Fraud Prevention Strategies: What It Is and How to Protect Yourself

A Clean Yield Speaker Series Webinar Summary

Every year, about one-third of Americans experience financial scams, fraud schemes, and identity theft. Instances of fraud have surged in the last five years, increasingly targeting individual investors, small business owners, and older adults.  

In November 2025, Clean Yield hosted a webinar on fraud prevention strategies. The webinar featured three fraud prevention experts: Mike Pieciak, Treasurer of the State of Vermont; Aoife Ridge, Director of Fraud Prevention at Charles Schwab; and Victoria Lloyd, Founder and Principal of Athena Advocacy. 

Watch the full webinar:

The webinar provided information about what fraud schemes are, how to identify different types of fraud, and several fraud prevention strategies. Three fraud prevention experts provided their insights: 

• Mike Pieciak: Prior to being elected Treasurer of the State of Vermont in 2022, Mike worked for eight years at the Department of Financial Regulation, first as deputy commissioner and then as the commissioner. There, he played a key role in leading the investigation of the largest fraud case in Vermont history. 

• Aoife Ridge: Before joining Charles Schwab in 2022, Aoife held positions at TD Ameritrade Institutional and LPL Financial, managing compliance, risk operations, and advisor relations. In her current role as Director of Fraud Prevention, she has exclusive insights on how to spot threats, protect online accounts, and keep sensitive information secure.  

• Victoria Lloyd: Victoria is an attorney and former educator who founded Athena Advocacy, which serves as a neutral third-party fiduciary and advocate. Victoria also founded, and currently chairs, Vermont’s Financial Abuse Specialist Team, also known as FAST of Vermont. FAST of Vermont’s mission is to prevent and mitigate financial exploitation with a multidisciplinary team of members.   

Below is an edited transcript of the topics we covered during our conversation, including the realities of the current fraud landscape and expert fraud prevention strategies you can use. While many of these comments pertain specifically to Vermont, similar resources exist in other states. 

Additional Fraud Prevention Resources: 

• Fraud Prevention Data and Checklist 

• Data Breach Next Steps 

Who Does Fraud Impact the Most? 

Mike Pieciak: It can be really challenging on the one hand, because a lot of people don’t want to talk about frauds and scams, particularly if they’ve been a victim of a fraud or a scam. And, it’s also challenging because it has such a significant impact on people, you know, the estimate is that there are $10 billion of consumer fraud that occurred in 2023, and billions and billions of dollars of investment fraud on top of that, so it’s a significant issue. Ten or fifteen years ago, the profile of the person who was more likely to fall victim was someone who was maybe in their 50s, male versus female, someone who was highly educated, someone who even had experience with investments. This first principle that you can think about, which is your own hubris, your own, thought that, oh, I know what I’m doing. 

I like to sort of set that out at the top, because truly anybody can be a victim of financial fraud.  

The other point that is important, because it literally can happen to anybody, is breaking through the shame and the stigma of it happening to you, because we need people to report scams and frauds to the Department of Financial Regulation, to the Attorney General’s Office, to the FBI, to law enforcement, because that’s the only way that you can sort of get ahead, put out information, try to track down the fraudsters, try to protect other people. And when people feel ashamed and they remain quiet, that allows the fraudsters to continue to do what they’re doing and gives them a leg up. 

Victoria Lloyd: Fraudsters are criminals. As we think about financial abuse, it is a crime, and using that word really destigmatizes what happens to the person, because in fact they are a victim of a criminal act. Only one in 44 financial abuse incidents are reported. Last year, Vermonters lost $11 million. There was a 30% jump in loss, a reported loss, again, which isn’t fully reported, between 2023 and 2024. 

In situations when we’re approached through the mail, through the internet, or through the phone, people are trying to separate us from our money. We bring our confident selves to the table, we carry into these situations all of our life experience and think, oh, I got this. The message here is to really feel that you can stop, that it’s not an emergency, and that you can really take advantage of all of the resources. 

Scams hit below the belt because the amygdala and the hippocampus are fighting. That’s the goal (of the criminal), to cause people to get emotionally off-balance. And the amygdala is our emotional center. The hippocampus controls our memory, our logic, and our critical thinking. And so, when, there’s urgency and too good to be true language, it is really forcing these two parts of our brain to not work together, because it puts us emotionally off balance. 

Over time, as we age, what makes us more vulnerable is that our emotional side is louder than our logical part of our brain. Vulnerable adults, and again, there’s a scam for everyone; we’re just focusing on vulnerable adults, and as the brain ages, that emotional part of your brain really takes over. It’s best practice to stop, ask questions, and breathe. 

Aoife Ridge: I saw a new report from Pew Research recently that said 73% of Americans have been scammed in some way, shape, or form, which is nearly everyone. So, as the previous presenters mentioned, we really need to take the stigma out of reporting scams. These are the numbers we’re reading, and these are under-representations. 

Not only are these people committing fraud criminals, these are oftentimes organized crime rings, and fraud is just the beginning of this. They’re using the proceeds of this fraudulent activity to fund really nefarious activities, including terrorism, drug, human, and weapons trafficking. Some of these groups are backed by our geopolitical adversaries. So, reporting to the IC3.gov [the Internet Crime Complaint Center] is incredibly important. 

There was $2.7 billion lost from email compromise in 2022. I think it ticked up a little bit in 2023 and 2024. And then 98% of cyber-attacks involve social engineering. I think we think so much about cybercrime as a technology issue, but more and more, our cybersecurity defenses are being reinforced and fraudsters are attacking what they see as the weakest link, which is individuals, humans, and using our own psychology against us, basically hacking into our brains. 

What Fraud Prevention Strategies Can I Follow? 

Mike Pieciak: There are three things that I think sort of present themselves routinely when someone is trying to defraud somebody or scam them. The first is trying to create a sense of urgency, an unnecessary sense of urgency. When something seems like it needs to happen today, because this is a limited time offer, there are other investors that are coming in, only a couple of slots are available, etc. You have to do your best to just sort of breathe and take a breath and step back and evaluate whether or not it’s truly an emergency. A pretty good standard here, which is, if you need an answer today, the answer is no. If it is a true investment opportunity, they’re not going to force you to try to make a rash decision. They want you to be a long-term partner and investor with them, and they’re going to want you to take your time and do your due diligence. 

The other one is when people talk about something having no risk. The very nature of investments carries risk. It’s just a matter of the spectrum of risk. Whenever you hear about something that has no risk to you, to your retirement, to your money, it’s another really large red flag. The other thing that goes along with no risk is something that is guaranteed, guaranteed returns. Just like there is always risk in investment, there’s no such thing as guaranteed returns either, because there is risk. 

Often, these three things are put together: The sense of urgency, the fact that there’s no risk, the fact that there are guaranteed returns. It’s a very, very common sort of puzzle that they put together to try to perpetrate a fraud, and one that we should all be mindful of. 

The last thing that I want to mention as a practical tip for both business owners, but also for individuals, you know, we just had a discussion about the most common frauds that we’re seeing in the Vermont banking community. And one that was a little bit of an older fraud, or common fraud for decades, was mentioned as something that one of the largest financial institutions in Vermont sees most regularly, which is check fraud. 

As best you can, shift to making ACH payments, doing payments online, not putting things in the mail, ripping up your checks when you have done them through mobile deposit, keeping safe track of your checkbook as well, so that you eliminate those opportunities for people to get a hold of an unwritten check, of a check that’s already been written, or one that’s even already been cashed. 

Aoife Ridge: Nearly 3.5 billion phishing emails go out every day. At Schwab, we filter out 98% of all incoming emails, and I think as individuals, if we can start to think that way, it will help us to prevent some of the engagements with fraudsters in the first place. So, if you can add any spam filters to your email, your text messages, that’s great. But also, just training ourselves to have permission not to talk to everyone who tries to get ahold of us. 

If I see an email come through from my bank or from a utility company, it triggers in my brain that I might need to interact with that institution, but I’ll log into their website, I’ll use their app, or I will call them at a number that I have on file, that’s on my statement, or that I find on their website to make sure that I’m independently verifying that I’m talking to the right person. 

I want you to think about what is in your email box, and not just in your inbox, but also your outbox, which if you’re anything like me, you haven’t cleaned out in at least a decade. There are interactions with our family members, there are utility bills with our addresses, there are notifications from the DMV that tell, you know, what make and model of car we were driving 10 years ago. Why is that problematic? Those are the types of questions that financial institutions or other secure sites use to verify our identity, so if somebody gets in there, that could be problematic. 

So when it comes to securing ourselves, maybe not the most exciting topic, but strong and unique passwords and multi-factor authentication are the two best things that we can do. And when we’re talking about a strong password, length equals strength. We’ve moved away from special characters and numbers and changing it very frequently to creating a really long password that’s hard for somebody else to guess, but easy for you to remember. So, a passage from your favorite book, part of a song, a sentence that can stick in your mind is a really good idea. 

Alternatively, though, you might want to just use a password manager. These can be very effective at helping us to use very long, unique, complex passwords, making sure that they’re different for every site. But we do want to make sure that we’re using a good password manager. If you go to PCMag.com or any of the computer magazines, they do annual rankings of password managers. They have different price points and different features, but looking into one of those can be very effective. 

The other nice thing about a password manager is more and more with the advent of AI, fraudsters are making spoofed websites, including spoofed bank websites and spoofed government websites. If you’re using a password manager and you end up in the wrong place, your password won’t work. And that might just be long enough for you to say, hey, what’s going on? And look at the URL and examine it thoroughly, and say, oh, I’m not in the right place. 

Also, you want to lock down your online ability to access your account. So I really love the Schwab app, because you can set up the most complex password you can think of, and then add biometrics, and just use your thumbprint to access your account, so that’s really nice. You can also have limited view access on your account, so if you’re not actively managing your investments and you’re relying on your advisor to do that for you, that limited view access means that if a fraudster were able to hack into your account, they can’t place trades, and they can’t disperse funds. 

Lastly, I would turn on alerts within the mobile experience or desktop experience, because you do want to report suspicious activity as soon as possible. So if there’s money movement in your account and you didn’t initiate it, reporting it as soon as possible is very important.  

… If you are impacted by a [personal] data breach, I think people tend to get very panicked and don’t know where to start, and so my advice to you is to remain calm and work through the problem methodically. So the first thing you want to do is try to identify what has been compromised. So, you know, is it parts of your identity? Is it your bank account? Is it utility accounts and your cell phone, you know, any number of things can be impacted. And then, based on what’s been impacted, you want to go about notifying in a logical order. So, you’re going to want to let your financial advisor and your financial institutions know that you’ve had a compromise. You’re going to want to let the credit bureaus know. If your Social Security Number is compromised, you want to let the Social Security Administration know. You’re also probably going to want to file a local police report. That’s going to be helpful for any insurance claims or any fraud claims, and then you are going to want to report it to the FBI at IC3.gov. 

In terms of restoring, you want to make sure that you’re, once again, methodically going through running antivirus and anti-malware scans, if it was a device that was compromised. If it was your email that was compromised, you want to make sure that you go through and see if there were any rules turned on, like auto-forwarding, or if there’s anything that you can identify that was forwarded that has specific information that you need to protect. And then you want to change passwords, and once again, a password manager can be very helpful in doing this. 

I would suggest that you proactively freeze your credit. I think everyone should have their credit frozen. I read that a newborn baby’s credit profile is worth more on the dark web than a middle-aged millionaire’s, because there’s just a longer time to use it for nefarious purposes. It’s not particularly cumbersome, and it can save you a whole lot of heartache in the long run, which prevents a lot of new account fraud, a lot of ACAT (Automated Customer Account Transfer Service) fraud transferring from institution to institution. There’s also a checks alert that you can run to see if any checking accounts have been opened in your name that you’re unaware of. 

Some homeowners’ policies are starting to offer identity theft and fraud protections, so it might be a good idea to look into those, or if you are victimized, to see if you have any coverage. And then you’re going to want to continue to monitor once you’ve had a breach. 

I would say the top things to do to keep yourself safe are, one, to secure your personal information. We talked a lot about email, but also social media, and your cell phone. If somebody gets access to your cell phone, it’s the keys to the kingdom. So I would reach out to your cell phone carrier to see what additional security measures that they have, whether it’s multi-factor authentication or passwords, or a whole host of things, that’s something I would definitely want to keep locked down. You want to use secure payment methods. So the Treasurer talked about check fraud, and we do see a significant amount of check fraud. 

I would suggest if you’re purchasing something online that you use a credit card. If you aren’t comfortable with credit cards, you might want to think about having an operational account, like a small checking account that you just use for purchases. Or, you know, if you want to write checks, I don’t necessarily think it makes sense to add checking features to your brokerage account where you have your life savings, or to your retirement accounts. To me, the risk is not worth it. 

You want to always make sure that you’re independently verifying information, any non-solicited inbound communication, be very dubious of, you know, treat it guilty until you prove it innocent, essentially. Use a healthy dose of skepticism. Anytime somebody’s asking you for money, really do your due diligence, ask questions, you know, phone a friend if it doesn’t make sense, as said previously, there’s really no situation where you can’t send money later. You know, it’s hard to get it back, but you can always send more. 

Keep your devices secure, so you want to make sure that your cell phones, your laptops, they all have screen protection, you know, use biometrics, use passcode. You want to make sure that you’re keeping your operating systems up to date, so when Apple or Samsung send you those notifications to update your system, you want to do that as soon as possible, because they are patching vulnerabilities. 

You want to be secure about the network you’re using, so your home Wi-Fi should be secured with a strong password, mobile data is secure, but, you know, logging into the free Wi-Fi at the airport and doing your banking is probably not the best idea. 

Don’t act urgently, ask more questions, be extremely skeptical with the environment we’re in. 

How are AI, Cryptocurrency, and Other New Technologies Impacting Fraud Scheme Sophistication? 

Mike Pieciak: It is certainly a new world in many ways when we’re thinking about artificial intelligence. Our own department at the Treasurer’s office is confronted with, frauds and scams that are highly sophisticated, trying to take the state’s money. It’s easy to not pick up on the little red flags. It’s important for us to have, delegation of duties, to have multiple checks, to have important validators, both in our office and from other departments, in terms of vendors, in terms of pensioner payments, in terms of people coming and trying to claim their unclaimed property from our office. 

We’ve implemented policies in our department so that we can actually verify who we’re talking to now. In certain transactions, we make people physically come in to our office so that we can physically see them and verify that people are from out of the state. 

Aoife Ridge: Moving on to scams, this is the one area that no matter how much cybersecurity you have on your account, it doesn’t really matter because they’re not hacking into your account, they’re convincing you to authorize a disbursement out of your account. And that’s another activity that isn’t covered, because you’re directing us [or your financial manager] to do something yourself. 

Being aware of scams, what they look like, how these scammers operate is really important. At the beginning of the presentation, you know, the Nigerian prince scam was mentioned, and that is kind of how we started. We really saw a professionalization of scams around 2020, when criminals were locked at home and had nothing better to do than think about how to defraud people. We saw, subsequently in, like, 2022-ish that these scams were becoming so profitable that they were reinvesting, and there were scam schools being opened in West Africa, scam factories being opened in Southeast Asia. So this is where people are working 40-plus hours a week refining these scams, getting really good at tricking people, getting really good at coming up with excuses for any objections that people have. And then, in the last, you know, year or two, we’ve really seen the digitization of scams. 

So, the tactics are the same, we’re still seeing romance scams, we’re still seeing technology scams, we’re still seeing government impersonation scams, but the scale and the refinement is just much greater. So those, you know, we used to see a lot of grammatical errors. Maybe it was clear that the person who wrote the email was not a native English speaker. And now scammers can write a script in their native tongue and translate it into 30 languages in 5 seconds, and send it out to tens of thousands of people all over the world, and cast a much broader net. 

I think the nuance we’ve seen with investment scams lately is the onset of cryptocurrency. So a lot of people are really interested in investing in cryptocurrency, but might not have a high degree of expertise or knowledge in how to perform due diligence. 

We’re seeing that fraudsters are using AI to create apps, trading apps, that look fairly sophisticated, and so people are being directed towards those. I think we had a recent social media post, don’t take investment advice or candy from strangers around Halloween. But, you know, it is a good rule of thumb. You know, you have a financial advisor and professionals at financial institutions who can help you, identify good investment opportunities. People on social media and online are probably not to be trusted. 

We see a lot of tech support scams. So, you get a pop-up message on your device that says, we’re reaching out from Microsoft, and there’s a virus on your computer, and we need to remote in in order to remove it. As far as I know, Microsoft is not staffed to proactively reach out to people that way. I don’t think that they actually do that. So do not engage with those types of messages, but if you do, if you click on something that you later think is nefarious. 

You want to disconnect your device from the internet, shut it down, take it to a cybersecurity professional to have it restored, and then go ahead and change all of your passwords. 

With government impersonation scams, we’re seeing very young investors who maybe don’t have experience with filing taxes, they don’t understand how it works, and, you know, they think somebody from the IRS is reaching out, to threaten them with jail time or massive penalties if they don’t send money immediately to whatever the destination is, and they, you know, they just don’t have the experience to know that that’s not how the IRS works. They send letters, everything’s very slow, you can dispute it. 

What Fraud Prevention Strategies Does Clean Yield Follow? 

Walter Anderson: Thank everybody again for joining us today. I’m just going to talk about a few of the important steps that Clean Yield follows for our standard operating procedures for money transfers. 

Wire transfers, especially, are a critical part of our operations. They carry a significant risk if they’re not handled properly, and we do many requests daily, so our main goal is to ensure that every transaction is secure, accurate, and fully compliant. We want to make sure that we’re following everything to the letter of the law, so we’re not making any mistakes.  

We follow specific steps, and the first one is that we’re always going to verify the client’s identity. Before we act on any type of wire, we’re going to make sure that the request is coming from an actual client. So we’re going to double-check the phone number that you’re calling from, and we’re going to double-check the email address to make sure that it matches everything in our records. And then after that, we’re going to actually pick up the phone, and we’re going to want to talk to you and have a live conversation to make sure that you did send the request to us, and verbally eliminate any chance of fraud. 

After that, we’re going to want to collect some supporting documentation, so we want to make sure that we have all of the information and necessary paperwork correct, and that we are getting that through secure channels. That’s where most of you have used our share file system, and that’s how we send information back and forth, and that system is security-enabled software that allows us to send things back and forth. 

Then we’re going to validate details with the bank and escrow company to make sure that what you gave us for wire information or ACH information matches what they have. So just to make sure that you’re not getting bad information, we’re going to go and verify it with the bank. 

The last thing is we’re going to monitor the transaction from kind of the start to the end, and make sure that everything went through smoothly, and that there were no issues. By following these steps, we hope that our clients and our company and our reputation will be secure. Wire transfer demands precision, and vigilance, and there’s no room for shortcuts. We want to make sure that we’re doing everything correctly and to make sure that we are getting the money to where it needs to be.