While we are all taking precautions to protect ourselves from COVID-19, practicing appropriate hygiene such as wearing masks, washing hands and staying six feet apart, there is another area where we need to practice proper hygiene and that is around our personal computing devices.
I had a “fun” night a couple of days ago when someone in my extended family fell for one of many hacking schemes out there these days. This one was a pop up that took up the whole screen and appeared to say there was a serious problem with the computer. It conveniently gave the person a number to call at the computer vendor and when they called the number, the man answering the phone gave the person his name and vendor ID number. Of course, it was all fake. The worst part was that the person used the “fake attack” as an entry point and convinced the family member to open up their Amazon and one of their smaller bank accounts to see if they had been hacked as well. Meanwhile, the friendly and helpful person was watching every keystroke and now had IDs and passwords to both accounts.
Fortunately, someone else in the house realized this was going on and called me and I convinced the person to hang up and change their passwords immediately. They did do something right. The family member told the person on the line they had to go eat dinner and would call back. Thinking that he would get even better stuff, the hacker didn’t immediately use the IDs and passwords to withdraw money or make purchases. The bank account is in the process of being shut down and both accounts are being monitored daily for unusual activity for the time being.
While we can all shake our heads about these things, it is a reminder that we all need to be vigilant and constantly remind our co-workers, employees and loved ones to be careful with any message they get online. Obviously, one basic precaution is to make sure you have antivirus and internet protection software on all your devices, but that is not enough these days to stop all types of attacks. The key is to make sure you are vigilant every day all the time – assume the email, text or phone call is fake until you verify through some other means it is not. Here are a few tips to share:
- Don’t call the number or link to the websites on emails, texts or popups you get.
- Do a Google search, link from your already saved favorites or call a number you look up to check to see if the email, potential threat or request for help is legitimate.
- Do a search for the type of item you are seeing from a different device; there are often very good sites out there that list all sorts of malware, phishing and other types of attacks going on.
- If the alert came via email, see who the email is really from; most email programs allow you to hover over the email address and see if it is really from the person or organization it appears to be from.
- When it comes to any message, make sure everyone understands that it is not offensive to call someone to ask if they really sent you the email or text before you click on any links.
- Wherever possible, set up two-factor authentication on all your important accounts – especially those holding financial assets that are easily transferred.
- Finally, reinforce these points constantly at every few weeks.
Remember, good hygiene applies to the virtual world as much as the real world. Be safe out there!
Let’s face it, as a CPA you are the default personal finance expert in your office. This probably scares a lot of you because you don’t think of yourself as an expert because that is what all those CPA- PFS’ are. You’re just a normal person. But you are a normal person who probably reconciles their checking account, invests for retirement in a 401(k) plan (or some other plan available to you) and can understand the difference between leasing and buying a car.
Still, the thought of being an expert scares you. We the TSCPA and AICPA are here to help. The TSCPA has a whole website with great tools and information to help at www.valueyourmoney.org. It includes great tips like how to prevent and deal with identity theft, which debts to pay off first, or dealing with mobile finance alternatives. It has videos from fellow Texas CPAs talking about personal finance covering real practical topics like talking about finances as a couple and talking to your children about money. There is also a newsletter you and your business colleagues can sign up to receive that provides monthly tips and topics on personal finance so you can keep learning more.
Once you get more comfortable with the one-on-one conversations with your business colleagues, maybe you feel like taking the next step and making a more formal office presentation. There is a section on the website with a free article you can publish internally, tent cards, bulletin board material for the break room and even paycheck inserts to spread the financial literacy message.
There are even tool kits so you can put on presentations, like a lunch & learn session. You have to be an AICPA member, but if you, are the tool kits can be found here. This site supplies you with ready to go presentations and handouts set up by life stage. These presentations can be especially effective in smaller companies and locations that don’t have access to big corporate training programs.
In addition to providing a valuable service to your fellow employees you can also use the presentation as an opportunity to enhance your skills. And that is even easier to do when the audience is eager to learn, which is always the case with financial literacy presentations; so check out the website and see if there is a presentation that might be especially relevant to your co-workers.