Easy Steps for Older Individuals to Reduce Financial Crime Risks

In a previous article, I outlined 8 primary reasons why criminals frequently succeed when targeting older individuals, hoping to disabuse anyone over the age of 50 of a belief they will never fall victim to a financial crime. In follow up, I want to offer common sense steps older individuals can take now to help develop a meaningful and practical fraud mitigation strategy tailored to their own unique situation.  

Educate yourself on best cyber security practices. 

Much of what we do today, we do online and many suggestions made herein involve using online resources. Before taking additional steps, educate or re-educate yourself on best cyber practices. Many government agencies and respected institutions offer this information. As an example, the FDIC website offers basic and understandable information on best cyber practices for individuals, including a page dedicated solely to customers of financial institutions.

Do not assume you know enough to skip this step. Financial crimes evolve such that yesterday’s best cyber practices may prove less effective today. Take a few minutes now to review basic best cyber practices and commit to periodically reviewing trusted websites and other sources for updated information.

Once you have done this, go beyond basic best practices and take a deeper dive to understand the reasons behind these practices. For example, understand: why effective password construction avoids using passwords with common roots or personal references; how criminals disguise phishing attacks and why a casual click on a seemingly safe link can compromise your device; how and why to protect your home network from unauthorized users; how and why to protect your devices in public settings;  how anti-virus programs work and their limitations; and the warning signs of an email hack and the ramifications that follow.  By taking this deeper dive, you increase your cyber intelligence and can avoid common traps.

Based on how you value safety against convenience, your best cyber practices may include purchasing a basic laptop that you only use to access your secure websites such as your bank, financial advisor, broker, credit card account, 401K provider, etc. (collectively, “Secure Service Providers”). By intentionally not using this device to search the internet, access your email or follow social media, you limit a criminal’s ability to compromise that device. By intentionally not using your other devices to access your Secure Service Providers, you better limit the damage a criminal may do if they compromise one or more of those other devices. Using a dedicated laptop may also assist your Secure Service Providers in identifying unauthorized access attempts. 

Identify several trusted websites that discuss financial crimes targeting older individuals and visit those sites on a regular basis.

The Department of Justice offers a great resource for older individuals through its Elder Justice Initiative. Elder Justice Initiative pages on the DOJ website describe schemes, techniques and tools commonly used by criminals to victimize older individuals. Secure Service Providers offer similar information on their websites. Identify several trusted and informative websites containing this information and visit those sites on a regular basis.

Because criminal schemes continually evolve, a scheme that targets you may look nothing like any scheme noted on these websites. However, knowing current schemes allows you to quickly deflect clumsier attempts to target you. You also see how criminals quickly exploit events such as the Covid-19 pandemic and common fears/concerns to create convincing schemes targeting people of all ages. You see how criminals disguise and recycle basic schemes by inventing new backstories. 

Looking at current schemes allows you to understand the criminal might not target your money. Criminals need ways to transmit and launder money they have already stolen and frequently recruit older individuals to unknowingly serve as “money mules.” While not targeting your money, money mule schemes can subject the victim to financial loss, legal problems, severe inconvenience and future exploitation.

Similarly, some criminal schemes seek information or access, not money. The criminal wants your money, but before they can steal it, they need additional information or access to one or more of your devices. Phishing represents a common example of this type of activity.

Perhaps, most importantly, seeing current schemes allows you to understand that many schemes simply invent different fact patterns to camouflage a handful of basic fraud concepts. Some basic fraud concepts are:

·        You have done something wrong and must make an immediate payment to avoid imminent arrest/prosecution.

·        You or a close (possibly deceased) relative owe a delinquent debt that will result in dire consequences if not immediately paid.

·        Because of a security concern you must provide passwords or sensitive data to unlock your account or continue participation in a government program such as social security. Recently, this type of scheme has evolved to induce you to provide a code the criminal’s actions have caused your Secure Service Provider to send to you which then allows the criminal to seize your identity and access the service.

·        I have enticed you with some basic interest and simply click on this link for more information.

·        Because of a security concern you must immediately move your money, perhaps to a cryptocurrency account or gift cards.

·        You qualify for a windfall such as an inheritance, lottery, rebate, refund, government stimulus/benefit payment, or forgotten asset but you cannot receive your money until you provide sensitive information, make payment for taxes, accounting services, legal services, government fees, etc. or click on an embedded link.

·       A deal too good to be true that probably requires immediate actions.

·        You need to give someone remote access to your device to remove a virus, diagnose a problem, install an app, etc.

·        To facilitate payments to you, you need to give someone your bank account, credit/debit card information or electronic access to your account.

·        You need to make a payment of some sort using a cryptocurrency or gift cards.

·        You receive a payment, possibly as a part of a sale transaction or business opportunity, and must quickly forward all or some portion of that payment to another party.

·        Your help is needed to get money to someone in need.

·        A legitimate transaction/purchase you just made has encountered an unexpected issue requiring an immediate payment, sensitive information or a click on a link to resolve.

·        Someone you met online and who you now think you know or in whom you have a romantic interest needs you to transmit money for some compelling reason.

·        Someone promising to do work for you needs a large down payment, your bank account information or your credit/debit card.

Only the criminal’s imagination limits the fact patterns woven around these concepts and the criminal may select a fact pattern specifically for you. If you learn these basic fraud concepts and see how criminals employ them in common schemes, you have a greater chance of looking beyond clever camouflage to identify a fraud scheme targeting you.

Educate yourself on best social media practices.

Similar to educating yourself on best cyber practices, review best social media practices. Government and industry websites offer a wealth of practical and easy to understand suggestions. Once you have done a meaningful review, explore the reasons behind those practices. For example, criminals may create some of the “surveys” seen on social media, such as: “Here is a fun game to play, answer the following 20 questions…” Many of the questions appear innocuous and appeal to your sense of nostalgia, but others mirror challenge questions commonly used by Secure Service Providers to authenticate identities. Responding to the survey makes identity theft much easier.

Commit to checking your social media practices websites from time to time to make sure your best practices continue to align with professional recommendations.

Join AARP or a similar organization.

Criminals target people of all ages and information on avoiding financial crimes generally looks at the issue from the perspective of a generic/ageless victim. Organizations like AARP focus on information having the most relevance to older individuals. These organizations may review identity theft and anti-fraud tools to suggest vendors offering the best choices for older individuals. They may identify Secure Service Providers offering special products and services designed specifically for older individuals. They may explain how to place alerts on accounts with Secure Service Providers to help them identify suspicious activity.  They may identify schemes targeting older individuals faster than general websites. These organizations add value and you should join one that appeals to you.

Talk to your Secure Service Providers.

Secure Service Providers offer tools to protect against financial crimes. These tools cover a wide spectrum and may include enhanced/dual factor authentication, blocks on certain activities, transaction/dollar limits and immediate alerts for pre-selected activities.

Some disparity exists among Secure Service Providers and they do not all offer the same security tools and services. Some of the more progressive Secure Service Providers may go one step further and develop products and services specifically designed to meet the security needs of older individuals. Have a conversation with each of your Secure Service Providers to learn what safeguards exist in their systems and what optional tools or services they offer to enhance your protection. You might only learn about these tools or services by having these conversations. Once you have these conversations, check the websites of competitors to determine if they offer different tools or services more compatible with your security needs.

One might ask why the prevalence of financial crimes does not cause Secure Service Providers to automatically include the strongest security protocols on all products and services. Individuals have different risk appetites and may value convenience over enhanced security. You must determine your own risk appetite and willingness to sacrifice convenience for security. Be cautious in making this determination. Some Secure Service Providers include language in their agreements to deflect a fraud loss back to you if you fail to use an anti-fraud tool they offer designed to prevent that fraudulent activity.

Take advantage of free tools.

Applicable laws generally entitle you to a free copy of your credit report on an annual basis and everyone should do this. Look beyond the credit score for things like discrepancies in your name, address, phone number, etc., previous addresses where you never lived, multiple social security numbers, credit inquiries you do not recognize, accounts you do not have and late payments you cannot identify. Alert the credit bureau to any mistakes or inaccurate information and request an explanation. If that explanation suggests possible identity theft, take remediation steps immediately.

Some banks or credit card companies will provide your credit score on a monthly basis. Usually, this information lists events potentially impacting your score, such as recent credit inquiries or new credit products. While your credit score can legitimately fluctuate for no readily apparent reason, if you see a substantial change you believe unjustified or you do not recognize factors listed as effecting your score, contact the credit reporting agency immediately.

The Postal Service offers most residential customers a free informed delivery service that allows you to see exterior (envelop) images of mail the Postal Service will deliver to your house that day or the following day. Take advantage of this service because criminals still steal mail. Informed delivery allows you to monitor your expected mail and, if something fails to appear, to quickly react to a potential compromise. Your use of the informed delivery service also prevents an imposter from obtaining the service in your name to monitor your mail.

Most jurisdictions have on-line access to mortgage records. If you own your home, periodically check these records to confirm no one has stolen your identity to place a lien against your home or to transfer it to a third party. 

Search your name online and look for any false negative information. For example, a criminal may have used your identity to perpetrate a fraud against third parties, suggesting a criminal has sufficient information to compromise your identity.

The proliferation of financial crimes should result in the development of additional free tools and services to enhance your protection efforts. Taking the steps outlined earlier should keep you informed of these developments and allow you to consider using these tools and services as they hit the market.

Consider if an identity theft protection service is right for you.

Numerous identity theft protection services with various product offerings and price points exist in the marketplace. These services do not protect you from all forms of financial crimes, but can help identify and minimize certain identity theft risks. If you feel such a service fits into your fraud risk strategy, take time to research the best service for you and select a provider with a proven track record. If you do engage such a service, make sure you understand what the service does and does not do. These services enhance your fraud mitigation efforts, they do not replace them.  

Keep your trash clean.

Criminals recognize the value of going through someone’s trash and we must act as if a criminal will see everything we throw out. Eliminate this risk by investing in an inexpensive shredder and shredding anything that contains personal, financial or other sensitive information, including solicitations for financial products and services containing your name.

Time your outgoing mail. 

Criminals have found ways to compromise U.S. Mailboxes and steal outgoing mail. If you continue to send payments and sensitive information by mail, minimize the risk a criminal may compromise the mailbox you use by reviewing its scheduled pick up times and placing your mail in the box on the day of, and shortly before, the next scheduled pick up. If mailing an overly sensitive piece of mail or a large payment, consider using express mail, a commercial mail service or taking it to the post office during normal business hours and dropping it off in person.

Don’t ignore red flags.

While the presence of a red flag does not mean fraud has occurred or will occur; you cannot differentiate between true positives and false positives unless you investigate the red flags you see. Promptly addressing a true positive can disrupt a fraud event and reduce the resulting damage.

Red flags take many forms including, but not necessarily limited to: (i) a bank, credit card, brokerage, pension, etc. transaction, regardless of size, you do not recognize or did not authorize; (ii) any communication relating to a purchase, account, donation or transaction you do not recognize; (iii) incorrect information on your credit report; (iv) a legitimate communication from a Secure Service Provider relating to something you do not recognize such as a change of your personal information, access by a new device, a transaction, interaction or event, a missed payment, or the addition of a new service; (v) difficulty logging on to a secure website; (vi) information from a friend, colleague or service provider questioning a text or email you did not send; or (vii) any other event, notice or observation you find unexpected, unusual or suspicious.  

How you react depends on the nature and severity of the red flag. Obviously, you should immediately report a red flag relating to a specific account, product or service directly to the applicable vendor. If the red flag relates to a possible email or phone/text compromise, alert those Secure Service Providers you communicate with using that email or phone/text account. If the red flag involves a party with whom you do no business/do not know or does not relate to an actual transaction, you may still wish to alert your Secure Service Providers and credit reporting agencies as they may initiate temporary safeguards, identify additional red flags, and suggest further mitigation steps you can take. 

When contacting your Secure Service Provider about a higher risk red flag, do not rely on sending an email, text or voicemail message. Keep trying until you reach an actual person in an appropriate department. Criminals love to strike around holidays, over weekends and late in the day. Once you reach them, tell them about the red flag you observed and anything else you now deem as relevant or potentially suspicious. Do not withhold any detail because you deem it as trivial or inconsequential. Most Secure Service Providers have protocols they follow depending on the nature of the red flag and will offer you appropriate guidance. 

Think before you act.

Once a thief targets you, they understand every passing minute represents an opportunity for you to detect the fraud. For this reason, many schemes include fact patterns designed to pressure the victim to act quickly. Do not fall for these pressure tactics and consider any communication relating to a financial or security matter that stresses the need for immediate action as a red flag. Slow down the transaction and think before you act.

Sometimes a Secure Service Provider must reach out to you with a legitimate security threat requiring prompt action. Criminals effectively replicate these calls in way that makes it difficult to differentiate between a valid call and a fraudulent one. You can resolve this dilemma by terminating the initial contact and immediately reaching out to your Secure Service Provider using a phone number, website, etc. you have independently validated.

Promptly review statements and activity on accounts with your Secure Service Providers.

While an oversimplification, the law recognizes that two or more innocent parties must sometimes determine who incurs a loss resulting from a financial crime and seeks to put that loss on the party in the best position to prevent it. 

In many cases, you can prevent fraudulent activity by promptly reviewing activity on all of your financial accounts. Reviewing monthly statements represents a good first step but do not limit your review to monthly. Rather, to the extent you have online access, make a point to do a quick on-line review of your activity on a weekly basis. If you see anything unusual, unrecognized or suspicious, report it to your Secure Service Provider immediately as your failure to do so may put any resulting loss on you. In some cases, prompt reporting of a fraudulent transaction can result in a reversal of that transaction, such that neither you nor your Secure Service Providers incurs a loss. Prompt reporting also prevents the criminal from performing additional fraudulent transactions. 

When conducting this review, do not neglect loans and dormant/inactive accounts. Criminal activity may include use of the largely unused credit card you keep “as an emergency,” depositing and withdrawing fraudulent items through an unwatched dormant account or tapping into your home equity or other credit account.

Determine if there is someone you can trust to assist you as you grow older and then integrate that person into your protection efforts.

This suggestion comes with a significant warning as trusting the wrong individual can end in disaster. Indeed, perpetrators of financial crimes against older individuals frequently include acquaintances and family members. For this reason, proceed cautiously and understand that, even if you choose to take this step, you do not need to give this individual access to your finances or sensitive information to include them in your fraud risk strategy. 

Understand also that human nature has convinced you that you do not need to take this step. Get past this internal barrier by telling yourself to take this step even though you do not believe you need it.

Start by having a candid conversation with the individual you chose. Express your understanding that your ability to spot fraud and financial exploitation schemes could start diminishing as you advance in years. Generally, let them know the precautions you have already taken and that you would like their help. Their help might include suggestions of additional precautions and serving as an advisor. For example, if you desire to make a significant purchase or sale using the internet, you can discuss the transaction with them in advance. They may see warning signs you missed.

Once you have engaged this person, check in with them periodically. As you age and begin noting some age-related issues, you can consider offering this individual greater access and control, based on your particular situation and level of confidence in this person. In some cases, this might mean giving the individual informational access to financial accounts that allows them to monitor, but not initiate, activity. In more extreme cases in which you acknowledge difficulty managing your financial affairs, you might execute a power of attorney to enable this individual to assume this role. If you have worked with this individual for a number of years as your trusted advisor, you will have a better ability to determine if you can and should trust this individual with greater access. 

In choosing the right individual, consider choosing someone with whom you have maintained a long term and close relationship. For many of us, this will mean one of our adult children or another close relative. As we have observed this individual over their lifetime, we can better assess their suitability for this role. Avoid someone who may have only recently come into your life or who you may have known for many years but suddenly seems to take an interest in you.  

Despite your love for your child or close relative, consider avoiding anyone who has struggled with addiction, who has financial problems, who operates a struggling business or who seems to continually live beyond their means. This does not mean an individual falling into these categories does not love you or will steal from you, it simply acknowledges they face temptations that others do not. Many criminals start as an honest person who makes a single bad decision during a difficult time. For this reason, also ask yourself if this person has ever made a decision that might cause you to question their honesty, integrity or judgment.  Try and choose someone who does not have a track record of questionable decisions and who will not face a temptation to use your money for their needs. 

Finally, choose someone with sound judgment and financial sophistication. Honesty and trustworthiness, by themselves, will not suffice. You need someone who understands the threat and possesses the skills to avoid it.

If you cannot identify a trusted individual, do not settle by selecting someone you do not entirely trust. Rather, skip this step and consider reaching out to your local adult protective services agency as they may have resources that can help. 

Conclusion

Everyone over the age of 50 shares an increasing vulnerability to financial crimes but possesses their own unique circumstances requiring a fraud risk strategy that works for them. The steps outlined herein do not form that fraud risk strategy, but represent the building blocks for creating one that works for you. 

If you have passed your 50th birthday, start formulating your fraud risk strategy now even if you don’t think you need it. If you have loved ones over the age of 60, do them a favor and talk to them about this very real risk. Just having the conversation breaks the ice and could open the door to a constructive and ongoing dialogue. Based on your relationship with them, you may be the trusted person that stands between them and a large financial loss.

Ken Krach

July, 2020