When a new data breach makes the news, many of your clients may be affected—and unsure of where to turn for help. When they receive their generic letter in the mail from the breached company, they may start feeling overwhelmed about how to clean up the mess. As their financial advisor, you can become the hero by guiding your clients through this stressful time.
In most cases, the letter your clients receive after their personal information has been exposed does not offer the best advice. Often, there is very little advice at all. Almost all of these “data breach letters” cover the same three points: One, the company is doing everything in its power to strengthen their security. Two, victims will be enrolled in an identity protection service for two years. And three, the company suggests victims sign up for credit monitoring or a fraud alert at the three credit bureaus—Experian&v=1o0sokaxlj1fjvxilpyjaw0b, Equifax, and TransUnion.
(Canadian links:Experian&v=1o0sokaxlj1fjvxilpyjaw0b, Equifax, and TransUnion)
While your clients should take advantage of the offers mentioned above, there are additional Savvy Cybersecurity actions they should take to better guard their identities.
Freeze that credit
First, you should advise your clients to sign up for a credit freeze. A credit freeze is a more secure option that the credit monitoring and the fraud alert the breached company is offering. Both credit monitoring and fraud alerts will tell your client that a new account has been opened in their name after the fact.
With a credit freeze, clients can freeze their credit file—stopping any new accounts from being opened without a PIN assigned by the credit bureaus. A credit freeze is a more proactive way for your clients to protect their credit.
To sign up for a credit freeze, your client will have to contact all three of the credit bureaus separately and request a freeze. Each bureau will provide your client with a special PIN they will need to use if they wish to unfreeze their credit. The cost to sign up for a credit freeze varies per state and usually costs $10 to freeze and unfreeze. The fees are waived for proven identity theft victims. (This is Savvy Cybersecurity Principle #6: Credit.)
Monitor accounts
Next, help your clients sign up for text or email alerts on their credit card and bank accounts. By doing so, they will receive a notification every time a transaction is made. This is a quick and easy way for them to know exactly what is happening with their accounts. If they get a notification of a transaction they did not make, they have the ability to alert the credit card company or bank immediately. This can stop the fraudster quickly, before more damage is done.
Most banks and credit card companies offer text and email alerts through their online account options. Your clients will need to create an online account in order to sign up for these alerts. This process should only take a few minutes, but will put your clients in control of their financial accounts. Setting up these notifications is Savvy Cybersecurity Principle #5: Transactions.
Look out for phishers
After a data breach, phishers tend to cast their lines. In many cases, these phishers will send out phony emails that appear to be from the breached company. These emails will offer victims “guidance” on what steps they should take next—including links to help them sign up for the free services offered. These links, however, contain malware designed to steal the recipient’s personal information.
It’s important that you educate your clients on how to decipher phishing attacks, especially if they have been a victim of a breach. First, you should remind them that legitimate companies will not ask for their personal information via email—they will be contacted by phone or mail first.
Another warning sign is that they refer to your client as “customer” rather than using their name. Your client should also be on the lookout for spelling and grammar errors. Phishers also tend to use urgent language to get recipients to act.
Your client should also examine the “From” line of the email much more carefully. Often, the sender will hide their true identity with a false email address that appears to be associated with the breached company. To get a closer look, instruct your client to hover their mouse over the “From” name. By doing so, they will be able to see the true email address of the sender.
The same precaution should be taken with any links included in the email. Phishers have the capability of disguising a malicious link as a real link. Again, clients should hover the mouse (without clicking) over the link or hyperlinked text. A small box will appear and reveal the true URL of the link. This allows your client to see where the link would actually direct them, so they can decide whether proceeding is safe.
You should advise your clients to be over-cautious when dealing with their email. If they are in doubt about an email’s authenticity they can always call the company directly and ask. They should use the phone number found on the company’s official website and not a number from the email.
If clients think they have received a phishing email, they should not click anything and delete the email immediately. Staying smart about phishing is Savvy Cybersecurity Principle #7.
Your value
Guiding your clients through this stressful time demonstrates just how much you care about their well-being and differentiates you from others. Your clients will be thankful that they have someone knowledgeable to turn to during this time. Your advice is much more valuable than the generic letter they received in the mail, so reach out to your clients to help.
If you share the tips above, your clients’ identity and money will be better protected from hackers and thieves—and their relationship with you will be stronger, too.