Journal of Financial Planning: October 2011
Eileen Gallo, Ph.D., is a psychotherapist in private practice in Los Angeles, California, where she works with individuals and families dealing with issues related to money. Along with her husband, Jon Gallo, she is the co-author of two books on children and money. Her website is www.galloconsulting.com.
In recent years, an increasing number of companies in the financial services industry have been developing educational programs for young adults in affluent families. These programs are the fallout from such parental surveys as the 2007 U.S. Trust Survey of Affluent Americans, which disclosed that only one in four respondents believed their children had received adequate financial education, and Ameriprise Financial’s 2006 study, The New Retirement Mindscape, in which affluent clients described advice to help their children “become more financially savvy” as the most valuable financial planning service they wanted from their financial advisers.
Planners providing meaningful financial education programs for today’s young adults have to confront a challenging new topic: the Internet. Today’s 18- to 30-year-olds are the first generation to be wired from birth. Social networking plays an enormous role in their lives. From email to text messaging, from Facebook to Twitter, they are using the Internet to connect. The Internet is also potentially damaging their financial lives and job prospects because of questionable pictures and posts on their public profiles. Information such as their parents’ names and their date and place of birth is providing the personal details needed for identity theft.
Here are some of the basics of Internet safety that I discuss with young adults in financial literacy programs.
The Basics
In addition to warning young adults to avoid too much information on their public profiles, I warn them never to use public computers to access sensitive information—anything that requires you to enter a login identity and a password.
I also suggest they use a Mac. Macs are more secure than a PC running Windows because Macs use a version of Unix, on which most of the Internet is built. In addition, because there are far fewer Macs than PCs, they are much less likely to be targeted for attacks.
Email scams are on the rise. Many of these scams use fraudulent headers to make it appear that the email is from a legitimate source, such as a friend or website one frequents. Young people tend to be highly knowledgeable in sending email and text messages, but far less knowledgeable when it comes to distinguishing a legitimate email from a scam.
All emails have a header, a set of information ranging from the identity of the sender to the various servers that handled the message and the programs they used. The full header often contains 20 or more lines of information and is much too long to appear as part of the email. Instead, email programs typically display only four bits of information from the header: To, From, Subject, and Date. What most people do not know is that the “From” header can be set to anything the sender wants.
The identity of the real sender is buried in the full header. Whenever an email asks for money or sensitive information, click on the Help section of the email program to find instructions on how to display the full header of the message. (I use Outlook, and click on the small arrow at the bottom right of the Options menu to show the full header.) Once the full header is displayed, you will find about halfway down a series of lines that begin with “Received.” The last Received line contains the name of the email server where the email originated.
It is important to remember that a legitimate company will never ask for sensitive information in an email. Emails asking for a Social Security number, full credit card number, full bank account number, or usernames and passwords should be viewed as a huge red flag. I also warn young adults never to click on links in emails unless they know in advance where they lead. To determine what a link will do, hover the cursor over the link and a rollover text box will usually appear showing where the link takes you. In fact, if the email involves any form of e-commerce, I recommend not to click links under any circumstances. Instead, go directly to the business’s website and login to your account there.
While Facebook can be a fun way to keep in touch, it can also do a lot of damage to your reputation if you’re not careful. The best advice to a young adult is to choose your friends carefully! And after that, don’t ever forget that what’s posted on Facebook is out there for all of your friends and THEIR friends to read. I can’t tell you how often I’ve seen very personal or potentially embarrassing comments posted on someone’s Facebook wall that should have been sent as a private message.
If you think it’s politically correct to accept your boss as a friend, and then post (or even worse, another friend posts) photos of how drunk you were at a party the night before an important meeting, you may return to the office to find the contents of your desk in a box outside the door. And if you receive a “friend request” from someone you don’t know, send a private message to someone who does know him or her to get a reference. Young people often think it looks cool to have as many friends as possible, but indiscriminate “friending” can become a nightmare.
Another avoidable mistake that young adults make is to fail to select strict privacy settings for their Facebook account. Letting anyone with a computer have access to your wall postings and those party photos could be a disaster. Present and potential employers are checking for clues about an employee’s personal life, and without setting privacy preferences carefully, they can often find information the young person will regret having made available.
URLs
A Uniform Resource Locator is nothing more than the address of a website in cyber space. When dealing with financial institutions and other websites where you have to provide sensitive information such as credit card numbers, it is important to make certain the website is secure and protected from hackers. All banks and legitimate businesses provide a secure website where any financial information you enter is encrypted in such a way that a hacker would be unable to use it. You can verify whether the website is secure by looking at the URL. The URL for a secure website begins with “https://.” Websites that are not secure begin with “http://.” In addition, a padlock icon (usually green) will appear in a corner of your browser window. Click on the padlock icon and you should be presented with a signed certificate that proves the site you are browsing belongs to the institution it purports to be from. The most prominent companies that provide such certificates are Verisign Inc., Comodo, and Geotrust. Almost all financial institutions use one of these three certificate providers.
Hackers have gotten so good that they can duplicate, line by line, the websites of legitimate businesses. The site may appear to be secure and even have a valid certificate. The one thing hackers cannot duplicate is the domain name. It may look very similar to the real domain name, but there has to be at least a one-letter difference. Make sure the domain name matches up with the company whose page you intend to visit.
Once you have made certain that you are at the website of the company you intend to visit, especially at financial institutions, avoid clicking anything in pop-up windows. Sometimes a site may be infected with malicious code that will cause a pop-up window to appear, used by hackers to steal identity information. As a rule, financial institutions do not use pop-up windows.
Password Management
Use complex passwords that contain a mixture of numbers, letters (both uppercase and lowercase) and, if possible, punctuation marks. Avoid using any English words and don’t use any piece of information personal to you.
Use passwords that are at least 8–10 characters long, and avoid using a “system” to make passwords. Way too often, young adults use a system consisting of a word plus a number or letter at the end based on the site the password belongs to. Instead, always use unique passwords.
Teaching financial literacy to young adults is both challenging and interesting. Make certain that your curriculum includes Internet security information in order to cover all the bases.
Acknowledgments: I would like to thank Brian Berman at Greenberg Glusker Fields Claman & Machtinger LLP and my husband, Jon Gallo, for their assistance in researching this topic.