Staying Safe on the Internet: Protecting Against Identity Theft

Second in a series of articles on ‘Staying Safe on the Internet’

When you sit down at your computer or go on the internet with your phone, try to keep this catchphrase in mind: STOP. THINK. CONNECT.

The slogan at the heart of a cybersecurity campaign by the Anti-Phishing Working Group and National Cyber Security Alliance may sound simplistic. But it is the equivalent of looking both ways before you cross the street – in this case, going online. It’s important to keep up to speed on cyber risks, know how to spot potential problems and watch for warning signs.

Staying alert and taking common-sense steps are the best ways to safeguard yourself and your computer or phone from threats that could make you more vulnerable to identity theft.

Altair Chief Operating Officer and Managing Director Rebekah L. Kohmescher, CFP®, CPA, one of the firm’s founding partners, digs deeper into this topic and discusses specific security steps Altair takes in her answers to the following questions.

She previously discussed the hows and whys of password protection in an April 2017 Altair Q&A.

Q: How can I best protect myself when accessing the internet away from home or work?

A: Never is it more important to stop and think before connecting than when going online in public places. There has been a rise of hacking on public Wi-Fi, and even redirection of Wi-Fi to similarly named networks where all activity that is not secured by other means is then recorded. For example, a hacker sitting in Starbucks might name a network Attt instead of ATT and make the signal strong so that it is the first network that pops up. With such traps in mind try to limit your activity on public Wi-Fi and avoid logging in to accounts such as email and financial services there.

Altair employees connect only through secure (https) websites when they are not in the office and use VPN access for email and our servers, rendering their activity private. For clients, using a cellphone with a cell connection or a personal hotspot can be preferable to relying on public Wi-Fi when doing sensitive activity such as checking on investment accounts.

Q: How about tax fraud? Is there anything I can do to better avoid tax-related identity theft?

A: The other area besides public Wi-Fi where our clients are highly vulnerable to fraud is via the Internal Revenue Service. In fact, the IRS calls this scam its No. 1 fraud: Identity thieves using stolen personal information such as Social Security numbers to file victims’ tax returns and then receive their refunds. By filing the bogus tax return early, the scammer can receive the refund before the victim is even aware of it.

According to the IRS, one safeguard is to be alert to possible tax-related identity theft if you are contacted by the IRS or your tax professional/provider about:

  • More than one tax return was filed using your SSN.
  • You owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages or other income from an employer for whom you did not work.
Q: What steps does Altair take to protect me as a client?

A: We take keeping our clients’ information secure very seriously. We invest resources to constantly monitor our firewall and the security of our own systems, called “intrusion detection.” We use a third-party firm for our IT infrastructure and a different third-party firm to perform penetration testing to “check their work.”

When connecting outside the office we use VPN to connect to our systems, making all activity secure. We encrypt employee laptops and phones to make them more difficult to access should they be lost or stolen.

To more directly prevent fraud and protect client funds, we do not move assets to one-time destinations without a callback to a client. So no email from you would be acted on without talking with you first. In the event we receive a fraudulent email, I will alert everyone at Altair that your information may have been compromised so that we are extra-alert around activity in your accounts. We will have a change password email sent from our site (assuming you have changed your password on your email already).

Q: What about protections involving your custodians Pershing and BNY Mellon?

A: A major way in which we ensure your assets’ safety is by requiring Altair’s involvement before the assets can move. With both institutions we have what is called “TLS,” a secure email tunnel, on our email traffic. If a fraudulent email comes to them from another source – or vice versa – that attempts to look like Altair or your authorization, it will be rejected.

At Pershing/BNY all instructions currently are communicated through uploading into a program that you do not have access to, so again the hackers would have to infiltrate Altair, not just have your information. If a client or someone posing as a client tries to reach out to a custodian directly, Altair is notified immediately and nothing is done without our consent. Both custodians are hyper-aware of fraud risks and this process helps eliminate that for them and you.

Many clients find it annoying that they cannot do more themselves online to move assets around, but this lack of control really helps limit what any hacker can do with your information. Your online access at Pershing/BNY is information-only. You are actually accessing a site that is totally separate from the underlying custodian system. That system reports information to the site you access but does not transmit any information in the other direction. There is no transaction-based ability by design.

In addition, new accounts cannot be opened at either institution without a similar process and authorization from Altair. So hackers cannot open new accounts that you/we wouldn’t know about and commit transfers out through them.

Q: What are some good resources for learning about cyber fraud risk and how to combat it?

A: An excellent resource for all things cyberfraud-related is here: staysafeonline.org

If worse comes to worst, a thorough “recovery plan” for victims of identity theft, is here:
consumer.ftc.gov. The Fraud Victims Bill of Rights is designed to help you recover from identity theft. A summary of your rights is available at www.transunion.com. Altair’s Financial Planning Toolbox also provides a high-level overview of the immediate steps to take if you think you have become a victim of identity theft.

If you are worried about your identity having been compromised, you should also reach out to one of the three nationwide credit rating agencies and have them apply restrictions to applications for credit. To have a fraud alert placed on your credit report, letting potential creditors and others know that you may be a victim of identity theft, simply notify one of the agencies and all three are required to post similar alerts. Info on these can be found on each of their sites:

You may order one free credit report per year from each of the three rating agencies by visiting www.annualcreditreport.com.


The material shown is for informational purposes only and should not be construed as accounting, legal, or tax advice.  Altair Advisers LLC is a registered investment adviser with the Securities and Exchange Commission; registration does not imply a certain level of skill or training.  While efforts are made to ensure information contained herein is accurate, Altair Advisers cannot guarantee the accuracy of all such information presented.