|
|
01-10-2020, 05:43 AM
|
#81
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2012
Posts: 11,701
|
Quote:
Originally Posted by Alan
The SIM card fraud doesn’t rely on knowing the PIN, there are other methods such as “social engineering “ where they dupe the phone company customer service rep.
|
dupe or are paid off!
__________________
Retired Class of 2018
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
01-10-2020, 05:53 AM
|
#82
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,056
|
Quote:
Originally Posted by JoeWras
dupe or are paid off!
|
Either. I listened to a podcast last year where they played back the recorded conversation of a successful SIM swap. The lady making the call was very convincing pretending to be calling from an airport and sounded suitably stressed putting adding pressure on the rep since she couldn’t remember the answer to the security questions.
The guy being robbed only took a couple of hours to realise he had no signal and contact the phone company. 2 or 3 thousand £ were taken from his account. The bank refunded his money and the report didn’t say whether the bank sued the phone company. The phone company said it was retraining its staff.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
01-10-2020, 08:08 AM
|
#83
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2012
Posts: 11,701
|
Quote:
Originally Posted by Alan
Either. I listened to a podcast last year where they played back the recorded conversation of a successful SIM swap.
|
These are really good to listen to. I also suggest watching the first few episodes of the show "Mr. Robot." If you can stand the R-rated content, it really dives into social engineering methods in a very authentic way. For example, asking to borrow a phone for just a second due to an emergency, and then sucking up that number for future social engineering uses. Just one of many little methods Elliot used.
__________________
Retired Class of 2018
|
|
|
01-10-2020, 08:13 AM
|
#84
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2012
Posts: 11,701
|
Funny this whole 2FA thing comes up. So out of the blue, I just got a random text from Google saying "Here is your verification code."
Don't know why. But I just went through and changed all my Google passwords.
__________________
Retired Class of 2018
|
|
|
01-10-2020, 10:07 AM
|
#85
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
So no real answers as to how the IRA account was set up. The Fraud department rep said it was set up online and confirmed again it was not done internally at Fidelity. I think it was tied to the IRA'S I set up earlier in 2019 and an IT glitch reactivated and changed the date to the end of December. Or it was done internally at Fidelity.
In the past week I ran credit reports, checked all credit card accounts and all accounts at other financial agencies. Nothing seems suspicious or strange. I also had new credit and debit cards issued to be on the safe side. All my user id and passwords have been changed twice. Ran virus scans, malware scans and rootkill scans. In the future I will be using VIP Access when signing into Fidelity. In the meantime Fidelity is changing all our account numbers.
Now I will need to spend the day cleaning up my Quicken account.
|
|
|
01-10-2020, 10:24 AM
|
#86
|
Thinks s/he gets paid by the post
Join Date: Aug 2011
Posts: 3,594
|
Maybe you could engage one of the reputable investigative journalist -- perhaps one that operates at a national level to look into this further.
If Fidelity is either unable or unwilling to disclose how it happened, a 60 minutes camera crew on their doorstep may motivate them to take this case more seriously.
In my view, this would give added weight to this such as when a lawsuit is moved over from an individual to a class-action status.
Fidelity won't care if one person leaves the firm due to unsatisfactory answers, but exposure on a national level may get their attention.
I realize that your immediate problems have likely been solved, but you seem to have documentation that could force change that others of us who are concerned about would not have.
-gauss
|
|
|
01-10-2020, 11:25 AM
|
#87
|
Thinks s/he gets paid by the post
Join Date: Aug 2014
Location: Chicago West Burbs
Posts: 2,998
|
Quote:
Originally Posted by JoeWras
Funny this whole 2FA thing comes up. So out of the blue, I just got a random text from Google saying "Here is your verification code."
Don't know why. But I just went through and changed all my Google passwords.
|
Nobody asked you for this verification code? I had a similar email when someone was replying to stuff I had on Facebook Marketplace. He said it was to confirm my identity. It is actually used to setup a false Google Voice account with no true traceability by the other person.
|
|
|
01-10-2020, 12:42 PM
|
#88
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2012
Posts: 11,701
|
Quote:
Originally Posted by CRLLS
Nobody asked you for this verification code? I had a similar email when someone was replying to stuff I had on Facebook Marketplace. He said it was to confirm my identity. It is actually used to setup a false Google Voice account with no true traceability by the other person.
|
Nobody asked. It was out of the blue. It is possible there was an email follow up that Google detected as malicious and deleted.
Another possibility is someone mistyped a phone number. I got no further requests, spam, etc.
BTW, I set up Google voice just a few months ago and the verification code there says: "0123456 is your Google Voice verification code. Don't share it with anyone else..."
The code I got out of the blue was: "G-0123456 is your Google verification code." Period. I got these since after I went through and changed all my security information, but I knew they were coming from me.
__________________
Retired Class of 2018
|
|
|
01-10-2020, 01:08 PM
|
#89
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2016
Location: Colorado
Posts: 8,971
|
Quote:
Originally Posted by gauss
Maybe you could engage one of the reputable investigative journalist -- perhaps one that operates at a national level to look into this further.
If Fidelity is either unable or unwilling to disclose how it happened, a 60 minutes camera crew on their doorstep may motivate them to take this case more seriously.
In my view, this would give added weight to this such as when a lawsuit is moved over from an individual to a class-action status.
Fidelity won't care if one person leaves the firm due to unsatisfactory answers, but exposure on a national level may get their attention.
I realize that your immediate problems have likely been solved, but you seem to have documentation that could force change that others of us who are concerned about would not have.
-gauss
|
A bit of an overreaction, no?
|
|
|
01-10-2020, 01:37 PM
|
#90
|
Thinks s/he gets paid by the post
Join Date: Mar 2009
Posts: 2,983
|
Overreaction? IMHO not really. I'm beginning to question the quality of answers I'm getting everywhere.
__________________
Took SS at 62 and hope I live long enough to regret the decision.
|
|
|
01-10-2020, 01:41 PM
|
#91
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Posts: 1,605
|
Hmmmm ... methinks Fidelity to dive deeper.
There is a trail ...
|
|
|
01-10-2020, 04:42 PM
|
#92
|
gone traveling
Join Date: Dec 2010
Posts: 538
|
Quote:
Originally Posted by braumeister
From what I've read, the facial recognition algorithm is constantly updating itself. So if you change to different glasses, add/subtract facial hair, get a new scar, etc., it may fail once or twice but then after you've entered your PIN it will learn your new appearance and work as normal. Based on my own experience, that does seem to be the case, and it's pretty darn good at it.
|
So that means that you do NOT have 2 independant security features. Anyone with the PIN can just add facial hair & glasses etc until it adapts to their face. Might have to find someone with similar features, but if the phone does not lock out after several fails -- hey hey, the gang's all here.
|
|
|
01-10-2020, 04:52 PM
|
#93
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,007
|
Quote:
Originally Posted by Bongleur
So that means that you do NOT have 2 independant security features. Anyone with the PIN can just add facial hair & glasses etc until it adapts to their face. Might have to find someone with similar features, but if the phone does not lock out after several fails -- hey hey, the gang's all here.
|
If the person has the PIN they already can completely bypass facial recognition which is only there as a convenience, not an independent security feature.
__________________
Retired since summer 1999.
|
|
|
01-10-2020, 04:54 PM
|
#94
|
Thinks s/he gets paid by the post
Join Date: Jun 2010
Posts: 2,134
|
You only get one try at facial recognition. If it fails you are required to enter the PIN. So no, you don't get to keep adding glasses and makeup and hair and whatnot. One try.
__________________
And whatever your labors and aspirations in the noisy confusion of life, keep peace in your soul. With all its sham, drudgery, and broken dreams, it is still a beautiful world. Be cheerful. Strive to be happy.- Desiderata by Max Ehrmann
|
|
|
01-10-2020, 05:12 PM
|
#95
|
Full time employment: Posting here.
Join Date: Feb 2011
Posts: 852
|
One level of protection that I believe I have has also been annoying to me at times, and it is not inexpensive, but it is another layer. I have a financial advisor on my accounts. (FLAT RATE- not AUM rip off, but let's not hijack this thread about that)
Nothing can be done with my funds at Fidelity without the financial advisor approving it. So the thief would have to know my advisor, contact him, get his ok (all via secure encrypted emails to my personal email account or my voice on my phone) I do not believe he would ok anything from a new phone or new email address without lots of confirmation.
(Also he gives good advice and portfolio management and access to DFA funds.)
|
|
|
01-10-2020, 05:43 PM
|
#96
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2012
Posts: 6,130
|
Quote:
Originally Posted by gauss
I have worried about this for years, and I am not sure how many of you are following this, but there is an active case in the northern California Federal courts about a 401k that was emptied, apparently due to error by the service providers. The poor lady called them 28 times or so after she started to see the funds disappear in 3 different transactions. After the service provider completed their investigation, the response was basically - "yeah - we didn't recover any of the money and we are not going to reimburse you. Was their anything else I could assist you with today?". The victim has linked up with an employee benefits law firm and they have filed suit.
Here is a link to a media article describing the event.
-gauss
|
One interesting line from the article:
Quote:
401k accounts are particularly vulnerable to fraud, because they are typically not accounts that account holders interact with frequently, according to Teresa Renaker, an attorney who is representing Ms. Berman in her case against Estée Lauder and Alight. “You don’t check your 401k every day or even every month,” she noted. Plans are only required to mail statements every quarter. “Indeed, participants are generally advised to leave their 401k accounts alone,” Renaker said.
|
I feel it strange to not check my account frequently. Even though I have alerts set up at all of the various institutions, I am still looking at the accounts almost every day. Only on my own wireless network of course - NEVER on a public wifi network.
This also raises a concern to me about using "account aggregators" like PersonalCapital, or even Quicken who use your account login credentials to access your account balances. I am seeing too much risk in doing that. I more comfortable with entering changes manually.
__________________
FIREd date: June 26, 2018 - "This Happy Feeling, Going Round and Round!" (GQ)
|
|
|
01-10-2020, 07:47 PM
|
#97
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jul 2009
Posts: 5,307
|
Quote:
Originally Posted by jollystomper
I feel it strange to not check my account frequently. Even though I have alerts set up at all of the various institutions, I am still looking at the accounts almost every day. Only on my own wireless network of course - NEVER on a public wifi network.
|
I log in daily to my accounts -- well every business day except in rare instances. I do have Quicken and I thought long and hard about using it to update. In the end I did it, but I did not save my Vault password to the computer. I manually type it in each time I update.
|
|
|
01-10-2020, 09:30 PM
|
#98
|
Recycles dryer sheets
Join Date: Dec 2009
Location: Ft Lauderdale
Posts: 165
|
Quote:
Originally Posted by RobbieB
Another reason I like my managed accounts. I can't get my own money so I don't think the hackers will either.
I have to talk to a real person and they do the sales and transfers.
|
I have 2 managed accounts at Fidelity. And yes, I think it would be pretty hard for anyone can get at those. I have 4 other non-managed accounts with them. 3 of them are on "Lockdown". An optional feature available in their Security Center.
|
|
|
01-11-2020, 01:23 AM
|
#99
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2004
Location: SW Ohio
Posts: 14,404
|
Quote:
Originally Posted by urn2bfree
One level of protection that I believe I have has also been annoying to me at times, and it is not inexpensive, but it is another layer. I have a financial advisor on my accounts. (FLAT RATE- not AUM rip off, but let's not hijack this thread about that)
Nothing can be done with my funds at Fidelity without the financial advisor approving it. So the thief would have to know my advisor, contact him, get his ok (all via secure encrypted emails to my personal email account or my voice on my phone) I do not believe he would ok anything from a new phone or new email address without lots of confirmation.
|
I'm not seeing how this reduces your risk. If your FA is sloppy with his data security, then a hacker can get the credentials needed to get into your Fido accounts (just as if you were sloppy). And you've got an additional node where an "insider" can get access to your info (your FA's office).
And with another entity having access to your account, if there are any unexplained transfers/withdrawals, figuring out who is to blame could get a little more difficult.
Maybe it's normal, but I wouldn't want a setup where I couldn't call Fidelity and get access to my accounts.
|
|
|
01-11-2020, 07:23 AM
|
#100
|
Moderator
Join Date: Oct 2010
Posts: 10,656
|
I have a feeling that the Alight Financial case will turn out to be something other than a foreign hacker with stolen credentials. The article says:
Quote:
The suit does not mention the exact mechanism by which the fraudulent transfers happened. It is unclear whether the criminals responsible for it were relatives of the plan holder, insiders at the firm managing the 401k, cyber criminals acting from afar – or none of the above.
|
With 401k plans, it's harder for people to move to another custodian, but there are probably people who are using Alight by choice. I'd be the first one to leave if it turns out they let "cyber criminals acting from afar" to get away with it, or more precisely, leave the account owner holding the bag.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|