Insights

Risk
Stop, check, report: A primer to cybersecurity
November 14, 2025

Technology has always moved fast, but it’s zigzagging at a lightning pace these days. The explosion of new tools — from digital currencies to artificial intelligence (AI) — has opened vistas in how we work and play.


But it’s not just everyday people taking advantage of these new technologies. Bad actors on the internet are using them to spin up slick new scams and to deploy them at scale.


However, these hackers aren’t the undetectable coding geniuses seen in movies. Rather, they’re more likely to be pushy, unethical salespeople armed with stolen data. Their goal is to cajole and pressure their victims into betraying passwords, exposing sensitive computer access or handing over cash. You don’t need to be computer savvy to protect yourself; in fact, a little vigilance can go a long way toward thwarting them.


“Cyber threats can sound intimidating, especially with the rise of advanced techniques. But staying safe doesn’t require technical expertise — it starts with a mindset,” says Lauren Silverman, head of business security management at Capital Group. “By following the simple principle of ‘stop, check, report,’ every individual can play a powerful role in defending themselves against scams and fraud.”


Cybersecurity begins before you click on anything.


It’s a common misapprehension that hackers are surfing on oceans of code, silently infiltrating silos of secret information. More commonly, they’re doing something much simpler: using relatively straightforward tools to trick people into divulging information or handing over cash.


The ways they meet their victims are varied — they send text messages and emails, seed false information on fake webpages and even hide malicious programs behind QR codes. At the end of the day, though, they generally need you to engage with one of their traps, and that’s where the “stop, check, report” framework comes into play.


Explore what matters most.

Read the latest Quarterly Insights

The first step is to stop before you engage with anything on the internet. Whether you’ve received a direct message from an unknown sender or you’re being asked to use an app to view the menu at a trendy restaurant, take a moment before clicking on or replying to anything and check the situation.

  • If you’re being asked to click a link, look at the URL. Is it for a trusted entity? Is it spelled correctly? Does it have an unusual domain — for example, a “.org” ending for a company that normally uses “.com”?
  • Are you being pushed to take action now, potentially to avoid dire consequences? Are you being told that you can’t pause or talk the situation over with anyone? Creating a sense of urgency is a strong red flag that you’re being targeted by a bad actor.
  • Think through the entirety of the message. Who is sending it, and would that person or group normally contact you this way? Can you independently verify the information?
  • Critically, don’t respond to messages directly and don’t use any contact information they provide. Use an external search tool like Google to find official contact information.
  • And certainly don’t send money, provide any log-in information or enter passwords anywhere except an official website. No reputable organization will ask you to pay via text message, with gift cards or through some unusual app, and no customer-service representative will ever ask you for a password.

“Security isn’t just about technology — it’s about behavior,” Silverman adds. “Small steps can make a big difference: Pause before clicking, protect your privacy and talk to someone if something feels off.”


Finally, when you’re confident that you’ve found a bona fide fraud attempt, report it to the relevant parties. That doesn’t just mean law enforcement. If someone is impersonating a company, let that organization know. Most companies, including Capital Group, take active measures to remove malicious impersonators, and they appreciate such reports. You can read up how to report such fraud, and more tips on protecting yourself, at our fraud-protection website here.


Hackers often use high-pressure tactics to manipulate their targets.


Vigilance alone isn’t always going to be enough. If, for example, you’ve clicked on what seemed like a legitimate link and have found yourself in a conversation that doesn’t seem quite right, remember that you’re empowered to simply hang up, block the number or stop returning messages.


One of the strongest tools in the hacker’s “social engineering” arsenal are high-pressure sales tactics. Scammers might raise the stakes of the conversation, warning you of dire legal action, devastating fines or even criminal proceedings against you or a loved one. They may push you to make snap decisions on incredibly short deadlines. They could warn you not to discuss the conversation with anyone else. These tactics might seem brutish, but they work — they play up people’s anxieties and keep them focused on an imaginary threat so targets don’t stop to think through the situation.


If there’s anything that feels even a little off, break off contact. If the caller is posing as a business representative or government agent, you can always follow up with that group through official channels. Don’t use a phone number or email address provided by the contact or contained in an email or text. And no matter what someone says, you can always reach out to loved ones and legal or financial professionals.


Proactive steps you can take to protect yourself

Hackers thrive on easy information. The more they know about their target, the more convincing their disguise. Unfortunately, many of us have made it easy for crooks to learn about us and leverage that information.

 

  • The easiest step to controlling your online footprint is to set your social media to private. LinkedIn, Facebook and other public-facing feeds can show a scammer what you look like, where you live, how old you are, who you’re related to, what you’re interested in, events you’ve been to and countless other details. They might even host video or audio that can be used to create a deepfake of you — a powerful new tool for tricking people.
  • Use a password manager and an authenticator where you can. The manager will help you use strong, varied passwords across your accounts and devices, while the authenticator will give you an additional layer of security.
  • And keep your software and operating systems up to date. Companies are constantly closing vulnerabilities, but you can’t benefit if you’re not downloading the patches.
     

More tips can be found at www.capitalgroup.com/about-us/fraud-protection-and-awareness.html.

AI deepfakes have introduced a new wrinkle.


One newer attack to be aware of: deepfake contacts. These are tailored scams designed to fool targets into thinking they’re talking to a loved one or acquaintance. The attackers can use short video or audio clips — often sourced through unsecured social media — to create fairly convincing mimics. They can even carry on conversations to some extent using large language model technology.


The attackers use these parrots to ask for cash or sensitive information, sometimes with a story about needing bail or to cover medical bills.


That’s all genuinely unsettling, but there’s good news: These scams are just as defensible as any other. Take a breath, don’t let the scammer pressure you into a hasty decision and reach out to trusted advisors for their opinions and guidance. Deepfakes specifically have another simple weakness: They can’t repeat anything you haven’t put on the internet. If you and your family share a passcode — a simple but unusual word or phrase that’s kept offline and is hard to guess — you can ask for it during phone conversations. The deepfake machine simply won’t be able to give it to you.


“In a world of deepfakes and digital deception, trust is built through action,” Silverman says. “We act swiftly to verify and protect your accounts, and we encourage you to do the same — stay informed, stay cautious, and know we’re always here to help.”


Explore topics
Risk
Technology & Innovation
Artificial Intelligence

Related insights

STAY CONNECTED:
OUR PARENT COMPANY:

Copyright © 2025 Capital Group Private Client Services. 

 

Capital Group Private Client Services does not provide legal or tax advice. For estate planning or taxation matters, investors should consult with a legal and/or tax advisor regarding their individual circumstances.

 

Statements attributed to an individual represent the opinions of that individual as of the date published and do not necessarily reflect the opinions of Capital Group or its affiliates. This information is intended to highlight issues and should not be considered advice, an endorsement or a recommendation. The thoughts expressed herein are based upon sources believed to be reliable and are subject to change at any time. There is no guarantee that any projection, forecast or opinion will be realized. Past results are no guarantee of future results. The information provided herein is for informational purposes only and does not take into account your particular investment objectives, financial situation or needs. You should discuss your individual circumstances with a Private Wealth Advisor. Any reproduction, modification, distribution, transmission or republication of the content, in part or in full, is prohibited.

 

The Capital Group companies manage equity assets through three investment groups. These groups make investment and proxy voting decisions independently. Fixed income investment professionals provide fixed income research and investment management across the Capital organization; however, for securities with equity characteristics, they act solely on behalf of one of the three equity investment groups. Not all of the analysts and portfolio managers featured are involved in the management of Capital Group Private Client Services portfolios.
 

Use of this website is intended for U.S. residents only.