Cybersecurity Risks During the COVID-19 Pandemic

April 2, 2020

As part of our efforts to keep our clients safe, we will alert you when cybersecurity risk is particularly high or when specific fraud threats have emerged that you’ll want to be aware of. With the coronavirus outbreak, there has been a substantial increase in cyber fraud attacks. According to our cybersecurity consultant, the number is possibly the largest ever seen around a single theme. Fraudsters are upping their game and playing on our fears and our desire to help.

Remember, the no. 1 defense against them is people, not technology. Once you’re aware of these attempts and know how to spot them, you’ll be in the best position to prevent them.

Here are some of the new attempts our IT and cybersecurity consultants have identified lately:

  • Fake World Health Organization or government emails around the coronavirus outbreak or stimulus checks.
  • Phony emails and texts soliciting money for fraudulent coronavirus-related charities.
  • Fraudulent webpages using coronavirus-related URLs that collect information for attackers from unsuspecting visitors.

How to protect yourself:  

  • Know what to look for. Click here to see visual examples of some of these attacks and the tricks to spot them.
  • Protect your email account. Do not click on any links whatsoever unless you’re expecting the communication and you’re completely sure they are coming from legitimate sources.
  • Protect all passwords. Use strong passwords and don’t use the same password for different accounts.
  • Protect account access. Use two-factor authentication when available.
  • Manage your devices. Always use antivirus software and update software regularly.
  • Protect information on social media. Do not share personal information such as birthdates, home addresses, phone numbers, or social security numbers.

This is a good time to remind yourself of all the usual ways to protect yourself against common attacks, especially around your finances:

  • Be wary of any unsolicited inbound phone calls potentially from tech support, government agencies, banks, software providers, and even persons claiming to be Litman Gregory employees. Never give information over the phone unless you are able to verify the caller is legitimate, such as by hanging up and calling back using the number you have on file. (Or visiting their website and calling via their listed number.)
  • Remember that the IRS and the Social Security Administration will not call you.
  • Do not reveal personal or financial information in an email. Deliver sensitive information through a secure means such as our client portal.

This is what we do to protect your financial information:

  • We have established policies and procedures for reacting to suspected/confirmed client account compromises, which may include disabling the ability for fund transfers or establishing new account numbers.
  • In many cases, especially around money transfers, our team will call you to verbally verify instructions and information.
  • We train our team members regularly on cyber fraud topics and test employees using cyber fraud simulations.
  • We have established security policies and procedures to protect client sensitive data that include minimizing authorized access to the data, appropriate handling of the data, device and network management, and physical security.

Please reach out to your Litman Gregory Advisor  if you have any questions about these updated cybersecurity threats or the steps that we’re taking to protect your information.


This newsletter is limited to the dissemination of general information pertaining to Litman Gregory Asset Management, LLC (“ LGWM”), including information about  LGWM’s investment advisory services, investment philosophy, and general economic market conditions. This communication contains general information that is not suitable for everyone. The information contained herein should not be construed as personalized investment advice and should not be considered as a solicitation to buy or sell any security or engage in a particular investment strategy. Nothing herein should be construed as legal or tax advice, and you should consult with a qualified attorney or tax professional before taking any action. Information presented herein is subject to change without notice. Past performance is no guarantee of future results, and there is no guarantee that the views and opinions expressed in this newsletter will come to pass. Individual client needs, asset allocations, and investment strategies differ based on a variety of factors. Any reference to a market index is included for illustrative purposes only, as it is not possible to directly invest in an index. Indices are unmanaged, hypothetical vehicles that serve as market indicators and do not account for the deduction of management feeds or transaction costs generally associated with investable products, which otherwise have the effect of reducing the performance of an actual investment portfolio.
LGWM is an SEC registered investment adviser with its principal place of business in the state of California.  LGWM and its representatives are in compliance with the current registration and notice filing requirements imposed upon registered investment advisers by those states in which  LGWM maintains clients.  LGWM may only transact business in those states in which it is noticed filed or qualifies for an exemption or exclusion from notice filing requirements. Any subsequent, direct communication by  LGWM with a prospective client shall be conducted by a representative that is either registered or qualifies for an exemption or exclusion from registration in the state where the prospective client resides. For information pertaining to the registration status of LGWM, please contact LGWM or refer to the investment adviser public disclosure web site ( For additional information about LGWM, including fees and services, send for our disclosure brochure as set forth on Form ADV using the contact information herein.