.png)
Retirement For Life
The only retirement show that won’t put you to sleep as we guide you to a comfortable and confident retirement. Christian Cyr, CPA, CFP® the passionate retirement specialist helps you navigate the complex world of retirement with a dash of fun, a heap of wisdom and plenty of real-life application. Whether you're already retired or planning for the future, the Retirement for Life Show is your passport to a secure and enjoyable retirement.
With over two decades of experience, Chris has been assisting individuals in achieving their retirement dreams, whether it's investing wisely, building wealth, or increasing retirement confidence. His expertise has earned him recognition in esteemed national media outlets such as Yahoo Finance, U.S. News and World Report, and CBS News.
Join Chris and his fellow professionals, Andrea Brannon and Emma Bean, CFA®, as they take you on a journey through essential retirement topics. We cover it all, from Retirement Planning and Investment Tips to Financial Planning, Social Security, Estate Planning, Tax Strategies, and much more. Tune in for practical insights and wisdom that will help transform your retirement goals into reality.
Retirement For Life
Cybersecurity For Retirees: Simple Steps To Stay Safe Online - Ep 45
To get the full RFL experience, watch the episode here at https://youtu.be/ltEr9bLvG34
We bring in Winsor Consulting to unpack today’s most common scams hitting retirees and how to stop them with simple habits. We share a clear rule—say no and verify—and walk through passwords, MFA, privacy settings, and how to spot fake emails and links.
• why criminals target credentials and reused passwords
• how to apply the say no and verify rule
• deepfakes and voice cloning used in grandparent scams
• wire fraud and business email compromise patterns
• password managers and 12 to 16 character passphrases
• turning on MFA and using authenticator apps
• Facebook privacy settings and oversharing risks
• how to hover and check real senders and links
• using encrypted portals for sensitive documents
• who to call first when something feels off
We love hearing from you!! Record your retirement questions anytime at www.RetirementForLife.com
- Subscribe to our channel for our latest content visit: Our YouTube Channel
- Elevate Your Retirement with the AIM Secure Retirement Assessment... our most popular tool! Powerful customized insights for retiree's or those nearing retirement. Answer 8 simple questions and receive your personalized assessment including the top three action items most likely to supercharge your chances of Retirement Success.
- If you're interested in learning more about our trademarked AIM Retirement System, visit: AIMRetire.com
- Want to connect with Chris? Schedule a 15 Minute Retirement Readiness call to discuss whatever's on you mind about retirement Retire15.com or just shoot him an email at mailto:admin@cyrfincial.net
- Try out the industry's leading financial planning software on your own. We give RFL listeners unlimited free access to the Free Online Planning Tool
Investment ad...
Time to life. That's what we're going to do. That's important. Christian steers DPA. The independent registered investment advisor specializing in retirement.
Christian Cyr, CPA, CFP®:Hey guys, welcome to Retirement for Life. This is episode 45. Today is a real treat. You know, when I'm talking to people about retirement, I'm always thinking about numbers. I'm always thinking about things that are not numbers. I'm thinking about health. We talk so much about how to live your best life, have a life with purpose. And today we're going to be talking about something that is truly hitting every single one of you retirees out there. I'm talking about something called cybersecurity. I'm talking about emails getting hacked. I'm talking about phones popping up with messages that you should be clicking. Should you click it? Should you not? I'm just talking about something that we didn't have to worry about 30 years ago. So today we're going to break down things like what can you do to stay safe with cybersecurity? What can you do if you do get hacked? And I've brought some experts here with me. Guys, welcome. How are you doing?
Ryan Harvey:Good, good, good. Thanks for having us.
Christian Cyr, CPA, CFP®:So this is Windsor Consulting. Okay. So uh a little, just a little bit of honesty here. Brooke, how long have we been working with Windsor? Do you think?
Brooke Fay:Uh five years.
Christian Cyr, CPA, CFP®:It's been five years. They've been protecting SEER financial wealth advisors. We learned the hard way why we need people like you guys. And uh you are the experts. So we're gonna be talking to you a lot today about cybersecurity. Um, I do want to give you a little bit of good and bad first. So, folks, cybersecurity is serious, and a lot of you are getting impacted by it. I want to tell you about my dad. The other day goes, you know, I got this thing on my phone, and they want my credit card number, so I'm gonna give it. I'm like, no, dad, don't do that, right? Windsor helps our company be safe. You guys help our company be safe. Um, so here's the good and the bad, okay? I'm gonna give it to you first. Okay. First of all, we're friends here, okay? But the good thing is that you guys protect people, okay? You guys are making sure that companies, and in some cases, you guys are working with companies that supply the armed forces, U.S. Army. So you're talking about some of the strictest requirements. You're helping them keep safe. What is C M M C what is that?
Brian Sprout:MMC, Cybersecurity Maturity Model Certification.
Christian Cyr, CPA, CFP®:N I S T, what is that?
Brian Sprout:National Institute of State Standards and Technologies.
Christian Cyr, CPA, CFP®:So just so you guys know, this is who we're talking to. So I figured if if you guys can predict and and adhere to the standards that the United States government asks for, I feel like you're good enough for me, right? Yeah, yeah. But but so that's the good, okay? We need you guys. But here's the bad thing, okay? I'm talking my friends that I'm talking to today, they're 60. They're 62, they're 65. You know what people like them and me, what we think about you guys. You guys are like TSA. Okay. You know those people who make you show up. Brooke how how early do you have to show up now to an airport before the plane leaves?
Ryan Harvey:I don't know.
Christian Cyr, CPA, CFP®:What do they tell you like an hour for domestic, two hours for international? Like, we didn't have to do that 30 years ago. Right. All right. You guys are the same way. Like you guys weren't in business 30 years ago. We didn't need you, and now we need you. So um, welcome. Just a little bit of background. So, Brian, you're kind of a you're the founder of this company, right?
Brian Sprout:Correct.
Christian Cyr, CPA, CFP®:Um, just a little bit of background. How did you get into this business?
Brian Sprout:So I was going to school for business administration. Um, realized that I didn't want to be an insurance agent, something like that. So I looked up what paid well and uh came across software engineering. Yeah, went to school for software engineering. Um got a job. A lot of software engineering now. Oh, I hate it. Yeah. So then uh got a job with an IT cons local IT consulting firm in the Quad Cities. Uh-huh. Really enjoyed that. Um, moved to private industry, realized I didn't really like the private industry working at an insurance company as a network administrator. And then I uh went to a very large national, international MSP. Um really didn't like what the small local company was doing, what the really large international company was doing for cybersecurity, you know, putting the client first, stuff like that. And I was like, um, might as well start my own. Treat the clients right, put the effort into cybersecurity, put the effort into making sure that you know everybody is protected, taken care of.
Christian Cyr, CPA, CFP®:So, Ryan, tell me how long have you been with Windsor?
Ryan Harvey:Yeah, so I've been with uh with Brian in Windsor here for six and a half years now. Um speaking of insurance agents, I I used to be one. Uh he just kind of put you down after the recovering insurance. Is that the first time he's ever put you down? Yeah, yeah. He he he he usually talks very highly of me all the time. Um but uh yeah, I mean six and a half years. Um, you know, when I first started, I couldn't spell IT. You know, now I I I know enough to be dangerous, but um it's been a it's been a fun journey. We've I've watched our company grow from, you know, when I first started, I was our only salesperson, and we had 14 employees, I think, and we were all tucked into a tiny little pole barn building, and you know, now we have 45 employees and grow into three locations, you know, across the country. So it's kind of cool.
Christian Cyr, CPA, CFP®:Has it been fun to watch it grow?
Ryan Harvey:Yeah, it's been awesome. Yeah, yeah.
Christian Cyr, CPA, CFP®:It and every day is easy, right? Never, never a hard day.
Ryan Harvey:Yeah, just easy, just definitely a low stress job. Yeah, just so easy.
Christian Cyr, CPA, CFP®:And yeah, so uh for cybersecurity, I sincerely feel like I'm running into this with my retirees literally, literally on a daily basis. I mentioned my dad earlier. Um, it's just so prevalent. Um, and I want to talk about what is cybersecurity. I have a great story. So, Jamie and I, my wife and I are eating lunch the other day. It's noon, it's a beautiful sunny day, windows are open. We're sitting there and I hear this car coming down the road, and I look out the window, and lo and behold, it's this it looks like about a 15-year-old car. Okay, so no problem. But I haven't seen the car before. Where are they going on my street? Like, where where are they going? They pull into my driveway. Like, okay. Threat level just a little bit up. They pull up and uh the the passenger gets out. And uh, you know, black pants, black shirt, black hat, backwards, of course. Nothing against uh what's it called when you get this pierced, all these piercings, face piercings? Nothing wrong with face piercings, okay? But this dude has five of them, okay? Threat level up. Next step uh there's a driver in the car, too, right? And apparently they were preoccupied in my driveway, and the car is still moving forward towards my house, getting closer to my house, getting closer to my house. And something happened. I don't know if they hit the house or if they jammed on the brakes suddenly and so hard that they they jammed on the brakes, the car is like going backwards. So I'm like, okay, either these strange people either hit my house or came very close. Threat level higher. I'm like, I need to go outside and see what the heck is going on. What's the next thing they do? They go to the trunk of the car. This just happened two days. Was this yesterday?
Brooke Fay:Yesterday, yeah.
Christian Cyr, CPA, CFP®:Yeah. Yesterday this happened. Then they go to the trunk of their car and they open the trunk. What are they getting out of the trunk? Okay, now threat level is like at a top, it's a top security breach, something I'm full protection mode, right? So they reach into their trunk and I'm like, what the hell? Now I'm sweating. And they pull out Walmart bags. You know, various sundries my wife ordered, toothpaste, you know, paper towels. Okay, it's all right. When there is a clear and obvious threat to us, we know what it is. But the thing about cybersecurity is we don't know it's coming. We can't see it's coming. There's no warnings. So let's talk. What do you how how would you explain cybersecurity? What is it and what are the dangers?
Ryan Harvey:I do think that's a good analogy though, you know, to kind of play off of because I I when it comes to cybersecurity, especially for you know individuals, especially the retirees, the older generation that maybe, you know, no offense, didn't grow up on computers every single day, you know, since they were 11, 12 years old, like we did. Um they don't know it. They yeah, you know, it's it's a little bit more foreign to them. Um, but you know, I think I I think a good point to make is that if if something doesn't feel right, you know, if you do have that that feeling of, you know, should I trust this, you know, sketchy looking vehicle that just pulled up into my car? You know, it's kind of the same thing when you get those random text messages or you get a a Facebook message, you know, that says, Hey, I you know, I saw your picture here, and it's like, oh, I haven't talked to that person in 20 years. Why are they, you know, sending me this Facebook message? If it doesn't seem right, it it more than likely it's probably not.
Christian Cyr, CPA, CFP®:It's just not in your face, right? It's not obvious. No, it's it's definitely not, it's not obvious. So, so how do you guys go about in your personal business? How do you go about deciding what's bad and what's not bad? How how are you getting ahead of in your industry, not just you, but in your industry, how are you getting ahead or trying to stay ahead or keep up with the bad actors? How do you do that?
Brian Sprout:Like clearly, the threats are changing every day. So, you know, you look back two, three years ago, it was ransomware. Now it's business email compromises. So that's on the business side, but on the personal side, you know, it's it's really threat actors trying to take control of your credentials. So whether or not you're using the same email password for Facebook for your email for your retirement uh your accounts, portal. Yeah, I mean, it's it it's it's really scary on what people are trying to do in order to grab the credentials or grab your personal data for your your bank account, stuff like that.
Christian Cyr, CPA, CFP®:So so what do you tell? All right, so here's my number one rule. That's my only rule. So I want you to punch holes in this, okay? Because I'm not a cybersecurity expert, but I'm talking to my retirees, and the one thing I tell them is if somebody asks you for anything, just say no. Yeah, right. If Amazon calls you up, supposedly, and says you need a new credit card, if the Social Security Administration sends you a text and says click here to log into your social security account, just anytime somebody asks you for something, and it's a sad state of the environment we're in, right? Yeah, humanity is like you have you just have to say no. If there is a problem with your Amazon account and they say, hey, you can't ship this stuff, then you take control. You call Amazon and figure out what the problem is. If you're not getting your social security check anymore, you call Social Security Administration and try and figure it out, right? Right. Is that a good rule of thumb? Would you add to it? Would you subtract from it?
Brian Sprout:Or I wouldn't trust. Yeah, I wouldn't trust. Um, your bank isn't gonna call you, ask you for your social security number. Right. And they're definitely not gonna text you. No, your bank isn't gonna typically text you. Um, you know, there have been many scams where people are falling for the Microsoft alerts. You know, as far as hey, it's a you know you click on a link that says your computer's been compromised, call this you know, number in order for Microsoft to fix your alert. That's never gonna happen. It's never gonna happen. They're gonna get on your machine. What they're gonna do is get on your machine, they're gonna try to pull up your bank account, they're gonna try to pull up something, and then have you type in the credentials, and they're gonna steal those credentials from you and do further damage.
Christian Cyr, CPA, CFP®:So this is scary because now I get a message on my phone, okay? And it says, Hey, you have to your Microsoft account has been compromised. And now these bad actors, correct me if I'm wrong, they are so good that when you click that link, you actually it has the look and feel as if you're on Microsoft's site, right? Yeah, but what's the number for me again going back to the number one rule? Did Microsoft just come to you and say, hey, do something? Then say no, right? If for some reason your email and Microsoft's broken, then figure it out. But yeah, because they can trick you, right? It looks like their site, right? How do they do that?
Ryan Harvey:They've gotten very crafty. How do they do that? I mean, they you know how they make it look like it used to be pretty easy to call out these fake emails. So you know, you'd see something and you're like, okay, well, that's not UPS, obviously. It's got all these misspellings. That's not Microsoft, but they've gotten they've gotten pretty good about them. So they can do it. Yeah, yeah.
Christian Cyr, CPA, CFP®:Okay, and the other thing is one big red flag used to be remember this somebody is texting you, somebody's emailing you, somebody's on the phone with you. And through text, email, or phone, you can tell if this person, if English is their first language. Yep. Now I guess there's ways that even people from Tim Buck2 can make themselves sound American, make themselves speak perfect English.
Brian Sprout:AI deep fakes are deep fakes are really bad. I mean deep fake pride. What's that mean? Basically, where you're mimicking somebody's facial expressions. You look like you see deep fake on me, yeah, 100%. It's a service.
Christian Cyr, CPA, CFP®:Anything as good as a real thing, though. Come on, let's be honest.
Brooke Fay:Yeah.
Christian Cyr, CPA, CFP®:So so what you're saying is they can make themselves sound like Mr. Microsoft, they can make their website that you've clicked on look like Microsoft's website. So there's a lot of things that used to be red flags that aren't even red flags anymore. Yeah. Correct.
Brian Sprout:So I I there was an older gentleman that I know that got a call from his grandson from jail, needed money to get out of jail, and it he swears that it was him through and through, but it was just somebody, you know, taking all these sound bits. So somebody goes out to your Facebook, you record all these videos on your Facebook with your voice, they're taking all of your different snippets of your voice, put it in the AI, and they can basically say, Hey, say this as this person.
Christian Cyr, CPA, CFP®:Did this person uh actually lose any money? Yes, they did. Yeah, we had a client lose forty thousand dollars because her granddaughter called in a car accident. And again, somebody calls you for something, even if it's your granddaughter. Double check.
Ryan Harvey:Yeah, yeah, yeah. Yeah, it's they got 40 grand out of her. We we always, I mean, when we're working with our business custom customers, we always say, you know, have have checks and balances. You know, if you like it, you know, one of the most common scams obviously is uh, you know, through the email tends to be those wire transfer frauds. You know, somebody sends an email and says, Hey, you know, we we want you to reroute that ACH to you know this checking account instead of ours. And it looks like it's coming from their actual customer. Um, what we tell them is have those checks and balances, don't just see the email, go through with it. Pick up the phone, call your client, call your customer, call your you know, the people that are reaching out to you. And I think it's the same thing for personal. Um, you know, whether it's you know it sounds like your granddaughter, grandson, son, you know, husband, whoever it is, hang up the phone, call them back, call somebody else, like you said, you know, verify what's going on.
Christian Cyr, CPA, CFP®:I mean, don't call and says, Grandma, I need $40,000. Say honey, I'm gonna call you right back.
unknown:Okay.
Ryan Harvey:And I think this is you know, this it almost comes back to the original conversation, too, of you know, if it if it stinks, you know, if it smells like something's fishy, don't eat it. Don't eat it, you know, figure it out. Right?
Christian Cyr, CPA, CFP®:Um, yeah, so so let's talk about some really practical things. So I think let's start with do we really need a password manager? Is it good? And if we don't have a password manager, what should our passwords look like, Brian? What uh what should they look like? Like I love cats?
Brian Sprout:No, okay, no, don't use your kids' names, don't use your dog's names, don't use your cat's names.
Christian Cyr, CPA, CFP®:I was born in 1962. Should I put 1962 in my password?
Brian Sprout:Probably not. Okay. So the the recommendation is using a password manager. How you don't want your passwords all the same. Okay. So when you get a password manager, you can generate random passwords. Stores in the password manager, you don't need to remember your password. You basically have an application that fills out the password for you. Because the issue is if you're using Facebook, Gmail, um, LinkedIn, whatever you have, and they have the same password as your financial portal, your bank portal, all that type of stuff, it's not that difficult for these guys to figure that out.
Christian Cyr, CPA, CFP®:So what you just said is if you want to, now keep in mind this complicates people's lives, right?
Brooke Fay:Correct.
Christian Cyr, CPA, CFP®:I don't want to get an app like LastPass or Dashlane because I am retired and the last thing I want is another damn app on my phone. Okay. But that is best practice because, as you said, it's generating passwords. It actually makes your life simpler if you embrace it because now you're just logging in very easily. Right. But even if we're not using an app or a solution like that, let's go with a couple of things. We said, don't use the same password for everything, change it up, right? And you said, let's not use any personal information. Let's not put our kids' first name in the in the password. Let's not use our dog's name in the password. But how about like if I was just going to make up a password, how long should it be? Like, what's what what's what are the machines up to? How how uh far ahead do we have to get so the machines don't crack our password in an hour?
Ryan Harvey:Yeah. I mean, you know 20,000 character password. Like, where are we at these days? Obviously, that you know, there's a fine line between you know making it overly complicated. If you're not using something like a LastPass password manager that you know can make your life a little bit easier. Um, you know, you don't want to make it 40 characters unless it's something you're gonna automatically remember. Um, maybe it's a song lyric or something, you know, which is you know, random strings of words together instead of you know capital Chris, crack capital sear 1962 or you know, whatever.
Christian Cyr, CPA, CFP®:Excuse me, 1973 Robert.
Ryan Harvey:1973. Um but yeah, I mean you you definitely wanna I I would recommend probably 10 to 12 characters for most of the case.
Brian Sprout:Yeah, it depends on who you listen to, but it's 12 to 16 characters, is what the different experts out there state. I recommend at a minimum of 12. Okay. But then also enabling MFA. So multi-factor authentication, your Gmail. Okay, let's talk about that.
Christian Cyr, CPA, CFP®:This is a great thing. So, what is MFA and why should we use it? Why should all of us be using multi-factor authentication?
Brian Sprout:So it's it's basically there's there's multiple facets of MFA. So you can basically say, I'm gonna use biometrics, I'm gonna use a text message, SMS message on my phone. I'm gonna download an app that you know changes out that MFA code, the six-digit code every Google authenticators free. Google Google authenticator. Free. Uh-huh. It rotates that six-digit code every 30 seconds, and that way it's protecting you. You have random passwords within your password manager. There are free password managers out there, and then you have MFA to where it is basically something that you know what you are.
Christian Cyr, CPA, CFP®:You guys, you guys, again, are just you're you have to understand what a pain in the butt you guys are to people. I mean, my mom is listening to this podcast right now and she's like, I don't want my phone anymore. She told me the other day, she you know what she wants to do? She wants to get rid of her cell phone because guys like you are telling her that she has to get a Google authenticator, a six-digit password, and MFA. But look, it's better that than getting compromised, right?
Brian Sprout:Yeah, identity theft is not cheap to get out of.
Christian Cyr, CPA, CFP®:I mean, we've had people get their tax returns hijacked. It's it's just something you have to protect yourself from.
Ryan Harvey:Well, and I the way I always explain it to you know, most people that are out there, you know, my parents included, is the things you care about the most, your your banking credentials, you know, your investment login, your, you know, maybe the portal for your medical records, stuff like that. Most people nowadays are pretty used to you can't even have a login to those things without having that text message go to your phone or you know, setting up an app or something. You know, there has to that most of them are enforcing that these days. Um, you know, and if if they're not, you you definitely should, you know, just because of the fact of exactly what we were talking about with passwords. You know, if if you are somebody that maybe reuses the same password on multiple different things, all it takes is one of those organizations having a breach. You know, there's there's ways that you can look up your your email address, see if your email's been ever in a compromise. Um, you know, there's there's very famous ones out there. Um MyFitnessPal is an app that a lot of people have used for a long time. You know, and LinkedIn's been compromised. I mean, Facebook's been there, they've all been compromised at some point. But you know, if you find out that that one has been compromised and you know that the people have that password for that app, they're gonna try using that email and that password on other things if they can figure out, you know, maybe it's your Facebook, maybe it's your number things.
Christian Cyr, CPA, CFP®:Okay, let's go to social media, can we? Yeah, yep. All right, and let's just, for the purposes of this conversation, let's keep it simple. Uh, approximately 92% of my listeners are on Facebook on a daily basis. Okay. Yeah. So let's first start with when you sign up for Facebook by default. Are your is your private information available to the public, or do you have to physically say, I want my information shared with the public? Do you guys know?
Brian Sprout:You have to hide that.
Christian Cyr, CPA, CFP®:You have to so it's in the privacy settings of Facebook. Actively go and do this. So, what are we talking about and why would we do this on Facebook?
Brian Sprout:You don't want to share uh private information because there is a lot of information that people are using in their passwords, especially the older generation is you know, they do use their dog's names, cat's names. Yeah. So here's a reason that Facebook has all of those questionnaires that come out. Hey, fill out this question. Have you ever been in jail? Here, what are your kids' names? What's your favorite color? What's all this stuff? It's what there's one reason.
Christian Cyr, CPA, CFP®:Go to grandma's Facebook and you can right there it is, right? My dog's missy, whatever. Yeah, okay.
Brian Sprout:And there's automated tools out there that are pulling all that information to try to use brute force, you know, dictionary text, all that type of stuff on your your password. Right.
Christian Cyr, CPA, CFP®:So I think it's good habit because again, Facebook is not just doing this for you. Correct. They want your info out there, it makes it a more robust platform app for them. You actively have to, if you're a Facebook user, I would recommend to everybody, would you not, to go and hide and protect some of those data settings, those privacy settings. 100%.
Brian Sprout:Yeah, go and go and make everything that only your friends can see it. Only accept people that you know.
Ryan Harvey:Right. I was gonna say that. I mean, that's the other thing, too. Don't just blindly accept every single invite that you get, you know, even if it looks like they're a nice person from you know California. You know, just if you don't know them, don't add them.
Christian Cyr, CPA, CFP®:So here's a funny story. Okay, we've talked about a lot so far. We talked about passwords, we talked about Facebook. So we know a person in town uh here, a good dear friend, who didn't follow any of these instructions, right? The password is my son's first name and my daughter's first name, right? My Facebook page is just out there for the whole world to see, right? Well, she gets her Facebook hacked, okay? And the funniest part is once you get it hacked, it once it's compromised, it's hard to get it back, right? So now the bad actors can put whatever they want on the person's Facebook, right? And I think the ulterior motive typically is to make money. So I don't know how these bad actors are making money on this, but here's what they're doing with my friend's Facebook account right now. She apparently has turned into a crypto salesman. Oh, yeah. So she's like, hit me up if you want to buy some Bitcoin, right? So we're joking with her, right? She knows she doesn't even know how Bitcoin's spelled. Correct. And I'm like, hey, can you what's the what's the latest on Bitcoin? You know, she's like, I don't know. Well, your Facebook page says you're a Bitcoin expert. And also, here's something else interesting. She's become like a travel, right, Brooke? She's a travel nut, she's an RV nut. Yeah, she's selling like 2007 travel rigs. Like, if you want to go across the country, you should hit her up because and she has no knowledge of any of this stuff. So, like, but this is real, this happens. Yeah, okay. How do my retirees know if the email that they received is legitimate? What are some ways that they can kind of check it out and just some easy things they can do to see if this email is real or not?
Ryan Harvey:I mean, the the number one thing every single time, if you get an email, you know, it doesn't matter who it says it's from, go to hover over the email address. If you hover over, it will actually show who the who the the full email address is. If it looks like it came from, you know, Facebook support and you hover over it and it's a Gmail account, right? That's not Facebook support. They're not going to be able to do that.
Christian Cyr, CPA, CFP®:You can always tell, right? Like is this from Microsoft or not? Right. Well, if it says Jim at Microsoft.com, you hover over the email address.
Ryan Harvey:Yep.
Christian Cyr, CPA, CFP®:And if it still says gym at microsoft.com, then yeah, then it's as opposed to like an email address that has like 50 characters at Yahoo.com. Okay, yeah. Jimmy56 from Yahoo.com is not gonna be sending you a Microsoft.
Ryan Harvey:Yeah, he's not a 1099 consultant for what about links at email? Should we be careful about that?
Brian Sprout:Always, always you can hover over those and see where it's actually going to because hyperlinks are very easy to spoof. So always hover over it, make sure that it says you know where it's actually gonna route to.
Ryan Harvey:Yeah, keep an eye out for um you know, the most common one that we see are are are drop box links. So it it you know, it's gonna look like you're resetting your password to Instagram or Facebook or whatever, but if you hover over it, you know, the actual link that'll show in that little you know blurb will say you know, www.dropbox.com slash, you know, all these kind of crazy characters. Once they get you to open that, then you know it's it's usually going to something that's that's not good.
Christian Cyr, CPA, CFP®:So it goes back to I think my number one rule that I tell people is if if you do get an email from somebody, just maybe just don't do anything with it, right? Yeah. If if it's from Microsoft and they say you need to reset your password, or just call it Microsoft and say, hey, is this real? Right? Yep, yep.
Brian Sprout:Yeah, unfortunately, places like Microsoft, Facebook, it's not easy to get a hold of the microphone.
Christian Cyr, CPA, CFP®:They don't have one-800 Microsoft, they're not like you guys where they pick up the phone and less. Yeah, yeah, that's true.
Ryan Harvey:But I think worst case scenario, it's it's better to err on the side of caution. You know, if you didn't reach out to them with a request, more than likely they're not just gonna reach out to you and say, hey, your your account's been compromised. You know, it just doesn't happen very often.
Brian Sprout:Worst case scenario, ignore it. You get locked out of your account, you get your account reset and you get back in. Yeah, you reset your password.
Christian Cyr, CPA, CFP®:My dad, uh, what I was talking about with my dad earlier is he's like, you know, I got this message from Apple and I got to give my credit card information. Um it's for my iMusic or whatever, my iTunes, whatever. And I said, Dad, if your music stops playing, pick up the phone and contact Apple. But if you're still listening to Billy Joel, yeah, don't answer the the hey, here's you need to update your credit card. Right, right. That's a very good point. Yeah, that's a very good point.
Brian Sprout:Um the biggest thing that we've been seeing in the past year um is somebody's email gets compromised, they're using something like what Ryan said with Dropbox, or they're using um OneDrive uh share file, one of those big platforms to post a link that is malicious. What you're gonna do is you're gonna get an email from a legit email. So say, you know, your email gets compromised, somebody sends our you know, everybody at your book and my family members. Yeah, they click on that link, it says log in to see view the message. They type in their email credentials, then they have their email credentials compromised as well. And it just keeps going on and on down to the next you know, the next people don't click on strange stuff.
Christian Cyr, CPA, CFP®:Yeah, okay. Pick up the phone and call them. Right. Okay, so let's let's be next step here. Pick up the phone. If if you were talking to my clients, who should they rely on? Who should they call? Should they call their kids? I mean, that was that was gonna be my recommendation.
Ryan Harvey:You know, call you know, if if call somebody younger, let's just be called spade a spade. Yeah, call somebody who grew up with the phone in their hand. Unfortunately, my grandma and mom and dad and everybody, you know, because I work in sales in a cybersecurity company, they you know expect me to be the expert. But um, yeah, they they pick up the phone, they call me, they ask me questions, and you know, I think that's a a good way to be diligent. You know, they're the millennial generation, you know, has literally had computers or phones in our hands, you know, since we were very young kids. So um, you know, more than likely we're probably gonna be able to call something out if we if we recognize it.
Christian Cyr, CPA, CFP®:So all right. So now um when I am asking My new clients for the first time to send information. A lot of times they're skeptical, right? Yeah. We're doing a podcast on don't send stuff to people, and I am asking them to send me stuff. Yep. So we use a solution called Citrix Sharefile. Yep. And I always tell people that it's uh it's encrypted. So what's encryption? What does that do? When I'm sending an important uh document, what does encryption do actually?
Brian Sprout:Essentially it it's scrambling the message so somebody can't read it in plain text over the wire.
Christian Cyr, CPA, CFP®:Oh, so if you don't have the decoder or whatever, you can't get it.
Brian Sprout:So if I'm a bad actor, it's a bunch of zeros and ones. Yes. In layman's terms, yeah, you can't read it unless you have that decoder or this the key in order to read that file. All right.
Christian Cyr, CPA, CFP®:So uh obviously they can't necessarily call you guys for help, but um, are there any one-800 numbers that go like uh what's that one place called, Brooke? The nerds or whatever, nerds or us or what? Nerds on call or like who do they who do people rely on if they don't have somebody in their lives that you know their phone's broken? What do they do? Um their computer isn't working anymore. Do you is there a a national firm or is there should they go local and find somebody? What what do you do?
Brian Sprout:Unfortunately, there aren't any great services out there that are reasonably priced. Right. Me personally, I would just put it post it on social media, you know, as an older individual, just say, Hey, I received this email. What do I do? Is this legit? You're typically gonna get good feedback from your friends and family.
Christian Cyr, CPA, CFP®:That's a good that's a good piece of advice, actually. Okay. So what we said today here is that you have to protect yourself. Passwords must be robust. Um, don't respond when somebody asks you for something, right? Great rule of thumb is if somebody asks you for something, just say no. Yeah. Don't click on stuff, a text asking you for this, an email asking you for that. Yeah.
Ryan Harvey:Um even text messages that don't have links. You know, I'm sure everybody's seen them where you just get those random texts that says, Hey, uh, how are you? or hey, you know, are you still, you know, are you up for golf tomorrow? And it's from you know, an area code that you don't recognize. I know it doesn't seem malicious, but you know, those people are just trying to, you know, a confirm that that phone number is still in use. They're trying to, you know, build rapport with you and try to, you know, get you to start a conversation. So just delete it, report it as junk every time you get those kind of texts and you know move on. So yeah.
Christian Cyr, CPA, CFP®:I I want to say that you guys are not the bad guys. Yeah. You guys are not as bad as TSA. You guys have been protecting SER financial wealth advisors now for 2020, 2019, something like that. I really want to thank you for taking time to be here today to help my retirees understand what to do when they get a threat. I think we learned a lot today from you guys. Yeah. Um, I appreciate you being here. Appreciate you. Um, so just on your side, where is your website? If I wanted to see you guys, where's your website? What how do we find you guys?
Ryan Harvey:Yeah, it's uh it's WindsorConsulting.com. Um, and that's Windsor with no D, W-I-N-S-O-R. Um, kind of like Windsor whiskey, but no D. Got it.
Christian Cyr, CPA, CFP®:Brian, Ryan, thank you so much for being here today on Retirement for Life. We really appreciate it. Yeah, thank you.
Outro:All right, yep. Investment advisory services provided by Sierra Financial Inc., SEC Registered Investment Advisor. All content on this podcast is for information purposes only and should not be considered investment, legal, or tax advice. Material presented is believed to be from reliable sources, and no representations are made by our firm as to another party's informational accuracy or completeness.
