How to prevent identity theft before it strikes
Learn how identity thieves gather personal information and help protect your clients from becoming victims.
Key Points
-
Identity theft remains a common type of fraud in the United States.
-
Social engineering can be just as effective as high-tech methods for stealing sensitive client information or money.
-
You can help protect your clients by staying aware and taking extra precautions to verify their identities.
Identity theft is a frequent play in the fraudster's playbook. In 2023, the Federal Trade Commission received more than a million reports of identity theft, contributing to fraud that overall cost consumers more than $10 billion.1
Much of this fraud is preventable. Identity thieves often use a mix of high-tech and low-tech schemes, including social engineering, to trick you into giving them access to sensitive information such as social security numbers and passwords. They then use that information to pretend to be you or your clients so they can steal money.
The good news is anyone can learn to spot a scam. Here's what to watch out for and how to protect your firm and clients.
How does identity theft happen?
Identity theft can be executed in person, verbally, or electronically and can be familial (attempted by a family member) or external (attempted by an unknown party).
While electronic channels are the most common paths for identity theft, fraudsters can use several different methods to steal a victim's credentials. Identity theft generally falls into one of two categories:
1. Low-tech methods: These may include posing as a trusted person for the purpose of financial gain or to access information. For example, the identity thief may contact a call center or call you directly, posing as the client. Other low-tech approaches include taking physical possession of devices, ATM cards, financial statements, and other materials that contain the client's information.
2. High-tech methods: Hackers may send phishing emails or links to get you to download malicious software or enter login information. Once they have the information they need, they may log in to a client's account to gain additional data, intercept verification codes, redirect devices, initiate withdrawals, change account details, and more.
Social engineering is a common technique that often mixes low- and high-tech methods. The basic idea of social engineering is manipulation. Whether via email, a phony website, a phone call, or even in-person interactions, a social engineering fraudster manipulates people into divulging personal data or carrying out a transaction. The classic con artist now has more tools than ever, which is why it's so important to stay alert and ready for possible scams.
7 red flags to identify a possible imposter
- Atypical background noises (e.g., a crying baby or loud traffic) to distract the representative and expedite the call.
- Age and gender appropriateness of the voice: For example, if the client is 85, does the caller's voice match that age?
- Frequent pauses when asked a simple verification question.
- A robotic-sounding voice, which indicates the caller is using a voice modulator to disguise their real voice.
- Asking you to repeat simple questions (e.g., "Did you ask me for my mother's maiden name?").
- The sound of paper being shuffled in the background.
- A call from a number that is not on record.
6 tips to prevent identity theft
- Be suspicious of unexpected or unsolicited phone calls, emails, and texts asking you to send money or disclose personal information.
- Do not disclose on social media sites personal or sensitive information, such as your birth date, contact information, and mother's maiden name.
- Consider how you interact with clients via email or phone and be selective about disclosing sensitive information, especially in public places.
- Look for transactions that are outside of your clients' normal patterns of behavior.
- Employ strict authentication protocols that you follow for every transaction—no exceptions. For example, you may choose to video conference with your clients or require a verbal password or security questions for accounts.
- Educate and train your staff to ensure they are talking to your true client.
Identity thieves are counting on you to ignore red flags and strange circumstances as you attempt to provide the best client service. They might even yell at you or threaten to take their business elsewhere. Stand firm and continue to follow protocols to make sure you're talking to the right people and making the right moves. The extra attention to detail is worth it and true clients will recognize the value of your due diligence.
What you can do next
- Explore our full suite of cybersecurity and fraud prevention resources. If you custody with Schwab, keep up with ever-changing fraud tactics and scams with our Cybersecurity Resource Center. Just log in and visit the Fraud Prevention page.
- Consider a custodian that is invested in your success. Contact us to learn more about the potential benefits of a Schwab custodial relationship.
1. “As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public,” Federal Trade Commission, February 9, 2024, https://www.ftc.gov/news-events/news/press-releases/2024/02/nationwide-fraud-losses-top-10-billion-2023-ftc-steps-efforts-protect-public.