Senior Manager | CAPTRUST Client Wealth Services
The term doppelganger is defined as “an apparition or double of a livingperson.”1 It’s originally a German word that literally means “double-goer” or “double-walker.” This concept appears in literature and cinema as the proverbial evil twin, with examples including the short story “William Wilson” by Edgar Allan Poe, and the 2010 thriller Black Swan starring Natalie Portman. In popular culture, the protagonist is often plagued by visions of his or her lookalike, with the specter usually signifying some type of diabolical foreshadowing for the hero or heroine. Sometimes these malicious alter egos assume the lead character’s identity, representing themselves as the heroes while in reality their true character is anything but heroic. Obviously, these are fictional examples of doppelgangers, but as many individuals know all too well, the threat also applies to us in our everyday lives in the form of identity fraud. In fact, a report administered by Javelin Strategy and Research states that over 11 million Americans were subject to identity fraud in 2011.2
As financial identity fraud commonly goes, criminals attempt to take over a person’s identity by illegally acquiring personal information in an attempt to conduct unauthorized transactions within the individual’s financial accounts. Criminals use various methods to commit identity fraud. One technique involves “phishing,” or the act of obtaining another’s account information under false pretenses. The fraudster might send what appears to be a very legitimate email, ostensibly from someone at a financial institution, requesting personal information such as a Social Security number, brokerage account information, or the size of an investment portfolio. Others have even received emails that claim their account will be closed if certain information is not updated. After the recipient unknowingly clicks on a provided link within the email to update the information, the deceiver then takes this knowledge and uses it to assume the victim’s financial identity.
Another increasingly disturbing trend involves fraudulent individuals “hacking” into an investor’s email account and sending messages to the investor’s Financial Advisor from the contact list or email addresses easily foundin the “Sent Items” folder. Because the bogus email appears tobe from an address the financial institution has on record, itmay look credible. The thief, posing as the legitimate investor,requests that the financial institution transfer funds out of thebrokerage account into a third-party bank account. Severalfederal agencies have recently issued statements about analarming swell in the number of reports involving investoraccounts being compromised in this manner.
The following list outlines what are considered to be general best practices for protecting one’s personal financial information.
• Do not share your user names or passwords, and do not save them on your hard drive. Sharing this information with others, even those you trust, relinquishes your complete control over your accounts.
• Safeguard your computer with personal firewalls and security software. These measures can help prevent personal computer compromise, or help prevent malicious programs from transferring personal data over the Internet, in the event of a compromise.
• Change your account passwords periodically (every 60–90 days). This will decrease the likelihood of misuse if your passwords are accidentally disclosed.
• Use a password at least eight characters long consisting of at least three of the four primary character types: uppercase and lowercase letters, numbers, and special characters. These complexities will decrease the likelihood of your password being guessed or hacked.
• If you receive emails requesting personal information from a financial institution, always contact your trusted financial representative via phone before responding to validate the request.
• Be prudent when using wireless connections. Avoid connections advertised as “free.” Using these publicly available Internet connections is risky given the unknown identity of other computers or connected users who may have malicious intent.
• Avoid using public computers to access personal financial information. Users do not have any control over how these computers are secured, and using them is risky.
• Check the authenticity of any secure web site by verifying the site’s SSL certificate. A legitimately secure site will have a valid SSL certificate from a third-party provider that is easily viewed by clicking on the padlock icon in your Internet Explorer address field.
• Remain proactive about examining your financial accounts. Review your monthly transaction activity and always alert your financial institution if you see transactions you do not recognize.
• Review your credit report for any suspicious activity; you may order a free credit report annually by either calling 1.877.322.8228 or visiting annualcreditreport.com.
At CAPTRUST, we take the matter of financial fraud attempts very seriously. Our employees are trained to recognize potential fraud attempts by identifying red flags commonly found in potentially hacked emails. It is also our policy to verbally confirm any money movement [request] prompted by email. We also have the ability to exchange sensitive Client information (e.g., attachments including account and Social Security numbers, letters of authorization, etc.) via encrypted emails and document exchange using a secure file transfer. We facilitate a very thorough process to confirm that your funds are distributed only as you instruct and that your personal information is protected.
Should you have any questions, please contact us. We will gladly explain our policies to safeguard your information. For more tips, you can also visit captrustadvisors.com/account as well as the Federal Trade Commission’s Consumer Protection site at ftc.gov/bcp.
1 The Oxford English Dictionary
2 “2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier.” Javelin Strategy and Research