Important: Some Clients Reporting Phishing Scams from “Fidelity”
We’re writing to alert you that certain TDG clients have recently seen phishing attempts from scammers claiming to be from Fidelity. Please be extra vigilant should you receive one of these messages, and do not engage with them in any way. If something seems amiss, contact us right away so we can assess the situation promptly.
Protect Yourself: Ways to Recognize and Shut Down the Scammers
As scammers tie together AI fakery, technological exploits, and good old social engineering, every one of us need to be mindful of good security practices. That includes having a healthy skepticism when contacted by someone purporting to be from a financial or government institution.
For instance, over the last few years the financial industry has seen a rise in “smishing” attacks (phishing over SMS). In this scenario, you receive a text that asks you to confirm whether a recent charge on your account was legitimate. After responding “No”, you quickly receive a follow up call from the “Fraud Department”. Be on your guard if you spot this pattern; there’s a good chance it’s a scammer looking to get into your account. Instead, call the phone number for your bank or credit card, or use their smartphone app to initiate contact yourself.
It’s impossible to describe every kind of scheme, as new ones are being invented all the time. However, some best practices you can adopt include:
- Watch out for urgent demands. Scammers will often push you to act quickly, sometimes even claiming a family member is in trouble or facing jail time! They’re hoping the (make-believe) stressful situtation will force you to make a mistake.
- Be suspicious of unusual requests. If someone asks for your password, one-time passcode, social security number, debit card PIN, or “needs” to take remote control of your computer, it’s a scam. There is never a legitimate need for someone to do this, especially if they called you!
- Don’t click on their links (or attachments). URLs in emails and in text messages can look authentic, but you can never be certain they haven’t been doctored. Some foreign-language characters look identical to English ones, letting scammers trick you into visiting servers they control. There’s no telling what will happen if you click on these links. You might find a faked website ready to accept your banking credentials, or you might end up with malware installed that encrypts your hard drive and demands a ransom.
- Use a password manager. “Credential stuffing” is when scammers try username/password combinations from one hacked website at hundreds of other sites. You can minimize your risk by using a unique, randomly-generated password for every single website. The only way this can work is to use a password manager to keep track of and auto-fill your passwords and passkeys. Two-factor authentication (2FA) is another layer of security that’s well worth setting up. While a password is “something you know”, a time-based passcode on your phone or security key fob is “something you have”—the second factor that authenticates you. Accounts secured by 2FA are far less likely to be compromised, as a password is not sufficient for a hacker to gain access.
- Stay up to date. Your computer, phone, and other devices should be updated regularly. Software updates often contain bug fixes for known security exploits. Sometimes these include fixes for “zero-click” exploits, which can invoke themselves with no user interaction at all! Make sure to keep your real-world contact info up to date as well; some institutions will send a text message and/or paper letter confirming password or mailing address changes, which could alert you to foul play.
We’re Here for You
If you think you’ve been targeted by a scam, above all else, stay calm and rational. Immediately call the fraud department at your financial institution and explain the situation. If you’re not sure where to begin (or how far to go), don’t hesitate to get in touch with us. We’ll help you assess and resolve whatever may have been compromised.
Wishing you and your families well,
Sean M. Dowling, CFP, EA
President, The Dowling Group Wealth Management
Please feel free to forward this commentary to family, friends, or colleagues. If you would like us to add them to the list, please reply to this e-mail with their e-mail address and we will ask for their permission to be added.
ADV & Investment Objectives: Please contact The Dowling Group if there are any changes in your financial situation or investment objectives, or if you wish to impose, add or modify any reasonable restrictions to the management of your account. Our current disclosure statement is set forth on Part II of Form ADV and is available for your review upon request.
It's a busy world. Our newsletter helps keep you tuned in to major market events, money-saving opportunities, filing deadlines, and other important information. One email per week and no spam — promise.
Subscribe