Keeping your information secure from criminals is a top priority for our firm. To better protect you and your accounts from cybersecurity threats, we continuously review security procedures to ensure that we are following best practices recommended by the custodians, financial institutions, and industry experts with whom we work.
While we feel we are taking clear and actionable steps in our own firm’s security measures, cyber fraud continues to escalate, is becoming more sophisticated, and is ever changing. These threats take various forms, including email scams (e.g., phishing), where criminals obtain investors’ identity and use that information to commit various forms of wire fraud. The attachment to this letter describes these phishing scams and other tactics that we believe investors should be aware of.
As a fiduciary to your financial accounts, we are encouraging our clients to embrace a series of measures to help protect their identity and mitigate potential security risks. The attached investor protection checklist outlines some best practices for investors across six key areas to help you:
Please carefully review this checklist with all members of your household. We also ask that you do the following:
Do not hesitate to contact us with questions or concerns about how we protect your accounts or the steps you and your family can take to better protect yourselves and mitigate risk. As always, we appreciate the opportunity to help you achieve your financial goals.
Common tactics used to steal identity and login credentials
Some of the most common tactics criminals use to compromise a victim’s identity or login credentials are described below. After gaining access to an investor’s personal information, criminals can use it to commit various types of fraudulent activity. The action items presented in the investor protection checklist are intended to help you and your family better protect yourselves against such activity.
Malware. Using malicious software (hence, the prefix “mal” in malware), criminals gain access to private computer systems (e.g., home computer) and gather sensitive personal information such as Social Security numbers, account numbers, passwords, and more.
How it works: While malware can be inserted into a victim’s computer by various means, it often slips in when an unwary user clicks an unfamiliar link or opens an infected email.
Phishing. In this ruse, the criminals attempt to acquire sensitive personal information via email. Phishing is one of the most common tactics observed in the financial services industry.
How it works: Masquerading as an entity with which the victim already has a financial relationship (e.g., a bank, credit card company, brokerage company, or other financial services firm), the criminals solicit sensitive personal data from unwitting recipients.
Social engineering. Via social media and other electronic media, criminals gain the trust of victims over time, manipulating them into divulging confidential information.
How it works: Typically, these scammers leverage something they know about the person—like their address or phone number—to gain their confidence and get them to provide more personal information, which can be used to assist the criminal in committing fraud. Social engineering has increased dramatically, and many times fraudsters are contacting investors by telephone.