What does it take to reset the password to your email account? What happens next if someone hacks into your email?
Log out of your email and try the “forgot password” link. If it takes a security code sent by SMS text message to your cell phone, consider upgrading your security setting.
I read this report on the Bogleheads investment forum: $250k lost in unauthorized wire fraud – experience/advice? An elderly couple lost $250,000 because thieves got into their email account by resetting the password. It can happen to you too.
Password Reset Attacks
Fraudsters fooled the couple’s cell phone company to transfer their cell phone number to another company. One break-in then led to another. They used the security code sent to that number (now under their control) to reset the password to the couple’s email account. They logged in and looked in old emails for where the couple had bank accounts. Access to the email account and security codes sent to the cell phone number gave these criminals access to the bank accounts. They requested wire transfers from three banks.
Two banks stopped a pending wire when the couple reported unauthorized access within 24 hours. A third bank promised to freeze the account but they sent out a wire later on a fraudulent request anyway. It took more than a month for the bank to finally return the money to the elderly couple. The couple almost had to sue the bank to get their money back.
Secure Your Email Account
It isn’t clear whether the bank paid lost interest. If not, the lost interest on $250k is well over $1,000, and think about the aggravation for over a month! You don’t want this to happen to you.
Try the “forgot password” link for each of your financial accounts and see what it takes to reset your password. If access to your email is part of the process, for example, to receive a password reset link, you should secure your email account with something stronger than SMS text messages sent to a cell phone number.
I wrote about using security hardware to protect investment accounts in this blog post: Security Hardware for Vanguard, Fidelity, and Schwab Accounts. The Yubikey security hardware mentioned in that post can be used to secure email accounts by GMail, Microsoft (Hotmail, Outlook), Apple iCloud, Yahoo, and AOL. It costs $50-60 to buy two Yubikeys but it’s worth the peace of mind.
Use a Better Bank
Which bank failed to freeze the couple’s account after getting a report of fraud and then dragged their feet for over a month to return the money? This is totally unacceptable. The poster only said it was an online bank headquartered in Utah. Does the name start with the letter A?
If you have an account with an online bank headquartered in Utah, maybe consider using a different bank. You can search for a bank’s headquarters by its name or web address on this FDIC web page.
Say No To Management Fees
If you are paying an advisor a percentage of your assets, you are paying 5-10x too much. Learn how to find an independent advisor, pay for advice, and only the advice.