - was the depth of the detailed information they had on him. Our best guess is that the source of this data was the Equifax hack and that the data had been usurped by an organized crime syndicate somewhere in Russia.
Example 2
A few weeks ago, I received an email from an anonymous sender informing me that malware had been planted on my PC and had been active for months. The sender informed me that included in the data gathered were compromising photos and videos of me, and that if I did not deliver 150,000 Bitcoin (roughly $2.5 million!), those videos and photos would be sent to my entire email contact list, including most of the recipients of this newsletter! Given that I was pretty darn sure the videos and photos alluded to in the email did not exist, I knew it was a scam, but what got my attention was that the sender offered up a unique password I had used as proof that he had access to my data.
Fortunately, Google has a background application that keeps track of data breaches at sites that its users log into from Chrome. When I logged into my Google account, I saw notices for security breaches at BestBuy, Netflix, and a few other sites. The password that the email sender had provided was unique to my BestBuy account.
Since we have a great responsibility to protect client data, I checked with the provider of our cybersecurity platform who confirmed that our devices are free from malware and continued to be monitored regularly for breeches.
An important lesson to be learned from this is that no matter how careful you have been, through no fault of your own, every scrap of your personal information including your name, address, phone numbers, social security number, birthdate, financial data, and passwords is very likely already available for exploitation by criminals on the Dark Web due to hacking and security breaches at third parties such as Equifax, BestBuy and scores of other companies and financial institutions.
As scary as that threat is, we continue to be under attack from phishing scams, and the level of sophistication of these scams is such that it is difficult to justify ever opening a link directly from email. As an example, I recently fell for a notice that appeared to be from the Financial Industry Regulatory Authority (FINRA) [SEE Fake FINRA Survey is a Phishing Scam]. Fortunately, our security platform detected and quarantined the threat. Other examples of fiendishly clever spoofs include malware planted in “unsubscribe” and captcha links.
If you are not scared enough already, read the following articles:
Google and Amazon are the Most Impersonated Brands in Phishing Scams
Beware of MS Teams Fake Update Ransomware
Microsoft Office 365: This targeted phishing campaign uses an odd trick to stay hidden
Latest phishing scam sends fake emails from Microsoft
BBB Warns of New Phishing Scam Targeting Apple Users
Gone are the days when phishing emails could easily be detected by looking for questionable file extensions on attachments, bad grammar in the body of an email, or a cloaked email address. Per the examples above, phishing scams are now often undetectable by even the most wary and sophisticated sets of eyes. Today, Advance Persistent Threat (APT) actors present an almost indefensible threat. As Honolulu-based cybersecurity expert Atilla Seress noted in a recent email, “The Internet is broken.”
I am not a security expert. My only advice to all FPH clients is to manage your passwords carefully, frequently change them, do not open links directly from email, subscribe to great anti-malware services, and please, please, please stop sending sensitive account and banking information to our office via unsecure email!
John H. Robinson is the founder of Financial Planning Hawaii and a co-founder of software maker, Nest Egg Guru
DISCLOSURES: Securities offered through J.W. Cole Financial, Inc. (JWC) member FINRA/SIPC. Advisory services offered through Financial Planning Hawaii and J.W. Cole Advisors, Inc. (JWCA). Financial Planning Hawaii and JWC/JWCA are unaffiliated entities.
Fee-only financial planning services are provided through Financial Planning Hawaii, Inc, a separate Registered Investment Advisory firm. Financial Planning Hawaii does not take custody of client assets nor do its advisers take discretionary authority over client accounts.
The information contained herein is general in nature. Neither Financial Planning Hawaii nor J.W. Cole provides client-specific tax or legal advice. All readers should consult with their tax and/or legal advisors for such guidance in advance of making investment or financial planning decisions with tax or legal implications.