Power Up Wealth podcast – Is The Bank The Safest Place? – Episode 46 transcript:
Sharla Jessop 0:00
Fraudsters and bad players have become very adept at getting trusting people to turn over the keys to the bank. I’m Sharla Jessop, President of Smedley Financial Services. Today my guests and colleagues, Mikal Aune and Shane Thomas, will explain just how easily and quickly this can happen.
Welcome to the SFS Power Up Wealth podcast, where we provide impactful insight and expert opinions on timeless financial principles and timely investment topics, preparing you to make smarter decisions with your money.
Mikal and Shane, thank you for joining me today.
Mikal Aune 0:52
Glad to be here.
Shane Thomas 0:53
Yeah, happy to be here.
Sharla Jessop 0:54
Mikal is Vice President of Wealth Management at Smedley Financial Services, and he holds a CFP designation and an MBA and Shane Thomas is our resident IT Specialist and we consider him our expert. Mikal, there must be a million reasons why you want to talk about this concerning topic.
Mikal Aune 1:10
Or at least 100,000.
Sharla Jessop 1:12
Why 100,000?
Mikal Aune 1:13
Because that’s how much a client lost from their checking account because of fraudsters.
Sharla Jessop 1:18
Unbelievable.
Mikal Aune 1:19
It is. And so that client I talked with him and they said, please share my story. So other people don’t fall into the same trap that they did.
Sharla Jessop 1:26
That’s kind of them to be willing to share their information to help protect others, because we’re seeing an increase in fraud across the board. Tell us more about that what’s happened.
Mikal Aune 1:34
So what happened to this particular client is on their laptop, they had a login screen or a screen that popped up that said, your computer has an issue, it’s with Microsoft, please call Microsoft at this phone number. So they called the phone number and the person sounded trustworthy and just was helping them through it. Requested that your username and password so they could sign into the computer for them. But as soon as they got that sign in, they locked the computer down, they were able to get their personal bank information and log into Zions Bank and create a wire for $100,000. And as soon as the wire is gone, it was not recoverable. So even though it’s a legitimate bank, even though the bank can do everything that they can their power, like once a wire leaves, that money is most likely gone.
Sharla Jessop 2:21
So what you’re saying is the bank can’t protect someone against a wire fraud.
Mikal Aune 2:26
Not completely. There should be checks and balances in place to try to prevent as much wire fraud as possible. But there are things that the consumers or clients need to do to also protect themselves.
Sharla Jessop 2:36
So it’s not like when someone gets your Visa card and starts using it, and the Visa company will wipe the charges away or, you know, take the charges themselves.
Mikal Aune 2:46
No. And that’s one of the things that you say, Okay, what are the things that they could have done differently so that this had a different outcome. And, and one is not keep so much money in your checking account. Because the checking account is one of the easiest places to tap into. So don’t use a debit card, if you’re going to use a card, use a credit card, because that’s the big difference. If a credit card, if there’s a big charge that comes through for $5,000, let’s say. Well, the credit card eats that. They’re the ones that are on the hook for that $5,000. If that $5,000 or $100,000 leaves your checking account, it’s just gone until they can recover it, if they can recover it.
Sharla Jessop 3:25
Right, you know, with a Visa card, they’ll just issue a new card new number. So going forward, you don’t have that issue, and they can nip it in the bud. But in a bank account, that’s tragic when a large sum of money is gone. And a lot of companies require debit card payments.
Mikal Aune 3:40
Yes. And so you have to be really careful about those and whether or not you use a debit card and use a credit card whenever possible. There are other things that they could have seen or done too. And probably what happened is that their computer got infected either from a fraudulent website or from an email that came through where it had a link that they clicked on. Because somehow there was some malware that got onto their computer in order to make that pop up show up for them. And they’re not the only clients that have had that have had a pop up on their computer that says call this phone number. So that’s the second thing is if a phone number pops up to say, hey, call this company, go verify that phone number somewhere else. And once you can look it up and say hey, I’m gonna call this number that I know is legitimate. And then you can say, hey, did you really send out this email? Is there really something going wrong with my computer? Did you make this pop up show up? And they can either say yes, it’s legitimate or no it’s not. So that’s another big thing is just verify the information that before you do. If you do happen to get on the phone call, I had another client do this that they started going through it and the people started asking for more and more information and they just felt uncomfortable. And finally they just hung up on the person. Then they shut down their computer you should power it off completely. And then either take it to computer repair place or call them and they can usually verify if there’s anything bad on your computer that’s going to be malicious or harm you in any way.
Sharla Jessop 5:04
You know, I just think there is an increase. There’s always fraudsters, whether it was, you know, washing checks at, you know, getting checks out of people’s mailboxes, which is, believe it or not still going on. We, you know, we hear about it all the time. But they’ve just changed with as technology has changed, they’ve adapted and they’re persistent.
Mikal Aune 5:23
And they’re getting more and more creative, like the emails that they send aren’t the Nigerian prince anymore. And hopefully everybody is aware of that one, where the Nigerian prince says, oh, I’m, I’m moving to America, but I need so much money, you know, send me $300. And when I get there, I’m going to send you $3 million. You know, hopefully everybody’s aware to that one. But they’ve become more sophisticated, where they send an email that looks like it’s coming from Target, or America First. And it looks like it has all the rights, information and wording on it. And about the only way you can detect it is if you hover over some of the links in it’ll show you what the link is. And it’s going to some random website in Timbuktu. Same thing with emails or with text messages, you know, if you look at it, and it says [email protected], well, that’s not legitimate, right? And so you have to pay really close attention. I see the same thing coming through on text messages. But even with text messages, they’re getting more savvy, and they’re not just sending you a link that says, hey, click on this link, they’re sending you a text message that says, hey, I missed out on dinner last night, I’m sorry. And you reply and say wrong number. Well, now they have you on the hook. And they know that it’s the that it’s legitimate number, and they can try to create a dialogue with you and keep things going to find out more personal information about you.
Sharla Jessop 6:41
They’re tricky, it’s, it’s critical to be very vigilant about protecting yourself and what you’re clicking on, and where you’re looking.
Mikal Aune 6:47
So Shane has seen that more and more. So Shane, what should people do if they’re getting those type of text messages?
Shane Thomas 6:53
The best thing to do in that case is to you know, if you have an iPhone, even with Android, it’ll say report this number, block the number, but at least block the number. Don’t even reply. Don’t even say anything back to the person like oh, sorry, wrong number. All that does is acknowledge to the bad guys, that the number is legit. And there’s it’s a real number and it works. And then that number gets moved up the chain as oh, as this is a number we can really push to spam further. So yeah, the first the best thing to do, ignore it, blocked a number and move on.
Mikal Aune 7:31
Yeah.
Sharla Jessop 7:33
Shane would tell us about some of the other fraud things that you’re aware of that people need to be know about so that they can protect themselves?
Shane Thomas 7:40
Well, as Mikal mentioned, email phishing fraud is huge. It’s been big, and it’ll continue to be big, because it’s lucrative to them. The bad guys aren’t going to stop doing something that’s working well for them. They just keep making it better and better. And they’re making the emails more creative. They’re instead of being from target.com, that might be target with two T’s or a target and a number 1 .com. They’re really getting sophisticated in how they’re making those. And you might go, oh, this is my Amazon package, and you want to verify that it’s coming. You click the link, it takes you to a site that appears like a legitimate site that you sign in. You put your credentials in, they take those credentials, and immediately as soon as they get those, they harvest those, they log into the real website, whether it’s Amazon, Target, Walmart, whatever it is, even your email, they get into that. And then they immediately change the password, which locks you out, and then start creating problems. It happens so fast, just like our clients that they got on their computer. They thought there was a problem. As soon as they gave him that information. They immediately locked the clients out of their own machine and, and move forward with the fraud. So the phishing emails is big. Auction websites.
Mikal Aune 8:56
That one was interesting to hear about it. Yeah, what what’s going on with the auction websites?
Shane Thomas 9:00
Auction websites are huge. These guys are putting up merchandise on there. It can be something simple as you know, Beanie Babies from back in the 90s or 2000s, cars, RVs, it doesn’t matter. And people feel like oh, this is you know, I want to buy that. And this is a great deal. Once again, if it’s too good to be true, it probably is. And people are getting on there and they’re bidding for these they feel like they’ve got now like a tie to this object or like I’m getting a pretty good deal on this. They go to purchase the item. The company wants them to wire the money to them. And they get the wire instructions because hey, you won the bid. Here’s the wire instructions. They go down to the bank, they wire the money. Well, guess what? The auction site isn’t legit. The item really isn’t there. The cool classic car, the boat, whatever it was, and your money is now gone and you are not going to ever see that item.
Sharla Jessop 9:56
No recourse!
Mikal Aune 9:57
No recourse! One thing that I thought was crazy is the auction site was using a legitimate business address. So the business address is fine. But it’s not to that business, right it’s to some other business that’s random that has no identification. And so, in those cases, always call to verify before you start sending money, especially through wires, because wires are really fraudulent or have the potential to be fraudulent
Sharla Jessop 10:23
Much better to give them a credit card. If they’ll take a credit card.
Shane Thomas 10:25
Yeah, if you call the phone number, and nobody picks up, and that’s, that’s suspicious.
Mikal Aune 10:31
Yes, yes, that is.
Sharla Jessop 10:32
You would think so. You’d think that would trigger something.
Mikal Aune 10:34
I’ve seen wire problems too, with like mortgages because or buying a house because they want the wire money to come through for the down payment or whatnot. And so fraudsters know about that, and they’re trying to get the wrong wire information out there. And so if you get the wrong wire information, it could go to Timbuktu, or you know, someplace where there’s no recourse, no way to get the money back. So I tell people if you’re wiring money, buying a home, selling a home, whatever, make sure you double and triple check the wire information before you send any money out.
Shane Thomas 11:07
I would agree with that. The other thing that is concerning too, is the amount of logins and passwords that we are required to make. Every website that we go to wants you to create a username and a login and password, regardless, and yeah, whether it’s Target or Walmart, Amazon, your bank, your credit card, your cell phone, your cable provider, everybody wants a login. And so much so that we get lazy, and we just start using the same password or a similar password. Well, guess what? If one password is compromised, and you have that same password used across several different places, now that password is compromised for all of those websites. So the best practice is, as hard as it is, make a unique, hard password for every single website.
Mikal Aune 12:00
I think my hand gets tired writing all the passwords down. But I know that’s a bad practice to write them down.
Shane Thomas 12:06
Yeah, the best practice is use a password manager. Some kind of password manager where it keeps track of all of those for you. An example would be LastPass, or 1Password. There’s a couple out there that are really good. If you have questions, give us a call, we can give you some recommendations. But that way, you’re not writing it down, you don’t have a notebook with 50 pages worth of passwords. And then also the password managers makes a password really hard for you with 10, 15, 20, 30 characters long with uppercase lowercase special characters numbers, then you’d have to think about it you’re not just using, you know password with an exclamation point. You’re using a really hard password. And the other thing to do is if it’s an option, which is most of the banking places, is you turn on the two factor authentication, the multi factor authentication, whether it sends you a text or an email with a code, or uses a code on an authenticator app on your phone, something like that. That’s just one more step to keep the bad guys out of out of your stuff.
Sharla Jessop 13:12
I recently heard of some fraud where the fraudsters have information, they’ve probably been monitoring someone’s email and had password information. But it was two factor. And so they made a phone call to the person saying that they were the legitimate company and said, we’re going to send we’re having some problems with your account, we’re going to send you a code, we need your code to verify it’s you. And then at the same time the fraudster is trying to log into the account. And they know that a two factor code is going to be sent. So they trigger that, and then the client gives them the code. Well, now the fraudster has access to the bank.
Shane Thomas 13:49
The bank will never call you and say, hey, I need the code. You might be on the phone with them verifying information, and you call them to, and they say, hey, we need to send you a code. But they’re never going to call you and say hey, you just got a code. What’s the code? That’s never going to happen.
Mikal Aune 14:06
I’ve seen America First. And there’s a couple other credit unions that are local that they’ve been at the forefront of this trying to tell people hey, fraudsters are trying to mimic us. And they’re trying to request that two factor code. We never will request that do not give that out ever. And so America First at least is trying to fight against the people that are being bad actors.
Sharla Jessop 14:26
Are there other things that they’re saying as far as giving out the code? What other things are banks and credit unions telling?
Shane Thomas 14:33
Besides never sharing your login credentials with someone else, that’s, I mean, besides that, never send money to someone if you’ve only corresponded via email or texting. The other thing they would say is, if you’re suspicious if someone calls you, just hang up! You don’t have to keep talking to somebody on the phone.
Sharla Jessop 14:56
Our polite nature our polite nature makes it hard to do just hang up on someone.
Shane Thomas 15:01
Because they say they’re somebody doesn’t mean they are somebody.
Mikal Aune 15:04
I have a couple clients that they like to play pranks on those callers, because they’ll play along and then just start making up information and just seeing how far they can get the person down the road before they get upset and start yelling at them from the other.
Shane Thomas 15:18
If they have nothing but time to waste, there is nothing wrong with that. But if they call and say, hey, I’m, you know, John, I’m calling from your bank, you know, if they aren’t, maybe they are, hang up, call your bank back, if there’s really a problem.
Mikal Aune 15:34
I have done that a couple times. And they are totally fine with that. And so you can tell that they’re legitimate, and they’re like I’m calling you’re like, thank you for calling, I’m gonna call somebody else back just to verify and they’re like, great, you know, so you can tell that they’re not the ones that are trying to perpetrate fraud.
Shane Thomas 15:49
Gift cards. If someone calls you and says we need you to go purchase gift cards, your boss does not need you to go purchase gift cards.
Mikal Aune 15:58
I’ve had this more from the grandkids where the you know, they call up somebody, and they, especially if they can get somebody that they could sounds like they’re older, right? And they’re like, Grandpa, I’m having issues, and I’m down here in Mexico, and I need you to send me gift cards, because that’s the only thing that I can use to bribe them. And, you know, they create this urgency to it, right, there’s an emergency, it’s something that needs to happen. And you can trust me, because I’m your grandson, they don’t ever say what the grandson’s name is. They just say grandpa or grandma, you know, and people start buying into that. And I have had clients that have sent out gift cards to an address because their thought they’re literally trying to help a grandchild.
Shane Thomas 16:38
The bad guys try to create a sense of urgency that whatever’s happening is you got to take care of it right now. It’s immediate. And so then you you feel like, oh, I’ve got a there’s a problem. And I’ve got to take care of it right now. And they create trust, and then they scam you.
Mikal Aune 16:56
I’ve had somebody that had one of those. And then they called over to their daughter and said, is your son around and they’re like, yeah, they’re here in the backyard. And they’re like, that’s what I thought they weren’t out in Mexico or someplace with issues. And at least they were able to verify that it was fraud and not follow through with it.
Sharla Jessop 17:15
Being hyper vigilant is for us, as individuals, is really important, it’s changed, the nature of fraud has changed and we just have to be aware.
Mikal Aune 17:23
And I think we have to be hyper vigilant as a company. So that so we have rules and procedures in place to protect our clients. For example, we cannot send any personal information through emails. We can’t send account numbers, we can’t send dollar amounts. You know, for example, one day I was on the phone and I had a client, email me or an email that came in from a client that said, Mikal, are you there? And I had been dealing with them. So I replied, I’m on a phone call, I’ll call you when I’m done. And a reply came back that said, we’re on vacation in Mexico kindly email us the balances on our account. And I was like, wait a second, they already know about how much they have. And I started looking at the email closer. And it had spelling errors, punctuation errors. And then I was like, okay, this doesn’t sound right. And so I tried to call the client couldn’t get through to them, called somebody else that knew them that already knew that their clients because we can’t call somebody that doesn’t know that you’re a client. But they’re friends. And they’re both clients, and I said is are they on vacation in Mexico, and they’re like, they’re on vacation in Cedar City. It took still another day or two to get hold of the clients and somebody had hacked their email and had been monitoring it and watching for them to see when they would be out of town and then try to create a dialogue with their financial advisor to see if they could create fraud that way. Email is just one of the things that we have, like we know our clients. And so if people call in, we know what they sound like if we talk to them. And if there’s somebody that we don’t deal with regularly, we’re asking for personal information to verify who they are, before we request any transactions. And then if transactions are requested, it’s already tied to a bank account or home address that it’s going to or documents have to be signed, and their signature verification and I know that the signature verification works, because I had a client that had Parkinson’s that his signature got declined. So I know that they do it even if it’s not for the right reason.
Sharla Jessop 19:14
But at least they’re trying I you know, I everyone that we work with every company or vendor that we work with, has protocol for to protect for fraud and we have it here at Smedley Financial as well.
Mikal Aune 19:26
Yeah, we always make sure that we’re trying to protect our clients and their assets just because what if you lose $100,000? That’s a gut punch, you know, that can be devastating to a lot of people.
Sharla Jessop 19:37
Well, hopefully this will be information that everybody can take to heart and implement so they can keep their own money in their own bank account and use it the way that they want to and not allow the fraudsters to get to it.
Mikal Aune 19:47
Keep your hard earned money and keep it away from the fraudsters.
Sharla Jessop 19:50
Thanks you guys for joining me today.
Mikal Aune 19:51
Thank you.
Shane Thomas 19:52
Thank you.
Thank you for joining the Power Up Wealth podcast. Smedley Financial is located at 102 S 200 E Ste 100 in Salt Lake City, UT 84111. Call us today at 800-748-4788. You can also find us on the web at Smedleyfinancial.com, Facebook, Instagram, Twitter, and LinkedIn. The views expressed are Smedley Financials and should not be construed directly or indirectly as an offer to buy or sell any securities or services mentioned herein. Investing is subject to risks, including loss of principal invested. Past performance is not a guarantee of future results. No strategy can assure a profit nor protect against loss. Please note that individual situations can vary. Therefore, the information should only be relied upon when coordinated with individual professional advice. Securities offered through Securities America. Inc., Member FlNRA/SIPC. Roger M. Smedley, Sharla J. Jessop, James R. Derrick, Shane P. Thomas, Mikal B. Aune, Jordan R. Hadfield, Registered Representatives. Investment Advisor Representatives of Smedley Financial Services, Inc.®. Advisory services offered through Smedley Financial Services, Inc.® Smedley Financial Services, Inc.®, and Securities America, Inc. are separate entities.
