Be on Alert and Stay Vigilant - Phishing, ransomware and cyber scams!

March 20, 2020

Cyber criminals are capitalizing on the interest and hysteria created by the global Coronavirus/COVID-19 crisis.  Fraudsters do not take time off, in fact, many prey on fear and urgency to fool unsuspecting victims.

Just today, Ed Sr received an attempted ransomware email threatening to “infect your entire family with coronavirus if you do not pay this ransom now!” 

Be on guard for the following:

  1. Any message attempting to create a strong sense of urgency to take a particular action.
  2. Any message that pressures you to do something.
  3. Any website or link that claims to track or map the outbreak.
  4. Any domain name ( or web link with any variant of "Coronavirus" or "COVID-19"

Our IT Company has provided us with the following link to check URLs (web address) for signs of suspicious behavior: 


You can copy and paste the email address from a suspicious email in the Search box.

Many of you have heard about the federal government distributing funds to individuals. There is no plan in place at this moment, but the FTC has issued a warning, please follow this link
Remember the government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.
Here's an awesome summary from Brown University Computing & Information Services, with additional information and links to other authoritative sources:

Additional information can be found here :

Be cautious. Be smart.

Your team at Kohlhepp Investment Advisors, Ltd.


Source: EmberIT, Blue Bell Private Wealth Management

Continue reading
513 Hits

Cybersecurity Alert: Marriott Breach Affects 500 Million

December 16, 2018


Hotel chain Marriott announced a massive data breach last week affecting 500 million hotel guests. The breach affects customers who made reservations at Marriott or Starwood properties between 2014 and September 2018, during which time hackers had unauthorized access to a private database. Marriott acquired Starwood properties in 2015 which includes hotel brands such as W Hotels, Sheraton Hotels, Westin Hotels, and more.


The breached database held guest info such as names, addresses, phone numbers, e​mail addresses, passport numbers, birth dates, arrival and departure information, and communication preferences. At this point, Marriott is unsure if payment card information was affected.


What should you do?


In response, Marriott is offering affected customers a free year of WebWatcher which monitors the Internet for your personal information. In addition to this program, you should freeze your credit if you have not done so already. Thanks to a federal law passed in September, you can freeze your credit for free at all three of the big credit bureaus: Equifax, Experian, and TransUnion.


If you used your Marriott or Starwood password for any other account, be sure to change those passwords immediately.


If you have not already, sign up for text alerts on the credit card you used at Marriott. Text alerts will notify you anytime a charge is made. This is a good way to monitor your credit card for fraudulent purchases. You can set up these alerts with your credit card company directly.


Also be on the lookout for phishing emails. Scammers may create fake messages appearing to be from Marriott to gain more of your personal information. Marriott has stated that any legitimate emails will not contain any attachments or requests for information.


Be alert. Be smart. 




Edward J. Kohlhepp, Jr., CFP®, MBA



Edward J. Kohlhepp, CFP®, ChFC, CLU, CPC, MSPA

Founder & CEO



Source: Savvy Cybersecurity, Horsesmouth, LLC


Please contact us whenever there are any changes to your financial situation, personal situation or investment objectives. 

Continue reading
637 Hits

Cybersecurity Alert: What You Need to Know about Tax Identity Theft

March 1, 2018  

As we enter tax season, it's important to be aware of the tax identity-theft scams targeting the public this year. Tax identity theft has been a massive threat for years. Recently, however, the IRS has made progress on catching fraudulent tax returns before money is paid out. Last year, the IRS stopped $4 billion in fraudulent tax returns. This year, it may be a different story.  

Experts worry that this tax season could bring more fraud than we’ve seen in recent years. The reason? The Equifax breach exposed 143 million consumer’s Social Security numbers and other personal data. That other personal data was just discovered by Congress to include tax identification numbers

The amount of personal data exposed makes it easy for tax identity thieves to file fraudulent tax returns in your name, collecting your tax refund check for themselves. The best way to protect yourself from this threat is to file your taxes as early as possible—before the thief has time to file in your name.  

If a tax return has already been filed with your information, the IRS will alert you. If you file your taxes online, you will be notified right away. If you send your documents in through the mail, you will receive notice via a mailed letter. If someone has filed in your name, be sure to alert the IRS of the fraud immediately by filling out Form 14039.  

But it’s important to be on the lookout for other tax scams as well. The IRS is already reporting on a multitude of scams this season. For example, in one scam a fraudulent tax return is filed in the victim’s name and the check is deposited in their account. The victim is then contacted by a thief posing as a debt collector who informs them that the deposit was a mistake and the funds must be paid back immediately.  

Scammers claim to be calling from a company called DebtCredit and have created a realistic-looking website that they direct victims to visit. The website includes a video that explains the frequency of mistake payments from the IRS and references personal information of the victim such as Social Security number and bank routing information. The webpage also shows details of the debt collector, including a photo, name, telephone number, and email address.  

This scam, in particular, is believed to have begun with phishing messages targeting tax preparers’ offices. Experts believe that malware was loaded onto tax preparers’ computers and was designed to steal information saved on the device.  

It’s important for tax preparers and individuals keep an eye out for scams over the next few months. Remember that the IRS will only contact you via mail about an issue. If you receive a call or an email and you are unsure, hang up and call the IRS directly to inquire.  

Emerging threat: Social Security benefits stolen by thieves

Security expert Brian Krebs reported on a new trend this month that involves a couple’s Social Security benefit being stolen by a hacker. The couple had created an account online with the Social Security administration but were delaying collecting their benefit. The wife then received written notice she had successfully signed up for benefits and that $11,000 would be transferred out of her SSA account. But she never requested this. It was later discovered that a thief had impersonated the woman by calling the SSA and signing up to receive her benefits. Creating an account at is important, as it prevents others from opening an account in your name. However, as this story illustrates, you must continue to check your account regularly to protect your benefit. As always, stay alert!  

Sincerely, Kohlhepp Investment Advisors, Ltd.

Source: Savvy Cybersecurity, Horsesmouth  

Continue reading
936 Hits

KRACK Wi-Fi Vulnerability: What You Can Do Now

October 20, 2017


A new, serious Wi-Fi vulnerability that affects nearly all wireless networks was announced by security researchers this week. The attack, being called KRACK, allows hackers to perform wireless network identity theft via a flaw in WPA2 Wi-Fi settings.


The KRACK vulnerability allows wireless networks to be duplicated giving hackers an unencrypted view of anything flowing between your device and the network. For example, if you log in to your email while your network is affected the hacker will be able to see your username and password as well as anything you send while connected.


WPA2, or Wi-Fi Protected Access II, is considered the most secure setting for wireless routers—meaning the majority of networks currently have this setting in place and are at risk.


The good news is that in order to hack your network, attackers would need to be in physical range of your Wi-Fi network. In addition, sites that are protected with Secure Sockets Layer (SSL) encryption can’t be intercepted by hackers. You can determine if a site is protected if the URL in your browser begins with HTTPS://. (Keep in mind, however, that often these security certificates are not configured correctly and many may not actually be secure.)


So far there have been no reported exploits of this flaw, although experts say that businesses are more likely to be targeted than consumers. Here are some things you can do to protect your network from this attack:


1. Update your devices

Microsoft Windows released a patch for KRACK and you should update any Windows devices immediately. While this patch will not fix your router (those vendors will release separate patches when they are ready), it will protect your wireless Windows device from being exploited itself. You can download the appropriate patch for your Windows device here.


Apple has released a patch for iOS in the latest beta version of iOS 11.1. You can download the beta version online but it is not finalized yet and you may experience some issues. The finalized patch will likely be released to the general public and auto-pushed to your devices within the next few weeks.


Google will release a patch for the KRACK vulnerability on November 6th. It could, however, take months for each Android manufacturer to release the patch for its devices.


2. Turn off your Wi-Fi (if you can)

If you currently use a wireless connection in your office, we recommend turning it off and sticking to a wired Internet connection until router patches are released. With your Wi-Fi enabled, a hacker could possibly sit in your parking lot and dupe your network to intercept and download data shared on your network—including client information.


If you have the option to use a wired connection at home instead of wireless, we make the same recommendation. Keep track of any patches that become available for your home devices in the next 30 days as well. TVs, home routers, even some refrigerators are connected to Wi-Fi and will require a patch to secure themselves again.  


In addition, avoid free Wi-Fi hotspots such as coffee houses and airports for at least the next 30 days. This is a best practice anyway, as free wifi hotspots are always more vulnerable than a secure, private connection.

3. Check your router manufacturer for updates

Most router manufacturers are currently working on KRACK patches for its models. Charged blog is currently keeping a list of firmware patch status for most routers and devices. You should also check your manufacturer’s website for updates.


Once a patch is released for your router, you will have to update the firmware. This can be a complex process so you may want to ask your IT specialist (or internet provider) for help. You can also refer to these instructions for help.


Newer routers come with apps that make updating your router firmware less difficult. You may consider upgrading to one of these new routers in the near future.

Once your router is updated, you can turn your Wi-Fi network back on.

4. Stay tuned 

The KRACK vulnerability is a developing story and more news is likely to come out in the following days. We will continue to update you as more information is known.


Edward J. Kohlhepp, Jr., CFP®, MBA


Edward J. Kohlhepp, CFP®, ChFC, CLU, CPC, MSPA

Founder & CEO 


Source: Horsesmouth Savvy Cybersecurity

Continue reading
954 Hits

Equifax Hack: Facts, Myths & Protection

September 26, 2017



Equifax hack: Facts and myths

Following this month’s Equifax breach affecting 143 million people, rumors began swirling around the details of the hack. It’s not only important to take action and freeze your credit at the credit reporting bureaus, but also to understand, amid all the media squall, what’s true and what’s false concerning this event.

Let’s examine some of the “rumors” swirling about the Equifax hack.

If you sign up for Equifax’s credit monitoring system you waive your right to sue

MYTH(now): When the hack was first announced, Equifax included some confusing fine print in the details of their credit monitoring system, TrustedID. The statement implied that consumers who opted into the free credit monitoring offered by Equifax were giving up any right to sue the company on their own or as part of a class action lawsuit.

At the time we first reported details of the breach, we too were under the impression that opting in to TrustedID gave you limited legal action. Since then, Equifax clarified the language and those enrolled in TrustedID still have legal rights. However, as we have previously explained, credit monitoring does not protect you from identity theft. Freezing your credit is the best option.

Outdated software used by Equifax caused the breach

FACT: Experts are now reporting that hackers were able to infiltrate Equifax’s system through a flaw in Apache Struts software. In March of 2017, Apache discovered a vulnerability in the program and released a patch the same day.

Hackers first gained access to Equifax’s network in May, meaning that the company left the software unpatched for at least two months. At this point, Equifax has not made a statement on why the software was left outdated.

Take a lesson from Equifax and be sure to always update your software. Outdated software leaves you vulnerable to hacks and puts your security at risk. It’s best to update your software as soon as you are notified—better yet, set up auto-updates so you don’t have to worry about it.

Signing up for Equifax’s credit monitoring will keep my identity safe

MYTH: Credit monitoring is not a comprehensive identity theft prevention method. These programs alert you after credit has been taken out in your name. If the credit wasn’t taken out by you—there’s still a mess to clean up.

Instead you should sign up for a credit/security freeze. This action locks down your credit file with PINs that only you know. No new credit can be issued unless the freeze is lifted at the bureaus.

You can learn more about the details of setting up a security freeze here.

Over 200,000 credit cards were stolen in the hack

FACT: In addition to the 143 million personal records, hackers were also able to download credit card data of 200,000 people. The data included credit card numbers, names, and expiration dates of consumers who had provided their credit card info to Equifax between November 2016 and July 2017.

Be sure to monitor your credit card statements for any strange charges. For the ultimate protection, sign up for automatic text or email alerts on your credit and bank cards. Doing so will set off a text or email message anytime a charge is made on your account.

The details on the Equifax hack are still developing, and we will likely learn more details in the coming months. Again, for now, be sure to protect yourself from this breach and future breaches with a security freeze.

Be sure to keep an eye out for potential scams following this hack. Phishing emails may be on the rise as hackers take advantage of people’s fears surrounding this news.

What Can I Do To Protect Myself Against Identity Theft?

Following is a reminder of the different steps you can take to protect yourself against identity theft. Remember, there is no guarantee! A credit freeze will not protect you against identity theft 100%.  But a credit freeze along with the following steps will make you a less ideal target and give you added layers or protection. This list is long – it is not meant to overwhelm you but to inform and educate you. 

1. Credit Freeze: A freeze blocks anyone from accessing your credit reports without your permission—including you. This can usually be done online, and each bureau will provide a unique personal identification number that you can use to “thaw” your credit file in the event that you need to apply for new lines of credit sometime in the future. Another advantage: each credit inquiry from a creditor has the potential to lower your credit score, so a freeze helps to protect your score from scammers who file inquiries. 

See our previous newsletter regarding details on placing a credit freeze at each of the major credit bureaus.

Placing the credit freezes can be burdensome, and it can be more involved (difficult) for some. You can place a credit freeze on your file online, by phone, or via mail. But we do believe this is a critical step in protecting yourself.

Remember that each person in your household has an individual credit file and a credit freeze needs to be put in place per person (or social security number). Placing a credit freeze on a husband, does NOT include his wife, even if all of their accounts are held jointly. 

Don’t forget about your kids, especially minors! Minor children can be easy targets because their credit file is not typically monitored. It can be years before identity theft is discovered for a child and then the damage has been done. At this time, it appears that the only way a credit freeze can be placed on a minor’s file, is to MAIL in the request with the required documentation. Check out this article regarding Child Identity Theft.

Finally, yes, there is a 4th credit bureau, Innovis. Unlike the big three credit reporting agencies (Equifax, Experian, and TransUnion), Innovis does not sell credit reports. For that reason, it is not always mentioned when discussing a credit freeze. Some argue that it is not totally necessary to set up a credit freeze at Innovis. We want you to do the smart and prudent thing without becoming overwhelmed, so do what you feel is best.


2. Monitor Your Credit Report: Under federal law you’re allowed to request a free copy of your credit report once a year from each of the three credit reporting agencies: Equifax, Experian, and TransUnion—at By rotating among the agencies, you can spread this out over the year to consistently monitor your credit (request a report from a different agency every 122 days). Look for suspicious accounts or activity that you don’t recognize—such as someone trying to open a new credit card or apply for a loan in your name. If you DO see something, visit to find out how to mitigate the damage.

3. Two-Factor Authentication: Many sites now offer two-factor authentication when logging into accounts. For example, when logging into a site with two-factor authentication enabled, a code will be sent to your phone that you must enter after your password to gain full access. In order to log in, you must have your password and a special code that is changed every time. If a hacker successfully guesses your password but does not have your phone, they cannot get into your account. Currently, sites such as Gmail, Facebook, Dropbox, Twitter, and more offer this service. Many banks and credit card companies offer this service for online use as well.

4. Set Text or Email Alerts for Bank Accounts and Credit Cards: What if you could know exactly when money was leaving your accounts like the banks and credit card companies do? You could catch fraud as it is happening and limit your losses.

You can do this, actually. The majority of major banks and credit cards allow you to sign up for text or email alerts that are sent to you anytime money leaves your account or a charge is pushed through. If you receive an alert for a purchase or withdrawal that you did not make, you know right away to contact your financial institution and alert them of the fraud.

Often, you determine the dollar amount that triggers an alert. For example, you can choose to get notified only for charges that exceed $200. It’s best, however, to set that dollar amount as low as possible. Thieves commonly test accounts with small purchases and the sooner you catch them, the less damage they can do.

To enable these instant alerts on your account, log in or create an online account at your bank and credit card companies. If you have trouble finding the alert settings on your account, contact your institution’s customer service for assistance.

5. Monitor your existing credit card and bank accounts closely: A credit report won’t tell you if there’s been money stolen from a bank account or suspicious activity on your existing credit card. Unfortunately, you’ll have to turn this into a habit. In most cases, theft happens over time, starting with small amounts stolen from across your accounts.

6. Create a Secret Email Address for Your Financial Accounts: Our personal email addresses have become a key to our lives on the Internet. We enter them into countless databases when we sign up for newsletters, create new accounts, and order items online. We don’t think twice about giving out our email address.

But if we use that same email address for our online banking and credit card accounts, we’re putting our finances in danger. If one of those various databases is hacked we’re essentially handing half of our financial account credentials over to the hackers.

Make the hackers’ job harder by creating a “financial-only” email address that you use just for your online financial accounts. This secret email should not reveal anything about you. Make your username (the part before the @ sign) something generic that does not reference your name, initials, or other identifying information. Of course, create a strong password and use two-step verification on your account.

7. Credit Monitoring Service: Many Americans have opted to sign up for a credit monitoring service, which won’t prevent fraud from happening, but WILL alert you when your personal information is being used or requested. In most cases, there is a cost involved, but Equifax is offering a free year of credit monitoring through its TrustedID Premier business, regardless of whether you’ve been affected by the hack. It includes identity theft insurance, and it will also scan the Internet for use of your Social Security number—assuming you trust Equifax with this information after the breach.

8. Opt Out of Pre-approved Credit Offers: ID thieves like to intercept offers of new credit sent via postal mail. If you don’t want to receive pre-screened offers of credit and insurance, you have two choices: You can opt out of receiving them for five years by calling toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visiting

Or you can opt out permanently online at To complete your request, you must return a signed Permanent Opt-Out Election form, which will be provided after you initiate your online request.

9. Fraud Alert: If you are a victim of identity theft or suspect you may be, you can put a fraud alert on your credit file, for free, by contacting one of the credit agencies, which is required to notify the other two. This will warn creditors that you may be an identity theft victim, and they should verify that anyone seeking credit in your name is really you. The fraud alert will last for 90 days and can be renewed.

10. File your taxes early: As soon as you have the tax information you need, file your return - before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Do not make the mistake of thinking “It won’t happen to me” when it comes to Identity Theft! Widespread, significant hacks have been and will continue making news headlines. While you may not be able to ensure this will never happen to you, you do have the power to improve your protection – but YOU need to take action to do so!

Good luck!





Edward J. Kohlhepp, Jr., CFP®, MBA



Edward J. Kohlhepp, CFP®, ChFC, CLU, CPC, MSPA

Founder & CEO




Horsesmouth Savvy Cybersecurity

Continue reading
953 Hits

Cybersecurity Alert: What You Need To Do Now In Response to the Equifax Breach

September 8, 2017
Credit agency Equifax announced yesterday that it suffered a data breach affecting 143 million U.S. consumers.
The hack exposed names, Social Security numbers, addresses, birth dates, and driver’s license numbers—all critical pieces of information used by identity thieves to impersonate people and conduct fraud.
This is probably the most consequential data breach in history, considering that nearly all U.S. adults have their credit histories on file with Equifax and the other two credit bureaus, Experian and Transunion.
While it’s true that for some time that the public’s personal information has been available for sale in the black market, no data breach as comprehensive as this one has ever occurred.
That’s why it’s critical for you to take significant steps to protect yourself now—steps that exceed the response Equifax is currently recommending.
Here’s what you need to do immediately to safeguard your information.
Freeze your credit
If you have not done so already, it is imperative that you freeze your credit immediately at each of the three credit bureaus. We have been recommending this course of action for years.
A security freeze, also called a credit freeze, locks your credit file at each bureau with a special PIN that only you know. That PIN must be used in order for anyone to access your credit file, or add new credit in your name.
(Note: As of now, Equifax does not believe that security PINs were accessed by hackers. If you had a security freeze in place at Equifax before the hack your PIN should still be protected. But that could change.)
Credit bureaus rarely emphasize freezing your credit file because it’s not in their best interest, or their clients—banks and other companies that grant credit. Instead, they recommend “credit monitoring,” a largely useless and ineffective service that charges you money to tell you when your open, or unfrozen, credit file has been accessed.
In essence, they tell you that you may have a credit breach problem AFTER the fact, which isn’t protection against identity theft.
A security freeze gives you complete control of your credit file. Unlike credit monitoring or fraud alerts, a security freeze stops an identity theft from happening rather than alerting you to potential fraud after it has happened.
Reminder: We also recommend freezing the credit files of your minor children! If a minor child's identity is stolen, it is often not discovered for years - not until they try to apply for credit of their own later in life!
How to do it
To set up a security freeze you must contact all three of the credit bureaus individually. This process can be done online or over the phone. You will be asked some questions to confirm your identity but it only takes a few minutes.
We recommend beginning with Experian and Transunion as Equifax’s website is currently receiving high traffic.
You can freeze your credit by using the following phone numbers and links:
Depending on your state, freezing your credit can cost anywhere from $0 to $10 at each bureau. Proven identity theft victims can have this fee waived. (If you need to lift the freeze you will have to pay the same fee.)
To lift your freeze you simply contact the bureau used by the lender and provide your PIN to lift the freeze for a certain period of time. This can be done online or over the phone. It may take a few days for the freeze to be lifted so be sure to do it a few days in advance.
Was I affected?
You can see if you were a victim of Equifax’s hack by visiting and entering your last name and last six digits of your Social Security number. You can also wait to receive a letter from Equifax.
Regardless, take this time to freeze your credit. Given the sheer volume of breaches in the past few years, it is likely your information has already been exposed. Freezing your credit will give you peace of mind and is a crucial step in protecting your identity from hackers.
Don’t wait! Take action now!

Source: Horsesmouth Savvy Cybersecurity
Continue reading
1376 Hits

Archived Newsletters

Investment Updates

Newsletters Sign Up

Account Login

Contact Info

Kohlhepp Investment Advisors, Ltd.
3655 Route 202, Suite 100
Doylestown, PA 18902
Phone: 215-340-5777
Fax: 215-340-5788

Securities offered through Cambridge Investment Research, Inc. a Registered Broker/Dealer, Member FINRA/SIPC. Investment Advisory Services offered through Kohlhepp Investment Advisors, Ltd., a Registered Investment Advisor. Kohlhepp Investment Advisors, Ltd. and Cambridge Investment Research Advisors, Inc. are not affiliated.

Due to various state regulations and registration requirements concerning the dissemination of information regarding investment products and services, we are currently required to limit access of the following pages to individuals residing in states where we are currently registered. We are licensed in the following states: AZ, CA, CO, DE, FL, GA, IN, KY, LA, MA, MD, NC, NJ, NY, OR, PA, RI, SC, TX, VA, VT, WA

Check the background of this firm on FINRA's BrokerCheck