Knowledge Bank on garden background

Knowledge Bank: Protect Your Money

How to Recognize and Combat the Financial Exploitation of Seniors

Are you related to, caring for or a senior citizen yourself? Then you need to read this article! The U.S. Securities and Exchange Commission defines elder financial exploitation as “exploitation of an older person by another person or entity, that occurs in any setting (e.g. home, community, or facility), either in a relationship where there is an expectation of trust and/or when an older person is targeted based on age or disability.” It is a serious and troubling crime and knowing what it is along with some tips to recognize and avoid it is very important.

Why are seniors more vulnerable to exploitation?
There are three main factors that work together to increase the vulnerability of the elderly to financial exploitation:

  • Health: Cognitive and physical changes that accompany aging can make it more difficult for the elderly to manage their personal finances and easier for exploiters to intervene.
  • Financial and Retirement Trends: The elderly are also more likely targets of financial exploitation due to the wealth or assets that they might have accumulated through life.
  • Demographic Trends: As the baby boomers age, the elderly population rises and increases the urgency to the problems of elder financial exploitation and general elder abuse.
How could your finances be compromised?
There are several types of scams that can be used against you as a senior, either by scammers or even in some cases, by acquaintances, caregivers or even family members:

  • Telemarketing or other forms of phone scams
  • Lottery scams
  • Email/phishing scams
  • Imposters scams, in which someone impersonates a relative or friend
  • Forging or misusing an older person’s check

How can you protect yourself and your money from exploitation?

  • Never sign anything you do not understand.
  • Never give away property in exchange for care.
  • Know your banker, attorney, or financial adviser.
  • Document financial arrangements in writing.
  • Plan ahead. Consider a trust or power of attorney.
  • Use direct deposit so that your funds go directly into your account.
  • Get to know the people at your bank and reach out to them if anything seems questionable.
  • Check the references and credentials of anyone who will do work in your home.
  • Beware of door-to-door sales people and telephone sales pitches.
  • Avoid offers that seems “too good to be true.”
  • NEVER give out your bank account number, credit card number, Social Security number or other personal information over the phone or Internet.
  • Avoid carrying large quantities of cash.
  • Always review credit card and bank statements regularly for any transactions that you didn’t make. If you find anything that looks suspicious, contact your bank or credit card company immediately to question or confirm.
To further help seniors and caregivers avoid financial exploitation, the FDIC and the Consumer Financial Protection Bureau have developed Money Smart for Older Adults, a curriculum with information and resources.

If you or someone you know may be a victim of financial exploitation call the Executive Office of Elder Affairs Elder Abuse Hotline at 1-800-922-2275.

Source: Elder Financial Exploitation, U.S. Securities and Exchange Commission

As always, please contact us with any questions or concerns.
“Do I really Need a Strong Password?”

In a word: YES!

Passwords are one of the critical problems in cybersecurity today. They are too easy to guess. They are too easy to break. A significant percentage of privacy breaches are caused by weak, stolen, or reused passwords. The following are security guidelines to help mitigate some of the risks.

  • Make Your Password Long
    Minimum of 8 characters, 12 or more are better. Complexity is nice, but length is key – a longer simple password is better than a shorter complex one. Each character you add to a password makes it an order of magnitude harder to attack via brute-force methods.
  • Use Passphrases
    Even better than passwords, are passphrases. A collection of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel or the opening line to a good joke, as long as it’s not too well known. Another option is to use the first one or two letters of each word in the phrase to form a password that is easy to remember but hard to guess.
  • Use a Password Manager
    We hate to break it to you, but your brain may not be the best password manager. Trying to remember a unique password for each of your online accounts is nearly impossible. Password managers like LastPass, Dashlane or KeePass, allow you to have strong and unique passwords for every site. A password manager is an app or program that generates, encrypts and stores passwords for your online accounts. Different password managers may work slightly differently, but most of them use what’s called a “master password.” Entering this one password will allow you to retrieve or use the passwords associated with your various accounts on the password manager site.
  • Keep Your Password Secret
    Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). Never write your password down, especially not anywhere near your computer.
  • Use Two-Factor Authentication
    Two-factor provides for an extra layer of security. Dedicated authentication apps are a lot safer than just getting a code over SMS, but both are safer than a password alone.


  • Use Words That Can Be Found in the Dictionary
    Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords.
  • Use Unacceptable Passwords
    Never use personal information, such as names and birth dates, or keyboard patterns, like qwerty and 12345. Particularly avoid sequences of number in order or repeating characters, such as mmmm3333.
  • Repeat Passwords
    Don’t use the same password in more than one place. A compromise at one site may make it that much easier to compromise your password on a completely different and unrelated site.
  • Never use the password you have picked for your email account at any online site. If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance they will get access to your email. From reading emails, hackers can determine your banking and credit card accounts. They can then go to one of those sites and request that a password reset be sent to your now compromised email account.

Any password that has previously been compromised is no longer safe to use.

As always, please contact us with any questions or concerns.
The loss or theft of personal data such as credit card, Social Security, and/or checking account numbers soared to unprecedented levels in recent years, according to financial experts…and the trend isn’t expected to turn around any time soon. But you can reduce your risk of fraud by following these and other tips to guard your personal information!

#1: Deter
Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name. Deter identity thieves by safeguarding your information.
  • Shred financial documents and paperwork with personal information before you discard them.
  • Protect your Social Security Number. Give it out only if absolutely necessary or ask to use another identifier.
  • Don’t give out personal information on the phone, through the mail, or over the Internet unless you know who you are dealing with. Avoid disclosing personal financial information when using public wireless connections.
  • Never click on links sent in unsolicited emails. Instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer and keep them up-to-date.
  • Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
#2: Detect
Detect suspicious activity by routinely monitoring your financial accounts and billing statements. Be alert to signs that require immediate attention…
  • Bills that do not arrive as expected
  • Unexpected credit cards or account statements
  • Denials of credit for no apparent reason
  • Calls or letters about purchases you did not make
  • Charges on your financial statements that you don’t recognize
#3: Inspect 
  • Your credit reports. Credit reports contain information about you, including what accounts you have and your bill paying history.
  • The law requires the major nationwide credit reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report every 12 months if you ask for it.
  • Visit or call 1-877-322-8228, a service created by these three companies, to order your free annual credit report.
  • If you see accounts or addresses you don’t recognize or information that is inaccurate, contact the credit reporting company and the information provider. To find out how to correct errors on your credit report, visit
#4: Defend
Defend against identity theft as soon as you suspect it.
  • Place a “Fraud Alert” on your credit reports and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open,
    and debts on your accounts that you can’t explain. 
  • Contact the security or fraud departments of each company where an account was opened or charged without your okay.
  • File a police report. File a report with law enforcement officials to help you correct your credit report and deal with creditors who may want proof of the crime.
  • Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations. Visit or call 1-877-ID-THEFT (438-4338).

Common Ways Identity Theft Happens
Identity thieves use a variety of methods to steal your personal information including:
  1. Dumpster Diving: They rummage through trash looking for bills or other paper with your personal information on it.
  2. Skimming: They steal credit/debit card numbers by using a special storage device when processing your card.
  3. Phishing: They pretend to be financial institutions, companies, or government agencies and send email or pop-up messages to get you to reveal your personal information.
  4. Hacking: They hack into your email or other online accounts to access your personal information, or into a company’s database to access its records.
  5. “Old-Fashioned” Stealing: They steal wallets and purses, mail, including bank and credit card statements, pre-approved credit offers, and new checks or tax information. They steal personnel records from their employers or bribe employees who have access.
As always, please contact us with any questions or concerns.
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam. The information is then used to access important accounts and can result in identity theft and financial loss.

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.

How do you detect phishing?
Typically, phishing messages appear to be from a company or organization that you know or trust, such as a bank, a credit card company, a social networking site, or an online payment site, which can make it difficult to detect a phishing attack. However, you are more likely to detect an attack if you keep an eye
out for these common signs of phishing:

  • Too Good to Be True: Offers or claims that seem too good to be true are likely designed to capture your attention and should immediately signal that a message might be untrustworthy.
  • Sense of Urgency: Be suspicious of any messages that use an urgent or scare tactic tone.
  • Hyperlinks: Before clicking on a link in a suspicious message, you should hover over the link to view the actual URL and ensure that it is a real and credible website. To be safe, type in a web address that you know and trust rather than using the hyperlink provided. 
  • Attachments: Do not open any attachments in a suspicious message. Phishing attachments often contain ransomware or other viruses.
  • Unusual Sender: Be wary of messages that come from unusual or suspicious senders. In an email, take special notice of whether the email address matches the sender name and makes sense for the message.
How can you prevent phishing?
Here are some suggestions to protect yourself from phishing attacks:

  • Spam Filters: Spam filters work to determine whether a message is spam by identifying the origin of the message, the software used to send the message, and the appearance of the message.
  • Browser Settings: You can enable your browser settings to prevent fraudulent websites from opening.
  • Password Protection: To protect your accounts, you should change passwords on a regular basis and never use the same password for multiple accounts. You can also further protect your accounts by using multi-factor authentication, which provides extra security by requiring two or more credentials to log in to your account. Learn more about password protection in our Choosing a Secure Password article.

How can I keep my IFS accounts safe from phishing?
At the Institution for Savings, we will never ask you via email to verify account information. We will never use email to threaten account closure. Please know this, as one defense against phishing. Other safeguards to help protect you from phishing scams include:

  • Be suspicious of any email messages that claim to be from us or that use an urgent or scare tactic tone, such as a message that threatens to close an account.
  • Do not respond to email messages asking you to verify personal information.
  • Delete suspicious email messages without opening them. If you do open a suspicious email message, do not open any attachments or click any links.
  • Install and regularly update virus protection software. 
  • Keep your computer operating system and Web browser current.
If you see a suspicious-looking email message claiming to be from the Institution for Savings, please call us at 978-462-3106, or email us with any questions or concerns. We continually monitor such reports and act on them promptly. Additionally, also consider contacting the FBI’s Internet Crime Complaint Center.

As always, please contact us with any questions or concerns.