Archive for Cybersecurity

Monitoring, Alerting, Locking, or Freezing: what to do after the Equifax breach

Cybersecurity, Financial Planningon September 14th, 20171 Comment


We’re writing once again with one more round of information on securing your identity online, this time we’d like to talk about “freezing” or “locking” your credit reports. This is different from filing a Fraud Alert, which is added to your record for 90 days and signals to lenders that they should obtain additional proof of your identity before extending credit. If you file a Fraud Alert with one of the three credit bureaus, they are required to share that with the other two. The process is free but, again, you have to renew it every 90 days (IdentityForce has a reminder function if you go this route).

If you instead freeze or lock your credit record, it cannot be viewed except by companies that have already extended credit to you and it remains frozen/locked until you unfreeze/unlock it. You must do this individually with each of the three credit bureaus. The credit bureaus are allowed to charge you each time you freeze or unfreeze your record, typically $10.  We have just finished locking or freezing my record with each of the three bureaus and wanted to share the experience in case you choose to take this extra step.

If you signed up for the free TrustedID service from Equifax, you have the ability to lock your credit report from the online dashboard. Here is the link to enroll in TrustedID if you haven’t already done so: https://trustedidpremier.com/consumer-registration/html/personal-info.html   If you do not wish to sign up for TrustedID, here is the link to put a security freeze on your credit record (we did not choose this option, but believe they will charge you $10 to do this): https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Transunion will allow you to freeze your record but also offers a free service, TrueIdentity, which gives you the ability to lock and unlock your record whenever you like. The process was easy to complete, though it did involve several steps to confirm my identity. Here is the link: https://www.transunion.com/product/trueidentity-free-identity-protection

Experian does not offer a free service, but will allow you to put a security freeze on your credit report online for $10. Again, this was easy but required several steps to confirm my identity. As part of the process, you will choose or be given a PIN that you will use to unfreeze your record any time you’re applying for new credit. Here is the link to establish a freeze at Experian: https://www.experian.com/ncaconline/freeze#registration

We continue to believe that monitoring services like IdentityForce are valuable, not least because they monitor your personal information across a wide array of databases beyond the credit bureaus (including the so-called “dark web”), but a credit lock or freeze, while requiring a little extra work, is considered the gold standard in identity protection.

Cyber Spring Cleaning

Cybersecurity, Financial Planning, Yeske Buie Millennialon May 3rd, 2017No Comments

Written By: Lauren Mireles, RP®

With six weeks to go until the first day of summer, there’s still time to complete your spring cleaning projects. A typical list of spring cleaning projects likely includes de-cluttering your living spaces and swapping your winter clothes for a summer variety. But when is the last time you “scrubbed” your digital life? Regular maintenance of your digital devices, profiles, and online identity is key to protecting yourself from the “dirt” of phishers and hackers. Below we offer a cyber spring cleaning checklist to add to your remaining your spring cleaning initiatives.

  1. Review your accounts and make it a habit to proactively check them on a regular basis. Make sure to read your Schwab and other financial account statements each month; once you’ve done so, shred them.
  2. Clean out your old email and empty deleted folders. If you need to keep old messages, move them to an archive. You may also consider unsubscribing from newsletters, email alerts and updates you no longer read. A full list of email best practices can be found here.
  3. Turn on two-factor authentication (2FA) on critical accounts like email, banking and social media. Get the 411 on 2FA here.
  4. Refresh your passwords with a structure that is not easy to guess and keep them in a safe location away from your computer. Make unique passwords for important accounts like email, finance and healthcare. Be sure all relevant devices are password, passcode, or fingerprint protected. This includes devices like your phone, tablet, internet router, and more.
  5. Monitor your credit report for early detection of identity fraud. You can learn more about how to conduct A Careful Review of Your Credit Report here on our website.
  6. Own your online presence by reviewing the privacy and security settings on websites you use to be sure they are set at your comfort level for sharing.
  7. Consider enrolling in IdentityForce’s robust and comprehensive service to rest assured that another set of eyes is proactively working to protect your identity, privacy, and credit.

For more healthy technology habits you can adopt this spring and the rest of this year, we encourage you to explore the following posts:

Don’t Fall For The Imposter

Cybersecurity, Financial Planning, Yeske Buie Millennialon April 5th, 2017No Comments

Written By: Cristin Etheredge, RP®

The Federal Trade Commission (FTC) recently released their annual summary of consumer complaints and consumer protection statistics for 2016. For the first time in the 20 years that the FTC has been keeping records, imposter scams surpassed identity theft among reported consumer complaints. When you combine these two issues, the FTC complaints exceeded 800,000 in 2016.

Imposter scams are situations where a hacker pretends to be someone that they are not. The imposter usually poses as someone you are likely to trust like a government official, bank representative or computer technician; and then they fraudulently seek money.

Statistics show that one of the primary ways fraudsters will likely try to reach you is by telephone. The complaint data that the FTC collected showed 77% of reported fraud was done by phone, 8% by email, 6% through the internet and 3% through postal mail. These scams cost consumers a reported $744.5 million dollars last year, or an average of $1,124 per complaint – and these numbers are only from the fraud that was reported to the FTC.

Despite the rise in reported scams, identity theft complaints dropped by 19% when compared to 2015, and the drop is largely attributed to the public becoming more knowledgeable and diligent with safeguarding their personal information. With that in mind, we share a few of the most common scams that fraudsters are using right now to provide you with ways to safeguard yourself against imposter scams and help ensure that you don’t fall for the imposter.

  • IRS Scam 
    • Fraudsters contact you and claim that you owe money. Typically, imposters will threaten legal action unless you make an immediate payment through a money order, cashier’s check or prepaid debit card. Keep in mind, real IRS agents will always first contact you by postal mail before any other source, and the agency accepts both checks and credit cards. Read more in Tips to Thwart Tax Thieves.
  • Other Government Officials 
    • As more people learned of the fraudulent IRS scams, fraudsters broadened their horizons. Claims have been made that imposters have been posing as any federal government employee to “verify” personal information via phone, including the US Dept. of Health and Human Services. Scammers are able to fake people into believing they are legitimate, because they are able to “spoof” the caller-id to appear legitimate. Common tales that they will say are you’ve ‘won’ a lottery or sweepstakes or that you owe a fake debt. Keep in mind, like the IRS, the federal government will likely contact you via postal mail first, and federal employees will not demand personal information.
  • Tech Support 
    • In these instances, either you get a phone call or a popup on your screen that a problem or security issue with your computer has been “detected”. The scammer’s goal here is to convince you to download malicious software or create a remote session to give them the ability to control the machine. In both of these cases, the fraudster is trying to either steal your data or hold it hostage until you pay a ransom. Keep in mind, legitimate tech support is not going to contact you unless you have previously contacted them about an issue.
  • Can you hear me now? 
    • The phone rings from an unknown number, and the first thing you hear is “Can you hear me now?” These are pre-recorded calls, and the aim is to record your voice saying “yes” and other things that fraudsters could potentially use to obtain money. Do not say anything, just hang up. If your numbers are not currently on the Do Not Call registry, consider adding them. Also consider becoming familiar with blocking unwanted calls. Keep in mind, if you respond to these calls in any way (like pressing 1 to speak to someone), it is likely to lead to more robocalls.
  • Virtual Kidnapping 
    • Using social media as their tool, fraudsters have taken up the task of claiming that they have kidnapped a loved one and demand immediate payment. The FBI calls this virtual kidnapping. This scam has been around for a while, but it recently has resurfaced. Read more from the FTC. Keep in mind, if the call feels real, hang up and get in touch with the relative or friend in question.
  • Grandkid 
    • Fraudsters purchase marketing lists just like large retailers do, but fraudsters use the lists to find vulnerable populations they might be able to exploit. 37% of imposter scam victims last year were over the age of 60, and fraudsters are using tactics like the love of grandchildren to scare their victims. What tends to happen in these scams is a person will receive a call from an unknown number and the person will pretend to be a young relative out of town and in trouble. The caller will plead with the grandparent not to tell anyone and claims that the only way to get out of the bind is to receive a wire transfer. Keep in mind, much like the last section, call or text the grandchild directly (how often are they without their mobile?)!
  • Online Romance
    • While online dating has become commonplace, so has the ability for con-artists to take advantage of those looking for love. Typically what happens in this scenario is that a person a distance away contacts you. Quickly, they become enamored, claiming that you’re the man/woman of their dreams and they would love to meet, BUT… (they are out of town/country, have a sick or dying relative, stationed abroad). Shortly after, requests for money will start. Keep in mind, if you provide cash to someone you have not met yet, often another emergency will require more.

 Tips to Remember

  • Consider how the person on the phone is asking you to pay. 58% of fraud victims last year paid via wire transfer and some fraudsters were able to get their victims to pay with prepaid debit cards (7%), which is difficult to trace or to reimburse victims.
  • If possible, let unknown numbers go to your voicemail. Fraudsters are unlikely to leave you a voicemail. Consider services like Hiya or Nomorobo to have no more “robo calls”.

For more information on these scams, feel free to review the FTC’s entire 104 page report which includes a breakdown by state, complaint type and age of victims.

Behind the Scenes: Client Security

Cybersecurity, Financial Planningon October 19th, 2016No Comments

Written By: Lauren Stansell CFP®

2016-10-18-cyber-securityData and money security are important to everyone! And these days, there’s a new headline about the latest major security breach or hack of personal information far more often than we would like to see. While these breaches do happen, there are many things we can do to do our best to avoid them. We all have a personal responsibility to be smart with our secure information. This includes things like smart security hygiene – using strong passwords that don’t contain personal (read: easy-to-guess) information, resetting our passwords periodically (every three months is a good idea), not making online purchases on unsecure websites, and never sending secure information via unsecure paths (like in the text of an email or on social media), to name a few. It also includes awareness – paying attention to your bank accounts, investment accounts and credit card transactions and reviewing the monthly statements for these accounts for accuracy.

In addition to being smart with our personal information and being aware of our financial activities, we expect those we trust to do the same – bankers, credit card companies, retail stores, and especially financial planners. I’m happy to report that there are many steps we take to protect your information and your money:

Daily Review of Deposits and Withdrawals

First and foremost, we review every deposit and withdrawal to every account every day. That’s right – every single account, every single day. This is an important daily task for us as it allows us to confirm money movement happened as we expected. For example, if we sent a check to Schwab to be deposited, our review of this report will confirm when that deposit actually happens, which then prompts us to invest those funds. Additionally, if a Client requests that we raise cash for a transfer he/she is planning to initiate, we will see the distribution confirmed on this report.

For security purposes, if we see an unusual transaction on this report (for example, one we weren’t expecting or one much larger than usual) we will immediately email or call you, the Client, to confirm its validity. Similarly, if we received an odd or unusual request from a Client (perhaps a suspicious email), we will call to confirm the validity and the Client’s identity before processing any transactions.

Our daily review of this report allows us to remain fully in the loop on money movement into and out of our Client accounts and allows us to jump in immediately if we see something unusual. And, if a fraudulent transaction were to happen, we enact a long list of internal fraud policies to immediately alert the Yeske Buie team and pull in our team at Schwab to rectify the situation. Also, it is important to know that Schwab will cover 100% of any losses in a Schwab account due to unauthorized activity.

Policy to Never Send Secure Data through an Unsecure Method

It is our policy at Yeske Buie to never send sensitive information via unsecure pathways – like typed in the body of an email. It is for this exact reason that we use ShareFile – a software that creates a secure link for every document we need to send to a Client. The links are only valid for one week, limited to four downloads and use 256-bit encryption. This may sound familiar if you’ve completed any Schwab paperwork recently.

It is also our policy to encourage this behavior in Clients and other professionals who work with our Clients, which is why we always offer these secure methods for returning documents with sensitive information included (which can also be found here):

  • Use the secure upload form
  • Fax to +1 (866) 549-4990
  • Send via email with your documents included as password-protected attachments
  • Mail via US Postal Service. Street addresses can be found here.
  • Drop off at either office (we can scan the documents and return originals to you)

Upon receipt of documents including secure information, like a completed Schwab form or copy of your most recent Employer 401(k) statement, we save the documents to our secure server in your Client Folder. And if you uploaded them via the Secure Upload Form, we delete them from that server as soon as they are saved.

Along these same lines, if we are requesting or providing information like a Schwab Account Number, Date of Birth or Social Security Number, we will always call you or request that you call us. It is much more secure to share this information (after confirming the Client’s identity) via phone than it is to share it via typing the information in an email. Once we have that secure information, it is never written down and left sitting on a desk, but always entered into our secure database.

In the event someone sends us secure information via an unsecure pathway (like a regular email attachment without password protection), we’ll save the information then delete the email from our inbox and again from our trash folder. We’ll subsequently follow up with the sender to recommend they do the same.

Information Included on your Client Private Page®

Your Client Private Page® is a shared online workspace where you can see your monthly Portfolio Reports as well as your Financial Planning Reports, Action Items and Billing Statements. And the keyword is that it is private! We never post anything to your Client Private Page® that includes secure information like an account number or Social Security Number. For example, your monthly portfolio reports only include the name(s) of the account holder(s) and type of account – no account number is included, not even the last four digits of the corresponding account. And, furthermore, you must have your specific Client Number and login credentials to access the page.

IdentityForce

One additional thing we do in an effort to keep you, your data and your money as secure as possible, is research and recommend services like IdentityForce. IdentityForce is a service that offers identity protection by monitoring many aspects of your life like:

  1. Your email address – is someone using it to open new accounts?
  2. Your credit – is there an application for new credit using your information?
  3. Your bank accounts – is there unusual activity?

Hopefully the answer to all of the above is always ‘no’. But if you find that you have been the victim of identity theft, IdentityForce will send you an email and text notification and their Restoration Services team is available 24 hours a day to help you resolve any unauthorized use of your information. Click here to read more about IdentityForce and get access to the discount code provided to our Clients.

The moral of the story is: awareness is key. We must always be aware of our surroundings, especially when it comes to the security of our money and personal information. And monitoring things on a regular basis is a great way to stay on top of this. Which is why we here at Yeske Buie find it so important to be the first set of eyes on the security of your money. It’s also why we find it so important to be a constant resource to you – we’re consistently reading and researching the best ways to keep you and your information and money safe. And we act and update our policies appropriately.

We’re always welcoming of your thoughts and we are available to discuss any questions you may have on this topic at any time. To read more on similar topics, see the following articles:

The 411 on 2FA

Cybersecurity, Financial Planning, Yeske Buie Millennialon April 7th, 2016No Comments

Written By: Lauren Mireles, RP® 

Internet SecurityVisualize the following morning sequence. While enjoying your first cup of coffee, you catch up on yesterday’s news and events by logging into your Facebook and Twitter accounts, various news sites, and your email accounts. Once the coffee kicks in, you realize that several bills are due today, so you log into one or more utility accounts, credit card accounts, or other retail accounts. During your drive to work, you access your Pandora, Spotify, or other music streaming account, and you arrive at your desk and log into your computer, cloud accounts, databases, and other domains. It’s not even 10am and you’ve logged into over a dozen different online accounts! Now consider how many times you enter your username and password into various online accounts every single day.

The convenience of digital accounts is unquestionable. However, with the growing number of websites with whom we share our personal information, it is vital to take extra caution in keeping your personal information safe from hackers and phishers. While it may be obvious to take extra precaution for your banking and finance accounts, many are surprised to learn that sophisticated hackers can take over your entire digital life by simply gaining access to your email account.

So what can you do to help keep your information safe? One way to drastically reduce the risk of online identity theft is by using two factor authentication, also referred to as 2FA or two-step verification. With two factor authentication, a user is required to enter two means of identification to access an online account. Simply shown in the image below, two factor authentication asks you to provide something you know (i.e. your password) plus something you have (i.e. a mobile phone or encryption card/fob) as a means of ensuring you are authorized to access the personal information.

2FA

Let’s explore this further. When you enter your password into a website, you are using one single factor to access an account. With two factor authentication, however, a second identification code is provided to you via text message, phone call, or email, or accessed using a physical card or fob. As a result, a hacker trying to access an account set-up with two factor authentication would need to have your cell phone or physical card in addition to the password in order to successfully access your account. Before you worry that this second factor will cause you too much inconvenience, know that you are only required to enter the second factor when accessing your accounts from a device that you have not previously used.

The best place to start with two factor authentication is with your email accounts. Nearly every major email provider supports two factor authentication. Here you can find instructions to protect your AOL, Gmail, Outlook, and Yahoo accounts. If you are interested in learning more about other websites that support two factor authentication, we encourage you to check out TwoFactoryAuth.org for a comprehensive list of sites that do and do not support extra protection measures and instructions for setting up two factor authentication where applicable.

The time it takes to set-up two factor authentication is minimal but the impact it can have on protecting your accounts is significant. If you have any questions about two factor authentication or protecting your digital accounts, please do not hesitate to reach out to us.

RELATED:

Tips to Thwart Tax Thieves

Cybersecurity, Financial Planning, Yeske Buie Millennialon February 26th, 2016No Comments

Written By: Cristin Etheredge, RP®

Tax ReturnProtecting your identity and your taxes can feel like an uphill battle. Each year around this time, we like to share reminders of best practices to keep your identity safe as awareness is a key component to protecting your identity. Typically, tax season brings about a surge of attempts for scammers and identity thieves to phish for your personal information. As such, the IRS publishes an annual list of “Dirty Dozen” tax scams that the agency has seen and anticipates to see that include email phishing, phone calls, and unscrupulous tax preparers.

Below you will find some practical and simple tips to help you in protecting your taxes and overall identity.

IRS Tips to Protect Yourself from Tax Fraud

Here are seven tips directly from the IRS website that can help you to minimize your risk of becoming a victim of tax fraud:

  • Don’t give a business your Social Security Number just because they ask. Give it only when required.
  • Protect your financial information.
  • Check your credit report every 12 months.
  • Secure personal information in your home.
  • Protect your personal computers by using firewalls, anti-spam/virus software, update security patches, and change passwords for Internet accounts.
  • Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.

Additional Ways to Protect Yourself

  • The IRS will never call your home without mailing you a notice first, call to demand immediate payment, or require you to use a specific payment method (such as an electronic check). If you receive a call that involves any of these tactics, hang up and report the call to the Treasury Inspector General for Tax Administration.
  • Be suspicious of any mail purporting to be from the IRS that demands immediate payment by calling a certain phone number and giving bank account or credit card information. If there’s a legitimate issue with your taxes, the IRS will always give you the opportunity to dispute the claim.
  • If you are ever unsure if a printed notice that you receive is actually from the IRS, you can call the agency’s toll-free number to confirm: 800-829-1040.
  • Never trust an email or text that claims to be from the IRS as the agency does not contact taxpayers through either of these communication methods.
  • Remember that scammers rely on scare tactics to get information. If you receive emails claiming to be the IRS informing you that there are rejected tax forms or impending checking account deductions, ignore the email.
  • The official address of the IRS website is irs.gov. Use caution if the domain displayed in the email or website claims to be IRS related but ends in .com, .net, .org, or other domain suffix.
  • The IRS does not offer web-based products to the general public, only for tax preparers. If you encounter an ad for IRS products that allow you to file your personal taxes, avoid it.

In addition to occurrences relating to your federal taxes, tax fraud can also affect your state filings, and states have also increased their protection of residents by increasing security. We’ve included references for both California and Virginia in this post, but please contact us if you would like the information for any other states tax fraud features.

Recovering from any type of identity theft can be a long and frustrating process. If you haven’t considered an identity protection service, we feel that the investment can help with potential future stress. Identity protection services cannot stop identity theft from happening, but they can help you identify the theft quicker and assist you in restoring your identity. While it is unfortunate that identity theft is becoming common, the increase in theft also means that more companies have processes in place to handle the situation as quickly as possible.

For more information about overall identity protection, please see the Federal Trade Commission’s one-stop resource for identity theft victims which provides a step-by-step guide to help users through reporting identity theft and creating an action plan for resolution.

RELATED:

A Careful Review of Your Credit Report

Cybersecurity, Financial Planning, Yeske Buie Millennialon October 8th, 2015No Comments

Written By: Sabina Smailhodzic

Credit ReportReady or not, the Holiday Season is just around the corner and ‘Tis the Season’ of giving and receiving. For some, however, tis simply the final Season of taking your personal information. During the holidays, you may be more susceptible to identity theft for a variety of reasons including increased use of your credit cards, more crowds that allow pickpockets to hide, and online shopping on ‘bargain’ sites that you may not normally use. According to the 2015 Identity Fraud Study released by Javelin Strategy & Research, there were 12.7 million victims of identity fraud in 2014 or a new victim every two seconds. And although you may not partake in these activities, even the most careful consumers can fall victim to identity fraud. With that said, one way you can help keep yourself safe from these holiday grinches is to monitor your credit report regularly for early detection of identity fraud. Below, we offer tips and information on how to obtain, review, and correct your credit report so you have one less thing to worry about this holiday season.

Firstly, we need to establish what you can find in your credit report. A credit report is a summary of your financial history and provides a wealth of information. The first piece of information a credit report provides is a summary of all your credit accounts, from credit cards to mortgages and everything in between. This includes opening date, credit limit or loan amount, balance, and payment history. The second piece of information a credit report provides is about credit inquiries by creditors, whether soft (when you get pre-approved for a line of credit) or hard (when you apply for a line of credit and the creditor pulls your credit report). The third piece of information a credit report provides is public record and collection information. This can include judgments, bankruptcies, and even unpaid parking tickets. All of this information is used to calculate your credit score, the three digit number used to determine your credit worthiness, which we all know is extremely important in determining whether or not a creditor will lend you money and at what rate.

Needless to say, we highly recommend that you monitor your credit report. Although doing so will not prevent identity fraud, it is one of the best ways to detect fraud early on, providing you the opportunity to take appropriate action before the situation gets out of control. And yes, we will share with you another way to detect identity fraud early on, one we highly recommend to all clients.

First, obtain your credit report. Thanks to federal law, you can obtain a free credit report from each of the three national credit reporting bureaus (Equifax, Experian, and TransUnion) annually. Take advantage of this! You can request a credit report either directly through the bureaus or via annualcreditreport.com. Note that there are numerous websites that charge for credit reports – avoid them.

Second, review your credit report. As you do, answer the following questions:

  • Is your personal information accurate?
  • Do you recognize the accounts?
  • Is the following accurate for each account?
    • Opening date?
    • Credit limit or loan amount?
    • Balance?
    • Payment history?
  • Do you recognize the hard credit inquiries? Don’t worry about the soft credit inquiries as you cannot control them and they do not impact your credit.
  • Are the public records accurate?
  • Is the collection information accurate?

Third, if you answered no to any of the above questions, you need to dispute the incorrect information. You can do so in several ways. One way is to go directly to the source. Another way is to file a dispute with one of the credit bureaus. You can do so online, by telephone, or by mail. By law, the credit bureau must investigate your dispute within 30 to 45 days and inform you of the outcome. Depending on the urgency of the dispute, it may be best to file a dispute with each of the credit bureaus, as it can take several months for the corrected information to be reported to the other credit bureaus, assuming that the information on the credit report is inaccurate. In the unfortunate event that the negative information on the credit report is accurate, you have the option of adding a statement of explanation to your file, explaining the nature of the dispute, for free.

In addition to obtaining, monitoring, and disputing errors on your credit report three times a year, we encourage you to enroll in around-the-clock credit monitoring. When it comes to identity fraud, speed is everything; the sooner you learn of identity fraud, the sooner you can take appropriate action to rectify your identity. We highly recommend IdentityForce, a leading provider of proactive identity, privacy, and credit protection with over 35 years of experience, to all of our clients. With an IdentityForce account, you will receive real time identity and credit report monitoring, instant alerts when suspicious activity is detected, reports of all your personal information that is made public on the internet, anti-keylogging and anti-phishing software to protect you against malware and phishing sites, and more. We encourage you to learn more about IdentityForce and consider enrolling at Yeske Buie’s negotiated rate. Consider this a pre-Holiday season gift to yourself that keeps on giving!

RELATED:

Healthy Technology Habits

Cybersecurity, Financial Planning, Yeske Buie Millennial, Yusuf Abugideirion July 16th, 2015No Comments

Written By: Yusuf Abugideiri, CFP®

Identity protection has never been a hotter topic, and it seems as if securing your identity is growing more challenging by the day. Hackers, phishers, and identity thieves continue to find new ways to cause security breaches and infiltrate people’s databases, email and financial accounts. As news of identity theft and security breaches continue to fill the headlines, you may be asking yourself: “What can I do to guard against identity theft? What does Yeske Buie do for me to guard against identity theft?” As we’ve said in this space before, one of the best defenses is a good offense and there are several habits that you can practice to keep your identity safe. We’ve listed a few of those habits below:

  • Review Your Accounts
    • What can you do? Proactively review your accounts on a regular basis and make sure to read your Schwab and other financial account statements each month; once you’ve done so, shred them.
    • What does Yeske Buie do? Yeske Buie monitors all deposits to and withdrawals from all of our Clients’ accounts daily.
  • Keep Your Passwords Safe
    • What can you do? Keep your passwords in a safe location and structure them so that they’re not easy to guess; for tips, check out either of these sites: Tips for Strong, Secure Passwords or Create Strong Passwords.
    • What does Yeske Buie do? All Yeske Buie team members are required to change their passwords periodically to ensure they remain strong and confidential. Additionally, we have policies regarding characters and sequences the password should and should not contain and we never reuse a password that we have used in the past.
  • Follow Healthy Email Protocols
    • What can you do? Read all of your emails carefully, but make sure to be extra cautious before replying to requests that seem out of the ordinary in any way; for more information about preventing phishers from taking advantage of you, see this website: Phishing: Frequently Asked Questions. Also, you should never send personal information to anyone via email without ensuring it is securely protected: when sending information to Yeske Buie, we suggest you use one of these methods.
    • What does Yeske Buie do? Yeske Buie always secures all personal information sent through email including paperwork, questionnaires, and requested statements using ShareFile. With ShareFile, all documents are sent via a secure link that expires after one week and uses a 256-bit encryption. If we receive any personal information that is not protected, we will save the information and then delete the email from our inbox as well as our deleted folder. We will recommend that the sender follow the same process.
  • Practice Responsible Use of Mobile Devices
    • What can you do? Avoid unencrypted public wireless networks at all costs. If the Wi-Fi network does not require login information to access the network, that suggests that anyone, including phishers, can access them as well. We also suggest maintaining a strong password and changing the password at least every six months and reviewing the security settings on the phone to help ensure your data is secure.
    • What does Yeske Buie do? When a Yeske Buie staff member has established access to the company’s systems enabling them to send and receive work-related email messages and conduct other company business on a mobile device, the devices are configured to be wiped clean of all personal information remotely if they are lost or stolen. We also keep these devices locked with a secure password and the device software is always kept current.

With the ocean of information available online, however, you shouldn’t hesitate to call in reinforcements to help safeguard your identity. We recommend using IdentityForce – each team member at YeBu is enrolled in their robust and comprehensive service, and you can subscribe with a discount through Yeske Buie by clicking here. Among a long list of other features, IdentityForce offers daily monitoring of all three of your credit reports, instant notifications when your personal information is being misused, and 24/7 fully-managed restoration services from their Certified Protection Experts.

If you find yourself to be the victim of identity theft or a security breach that could lead to your personal information being misused, we recommend navigating to the Federal Trade Commission’s site for a comprehensive list of what to do next. Additionally, we ask that you notify us immediately so we can ensure your accounts are secured. We place our entire team on high alert regarding all of your accounts as soon as we’re aware of fraudulent activity or receive suspicious communication and we make sure to alert Schwab of the breach immediately – any fraudulent transactions that Schwab processes are 100% reimbursed. It’s a good idea to have Schwab’s fraud investigation hotline – (877) 566-7984 –  handy in the event you’re unable to reach us right away (ex. late in the evening or on a weekend).

While we don’t anticipate this problem fading away anytime soon, we’re confident that using a multifaceted strategy to combat identity theft is the best approach to securing your information. For more on what you can do to protect your identity, feel free to peruse the following articles we’ve written on the topic:

Phishing Season is Here

Cybersecurity, Financial Planningon February 25th, 20152 Comments

Online Fraud ConceptAs if coming to terms with our annual obligations to Uncle Sam isn’t stressful enough, tax time is also prime “phishing” season for scammers and identity thieves.  Phishing is an attempt to fool someone into revealing sensitive personal or corporate information by “masquerading as a trustworthy entity,” according to Wikipedia.  And as Michelle Singletary reported in the Washington Post last week (‘Tis the Season: How to spot a tax scam), phone fraud is one of the fraudsters most favored tactic:

These calls can be frightening, which is why people fall for them. In its annual list of “Dirty Dozen” tax scams, the IRS said threatening and aggressive phone calls by someone impersonating an IRS agent remain in the top spot. Callers often tell people that they will be arrested, deported or subject to other legal actions if they don’t send the money immediately.

Dave has himself received a number of these fraudulent voicemails recently on his home phone and we’ve shared it here for your general edification and amusement: Click to Play the Tax Scam Voicemail.

Singletary, meanwhile, goes on to give some good advice for anyone who receives a similar call:

I’ve instituted a rule to not believe any unsolicited communications from strangers. Caller ID can be manipulated to appear legit. So when I get a call, I tell the person that I’ll independently find a number for the business or agency and call right back. Almost every time, the person hangs up on me. In the few other cases, he or she tries to give me a number. But no, I don’t fall for that. I repeat that I’ll look for the number myself.

The important thing to remember is that, however scary the IRS may seem, they do not make threatening phone calls and do not demand your personal or financial information over the phone.

As always, you should also be cautious about clicking on links in emails purporting to come from the IRS and should never reply with personal or financial information.

Additional Resources

Your Identity: A Force to be Reckoned With

Cybersecurity, Financial Planningon May 2nd, 2014No Comments

Despite the many benefits of technology, it’s clear that there’s a dark side to living in a wired world. A January 2014 report from Pew Research Center’s Internet Project found that 18% of adults with internet exposure have had important personal information stolen; an increase of 7% from the same report in July 2013. Additionally, the recent discovery of the ‘Heartbleed’ bug has many questioning the security of their personal information. However despite the scares,  none of us wants to give up the conveniences that come from managing parts of our life electronically. The key to protecting your identity and personal information is to have as many safeguards in place as possible and to practice good computer “hygiene.”

With a strong desire to keep our Clients protected, Yeske Buie is excited to announce our new agreement with IdentityForce. IdentityForce, a service division of Bearak Reports, is a leading provider of proactive identity, privacy, and credit protection with over 35 years of experience. With an IdentityForce account, you will receive constant identity and credit report monitoring, instant alerts on suspicious activity, reports of all your personal information that is made public on the internet, anti-keylogging and anti-phishing software to protect you against malware and phishing sites, and more.

IdentityForce offers two packages: UltraSecure and UltraSecure + Credit. We recommend the UltraSecure + Credit package as we feel it is the best way to keep your identity protected.

UltraSecure UltraSecure + Credit
Monitoring of your personal information in over four ways Everything from UltraSecure, plus

  • Daily 3-Bureau Credit Monitoring
  • Quarterly 3-Bureau credit reports
  • Quarterly 3-Bureau credit scores
  • Monthly credit score tracker

 

Important Note: all of the credit monitoring and reporting counts as a “soft pull” and will not adversely affect your credit score.

Instant notification when IdentityForce determines your identity may be at risk
Medical ID Fraud Protection (Medical ID Fraud is on the rise)
Exclusive “Delete Now” feature, which allows you to take control of your online personal data that violates your privacy
ChildWatch optional add-on service
24/7 fully-managed restoration services from their Certified Protection Experts if your identity is stolen
Backing by a nation-wide $1 million insurance policy
Annual Yeske Buie negotiated cost: $99.50
(MSRP $179.95)
Annual Yeske Buie negotiated cost: $169.50   (MSRP $239.50)

 

arrow
 Sign up for IdentityForce now

“Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, Who am I to be brilliant, gorgeous, talented, fabulous? Actually, who are you not to be? Your playing small does not serve the world. There is nothing enlightened about shrinking so that others won't feel insecure around you. We are all meant to shine. And as we let our own light shine, we unconsciously give others permission to do the same. As we are liberated from our own fear, our presence automatically liberates others.” ~Marianne Williamson