Archive for Cybersecurity

Data Breaches Aren’t Going Away: What You Need to Know

Cybersecurityon March 7th, 2019Comments Off on Data Breaches Aren’t Going Away: What You Need to Know

Written By: Alishia DuBois

Let’s play a game: Facebook, Google+, Quora, MyFitnessPal, British Airways, Ticketmaster, Marriott… what do all of these names have in common? Two words – data breaches. These are just a handful of companies that had to notify their customers that their data may have been compromised and personal information may have been affected in 2018.

It seems like every few weeks we hear of a well-known company announcing a breach of data in their system, which can cause us to frantically probe through hundreds of old emails to determine if we have a dormant account lying around that we may or may not have created with them in the past; even if you do have an account that you haven’t used in years, chances are you probably had to supply personal information during the initial sign up, and, if you never deactivated the account, consider yourself a potential part of the victim pool.

So, what exactly is a data breach? According to Trend Micro, a data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A data breach differs from data “exposures”, which happen when information that should have been secure was accessible, but was not necessarily hacked or stolen. The targets of these breaches are usually either:

  • Institutions that people choose to entrust with their data (think banks or retailers), and,
  • Organizations that acquired user data secondarily (entities like credit bureaus or marketing firms).

Data of interest to phishers and hackers usually involves sensitive, proprietary, or confidential information such as credit card numbers, customer data, and/or information linked to your financial accounts. Certain types of data are more favorable to exploit than others, such as financial information (quantitative material like credit card or routing numbers) or data utilized to commit identity theft, which can yield detrimental and long-lasting consequences.

With access to this data, these hackers – thieves – can drain you of your money, wreck your credit, or open digital accounts in your name if they successfully breach your data. This is why we at Yeske Buie take our commitment to protecting confidential data very seriously. Along with our in-house security experts, cybersecurity vendor, regular trainings, and encrypted servers, we use precautionary measures including anti-keylogging software, which immobilizes hidden keystroke logger software that could have been downloaded onto a computer. Additionally, we will never relay any sensitive material through online communication platforms, and require identity verification before sharing personal information over the phone. We’ve also partnered with IdentityForce to provide discounts on memberships which provide access to ongoing credit and banking monitoring, rapid alerts, and recovery services to help protect against identity theft.

So, what can you do to avoid being a victim of a data breach? Long story short, there is no end-all-be-all answer. As technology advances and the transition to digital platforms becomes more and more apparent, hackers and data breaches are universally inevitable – it comes with the territory of being connected with technology. Nevertheless, it is critical to be informed, practice healthy technology habits, and have sufficient protection measures in place to help minimize the effects of a breach.

Below are a few resources to help you stay informed and practice safe technology habits:


The Ins and Outs of Identity Theft

Cybersecurity, Financial Planningon August 7th, 2018No Comments

Written By: Ryan Rasmussen

August is Fraud Awareness Month – the perfect time to spark conversations about how vital fraud prevention is to you personally and to society as a whole. In late 2017, the credit monitoring service Equifax experienced a significant data breach. After all was said and done, 147.9 million consumers were affected, most having their Social Security Number revealed. This rupture of sensitive data has put consumers at a heightened risk for identity theft.

According to a 2018 survey by The Harris Poll, approximately 60 million Americans have been victims of identity theft. That same survey indicates nearly 15 million consumers experienced identity theft in 2017. With data breaches and phishing attacks becoming more and more common, the question on many of our Client’s minds is: what can we do to protect ourselves? In this space, we share information from industry experts on the methods that identity thieves use to steal your personal information and what you can do to make yourself a less attractive target.

How do identity thieves obtain your personal information?

Identity thieves continue to grow stronger at stealing sensitive data such as Social Security Numbers, driver’s licenses, birth dates, and credit card information. Once they have your information, they can apply for credit cards, open bank accounts, drain bank accounts, take out loans, file tax returns, apply for government benefits, and/or receive medical services. These actions can destroy your credit, cost ample amounts of money, and take countless hours to make your life whole again.

Below are the top methods identity thieves utilize to get ahold of your information according to the Center for Identity Management and Information Protection:

  • Data breaches: Major organizations are big targets for thieves because they hold massive amounts of consumer data. When data leaks from these organizations, the damage is extensive and affects millions of consumers.
  • Phishing: Scammers often use emails, telephone calls, or text messages to fool consumers into providing personal information by pretending to be someone you trust, such as a bank, the IRS, or major retailer.
  • Hacking: Computers and smartphones are at risk of being hacked. Cybercriminals can install malware that uses keyloggers and screenloggers to record your keyboard strokes and the sites you visit leaving your app logins and website passwords vulnerable.
  • Dumpster Diving: Yes, you read that right – thieves look through garbage to find bills, checks, receipts, and credit card offers containing personal information.

How can I make myself a less attractive target?

Being proactive and staying informed are great ways to stay protected against fraud. Below are twelve proactive tips to help you fight identity thieves as shared by The Federal Trade Commission and

  1. Credit Freeze or Lock: Credit locking or freezing is considered the gold star in Identity Protection. As of September 21, 2018, there is no cost to freeze or unfreeze your credit file. When your credit is frozen, only the companies that have extended credit to you can view your credit.
  2. Establishing Fraud Alerts: A fraud alert notifies creditors to contact you to confirm your identity before opening new accounts. To establish fraud alerts, simply call any one of the three major credit bureaus listed below. As soon as one credit bureaus confirms your fraud alert, the others are notified to place fraud alerts, as well. These alerts are good for one year at which time they can be renewed again.
  3. Enroll in a Credit Monitoring Service: Credit monitoring services, such as IdentityForce, are great resources because they monitor your personal information in areas beyond the credit bureaus and notify you if your information is being misused.
  4. Review Your Credit Report: Reviewing your credit report ensures the information on file with the credit bureaus is accurate. Since you’re entitled to one free credit report every year from each of the three major credit reporting bureaus, request one report every four months to monitor your information throughout the entire year. To request yours, visit Identity monitoring services, like IdentityForce, also often provide credit monitoring services that can help you keep on top of your credit scores in between reviewing any reports.
  5. Opt Out from Receiving Pre-Approved Credit Offers: Identity thieves snatch intercept new credit card offers sent via mail. To discontinue the delivery of pre-approved credit cards, you must opt out of prescreened offers. To do this, call (888) 567-8688 or go online at
  6. Use a Shredder: It is the best practice to shred documents with sensitive information in them before throwing them out. If you don’t have immediate access to a shredder, you can sometimes find community shredding events in your local area.
  7. Don’t Download Unknown Software:  Avoid opening unknown attachments or using software downloads from unknown websites. These programs may include spyware or malware which act as a portal for phishers and hackers to take your information.
  8. Be Aware of Common Phishing Techniques: Watch out for emails, links, texts, phone calls or mail asking for your personal information. Never give personal information to people who contact you and ask for it.
  9. Password Protection: The most recent reports on best practices for passwords is simple – the longer the better. At Yeske Buie, it is our policy to use passwords that are 18 or more characters. Additionally, Two-Factor Authentication is a great way for implementing another security “hurdle” for phishers and hackers to have to jump over in order to obtain your information. These password management strategies can make it more difficult for hackers to crack your online account passwords and therefore make you a less desirable target.
  10. Practice Browser Safety Habits: Using encrypted sites with “https” in the URL is more secure than browsing non-encrypted sites. Be aware of the differences and take extra precaution when using non-encrypted sites.
  11. Limit Social Media Data: Don’t leave personal details, such as your birthday, place of birth, family members’ full names or addresses on your social media. Strengthen your privacy settings and be cautious about whom you accept as a connection.
  12. Secure Your Phone: Lock your phone with a password or fingerprint, turn off Bluetooth when you’re not using it, and be wary when connecting to a public Wi-Fi, and be cautious when downloading apps which could contain malware.

If you have an identity protection service, such as IdentityForce, contact them immediately to notify them and get them working on your case. We also encourage you to contact us if you learn that your information has been stolen so that we can act as an additional layer of security by monitoring your accounts for suspicious activity – as we like to say, we want to be your first call!

When it comes to the theft of personal information, the sooner you detect a problem, the sooner it can be fixed. A combination of awareness and prevention is the best way to protect yourself against identity theft. And finally, rest assured that we at Yeske Buie are always researching industry best practices and training our team so that we are doing our part in keeping your information safe.

Protecting Your Digital Identity

Cybersecurityon November 29th, 2017No Comments

Written By: Lauren Mireles, FPQPTM

Since 2014, the Yeske Buie team has been personally using and recommending IdentityForce for their identity theft protection services. IdentityForce is a leading provider of proactive identity, privacy, and credit protection with over 35 years of experience. With an IdentityForce account, you receive constant identity and credit report monitoring, instant alerts on suspicious activity, reports of all your personal information that is made public on the internet, anti-keylogging and anti-phishing software to protect you against malware and phishing sites, and more. Recently, IdentityForce has added a new feature to their services – Social Media Identity Monitoring. If you have an IdentityForce account, this feature is now available as part of your membership, at no additional charge. In this space, we share more about the importance of social media identity monitoring and what IdentityForce’s new feature can do to protect your accounts.


Why is Social Media Identity Monitoring Important?

Protecting and monitoring your social media accounts may not feel like a high priority compared to protecting and monitoring your credit score or personal identifying information. However, experts like IdentityForce have found that social networks are a major access point for hackers on the Dark Web who are looking to buy and sell your personal information. As IdentityForce shares, “These hackers can gain access to a treasure trove of personal information that can be used to steal your identity and even fool your friends and family with scams to clean out bank and investment accounts. With so much of our world displayed on social media sites, a social hack is an attack on everything you’ve built.”


How Does IdentityForce Protect My Social Media Accounts?

IdentityForce explains their new feature as such:

With our exclusive suite, we monitor your Facebook, Twitter, YouTube, Google+, and Instagram accounts for inappropriate activity and posts that could be perceived as violent, are using profanity or could be categorized as cyberbullying or discriminatory. We’ll also alert you of any social posts that may be flagged as spam, scams, and malware. As a final layer of protection, we’ll notify you of any suspicious activity that could indicate your account was hacked or that someone is impersonating you.

Whether you are interested in monitoring your own social accounts, or those of your children or others within your family, IdentityForce’s Social Media Identity Monitoring Suite includes key features required to take control of your digital identity:

1. Inappropriate Activity | Profanity, drugs, violence, discrimination, or sexually explicit language

2. Hacked Account | Account hackings or an unexpected locked account

3. Imposter Accounts | Monitors for accounts that appear to be impersonating member’s identity

4. Scams | Spam, malware, or phishing scams posted to member’s social media accounts

How Do I Take Advantage of this New Feature?

Getting started is easy! Below are four simple steps to connect your social media accounts:

1. Login to IdentityForce from the desktop PC or laptop (not via mobile app).

2. On your IdentityForce dashboard, scroll to find the “Social Media Monitoring” section. Click the icons to connect any and all of your social media accounts (you can only connect one social media account type per IdentityForce account).3. Confirm your account on the next window by entering your username, password, and allowing IdentityForce permission to view the account activity.

4. Once confirmed, you will see your social media account is now linked to IdentityForce!Members of the Yeske Buie team have already connected their personal social media accounts and found the set-up process to be very user-friendly. If you have any questions about this new feature, about IdentityForce’s services, or anything else, please do not hesitate to contact us.

Monitoring, Alerting, Locking, or Freezing: What to do After the Equifax Breach

Cybersecurity, Financial Planningon September 14th, 20171 Comment

We’re writing once again with one more round of information on securing your identity online, this time we’d like to talk about “freezing” or “locking” your credit reports. This is different from filing a Fraud Alert, which is added to your record for one year and signals to lenders that they should obtain additional proof of your identity before extending credit. If you file a Fraud Alert with one of the three credit bureaus, they are required to share that with the other two. The process is free and, again, you have to renew it every year (IdentityForce has a reminder function if you go this route).

If you instead freeze or lock your credit record, it cannot be viewed except by companies that have already extended credit to you and it remains frozen/locked until you unfreeze/unlock it. You must do this individually with each of the three credit bureaus. As of September 21, 2018, you may freeze and unfreeze your record for free. After the Equifax breach, we decided to lock or freeze our personal records with each of the three bureaus and below, we share our experience to help you know what to expect if you choose to take this extra step with your credit file, as well.

  • Following the breach, Equifax offered a free TrustedID service to lock your credit report from an online dashboard – the free offer expired on June 30, 2018. Instead of using TrustedID, you can put a freeze on your record via the following link..
  • Transunion will allow you to freeze your record and also offers a free service, TrueIdentity, which gives you the ability to lock and unlock your record whenever you like. The process was easy to complete, though it did involve several steps to confirm my identity. Here is the link.
  • Experian’s process was easy and again, required several steps to confirm my identity. As part of the process, you will choose or be given a PIN that you will use to unfreeze your record any time you’re applying for new credit. Here is the link to establish a freeze at Experian.

We continue to believe that monitoring services like IdentityForce are valuable, not least because they monitor your personal information across a wide array of databases beyond the credit bureaus (including the so-called “dark web”), but a credit lock or freeze, while requiring a little extra work, is considered the gold standard in identity protection.


Cyber Spring Cleaning

Cybersecurity, Financial Planning, Yeske Buie Millennialon May 3rd, 2017No Comments

Written By: Lauren Mireles, FPQPTM

If you haven’t already started, you may be planning to embark on a spring cleaning binge in upcoming weeks. A typical list of spring cleaning projects likely includes de-cluttering your living spaces, wiping down your walls and ceilings, and swapping your winter clothes for a summer variety. But when is the last time you “scrubbed” your digital life? Regular maintenance of your digital devices, profiles, and online identity is key to protecting yourself from the “dirt” of phishers and hackers. Below we offer a cyber spring cleaning checklist that you may consider adding to your remaining spring cleaning initiatives.

  1. Review your accounts and make it a habit to proactively check them on a regular basis. Make sure to read your Schwab and other financial account statements each month; once you’ve done so, shred them.
  2. Clean out your old email and empty deleted folders. If you need to keep old messages, move them to an archive. You may also consider unsubscribing from newsletters, email alerts and updates you no longer read. A full list of email best practices can be found here.
  3. Turn on two-factor authentication (2FA) on critical accounts like email, banking and social media. Get the 411 on 2FA here.
  4. Update all software and apps on your computers and handheld devices; especially those that are connected to the Internet.
  5. Refresh your passwords with a structure that is not easy to guess and keep them in a safe location away from your computer. Make unique passwords for important accounts like email, finance and healthcare. Be sure all relevant devices are password, passcode, or fingerprint protected. This includes devices like your phone, tablet, internet router, and more.
  6. Monitor your credit report for early detection of identity fraud. You can learn more about how to conduct A Careful Review of Your Credit Report here on our website.
  7. Own your online presence by reviewing the privacy and security settings on websites you use to be sure they are set at your comfort level for sharing.
  8. Consider enrolling in IdentityForce’s robust and comprehensive service to rest assured that another set of eyes is proactively working to protect your identity, privacy, and credit.
  9. Digitally “shred” old, unneeded devices including external hard drives, USBs, and memory cards. The Better Business Bureau hosts Secure Your ID Day digital shredding events nationwide, many of which include electronic shredding.

For more ideas on how you can declutter your digital life, check out the Better Business Bureau’s Digital Spring Cleaning checklist.

And of course, like house chores, cleaning your digital life is not an one time event. We encourage you to explore the following posts for healthy technology that habits you can adopt this spring and throughout the rest of this year:

Don’t Fall For The Imposter

Cybersecurity, Financial Planning, Yeske Buie Millennialon April 5th, 2017No Comments

Written By: Cristin Etheredge, FPQPTM

On an annual basis, the Federal Trade Commission (FTC) releases their annual summary of consumer complaints and consumer protection statistics, the most recent of which is from 2017. The top three categories of fraud reported in 2017 were debt collection, identity theft, and imposter scams and the total amount of money reported stolen from imposter scams was $328 million, more than any other type of fraud.

Imposter scams are situations where a hacker pretends to be someone that they are not. The imposter usually poses as someone you are likely to trust like a government official, bank representative or computer technician; and then they fraudulently seek money.

Statistics show that one of the primary ways fraudsters will likely try to reach you is by telephone. The complaint data from 2016 that the FTC collected showed 77% of reported fraud was done by phone, 8% by email, 6% through the internet and 3% through postal mail. These scams cost consumers a reported $744.5 million dollars last year, or an average of $1,124 per complaint – and these numbers are only from the fraud that was reported to the FTC.

Despite the rise in reported scams, identity theft complaints dropped by 19% when compared to 2015, and the drop is largely attributed to the public becoming more knowledgeable and diligent with safeguarding their personal information. With that in mind, we share a few of the most common scams that fraudsters are using right now to provide you with ways to safeguard yourself against imposter scams and help ensure that you don’t fall for the imposter.

  • IRS Scam 
    • Fraudsters contact you and claim that you owe money. Typically, imposters will threaten legal action unless you make an immediate payment through a money order, cashier’s check or prepaid debit card. Keep in mind, real IRS agents will always first contact you by postal mail before any other source, and the agency accepts both checks and credit cards. Read more in Tips to Thwart Tax Thieves.
    • Here’s an example of an IRS scam that Dave encountered via a recorded voice message (transcript below).
      • Time sensitive. We are calling you from investigations department of federal government. We have just received notification regarding your tax filing from the headquarters of IRS which will get expired in next two working hours. And once again expired after that you will be taken under custody by the federal officers as there are four serious allegations pressed on your name at this moment. We would request you to get back to us so that we can discuss about this case before taking any legal action against you. The number to reach us is 574-598-4412. I repeat 574-598-4412. Thank you.


  • Other Government Officials 
    • As more people learned of the fraudulent IRS scams, fraudsters broadened their horizons. Claims have been made that imposters have been posing as any federal government employee to “verify” personal information via phone, including the US Dept. of Health and Human Services. Scammers are able to fake people into believing they are legitimate, because they are able to “spoof” the caller-id to appear legitimate. Common tales that they will say are you’ve ‘won’ a lottery or sweepstakes or that you owe a fake debt. Keep in mind, like the IRS, the federal government will likely contact you via postal mail first, and federal employees will not demand personal information.
  • Tech Support 
    • In these instances, either you get a phone call or a popup on your screen that a problem or security issue with your computer has been “detected”. The scammer’s goal here is to convince you to download malicious software or create a remote session to give them the ability to control the machine. In both of these cases, the fraudster is trying to either steal your data or hold it hostage until you pay a ransom. Keep in mind, legitimate tech support is not going to contact you unless you have previously contacted them about an issue.
  • Can you hear me now? 
    • The phone rings from an unknown number, and the first thing you hear is “Can you hear me now?” These are pre-recorded calls, and the aim is to record your voice saying “yes” and other things that fraudsters could potentially use to obtain money. Do not say anything, just hang up. If your numbers are not currently on the Do Not Call registry, consider adding them. Also consider becoming familiar with blocking unwanted calls. Keep in mind, if you respond to these calls in any way (like pressing 1 to speak to someone), it is likely to lead to more robocalls.
  • Virtual Kidnapping 
    • Using social media as their tool, fraudsters have taken up the task of claiming that they have kidnapped a loved one and demand immediate payment. The FBI calls this virtual kidnapping. This scam has been around for a while, but it recently has resurfaced. Read more from the FTC. Keep in mind, if the call feels real, hang up and get in touch with the relative or friend in question.
  • Grandkid 
    • Fraudsters purchase marketing lists just like large retailers do, but fraudsters use the lists to find vulnerable populations they might be able to exploit. 37% of imposter scam victims last year were over the age of 60, and fraudsters are using tactics like the love of grandchildren to scare their victims. What tends to happen in these scams is a person will receive a call from an unknown number and the person will pretend to be a young relative out of town and in trouble. The caller will plead with the grandparent not to tell anyone and claims that the only way to get out of the bind is to receive a wire transfer. Keep in mind, much like the last section, call or text the grandchild directly (how often are they without their mobile?)!
  • Online Romance
    • While online dating has become commonplace, so has the ability for con-artists to take advantage of those looking for love. Typically what happens in this scenario is that a person a distance away contacts you. Quickly, they become enamored, claiming that you’re the man/woman of their dreams and they would love to meet, BUT… (they are out of town/country, have a sick or dying relative, stationed abroad). Shortly after, requests for money will start. Keep in mind, if you provide cash to someone you have not met yet, often another emergency will require more.

 Tips to Remember

  • Consider how the person on the phone is asking you to pay. 58% of fraud victims last year paid via wire transfer and some fraudsters were able to get their victims to pay with prepaid debit cards (7%), which is difficult to trace or to reimburse victims.
  • If possible, let unknown numbers go to your voicemail. Fraudsters are unlikely to leave you a voicemail. Consider services like Hiya or Nomorobo to have no more “robo calls”.

For more information on these scams, feel free to review the FTC’s entire 104 page report which includes a breakdown by state, complaint type and age of victims.

Behind the Scenes: Client Security

Cybersecurity, Financial Planningon October 19th, 2016No Comments

Written By: Lauren Stansell CFP®

2016-10-18-cyber-securityData and money security are important to everyone! And these days, there’s a new headline about the latest major security breach or hack of personal information far more often than we would like to see. While these breaches do happen, there are many things we can do to do our best to avoid them. We all have a personal responsibility to be smart with our secure information. This includes things like smart security hygiene – using strong passwords that don’t contain personal (read: easy-to-guess) information, resetting our passwords periodically (every three months is a good idea), not making online purchases on unsecure websites, and never sending secure information via unsecure paths (like in the text of an email or on social media), to name a few. It also includes awareness – paying attention to your bank accounts, investment accounts and credit card transactions and reviewing the monthly statements for these accounts for accuracy.

In addition to being smart with our personal information and being aware of our financial activities, we expect those we trust to do the same – bankers, credit card companies, retail stores, and especially financial planners. I’m happy to report that there are many steps we take to protect your information and your money:

Daily Review of Deposits and Withdrawals

First and foremost, we review every deposit and withdrawal to every account every day. That’s right – every single account, every single day. This is an important daily task for us as it allows us to confirm money movement happened as we expected. For example, if we sent a check to Schwab to be deposited, our review of this report will confirm when that deposit actually happens, which then prompts us to invest those funds. Additionally, if a Client requests that we raise cash for a transfer he/she is planning to initiate, we will see the distribution confirmed on this report.

For security purposes, if we see an unusual transaction on this report (for example, one we weren’t expecting or one much larger than usual) we will immediately email or call you, the Client, to confirm its validity. Similarly, if we received an odd or unusual request from a Client (perhaps a suspicious email), we will call to confirm the validity and the Client’s identity before processing any transactions.

Our daily review of this report allows us to remain fully in the loop on money movement into and out of our Client accounts and allows us to jump in immediately if we see something unusual. And, if a fraudulent transaction were to happen, we enact a long list of internal fraud policies to immediately alert the Yeske Buie team and pull in our team at Schwab to rectify the situation. Also, it is important to know that Schwab will cover 100% of any losses in a Schwab account due to unauthorized activity.

Policy to Never Send Secure Data through an Unsecure Method

It is our policy at Yeske Buie to never send sensitive information via unsecure pathways – like typed in the body of an email. It is for this exact reason that we use ShareFile – a software that creates a secure link for every document we need to send to a Client. The links are only valid for one week, limited to four downloads and use 256-bit encryption. This may sound familiar if you’ve completed any Schwab paperwork recently.

It is also our policy to encourage this behavior in Clients and other professionals who work with our Clients, which is why we always offer these secure methods for returning documents with sensitive information included (which can also be found here):

  • Use the secure upload form
  • Fax to +1 (866) 549-4990
  • Send via email with your documents included as password-protected attachments
  • Mail via US Postal Service. Street addresses can be found here.
  • Drop off at either office (we can scan the documents and return originals to you)

Upon receipt of documents including secure information, like a completed Schwab form or copy of your most recent Employer 401(k) statement, we save the documents to our secure server in your Client Folder. And if you uploaded them via the Secure Upload Form, we delete them from that server as soon as they are saved.

Along these same lines, if we are requesting or providing information like a Schwab Account Number, Date of Birth or Social Security Number, we will always call you or request that you call us. It is much more secure to share this information (after confirming the Client’s identity) via phone than it is to share it via typing the information in an email. Once we have that secure information, it is never written down and left sitting on a desk, but always entered into our secure database.

In the event someone sends us secure information via an unsecure pathway (like a regular email attachment without password protection), we’ll save the information then delete the email from our inbox and again from our trash folder. We’ll subsequently follow up with the sender to recommend they do the same.

Information Included on your Client Private Page®

Your Client Private Page® is a shared online workspace where you can see your monthly Portfolio Reports as well as your Financial Planning Reports, Action Items and Billing Statements. And the keyword is that it is private! We never post anything to your Client Private Page® that includes secure information like an account number or Social Security Number. For example, your monthly portfolio reports only include the name(s) of the account holder(s) and type of account – no account number is included, not even the last four digits of the corresponding account. And, furthermore, you must have your specific Client Number and login credentials to access the page.


One additional thing we do in an effort to keep you, your data and your money as secure as possible, is research and recommend services like IdentityForce. IdentityForce is a service that offers identity protection by monitoring many aspects of your life like:

  1. Your email address – is someone using it to open new accounts?
  2. Your credit – is there an application for new credit using your information?
  3. Your bank accounts – is there unusual activity?

Hopefully the answer to all of the above is always ‘no’. But if you find that you have been the victim of identity theft, IdentityForce will send you an email and text notification and their Restoration Services team is available 24 hours a day to help you resolve any unauthorized use of your information. Click here to read more about IdentityForce and get access to the discount code provided to our Clients.

The moral of the story is: awareness is key. We must always be aware of our surroundings, especially when it comes to the security of our money and personal information. And monitoring things on a regular basis is a great way to stay on top of this. Which is why we here at Yeske Buie find it so important to be the first set of eyes on the security of your money. It’s also why we find it so important to be a constant resource to you – we’re consistently reading and researching the best ways to keep you and your information and money safe. And we act and update our policies appropriately.

We’re always welcoming of your thoughts and we are available to discuss any questions you may have on this topic at any time. To read more on similar topics, see the following articles:

The 411 on 2FA

Cybersecurity, Financial Planning, Yeske Buie Millennialon April 7th, 2016No Comments

Written By: Lauren Mireles, FPQPTM 

Internet SecurityVisualize the following morning sequence. While enjoying your first cup of coffee, you catch up on yesterday’s news and events by logging into your Facebook and Twitter accounts, various news sites, and your email accounts. Once the coffee kicks in, you realize that several bills are due today, so you log into one or more utility accounts, credit card accounts, or other retail accounts. During your drive to work, you access your Pandora, Spotify, or other music streaming account, and you arrive at your desk and log into your computer, cloud accounts, databases, and other domains. It’s not even 10am and you’ve logged into over a dozen different online accounts! Now consider how many times you enter your username and password into various online accounts every single day.

The convenience of digital accounts is unquestionable. However, with the growing number of websites with whom we share our personal information, it is vital to take extra caution in keeping your personal information safe from hackers and phishers. While it may be obvious to take extra precaution for your banking and finance accounts, many are surprised to learn that sophisticated hackers can take over your entire digital life by simply gaining access to your email account.

So what can you do to help keep your information safe? One way to drastically reduce the risk of online identity theft is by using two factor authentication, also referred to as 2FA or two-step verification. With two factor authentication, a user is required to enter two means of identification to access an online account. Simply shown in the image below, two factor authentication asks you to provide something you know (i.e. your password) plus something you have (i.e. a mobile phone or encryption card/fob) as a means of ensuring you are authorized to access the personal information.


Let’s explore this further. When you enter your password into a website, you are using one single factor to access an account. With two factor authentication, however, a second identification code is provided to you via text message, phone call, or email, or accessed using a physical card or fob. As a result, a hacker trying to access an account set-up with two factor authentication would need to have your cell phone or physical card in addition to the password in order to successfully access your account. Before you worry that this second factor will cause you too much inconvenience, know that you are only required to enter the second factor when accessing your accounts from a device that you have not previously used.

The best place to start with two factor authentication is with your email accounts. Nearly every major email provider supports two factor authentication. Here you can find instructions to protect your AOL, Gmail, Outlook, and Yahoo accounts. If you are interested in learning more about other websites that support two factor authentication, we encourage you to check out for a comprehensive list of sites that do and do not support extra protection measures and instructions for setting up two factor authentication where applicable.

The time it takes to set-up two factor authentication is minimal but the impact it can have on protecting your accounts is significant. If you have any questions about two factor authentication or protecting your digital accounts, please do not hesitate to reach out to us.


Tips to Thwart Tax Thieves

Cybersecurity, Financial Planning, Yeske Buie Millennialon February 26th, 2016No Comments

Written By: Cristin Etheredge, FPQPTM

Tax ReturnProtecting your identity and your taxes can feel like an uphill battle. Each year around this time, we like to share reminders of best practices to keep your identity safe as awareness is a key component to protecting your identity. Typically, tax season brings about a surge of attempts for scammers and identity thieves to phish for your personal information. As such, the IRS publishes an annual list of “Dirty Dozen” tax scams that the agency has seen and anticipates to see that include email phishing, phone calls, and unscrupulous tax preparers.

Below you will find some practical and simple tips to help you in protecting your taxes and overall identity.

IRS Tips to Protect Yourself from Tax Fraud

Here are simple tips directly from the IRS website that can help you to protect your data from tax thieves:

  • Keep a Secure Computer
    • Use security software that updates automatically. Essential tools for keeping a secure computer include a firewall, virus and malware protection, and file encryption for sensitive data.
    • Treat personal information like cash; don’t leave it lying around.
    • Give personal information only over encrypted websites – look for “https” addresses.
    • Use strong passwords and protect them.
  • Avoid Phishing and Malware
    • Don’t respond to phishing emails, texts or calls that appear to be from the IRS, tax companies and other well-known businesses. Instead, verify contact information about a company or agency by going directly to their website.
    • Be cautious of email attachments. Think twice before opening them.
    • Download and install software only from known and trusted websites.
    • Use a pop-up blocker.
  • Protect Personal Information
    • Don’t routinely carry a Social Security card or other documents showing a Social Security number.
    • Do not overshare personal information on social media. This includes information about past addresses, a new car, a new home and children.
    • Keep old tax returns and tax records under lock and key.
    • Safeguard electronic files by encrypting them.
    • Shred tax documents before trashing.

Additional Ways to Protect Yourself

  • The IRS will never call your home without mailing you a notice first, call to demand immediate payment, or require you to use a specific payment method (such as an electronic check). If you receive a call that involves any of these tactics, hang up and report the call to the Treasury Inspector General for Tax Administration.
  • Be suspicious of any mail purporting to be from the IRS that demands immediate payment by calling a certain phone number and giving bank account or credit card information. If there’s a legitimate issue with your taxes, the IRS will always give you the opportunity to dispute the claim.
  • If you are ever unsure if a printed notice that you receive is actually from the IRS, you can call the agency’s toll-free number to confirm: 800-829-1040.
  • Never trust an email or text that claims to be from the IRS as the agency does not contact taxpayers through either of these communication methods.
  • Remember that scammers rely on scare tactics to get information. If you receive emails claiming to be the IRS informing you that there are rejected tax forms or impending checking account deductions, ignore the email.
  • The official address of the IRS website is Use caution if the domain displayed in the email or website claims to be IRS related but ends in .com, .net, .org, or other domain suffix.
  • The IRS does not offer web-based products to the general public, only for tax preparers. If you encounter an ad for IRS products that allow you to file your personal taxes, avoid it.

In addition to occurrences relating to your federal taxes, tax fraud can also affect your state filings, and states have also increased their protection of residents by increasing security. We’ve included references for both California and Virginia in this post, but please contact us if you would like the information for any other states tax fraud features.

Recovering from any type of identity theft can be a long and frustrating process. If you haven’t considered an identity protection service, we feel that the investment can help with potential future stress. Identity protection services cannot stop identity theft from happening, but they can help you identify the theft quicker and assist you in restoring your identity. While it is unfortunate that identity theft is common, the increase in theft also means that more companies have processes in place to handle the situation as quickly as possible.

For more information about overall identity protection, please see the Federal Trade Commission’s one-stop resource for identity theft victims which provides a step-by-step guide to help users through reporting identity theft and creating an action plan for resolution.


A Careful Review of Your Credit Report

Cybersecurity, Financial Planning, Yeske Buie Millennialon October 8th, 2015No Comments

Written By: Sabina Smailhodzic

Credit ReportReady or not, the Holiday Season is just around the corner and ‘Tis the Season’ of giving and receiving. For some, however, tis simply the final Season of taking your personal information. During the holidays, you may be more susceptible to identity theft for a variety of reasons including increased use of your credit cards, more crowds that allow pickpockets to hide, and online shopping on ‘bargain’ sites that you may not normally use. According to the 2015 Identity Fraud Study released by Javelin Strategy & Research, there were 12.7 million victims of identity fraud in 2014 or a new victim every two seconds. And although you may not partake in these activities, even the most careful consumers can fall victim to identity fraud. With that said, one way you can help keep yourself safe from these holiday grinches is to monitor your credit report regularly for early detection of identity fraud. Below, we offer tips and information on how to obtain, review, and correct your credit report so you have one less thing to worry about this holiday season.

Firstly, we need to establish what you can find in your credit report. A credit report is a summary of your financial history and provides a wealth of information. The first piece of information a credit report provides is a summary of all your credit accounts, from credit cards to mortgages and everything in between. This includes opening date, credit limit or loan amount, balance, and payment history. The second piece of information a credit report provides is about credit inquiries by creditors, whether soft (when you get pre-approved for a line of credit) or hard (when you apply for a line of credit and the creditor pulls your credit report). The third piece of information a credit report provides is public record and collection information. This can include judgments, bankruptcies, and even unpaid parking tickets. All of this information is used to calculate your credit score, the three digit number used to determine your credit worthiness, which we all know is extremely important in determining whether or not a creditor will lend you money and at what rate.

Needless to say, we highly recommend that you monitor your credit report. Although doing so will not prevent identity fraud, it is one of the best ways to detect fraud early on, providing you the opportunity to take appropriate action before the situation gets out of control. And yes, we will share with you another way to detect identity fraud early on, one we highly recommend to all clients.

First, obtain your credit report. Thanks to federal law, you can obtain a free credit report from each of the three national credit reporting bureaus (Equifax, Experian, and TransUnion) annually. Take advantage of this! You can request a credit report either directly through the bureaus or via Note that there are numerous websites that charge for credit reports – avoid them.

Second, review your credit report. As you do, answer the following questions:

  • Is your personal information accurate?
  • Do you recognize the accounts?
  • Is the following accurate for each account?
    • Opening date?
    • Credit limit or loan amount?
    • Balance?
    • Payment history?
  • Do you recognize the hard credit inquiries? Don’t worry about the soft credit inquiries as you cannot control them and they do not impact your credit.
  • Are the public records accurate?
  • Is the collection information accurate?

Third, if you answered no to any of the above questions, you need to dispute the incorrect information. You can do so in several ways. One way is to go directly to the source. Another way is to file a dispute with one of the credit bureaus. You can do so online, by telephone, or by mail. By law, the credit bureau must investigate your dispute within 30 to 45 days and inform you of the outcome. Depending on the urgency of the dispute, it may be best to file a dispute with each of the credit bureaus, as it can take several months for the corrected information to be reported to the other credit bureaus, assuming that the information on the credit report is inaccurate. In the unfortunate event that the negative information on the credit report is accurate, you have the option of adding a statement of explanation to your file, explaining the nature of the dispute, for free.

In addition to obtaining, monitoring, and disputing errors on your credit report three times a year, we encourage you to enroll in around-the-clock credit monitoring. When it comes to identity fraud, speed is everything; the sooner you learn of identity fraud, the sooner you can take appropriate action to rectify your identity. We highly recommend IdentityForce, a leading provider of proactive identity, privacy, and credit protection with over 35 years of experience, to all of our clients. With an IdentityForce account, you will receive real time identity and credit report monitoring, instant alerts when suspicious activity is detected, reports of all your personal information that is made public on the internet, anti-keylogging and anti-phishing software to protect you against malware and phishing sites, and more. We encourage you to learn more about IdentityForce and consider enrolling at Yeske Buie’s negotiated rate. Consider this a pre-Holiday season gift to yourself that keeps on giving!


“Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, Who am I to be brilliant, gorgeous, talented, fabulous? Actually, who are you not to be? Your playing small does not serve the world. There is nothing enlightened about shrinking so that others won't feel insecure around you. We are all meant to shine. And as we let our own light shine, we unconsciously give others permission to do the same. As we are liberated from our own fear, our presence automatically liberates others.” ~Marianne Williamson