Knowledge is Power, Protect Yourself Against Online Fraud

Charles A. Christofilis, Chief Compliance Officer, First Republic Investment Management

People are creatures of habit, and are often motivated by fear and greed. For centuries, con artists have taken advan­tage of that, contriving schemes to separate victims from their hard earned pay. Karl Marx said “Sell a man a fish, and he can eat for a day, teach a man to fish, and you lose a great business opportunity.” Given that mindset, it behooves you to understand how these criminals “phish,” so that you can lessen your chances of falling victim.

The Spanish Prisoner / 419 Scam

Today’s internet scams date back to the late 19th century, the most obvious and common being variations of “The Spanish Prisoner.” This confidence game is very simple, the victim is told that a very wealthy and influential (but unidentified) person is imprisoned in Spain under a false identity, and that if the victim is to advance funds to secure the release of the prisoner, they will be financially rewarded when the prisoner is released. Once funds are advanced, either the trickster is never heard from again, or more difficulties arise and more money is needed until the victim declines to put up more funds. This under­lying fact pattern has changed somewhat over the last 100 years, and more modern internet versions of this scam are called “419” scams, named after the section of the Nigerian Criminal Code dealing with fraud (although most of these frauds originate in the US and UK, respectively with Nigeria in a distant third place). These scams have become so well known that they have almost stopped being effective.


Far more effective is phishing: an imposter e-mail and/or web site is used to lure an unsuspecting victim into giving up their usernames, passwords, and accounts details straight to the scam artist. These emails/websites can be very convincing, often mimicking the “look and feel” of the institution in question. The victim thinks the email is legitimately from their banker, credit card company, etc, and provides the requested information. At that point, oftentimes the money is taken directly. Sometimes it is your address list that is taken, and soon your friends, family and every financial institution you have an account at is informed (by “you”, via your e-mail) that you are out of the country, lost your wallet and need ten thousand dollars transferred to a certain offshore account immediately.

It behooves you to understand how these criminals “phish,” so that you can lessen your chances of falling victim.


The quickest and easiest way for any con artist to get access to any account is to simply to guess the password. A significant percentage of passwords are: password, 123456 or 12345678 (in that order), with roughly a third of the population using the same password across all of their accounts. If you find an ATM card on the sidewalk tomorrow, there is almost a one in ten chance that the PIN is 1234, 1111 or 0000, and you will likely have three chances to enter it before the account is de-activated. Use one of those passwords, and you are asking for trouble.

How to Protect Yourself

There are three very broad (but effective) ways you can protect yourself. First, make sure that all of your devices (in addition to accounts and applications) utilize passwords, and make sure all usernames, passwords and PINs aren’t obvious. Second, never respond to any financial institution, First Republic or otherwise, or any urgent email claiming to be from a bank or any company that requests your account information or personal details. Banks simply don’t engage in sending SPAM e-mails phishing for this type of information. Finally, be skeptical especially regarding urgent requests that will result in huge windfalls. How likely is it really that the President of the state-owned Nigerian National Petroleum Corporation needs your five grand?

The views of the authors of these articles do not necessarily represent the views of First Republic Bank. First Republic Private Wealth Management encompasses First Republic Investment Management ("FRIM"), the Luminous Capital division of First Republic Investment Management, First Republic Trust Company ("FRTC"), First Republic Trust Company of Delaware LLC and First Republic Securities Company, LLC ("FRSC"), Member FINRA/SIPC. FRIM, FRSC and FRTC of Delaware LLC are subsidiaries of First Republic Bank. FRTC is a separate division of First Republic Bank.

This document is for information purposes only and is not intended as an offer or solicitation, or as the basis for any contract to purchase or sell any security, or other instrument, or to enter into or arrange any type of transaction as a consequence of any information contained herein. 

Although information in this document has been obtained from sources believed to be reliable, we do not guarantee its accuracy, completeness or fairness, and it should not be relied upon as such.  This document may not be reproduced or circulated without our written authority.

Past performance is not indicative of future results. The performance of an index is not an exact representation of any particular investment, as you cannot invest directly in an index.

The investment services and products mentioned in this document may often have tax consequences; therefore, it is important to bear in mind that First Republic Bank and its affiliates do not provide tax advice. The levels and bases of taxation can change. Investors' tax affairs are their own responsibility and investors should consult their own attorneys or other tax advisors in order to understand the tax consequences of any products and services mentioned in this document. Accordingly, you and your attorneys and accountants are ultimately responsible for determining the legal, tax and accounting consequences of any suggestions offered herein.  Furthermore, all decisions regarding financial, tax and estate planning will ultimately rest with you and your legal, tax and accounting advisors.  Any description pertaining to federal taxation contained herein is not intended or written to be used and cannot be used by you or any other person, for purposes of avoiding any penalties that may be imposed by the Internal Revenue Code.  This disclosure is made in accordance with the rules of the Treasury Department Circular 230 governing standards of practice before the Internal Revenue Service.

Investment and Advisory products and services are not deposits or obligations of, or insured, guaranteed or endorsed by any bank, Federal Deposit Insurance Corporation, the Federal Reserve Board, or any other agency, entity or person.  The purchase of securities involves investment risks including the possible loss of principal.