Surasak Suwanmake/Getty Images
Investor’s Guild
Investor’s Guild

Gone phishing: protecting what you have from scammers

Gone phishing: protecting what you have from scammers

Wednesday, November 22, 2023 by Stephanie Guild, CFASteph is a Wall Street alum and head of investment strategy for Robinhood.
Surasak Suwanmake/Getty Images
Surasak Suwanmake/Getty Images

I felt foolish when it happened to me. I received a call from someone claiming to be a representative from my bank. They went on to tell me they suspected a breach into my accounts, and, in order to help me, would send me a code so I could prove I was the account holder. I shared the code I received in my text messages with them and was told to wait for further instructions over email. I never got the email and within an hour or so it started to click that something might be off. I was lucky though, managing to stop an attempted wire out of my account just in time. I then promptly changed both my username and password—and gained a new awareness. 

This kind of thing is all too common. I subsequently heard many of my old clients befall, or almost befall, to various forms of fraud over the years. With the holiday season, and days like Cyber Monday soon upon us, I thought I would take a break from market commentary and instead provide some of the tips and tricks to protect yourself against these crimes (and big props to our Security team for assisting).

Let’s define this type of scam first. 

Phishing, what I was a victim of, is a common type of social engineering where the fraudster uses email, phone calls (aka voice phishing), or text messages (aka SMS-phishing) claiming to be from a legitimate source to induce individuals into revealing personal information, such as passwords and credit card numbers. While this can happen any time of year, attempts tend to increase during the holiday season.

Special types of phishing and scams around the holidays:

  • Shipping. We all shop online a ton more than ever before, but especially around the holidays. Look out for whether the package tracking URLs you might receive are real or not. Phishing links can be embedded into fake links and once clicked on, fraudsters will try to extract personal details.

  • Charity. The spirit of giving grows during the holiday and fraudsters know this. They have been known to claim to be from a charity, asking for donations via email, phone, or other ways. Staying aware of this can help ensure generosity is directed to the right place.

  • Gift cards. An attacker aims to trick someone into purchasing gift cards on their behalf. An example might be a grandparent purchasing a gift card for who they think is their grandchild. Gift cards are often the chosen way to request money because once you give the gift card info to the scammer, the funds can’t be recouped—unlike with a compromised credit card that can be canceled. 

How to recognize fraud and protect yourself:

  1. Be wary of too-good-to-be-true offers or an increased sense of urgency. These are both common aspects of a phishing scam. If either or both are present, proceed with caution.

  2. Verify the sender. To be safe, attempt to verbally verify any time you are being asked for money. I witnessed several instances over the years when clients were sent an invoice over email with suddenly different instructions on where to pay—that turned out to be fraudulent. In addition, check the sender’s number or email address. If they aren’t legitimate, it can be easy to spot. Lastly, spelling errors or a strange voice and tone from the sender can be a giveaway. Does it match what you expect?

  3. Think before you click or download any attachment. If you do, and it asks you for personal information like account numbers or full social security numbers, stop and verify the request with the institution directly. In addition, clicking an attachment can potentially expose and infect your device with malware. 

  4. Unless you know for sure a request for money is coming from someone you know, don't fulfill the request. Gift card scammers, for example, are almost always pretending to be someone you know, and have excuses for why you can’t speak to them directly.

If you do recognize an attempt at phishing, report it right away to the organization being impersonated (e.g., if it is a scam pretending to be a shipping company, report it to the targeted shipping company). And of course, if you see phishing that is impersonating Robinhood, please report it to reportphishing@robinhood.com right away.

I often think one of the best ways to save is to not spend (tougher to do around the holidays). The second best is to protect what you’ve got. I hope this helps with the second option.

More from Investor's Guild
The information provided here is for general informational purposes only and is not an individualized recommendation of any security, digital asset, or investment strategy. Expressions of opinion are as of this date and are subject to change without notice. There is no guarantee that these statements or opinions provided herein will prove to be correct. Past performance is no guarantee of future results. Investing involves risk including loss of principal. Diversification does not ensure a profit or guarantee against a loss. Information shown is as of a certain date and represents a point in time. Data will generally not be updated after publishing. Data is obtained from what are considered reliable sources. However, its accuracy, completeness, or reliability cannot be guaranteed. Supporting documentation for any claims or statistical information is available upon request. Keep in mind that individuals cannot invest directly in any index, and index performance does not include transaction costs or other fees, which will affect actual investment performance. 3246641