Protecting the Vault:
How to Defend Your Wealth in the Age of AI Scams

Escape The Clock Insights

I just got scammed.

After 45 years of being careful with my data — frozen credit reports, two-factor authentication, separate accounts for everything — I clicked a link in an email and watched thousands of dollars disappear from my bank account in a single afternoon.

What makes this story almost embarrassing is the timing. Two months earlier, I had spent an hour interviewing Robert Siciliano, a private investigator and cybersecurity expert who has spent two decades teaching people exactly how these attacks work. I had heard the warnings. I had taken notes. I had committed to taking action. And then, on a quiet Tuesday afternoon, I clicked a link in an email that looked exactly like a notification from Mercari — a marketplace I had been using all day to sell some of my daughter’s old toys. The site looked right. The branding looked right. The buyer was even pressuring me to hurry up. Every signal told me this was real, and none of it was. I had been phished by a deepfake of an entire e-commerce platform, and the bank account information I entered was emptied within minutes.

Here is what I want you to take from that story. I am not the careless ones the scammers used to target. I am exactly the kind of person who knows better, who teaches better, and who still got caught. Because the scammers are not catching the careless anymore. They are catching the careful.

That is the new reality of defending your wealth.

The scammers are no longer catching the careless. They are catching the careful.

The Defense Side of Wealth

Most of what we talk about in financial independence is offense. Save more. Invest earlier. Compound longer. Optimize for taxes. These are the levers that build a number, and they matter. But somewhere in the conversation about how to grow wealth, we forgot to talk about how to keep it.

In 2024 alone, Americans lost over $6.5 billion to investment fraud, making it the most financially damaging category of cybercrime in the FBI’s Internet Crime Report. Identity theft complaints rose nearly ten percent in the same year. Imposter scams cost consumers another $2.9 billion. Social media-initiated fraud hit a record $1.9 billion. These are not small numbers, and they are not happening to a few unlucky people. They are happening at industrial scale, to people who never thought it could happen to them.

The asymmetry is what should terrify you. You can spend a decade saving, investing, and compounding your way to a meaningful number. You can do everything right on the offense side. And then, in a moment of distraction, you can lose years of that work to a single click. The math of building wealth is patient. The math of losing it is instant.

Defense is not the glamorous side of financial independence. It is not what you read about in books. But the strongest financial plan in the world is one that is also defensible. And right now, most of us have a fortress on the front gate and an unlocked back door.

The math of building wealth is patient. The math of losing it is instant.

The Boring Basics Are Still the Best Defense

Robert told me something on the show that stuck with me. When he asks live audiences how many of them use a different password for every account, fewer than ten percent of hands go up. There are over fifteen billion passwords already exposed on the dark web from past breaches. Which means if you reuse passwords across accounts — and ninety percent of people do — your credentials are almost certainly already out there waiting for someone to try them on every site you have ever signed into.

The fix is unglamorous and free.

A password manager generates and stores a unique, complex password for every account you have. You remember one master password, and the manager handles the rest. Two-factor authentication on every critical account, especially email, adds a second lock that makes stolen credentials nearly useless on their own. And for your most valuable accounts — banking, brokerage, crypto — a hardware security key adds a third layer that requires a physical device to authorize access. A scammer with your password and your phone code still cannot get in without the physical key in their hand.

If you do these three things — unique passwords, two-factor authentication, and hardware keys for your most valuable accounts — Robert says you are already in the top ten percent of secure consumers in the country. Not because the tools are exotic. Because most people simply have not done the basics.

That is the part that should make you uncomfortable. The vulnerability most of us are operating under is not technological. It is procedural. We know what to do. We just have not done it.

The vulnerability most of us are operating under is not technological. It is procedural.

Manufactured Urgency Is the Real Attack

Here is where the new wave of scams gets dangerous, and where my own defenses failed me.

Modern scams are not crude. They do not arrive with bad grammar and obvious red flags anymore. They arrive looking exactly like the platforms you already trust, in the exact moment you would expect to receive them, with a sense of urgency that bypasses your judgment before you have the chance to think. In my case, the email looked like Mercari. The site looked like Mercari. I had been on Mercari all day. The buyer kept emailing to ask why it was taking so long. Every signal told me to move quickly. None of it was real.

Robert calls this manufactured urgency, and it is the single most reliable indicator that something is wrong. AI has made these attacks dramatically more sophisticated. A predator only needs three seconds of audio from a social media clip to clone a loved one’s voice. They can call you with that voice, claim a car accident or a kidnapping, and weaponize your panic to extract money before you have the chance to verify anything. Your brain cannot tell the difference between a real voice and a perfect digital clone. Evolution did not prepare us for this.

The defense Robert teaches is what he calls the Triple A Protocol.

• Analyze — Understand what is happening.
• Authenticate — Make a request through a separate channel.
• Act — Finally, take action using your logical mind.

The whole point is to interrupt the urgency loop before the emotional brain takes over. Pause. Verify. Then move.

I would add one more layer for families. Set up a code word with the people you love most — something simple, something only the two of you would know. If you ever get a panicked call from someone claiming to be your child or your spouse asking for money, you ask the code word. A real family member will answer. A scammer will hang up. It costs you nothing to set up, and it could save you everything. I did this with each of my own kids the week after recording the episode. Took fifteen minutes. It might be the most valuable fifteen minutes I have ever spent on their security.

Urgency is the most reliable signal that something is being stolen from you.

Your Network Is the Soft Target

You can be flawless and still be exposed.

Your security is only as strong as the weakest person who has access to your data. That includes your spouse, your children, your parents, your assistant, and anyone else who knows where the keys are kept. Robert told a story on the show about how scammers target executives who post their travel plans on social media — not to attack the executive directly, but to attack the assistant left behind. The context becomes the weapon. The scammer knows the executive is unreachable, manufactures urgency, and goes after the person whose job it is to be helpful. The breach happens through the soft target, not the hard one.

This means cybersecurity is not a personal practice. It is a household practice.

If your kids are old enough to use a phone, they are old enough to learn about phishing, identity theft, and oversharing. If your aging parents manage their own finances, they need to understand voice cloning and the Triple A Protocol. If you have a partner, the two of you need a shared vocabulary about how you handle suspicious requests. The conversations are uncomfortable at first. They get easier with practice. And they are infinitely better than the alternative — finding out, after the fact, that someone you love handed over the keys because nobody told them what the keys were worth.

Your security is only as strong as the weakest person who holds a key to it.

The Quiet Industry Selling You Out

There is one more piece of this picture that nobody talks about, and it deserves to be named clearly.

There is a $290 billion global industry built on collecting, packaging, and selling your personal data without your meaningful consent. It is called the data broker industry. Every time you sign up for a free app, register a car, fill out a form, or click through a privacy policy you did not read, your information becomes inventory on someone’s spreadsheet. That spreadsheet gets sold. And the buyers of that data get breached more often than you would believe. The U.S. Senate Joint Economic Committee has reported that just four major data broker breaches in recent years cost American consumers over $20 billion in identity theft losses.

That is not bad luck. That is a feature of how the system is designed.

The good news is that you are not powerless. You can search your name in an incognito browser to see what is already public about you. You can submit removal requests to data brokers — there are over a hundred of them, and most are legally required to remove your information when asked. Robert does this quarterly for himself, his wife, and his father, and snoozes calendar reminders to verify the removals stuck. There are paid services that automate the process if you do not have the time to do it manually.

But the deeper point is this. Every form you fill out is a leak. Every required field is a transaction where you are the product being sold. Once you start thinking that way, the question changes. Instead of asking what you have to give them to use the service, you start asking whether what they are giving you is actually worth what they are taking from you. Most of the time, it is not.

Every form you fill out is a transaction where you are the product being sold.

Learn More

This week’s newsletter draws from my conversation with Robert Siciliano, a private investigator, bestselling author, and the CEO of Protect Now. Robert has spent decades helping people defend their wealth against the kinds of attacks most of us never see coming — and as you have just read, even the people who teach this stuff are not immune. I was not.

If you want the full conversation, including the moment I admit on tape exactly how I got phished and what saved me from a much worse outcome, listen to Defending the Vault: Protecting Your Wealth in the Age of AI Scams with Robert Siciliano of Protect Now. It is available wherever you listen to Escape The Clock.

Then go do the work. Set up a password manager. Turn on two-factor authentication on every critical account. Pick a code word with the people you love. Freeze your credit. Search your name in a private browser and see what shows up. Do the boring things you already know you should do.

Wealth is not what you earn — it is what you are able to keep. And the time to build the defense is right now, before the next scam finds you.

---

About the Author