913-661-1770 [email protected]

3rd Quarter 2025 Commentary

Protecting Yourself From Scams

Recently, Stacy and I had the opportunity to travel to the Washington, D.C. area to participate in an annual conference. It is always an enjoyable time to catch up with people and learn new things. Unfortunately, there was a very consistent theme through many of the presentations this year: scammers are getting better, and all of us need to be more educated and more vigilant to avoid becoming victims.

The bad news is that we tend to be our own worst enemies. The habits, fears and desires that all of us have make it so that the weakest link in any person’s cybersecurity plan is likely that person. But, fortunately, this is also the good news – if we are our own worst enemies then that means we have some amount of control. There are no foolproof solutions, but there are a handful of practices you can adopt that should at least make you a less vulnerable target.

  1. Use Good Password Practices

Some 80% of security breaches are the result of poor password security[1]. It is likely that you already know at least some of the best practices. The problem is that they are inconvenient so we tend to be sloppy about them. But this is an area where it is worth being diligent. Here are a few good considerations for your passwords:

  • Don’t share the same password across multiple sites
  • Use a “Pass Phrase” instead of a Password. A longer phrase like DrinkWater$HealthyStay@2025 may be both easier for you to remember and harder for a computer or hacker to guess compared to a short password[2]
  • Don’t share the same password across multiple sites
  • Avoid using your personal information (date of birth, family names, etc) as part of your password.
  • Don’t share the same password across multiple sites
  • Use Multi-Factor Authentication (MFA) to receive an independent verification code when possible. According to one of the conference sessions, given by a cybersecurity professional, some 90% of the breaches he had seen could have been prevented by simply using MFA. Using an Authentication App is preferable to receiving a texted code.
  • Don’t share the same password across multiple sites
  • Consider using a Password Manager to help you create and remember strong passwords. Examples include Bitwarden, Keeper or the ones that can be native to Apple devices or Google Chrome. Using a Password Manager can help you with the last item in this set of practices:
  • Don’t share the same password across multiple sites
  1. Watch for Common Red Flags[3]

There are a few common red flags that show up frequently. This is not an exhaustive list, but should give you a few examples of things to watch out for.

  • Urgency: If you are pressured to send money quickly (like limited time offers or receiving an unexpected “confirmation of payment” for a payment you didn’t make) or if you are threatened with law enforcement action, something is likely off. Resist the urge to act immediately.
  • Unusual Payment Method: Don’t agree to complicated payment methods like purchasing a gift card and giving the code or depositing a check and returning the overpayment. Be cautious if you are asked to wire funds.
  • Too-Good-To-Be-True: Use the old cliche – if something looks too good to be true, it probably is. This applies to shopping, online dating, online job postings and most anything else you could think of.
  • Unexpected Communications: This can be from an entity you do business with (credit cards, banks, etc) or, more unsettlingly, from someone you know whose account has been compromised or is being ‘spoofed’. If you receive a communication you weren’t expecting, especially if it asks you to click on a link or provide personal information, do not click the link, provide information or follow its instructions without verifying first! Contact that entity or person with a phone call using a known phone number, NOT the number provided in the communication. You can call your loved one at an alternate phone number (if possible) or call the credit card company using the 800 number on the back of your card. If the message is legitimate, then the person or business won’t mind you contacting them to confirm.

3)           Assume It’s a Scam

While I hate to be a pessimist, it has become prudent to assume that any unsolicited communication is a scam. While this is obviously true of anyone you don’t know who is reaching out to you, it is safest to adopt this attitude even of people who you know.

  • An e-mail “from your daughter” with a link that says to click on it to see pictures of your grandkids?
  • A call “from your grandson” that he’s in jail and using his one call to ask you to wire funds to him for bail?
  • A “tech support” person (with whom you did not initiate the call) requesting that you let them have remote access to your computer to fix a computer problem?
  • Someone “with your bank” calling to alert you that you’ve been scammed and they will help you open a safe account where you can move all your money?

If you did not initiate the contact and were not expecting it then it is best to assume it is a scam and to verify before taking any action, especially if it seems unusual or too-good-to-be-true. As mentioned above, a legitimate business or a family member will understand why this is necessary and will not be bothered by the verification.

We know that security against scams is not fun and is inconvenient. But unfortunately it is here to stay and it is very likely to only become more necessary as we move forward. But with a little caution, and a healthy dose of skepticism, hopefully you can avoid becoming a victim!

 

Please Note

When it comes to how frequently you should monitor your investments, there are two unhealthy extremes, with ‘never looking’ at one end of the spectrum and ‘obsessively looking’ at the other end. May we suggest using our quarterly commentary as a prompt to review your accounts, helping you avoid both extremes? You can review your current accounts by logging into www.cirstatements.com. If you have never logged into that site, please call our office and we will be happy to help you register.

[1] Branko K, “Impressive Password Statistics to Know in 2022,” Web Tribunal, April 6, 2022, https://webtribunal.net/blog/password-stats/#gref

[2] https://www.expressvpn.com/blog/passphrase-examples/

[3] “Protect Yourself From Scams” Capital One, 9/18/2025 – www.capitalone.com/digital/scam-education/

4600 College Boulevard Suite 106 | Overland Park, Kansas 66211

Phone: 913-661-1770 | Fax: 913-661-1713 | Info@FinProInc.com

Map and Directions

Certified Financial Planner Board of Standards, Inc. owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER and federally registered CFP (with flame logo), which it awards to individuals who successfully complete initial and ongoing certification requirements.

Diversification and asset allocation strategies do not assure profit or protect against loss.

The information being provided is strictly as a courtesy. When you link to any of these web-sites provided herein, Financial Professionals Incorporated makes no representation as to the completeness or accuracy of information provided at these sites. Nor is the company liable for any direct or indirect technical or system issues or any consequences arising out of your access to or your use of third-party technologies, sites, information and programs made available through this site.

Securities offered through Registered Representatives of Cambridge Investment Research, Inc., a Broker/Dealer, Member FINRA/SIPC, to residents of: AL, AR, AZ, CA, CO, FL, GA, IA, IL, KS, MD, MO, NC, NE, NV, OH, OK, OR, TN, TX, and WA. Investment Advisor Representative, Cambridge Investment Research Advisor, Inc., a Registered Investment Advisor, Cambridge and Financial Professionals, Inc. are not affiliated.

Cambridge’s Form CRS (Customer Relationship Summary)

 

Copyright © 2025
Financial Professionals Inc.