Apr 08, 2024

Protecting Your Personal Information

by

In your dictionary, the term spoof refers to a hoax, a prank, or a good-humored mocking. In today’s reality that term has implications that are anything but good humored. Spoofing refers to websites that look legitimate, but are not. It is an increasing problem. You are likely to be more familiar with the term phishing, a fraudulent sending of emails or text messages purporting to be from reputable companies in order to induce individuals to reveal personal information.

In today’s world with many internet bad actors attempting to grab an easy dollar from an unsuspecting target, the scammers use search engine optimization (SEO) to create fake websites that are extremely convincing to be those of the legitimate business you work with, including the financial institutions you rely on. These cyber criminals purchase sponsored links to take you to fake sites and may even appear at the top of your search results with a goal of luring the user to click on them. These deceptive sites pose serious risks by exposing investors to potential identity theft, malware and potentially financial loss.

How do these scams work?

  • Fraudsters use sophisticated techniques to create websites that appear in search engines when clients are looking for trusted institutions.
  • The websites are designed to look legitimate, and their position in the search results trick users into believing the top search hits are the most credible. This phishing tactic is very effective. Not every user will scrutinize every search result to ensure the link they’re about to click is legitimate.
  • Once the unsuspecting user clicks on the phishing website and attempts to log in with their credentials, they receive an error message stating there’s a login issue and to contact a hotline number noted in the message for further assistance. Or, you might be prompted to download a file to proceed. That file is quite possibly malicious to your computer or phone.
  • When the user contacts the fraudulent number, the bad actor, posing as the financial institution’s employee, states that there’s been a security breach and someone is attempting to steal money from their account.
  • Then, the bad actor attempts to convince the client to download software to their device.
  • The overall goal is to gain access to the device (your computer and/or mobile phone) and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity, loss of assets and ID theft.

Here’s what to watch for:

  • URL errors and issues: Look for misspellings or unusual domain extensions in that website address. A single letter out of place likely means that you are on a fake site.
  • Is the email sender’s address legitimate? It can be hard to discern the sender’s address when viewing email on your mobile phone. If there is a letter off in the email address, it is likely a phishing expedition. Delete the email and do not respond.
  • Unexpected contact: Were you expecting this email? Can you call the business to ensure this correspondence is legitimate? Be cautious of unexpected emails and never download a file or click on a link unless you are absolutely sure of the sender and authenticity.
  • Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that’s often your first clue it’s a fake site.
  • False security notification: Once you click on a site link, you’re presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention “unauthorized activity” or other details designed to trigger immediate action, anxiety and panic.
  • Request for personal information: Your financial partners will never ask for your account login password over the phone. If someone is asking you for your account login information or password by phone, do not provide it.

How to protect yourself:

  • Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial sites, to avoid the risk of spoofed websites, phishing and malware. Using Google, Safari or Firefox to search for your important financial websites puts you at greater risk of ending up at a spoofed website and falling prey to sharing your personal information.
  • Hover over the sender’s email address and any embedded links before clicking through. Hovering over the link in an email or the sender’s address will reveal the real sender name and weblink address. This is hard to do from your phone, but easy with your computer. An email from your financial institution is not going to come from a gmail.com, aol.com or hotmail.com domain.
  • Question the urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels.
  • Use secure networks: Access your financial accounts only through known web addresses, secure networks and enable multi-factor authentication whenever possible.
  • Do not share your private information unless you are certain who you are communicating. Do not send your financial account numbers or social security number over regular email channels. Always use a secure, encrypted method for sharing this sensitive information or pick up the phone and verbally pass the information.
  • Call before acting: If you have concerns about a site or link, it’s always best to call us at 913-345-7000 or contact your portfolio manager before taking any action, including a prompt for downloading software.

If you’re ever in doubt about the legitimacy of a communication from our firm or your custodian partner, please call us immediately. Your safety is of utmost importance to all of us.

We can expect the evolution of AI will provide additional tools for fraudsters to come up with new ways to try to deceive investors. We will keep you apprised of these developments as they come to light.

Print page