Doyle Lonnegan: “Your boss is quite a card player, Mr. Kelly. How does he do it?”
Johnny Hooker: “He cheats.”
– The Sting (1973)
When you have money, there’s always someone wanting to separate you from it. The “legal” method is to make you pay too much for stuff you don’t need. Then there are the scam artists and fraudsters. It can be a fine line.
The Weakest Link
It’s you. Don’t think you can’t be conned, scammed, phished, or tricked. Just ask former clients of Bernie Madoff. Ask the two ex-secretaries of state who sat on the board of directors of Theranos. Ask former CIA Director John Brennan or Amazon chairman Jeff Bezos. All have been victims.
Accept that everyone is vulnerable and be suspicious. Scams rely on trust: they can pretend to come from government organizations, charities, friends, and family. Understand the IRS won’t call you out of the blue. Your bank won’t ask for your password over the phone. Those Billie Eilish tickets may be duds.
Scams ebb and flow with current events and the seasons. Census scams were in vogue in 2020. Unemployment scams were big business during the pandemic. Try to keep up to date with the what’s hot. You can sign up for consumer alerts from the Federal Trade Commission here.
To protect yourself, get names and call-back numbers from anyone asking for information over the phone. Don’t click on email attachments or hyperlinks, even if they came from your mother, unless you are confident that they are legitimate. Don’t wire money to people you don't know. Don’t deposit unknown checks you receive in the mail.
When it comes to investing, remember that a high return comes with more risk. The old adage applies: If it sounds too good to be true, it probably is. People—well-intentioned or otherwise—will pitch all sorts of investment schemes that supposedly will make you money with virtually no risk. Turn the tables and ask how you can lose money. If you don’t get a clear answer, or if the answer doesn’t make sense, stay away.
Phishing, Vishing, Smishing
Phishing happens through social media, email, voice calls, and messages. Here are tips from the Cybersecurity and Infrastructure Security Agency (CISA) on how to keep alert to phishing attempts: 
Watch for sender’s addresses that resemble reputable companies or organizations.
Beware of generic greetings such as “Dear Customer.”
Hover over links to inspect the URLs that they link to.
Watch for wierd, bad, or inappropriate spelling & grammer.
Don’t download unknown attachments.
We’ve all heard these. Still, we fall prey.
Much of your financial life is on-line. This is great for cost, speed, and choice. It also makes you a target. You need to protect yourself. For a concise to-do list see this post by security specialist Joel de la Garza.
You don’t use “password”, “qwerty”, “sunshine”, “iloveyou”, or “123456”, do you? And you don’t use personal information such as your name, address, birthdate, pet’s name, or phone number in your passwords, right? Right.
So how do you choose a good password?
Make it long. A computer can figure short ones out by “brute force,” i.e., running through all the possibilities. It will take just as long to figure out “password” as it will “A$kzzPR#”—just a few minutes with enough computing power. Use long word strings with upper- and lower-case letters, numbers, and special characters (“plumber$Dividing6#Botox” anyone?) But avoid common phrases, song lyrics, or quotes.
Don’t reuse it. Have a different password for every account. If somebody gets into one, they won’t have access to others.
Change it regularly. Especially if you’ve been subject to a data breach, which most people have.
Don’t write it down. Generate passwords and save them in a secure password manager such as Dashlane or Keeper. 
Two-Factor Authentication (2FA)
Enable two-factor authentication in any account that offers it, including all your bank and brokerage accounts and your email accounts. With 2FA you receive a unique code each time you log in. This may be sent to you by text message, phone call, email, through an authentication app, or a physical security key.
Even 2FA is not a sure thing. As a further level of security be sure to enable enhanced security options with your cellphone carrier, if they offer it.
Don’t use “open” networks (coffee shops, hotels, airports, etc.) or WiFi “hotspots” for anything confidential. Instead use your phone’s cellular data or set up a Virtual Private Network (VPN).
Don’t use public or shared computers. If it’s unavoidable, make sure to log out of your accounts, clear the cookies and other information in the browser settings, and close the program.
Chances are good that your personal information is already for sale on the dark web. It may just be a matter of time before someone tries to use your identity for profit. During the COVID-19 pandemic, a widespread fraud was the use of stolen personal information to apply for unemployment payments. So what can you do to protect yourself?
The basic steps are outlined by the Federal Trade Commission at https://identitytheft.gov/. Even before you are actively combating an event, take the cybersecurity steps outlined above to prevent unauthorized access to your financial accounts.
Also put in place credit freezes at each of the three major credit bureaus (see Chapter 9) and at Chexsystems (see Chapter 4).
Government and Regulatory Agencies
Examples of common scams and how to protect yourself