Foiling Cybercriminals: 11 Tips to Keep Expat Financial Accounts Safe

Chad Creveling, CFA and Peggy Creveling, CFA |

Consumer financial fraud has hit all-time highs around the world, and much of it occurs online. Stories about scams abound, including identify theft, phishing and push-payment scams, unauthorized credit card purchases, hacked financial-institution websites, and ATM fraud.



In the worst cases, hundreds of millions are stolen, even from large corporations like Facebook and Google. If sophisticated tech companies can fall prey to these scams, how can you protect your own finances? We've put together the following checklist designed to help make sure your money is safe.

An Expat Financial Safety Checklist

  1.  Avoid email phishing and push-payment scams, which use email, text messages, or fake websites to entice you to click on a malicious link or attachment. The goal is to either download malware to your system or get you to enter passwords or credit card information or otherwise transfer funds to a fraudster.

    These types of scams used to be easy to spot. For example, few of us would believe an email from a Nigerian lawyer asking for funds to release a large inheritance from a deceased foreigner with a similar same.

    Nowadays, however, phishing is getting sophisticated, as it may involve making a replica of a legitimate message that has already been received or in some cases is yet to be received. The victim is convinced to send what appears to be a valid payment for an authentic service such as school tuition, magazine subscription, or workman’s bill. Instead, the funds go directly to the scammer’s financial account.

    Sophisticated push-payment scams are the fastest-growing cyber fraud, and this type of fraud is so well-constructed that even personal-finance journalists can fall prey, as this story attests. To avoid being scammed, do not click on any links from random emails or text messages, no matter how legitimate they may look. If you’re in doubt, go directly to the website instead, or call the sending institution first.
  2. Make sure your financial institution's or custodian's policies are solid. Don’t assume that the consumer protections you may enjoy in your home country will be the same if you live overseas. Check with your custodian regarding the following:
  • Are there multiple layers of security (beyond logging in) to protect you, including monitoring of suspicious activity?
  • Does your financial institution ask for additional authentication if it suspects unauthorized access?
  • Are advanced encryption software and firewalls used?
  • Does your bank or custodian keep your personal information private, not sell it, and restrict and properly screen and train personnel inside the company who have access to your personal information?
  • Are customer accounts insured against fraud?
  1. Use two-factor authentication logins for financial accounts. Most financial institutions offer their account holders additional login security in the form of a temporary code sent separately by phone or digital security card or token. If your financial institution doesn’t provide this type of security at a minimum, make sure your financial account logins are completely different from any other login you may use, and make each one unique.  Do not use social media logins, as once a social media account is hacked, other accounts with the same login details can also be compromised.
  2. Safeguard all login information. This would seem to be obvious, but unfortunately, a lot of unauthorized access of financial accounts occurs by those who are closest to us, including friends and family members. That's why it's important to secure any digital security devices and not to tell anyone your username and password. If possible, memorize your login data and then destroy any written record.
  3. Keep your computer safe from hacking. Make sure your operating software is up to date, enable firewalls, and install and keep up-to-date anti-virus and anti-spy software.
  4. When traveling, be careful when logging in to your financial accounts. If possible, use your own computer or device, and subscribe to and use a reputable VPN service. Do not log in to your financial accounts using insecure (free or no password) wireless networks.
  5. Maintain copies of the latest financial statement from your custodian and keep them in a secure place. If hackers disable your financial institution's systems and you can't view your account, the latest statement is one way to prove what you own. Many of us no longer receive paper statements, so you may need to download the latest statement each month and save it in a secure location.
  6. Review your financial accounts regularly. Report any criminal activity promptly to both the financial institution and the proper authorities in your jurisdiction.
  7. Keep account contact details up to date. Make sure your financial institution can get in touch with you in case it detects potentially unauthorized activity and needs to check your identity. If you are contacted by someone claiming to be from your bank, make sure to call them back before verifying your identity. Confirm that the phone number that you are calling is one that is used by your financial institution.
  8. Don't send sensitive information in emails or email attachments. Emails can get hacked, and attachments may be stolen. Instead, send information such as financial account statements and tax ID numbers by fax or, better yet, through an encrypted file-sharing service.
  9. Avoid ATM fraud. When withdrawing cash from an ATM, always shield the keypad with your free hand, and do not interact with strangers or let one get too close. ATM scams involve skimming your ATM card details while observing your personal identification number (PIN) as you enter it. Using this information, fraudsters can rapidly make and use a duplicate card to withdraw funds from your account. The withdrawal may take place in a separate location—sometimes even in another country—and you may not become aware of a problem until the next time you check your balance. Therefore, if something seems amiss while you're at an ATM, don't wait. Immediately report anything odd to your financial institution.

Don't Sacrifice Convenience for Security
For those of us who travel and conduct business across borders on a regular basis, using technology, ATMs, and the internet to access our financial accounts has become a necessity. With that convenience comes the need for additional security. The above list is intended to help expats make sure their financial accounts are protected from the various forms of cybercrime. Taking precautions can help make sure you don't fall victim to financial hackers or frauds.


This is an updated version of a blog that appeared previously on

About Creveling & Creveling Private Wealth Advisory
Creveling & Creveling is a private wealth advisory firm specializing in helping expatriates living in Thailand and throughout Southeast Asia build and preserve their wealth. The firm is a Registered Investment Adviser with the U.S. SEC and is licensed and regulated by the Thai SEC. Through a unique, integrated consulting approach, Creveling & Creveling is dedicated to helping clients cut through the financial intricacies of expat life, make better decisions with their money, and take the steps necessary to provide a more secure future.

Copyright © 2019 Creveling & Creveling Private Wealth Advisory, All rights reserved. The articles and writings are not recommendations or solicitations, and guest articles express the opinion of the author; which may or may not reflect the views of Creveling & Creveling.