Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Scam!
Old 01-21-2013, 08:19 PM   #1
Recycles dryer sheets
Brdofpray's Avatar
 
Join Date: Jan 2012
Location: Upstate SC
Posts: 242
Scam!

Just received this email. Sounds serious!

Dear Verified Schwab Account Holder,

Due to several failed attempt at accessing your Online Schwab Account, we have put on hold your Online access for your protection.
To release this hold you would be required to log in to Online Schwab Account and perform an identity verification procedure.
CLICK HERE TO CONTINUE THE IDENTIFY VERIFICATION PROCEDURE
Information provided would be verified against data we have on file for this Account.
Once our internet security team ascertains you are a valid account holder your online banking access would be restored.

Regards,

Schwab Internet Security

BBP ID: P1242557947640


I might be concerned, however, I am not a Schwab customer. What do they do, send out a huge email blast, hoping they hit one actual customer.

Stay on your toes people.
__________________

__________________
Don't sweat the small stuff! And realize, it is all small stuff!
Brdofpray is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-21-2013, 08:35 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,281
Quote:
Originally Posted by Brdofpray View Post
What do they do, send out a huge email blast, hoping they hit one actual customer.
Yes. Here is one case I violate the 'never-say-never' rule:

Never, and I mean NEVER click a link in an email regarding your financial information.

No matter how real it looks, it could be scammers trying to get you to click their site, and collect your logon and password.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Old 01-21-2013, 08:53 PM   #3
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Any organization they know has a large customer base is subject to this shotgun approach. Get them all the time from places I do no business with.

Main thing is never click on embedded links. Go to the site directly to check it out. Also if you mouse over the embedded link the information will be displayed, it will go to some site not affiliated the organization it supposedly is from.
__________________
rbmrtn is offline   Reply With Quote
Old 01-21-2013, 08:59 PM   #4
Thinks s/he gets paid by the post
growing_older's Avatar
 
Join Date: Jun 2007
Posts: 2,608
I got a similar message about a credit card for a big bank I do not do business with. It looked very convincing with actual company graphics probably downloaded from somewhere. The tip off (aside from the email asking to login) was that the website looked like the bank's name but actually linked to something completely different in another country. I wonder if it will be long before they can mask that too.
__________________
growing_older is offline   Reply With Quote
Old 01-21-2013, 10:50 PM   #5
Recycles dryer sheets
 
Join Date: Nov 2004
Posts: 224
I absolutely cannot distinguish a scam email from the real thing. So, any email asking for personal information gets dumped immediately. I'm just not that hard to find should anyone I'm doing business with need to contact me.
__________________
Rich is offline   Reply With Quote
Old 01-21-2013, 10:58 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Jul 2006
Posts: 11,018
I got a suspicious email from Paypal last week describing a $900 payment I had (not) made. I did not click on any links, but someone had accessed my Paypal account and made this fraudulent charge, which was debited from one of my bank accounts. I immediately notified both Paypal and my bank, which reversed the charge and froze my accounts until I could visit the branch to get new bank cards. What a hassle! Just in case, I changed passwords on every financial account that I own.
__________________
Meadbh is offline   Reply With Quote
Old 01-21-2013, 11:31 PM   #7
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Meadbh View Post
I got a suspicious email from Paypal last week describing a $900 payment I had (not) made. I did not click on any links, but someone had accessed my Paypal account and made this fraudulent charge, which was debited from one of my bank accounts.
So far I have refused to give PayPal my bank information. They keep sending emails saying I have almost reached the allowed limit and need to be "verified". If they stop taking the CC I'll go somewhere else, their loss.
__________________
rbmrtn is offline   Reply With Quote
Old 01-22-2013, 12:49 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
youbet's Avatar
 
Join Date: Mar 2005
Location: Chicago
Posts: 9,965
I got the same email today except substitute "Chase Bank" for "Schwab." I'm not a Chase Bank customer.
__________________
"I wasn't born blue blood. I was born blue-collar." John Wort Hannam
youbet is offline   Reply With Quote
Old 01-22-2013, 07:19 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RunningBum's Avatar
 
Join Date: Jun 2007
Posts: 5,183
This weekend I got an email from Vanguard saying that my security questions were answered too many times incorrectly. No links to click on, and it did list my Flagship rep as a contact. They said I'd have to change the security questions when I logged in, and to contact them if it wasn't me that answered them wrong. No links in the email.

Sure enough, upon login I had to change the security questions, so it looks like someone really did try to login as me. Perhaps it was just a mistake, that someone thought my login name was theirs and tried to put in their mother's maiden name or whatever I'd been using for security questions until it failed, or maybe someone tried to hack it. In any case, I'm going to call today and report it.

Mothers maiden name isn't a very good question to have, btw, especially as more people get on facebook and many women list both their married and maiden names. Neither are anything with cities. You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
__________________
RunningBum is offline   Reply With Quote
Old 01-22-2013, 07:26 AM   #10
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,869
My friend, who is rather new to Fidelity, has messed up logging in and had gotten locked out on password violations a few times. Fidelity doesn't send out emails like the one the OP described when that happens. Instead, when he tries to log in, he gets a message telling him what to do to get his password reset, and none of them include entering his existing password (he has to answer one or more security questions he preset when he first set up his one line access).

As others have stated here, NEVER click on a link in one of those generic emails no matter how legit they appear. Hovering the mouse over the link will show you a different web address which often includes the real website name as part of the phony one.

At least some of these institutions (the banks, so far) are interested in seeing any of these phony emails. So I have sent any of them to their security email addresses. Not sure what they do with them, though.

Another thing I have seen incresaed use of over the years is a user-selected security image when you go to the institution's homepage and enter only your screen name. You also see the warning not to enter your password if you don't see your security image.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is online now   Reply With Quote
Old 01-22-2013, 07:28 AM   #11
Thinks s/he gets paid by the post
 
Join Date: Oct 2008
Location: Naples
Posts: 2,161
My wife and I get these "phishing" emails five or six times a year. Most of them are relative to our checking account, locked account, etc. My bank has a fraud alert email address to which I forward things of this nature.
__________________
JOHNNIE36 is online now   Reply With Quote
Old 01-22-2013, 08:42 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,603
Two other things you can do easily:

1. Notice spelling and grammar mistakes in the message (the OP contains a good example, since there are several of them).

2. Hover your pointer over the link in the email, and see where it actually goes. Generally, it will be to some unidentifiable server somewhere.
__________________
braumeister is online now   Reply With Quote
Old 01-22-2013, 08:56 AM   #13
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 16,539
Quote:
Originally Posted by RunningBum View Post
You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
I use a couple containing the names of dogs who have been dead for at least 30 years. Probably only my two sisters would remember those.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 01-22-2013, 09:11 AM   #14
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,869
A good security question I have seen is "First car you owned?" or "Name of favorite teacher?" Neither are easy if possible to figure out.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is online now   Reply With Quote
Old 01-22-2013, 10:15 AM   #15
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Problem I have answering those is I remember very little from that far back, especially something like the name of teacher.
__________________
rbmrtn is offline   Reply With Quote
Old 01-22-2013, 11:43 AM   #16
Thinks s/he gets paid by the post
mpeirce's Avatar
 
Join Date: Feb 2012
Location: Columbus area
Posts: 1,590
Quote:
Originally Posted by scrabbler1 View Post
A good security question I have seen is "First car you owned?" or "Name of favorite teacher?" Neither are easy if possible to figure out.
Remember you don't need to answer these questions "truthfully".

I keep a list of my security questions for various important accounts along with the answers. It looks something like this (obviously not exactly like this):

First National Bank of MyCity:
First car owned? algeria7blush
Mother's maiden name? five888alpha
Name of favorite teacher? professional8turkey

Basically, just other password/passphrase.

And then I keep that list encrypted (with another strong password of course).

That way no one can google me and figure out that information.

It never made any sense to me to have a good strong password, then let someone get in if they can guess my mother's maiden name and eye color...
__________________
mpeirce is online now   Reply With Quote
Old 01-22-2013, 11:46 AM   #17
Moderator
ziggy29's Avatar
 
Join Date: Oct 2005
Location: Texas
Posts: 15,612
Quote:
Originally Posted by Rich View Post
I absolutely cannot distinguish a scam email from the real thing. So, any email asking for personal information gets dumped immediately. I'm just not that hard to find should anyone I'm doing business with need to contact me.
Agreed. If I have any questions, I can go directly to their web site (typing in the known URL, not clicking on an e-mail link). In any event, all the financial firms I do business with have my phone number, and if they really needed to get hold of me, they can call.
__________________
"Hey, for every ten dollars, that's another hour that I have to be in the work place. That's an hour of my life. And my life is a very finite thing. I have only 'x' number of hours left before I'm dead. So how do I want to use these hours of my life? Do I want to use them just spending it on more crap and more stuff, or do I want to start getting a handle on it and using my life more intelligently?" -- Joe Dominguez (1938 - 1997)

RIP to Reemy, my avatar dog (2003 - 9/16/2017)
ziggy29 is offline   Reply With Quote
Old 01-22-2013, 11:59 AM   #18
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,869
I recall my ladyfriend once got one of those scam emails but by coincidence she was having problems gaining access to the institution's website. This made the email seem more legit. However, she is savvy enough to know not to click on strange links. Instead, she called the toll-free number she has called before and got her actual problem solved while letting them know about the email which they confirmed was a scam and asked her to send it to their fraud department (which she did).
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is online now   Reply With Quote
Old 01-22-2013, 12:02 PM   #19
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,718
Quote:
Originally Posted by RunningBum View Post
This weekend I got an email from Vanguard saying that my security questions were answered too many times incorrectly. No links to click on, and it did list my Flagship rep as a contact. They said I'd have to change the security questions when I logged in, and to contact them if it wasn't me that answered them wrong. No links in the email.

Sure enough, upon login I had to change the security questions, so it looks like someone really did try to login as me. Perhaps it was just a mistake, that someone thought my login name was theirs and tried to put in their mother's maiden name or whatever I'd been using for security questions until it failed, or maybe someone tried to hack it. In any case, I'm going to call today and report it.

Mothers maiden name isn't a very good question to have, btw, especially as more people get on facebook and many women list both their married and maiden names. Neither are anything with cities. You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
Actually as more and more obituaries go online, if they have both the survivors names and your mothers maiden name the information is mineable.
__________________
meierlde is offline   Reply With Quote
Old 01-22-2013, 12:08 PM   #20
Moderator
bssc's Avatar
 
Join Date: Dec 2005
Posts: 9,929
I get these two to three times a day (set up the account in 2000). I never click on them. I never click on the legit notifications but instead go to the link that I have previously booked marked.

I also use a password holder which won't display a password at fake site.
__________________

__________________
Angels danced on the day that you were born.
bssc is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 08:22 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.