Important Cybersecurity Reminders for 2026 – How to Spot and Avoid Common Scams | Sixty and Me

Scammers no longer rely solely on poorly written emails or clearly fake phone calls. Today’s fraud attempts often include:

• Real company names and branding.
• Email addresses that closely resemble legitimate domains.
• Caller ID spoofing that displays familiar phone numbers.
• Messages crafted to create a sense of urgency, fear, or confusion.

The common financial scams of today often even reference real institutions, real employees, or real current events which add credibility to their outreach attempts. The goal is almost always the same: to trick someone into revealing sensitive information or sending money before they have time to think or verify the request.

Understanding how common financial scams typically operate is the first step toward protecting yourself.

What they often look like:

Phishing emails are designed to appear as though they come from trusted organizations – such as banks, government agencies, or well-known financial institutions like Vanguard, Charles Schwab, Fidelity, Bank of America, etc. These messages often claim there is a problem with your account or that immediate action is required.

Common examples include:

• Notices of “unusual activity”
• Alerts about late payments or account restrictions
• Requests to confirm or “verify” your information

While the email may look legitimate, the sender’s address or embedded links often contain subtle irregularities.

Red flags to watch for:

• Requests for personal or financial information
• Urgent or threatening language (e.g., “Your account will be closed today”)
• Unexpected attachments
• Slight misspellings or extra characters in email addresses or links

Legitimate financial institutions do not make unsolicited requests for sensitive information via email.

What they often look like:

Phone scams involve callers claiming to represent entities such as the IRS, the Social Security Administration, tech support providers, or financial institutions. These calls may sound professional and confident, and in some cases, the caller ID may even display a familiar name or number.

Common tactics include:

• Requests for Social Security numbers or account details
• Instructions to make payments via wire transfer or gift cards
• Claims that immediate action is required to avoid penalties or account suspension

Red flags to watch for:

What they often look like:

Text message scams frequently involve short messages that include suspicious links and claims of urgency. These texts may reference package deliveries, account verification codes, or maintenance requests you did not initiate.

Common examples include:

• “Your package is delayed—click here to update delivery details”
• “Unusual activity detected—verify your account now”
• Messages claiming you’ve won a prize or giveaway

Red flags to watch for:

• Shortened or unfamiliar URLs
• Requests to click a link to “fix” or “update” an account
• Messages referencing transactions or contests you never entered

If you were not expecting the message, it is best to avoid clicking any links and verify the situation independently.

While scams may be becoming more sophisticated, there are still effective ways to reduce your risk. Here are a few tips.

If someone reaches out unexpectedly, pause and verify the request through a trusted source. Use official websites or phone numbers you already have on file or that you can easily find on Google – rather than the contact information provided in the message itself.

Be extra wary when sharing personal or financial details via email, text, or phone – especially if you didn’t initiate the interaction. Financial institutions like Bank of America, Charles Schwab, or Fidelity will not spontaneously contact you to request sensitive information.

As it relates to financial institutions, we ask our clients to view us as a firewall – an extra protection as it relates to the flow of your information, as we daily work such institutions and thus can quickly spot an illegitimate contact attempt.

Many major email service providers allow you to hover over links in emails to see the location the link actually will send you to. This allows you, before clicking the link, to confirm that the destination URL is legitimate and matches what the visible link text is representing.

Avoid reusing passwords across multiple accounts. Strong, unique passwords – updated regularly – can significantly reduce your exposure.

Legitimate companies and government agencies do not demand immediate action or payment over the phone or via text. Urgency is a common tactic used to prevent you from verifying the request.

When our clients encounter any communication that raises concerns, we encourage them to contact our office. We are always here to help you evaluate the situation and protect your financial well-being. If you have a financial advisor yourself, you can do the same – they’d likely be happy to assist you in ensuring the legitimacy (or otherwise) of such outreaches.

One of the most effective ways to spot a scam is by closely examining the sender’s email address. Here are some tips using a breakdown and comparison of how to differentiate between legitimate and illegitimate emails, using Charles Schwab simply as the example, but the same principles apply to any financial institution.

Legitimate emails typically come from verified company domains and follow consistent formatting:

• clientservices@schwab.com
• notifications@schwab.com
• support@schwab.com
• no-reply@schwab.com

Key characteristics of legitimate emails:

• The domain ends in @schwab.com
• No extra words, numbers, or misspellings
• Clean, professional naming structure

Scammers often create email addresses that closely resemble real domains but include subtle errors:

• clientservices@schwab-support.com
• security@schwabverify.com
• account.alerts@schwabb.com (extra “b”)
• no-reply@schwab.com.secure-login.net
• support@schwab-accountverify.co
• schwab.alerts@secure-mail247.com

Common red flags include:

• Extra words added to the domain (e.g., support, verify, secure)
• Misspellings (e.g., schwabb, schawb)
• Suspicious domain endings such as .co, .info, or .net
• Long, complex addresses with multiple dots

In this example, if the email does not end exactly in @schwab.com, it should be treated with caution.

We encourage you to save or print this article so you can reference it in the future. Even a quick refresher can make a meaningful difference when something doesn’t feel quite right.

We encourage our clients, if ever they receive an email, call, or message – whether from us, one of our affiliates, or another financial institution – and are unsure about its legitimacy, to feel free to forward it to our office. We are always happy to take a second look.

At The Ivy League Advisory Group we know that protecting our clients’ financial information is an ongoing effort, and we remain committed to working alongside you to help ensure your personal and financial security.