Recently, investment advisors Saybrook Fund Advisors LLC suffered a major data breach in which a cybercriminal hacked into the email account of one of Saybrook’s employees and was able to access sensitive personal data contained in emails and attachments to emails from the account between March 18, 2021 and March 29, 2021.   The stolen information included Social Security numbers, driver’s license numbers, credit and debit card information, health insurance information, login credentials and more, putting the affected clients of Saybrook in serious danger of identity theft.  The compromise of their Social Security number is particularly threatening to the affected clients.

Personal information, such as the information contained in the data breach is used by cybercriminals not just to directly steal the identities of the affected people, but also to create specifically targeted spear phishing emails and text messages (called smishing) to lure people into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft.  While many common phishing emails and text messages are easily recognized as phony, sophisticated spear phishing emails and text messages can be tailored by the criminals to our own interests using the information obtained through the data breach in order to appear to be trustworthy which makes them quite dangerous.


One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible.  You are only as safe as the places with your information with the weakest security and it would appear that Saybrook did not have strong encryption and other protocols in place to protect the sensitive data.  It is also critical that we all remember that whenever we get an email, text message or phone call, we can never be sure who is really contacting us so you should never click on links or provide personal information in response to such communications unless you have absolutely confirmed that the communication was legitimate.  Trust me, you can’t trust anyone.

Freezing your credit is something everyone should do.  It is free and easy to do.  In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  It is particularly important to note that waiting until you are a victim of a data breach to freeze your credit is not the best choice because often, such as in this case, the data breach is not discovered until many months after the data breach had occurred.  I strongly urge you to freeze your credit if you have not done so already.  A Chinese proverb says that the best time to plant a tree is twenty years ago and the second best time is today, so if you haven’t planted your tree or frozen your credit yet, please do so.
Here are links to each of them with instructions about how to get a credit freeze:

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link.