Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Old 01-10-2020, 05:43 AM   #81
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
JoeWras's Avatar
 
Join Date: Sep 2012
Posts: 11,701
Quote:
Originally Posted by Alan View Post
The SIM card fraud doesn’t rely on knowing the PIN, there are other methods such as “social engineering “ where they dupe the phone company customer service rep.
dupe or are paid off!
__________________
Retired Class of 2018


JoeWras is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-10-2020, 05:53 AM   #82
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,056
Quote:
Originally Posted by JoeWras View Post
dupe or are paid off!
Either. I listened to a podcast last year where they played back the recorded conversation of a successful SIM swap. The lady making the call was very convincing pretending to be calling from an airport and sounded suitably stressed putting adding pressure on the rep since she couldn’t remember the answer to the security questions.

The guy being robbed only took a couple of hours to realise he had no signal and contact the phone company. 2 or 3 thousand £ were taken from his account. The bank refunded his money and the report didn’t say whether the bank sued the phone company. The phone company said it was retraining its staff.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 01-10-2020, 08:08 AM   #83
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
JoeWras's Avatar
 
Join Date: Sep 2012
Posts: 11,701
Quote:
Originally Posted by Alan View Post
Either. I listened to a podcast last year where they played back the recorded conversation of a successful SIM swap.
These are really good to listen to. I also suggest watching the first few episodes of the show "Mr. Robot." If you can stand the R-rated content, it really dives into social engineering methods in a very authentic way. For example, asking to borrow a phone for just a second due to an emergency, and then sucking up that number for future social engineering uses. Just one of many little methods Elliot used.
__________________
Retired Class of 2018


JoeWras is offline   Reply With Quote
Old 01-10-2020, 08:13 AM   #84
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
JoeWras's Avatar
 
Join Date: Sep 2012
Posts: 11,701
Funny this whole 2FA thing comes up. So out of the blue, I just got a random text from Google saying "Here is your verification code."

Don't know why. But I just went through and changed all my Google passwords.
__________________
Retired Class of 2018


JoeWras is offline   Reply With Quote
Old 01-10-2020, 10:07 AM   #85
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
So no real answers as to how the IRA account was set up. The Fraud department rep said it was set up online and confirmed again it was not done internally at Fidelity. I think it was tied to the IRA'S I set up earlier in 2019 and an IT glitch reactivated and changed the date to the end of December. Or it was done internally at Fidelity.

In the past week I ran credit reports, checked all credit card accounts and all accounts at other financial agencies. Nothing seems suspicious or strange. I also had new credit and debit cards issued to be on the safe side. All my user id and passwords have been changed twice. Ran virus scans, malware scans and rootkill scans. In the future I will be using VIP Access when signing into Fidelity. In the meantime Fidelity is changing all our account numbers.

Now I will need to spend the day cleaning up my Quicken account.
littleb is offline   Reply With Quote
Old 01-10-2020, 10:24 AM   #86
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 3,594
Maybe you could engage one of the reputable investigative journalist -- perhaps one that operates at a national level to look into this further.

If Fidelity is either unable or unwilling to disclose how it happened, a 60 minutes camera crew on their doorstep may motivate them to take this case more seriously.

In my view, this would give added weight to this such as when a lawsuit is moved over from an individual to a class-action status.

Fidelity won't care if one person leaves the firm due to unsatisfactory answers, but exposure on a national level may get their attention.

I realize that your immediate problems have likely been solved, but you seem to have documentation that could force change that others of us who are concerned about would not have.

-gauss
gauss is offline   Reply With Quote
Old 01-10-2020, 11:25 AM   #87
Thinks s/he gets paid by the post
 
Join Date: Aug 2014
Location: Chicago West Burbs
Posts: 2,998
Quote:
Originally Posted by JoeWras View Post
Funny this whole 2FA thing comes up. So out of the blue, I just got a random text from Google saying "Here is your verification code."

Don't know why. But I just went through and changed all my Google passwords.
Nobody asked you for this verification code? I had a similar email when someone was replying to stuff I had on Facebook Marketplace. He said it was to confirm my identity. It is actually used to setup a false Google Voice account with no true traceability by the other person.
CRLLS is offline   Reply With Quote
Old 01-10-2020, 12:42 PM   #88
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
JoeWras's Avatar
 
Join Date: Sep 2012
Posts: 11,701
Quote:
Originally Posted by CRLLS View Post
Nobody asked you for this verification code? I had a similar email when someone was replying to stuff I had on Facebook Marketplace. He said it was to confirm my identity. It is actually used to setup a false Google Voice account with no true traceability by the other person.
Nobody asked. It was out of the blue. It is possible there was an email follow up that Google detected as malicious and deleted.

Another possibility is someone mistyped a phone number. I got no further requests, spam, etc.

BTW, I set up Google voice just a few months ago and the verification code there says: "0123456 is your Google Voice verification code. Don't share it with anyone else..."

The code I got out of the blue was: "G-0123456 is your Google verification code." Period. I got these since after I went through and changed all my security information, but I knew they were coming from me.
__________________
Retired Class of 2018


JoeWras is offline   Reply With Quote
Old 01-10-2020, 01:08 PM   #89
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Jun 2016
Location: Colorado
Posts: 8,971
Quote:
Originally Posted by gauss View Post
Maybe you could engage one of the reputable investigative journalist -- perhaps one that operates at a national level to look into this further.

If Fidelity is either unable or unwilling to disclose how it happened, a 60 minutes camera crew on their doorstep may motivate them to take this case more seriously.

In my view, this would give added weight to this such as when a lawsuit is moved over from an individual to a class-action status.

Fidelity won't care if one person leaves the firm due to unsatisfactory answers, but exposure on a national level may get their attention.

I realize that your immediate problems have likely been solved, but you seem to have documentation that could force change that others of us who are concerned about would not have.

-gauss
A bit of an overreaction, no?
COcheesehead is offline   Reply With Quote
Old 01-10-2020, 01:37 PM   #90
Thinks s/he gets paid by the post
 
Join Date: Mar 2009
Posts: 2,983
Overreaction? IMHO not really. I'm beginning to question the quality of answers I'm getting everywhere.
__________________
Took SS at 62 and hope I live long enough to regret the decision.
foxfirev5 is offline   Reply With Quote
Old 01-10-2020, 01:41 PM   #91
Thinks s/he gets paid by the post
 
Join Date: Jul 2009
Posts: 1,605
Hmmmm ... methinks Fidelity to dive deeper.

There is a trail ...
stephenson is offline   Reply With Quote
Old 01-10-2020, 04:42 PM   #92
gone traveling
 
Join Date: Dec 2010
Posts: 538
Quote:
Originally Posted by braumeister View Post
From what I've read, the facial recognition algorithm is constantly updating itself. So if you change to different glasses, add/subtract facial hair, get a new scar, etc., it may fail once or twice but then after you've entered your PIN it will learn your new appearance and work as normal. Based on my own experience, that does seem to be the case, and it's pretty darn good at it.
So that means that you do NOT have 2 independant security features. Anyone with the PIN can just add facial hair & glasses etc until it adapts to their face. Might have to find someone with similar features, but if the phone does not lock out after several fails -- hey hey, the gang's all here.
Bongleur is offline   Reply With Quote
Old 01-10-2020, 04:52 PM   #93
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,007
Quote:
Originally Posted by Bongleur View Post
So that means that you do NOT have 2 independant security features. Anyone with the PIN can just add facial hair & glasses etc until it adapts to their face. Might have to find someone with similar features, but if the phone does not lock out after several fails -- hey hey, the gang's all here.
If the person has the PIN they already can completely bypass facial recognition which is only there as a convenience, not an independent security feature.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 01-10-2020, 04:54 PM   #94
Thinks s/he gets paid by the post
MissMolly's Avatar
 
Join Date: Jun 2010
Posts: 2,134
You only get one try at facial recognition. If it fails you are required to enter the PIN. So no, you don't get to keep adding glasses and makeup and hair and whatnot. One try.
__________________
And whatever your labors and aspirations in the noisy confusion of life, keep peace in your soul. With all its sham, drudgery, and broken dreams, it is still a beautiful world. Be cheerful. Strive to be happy.- Desiderata by Max Ehrmann
MissMolly is online now   Reply With Quote
Old 01-10-2020, 05:12 PM   #95
Full time employment: Posting here.
urn2bfree's Avatar
 
Join Date: Feb 2011
Posts: 852
One level of protection that I believe I have has also been annoying to me at times, and it is not inexpensive, but it is another layer. I have a financial advisor on my accounts. (FLAT RATE- not AUM rip off, but let's not hijack this thread about that)
Nothing can be done with my funds at Fidelity without the financial advisor approving it. So the thief would have to know my advisor, contact him, get his ok (all via secure encrypted emails to my personal email account or my voice on my phone) I do not believe he would ok anything from a new phone or new email address without lots of confirmation.

(Also he gives good advice and portfolio management and access to DFA funds.)
urn2bfree is offline   Reply With Quote
Old 01-10-2020, 05:43 PM   #96
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
jollystomper's Avatar
 
Join Date: Apr 2012
Posts: 6,130
Quote:
Originally Posted by gauss View Post
I have worried about this for years, and I am not sure how many of you are following this, but there is an active case in the northern California Federal courts about a 401k that was emptied, apparently due to error by the service providers. The poor lady called them 28 times or so after she started to see the funds disappear in 3 different transactions. After the service provider completed their investigation, the response was basically - "yeah - we didn't recover any of the money and we are not going to reimburse you. Was their anything else I could assist you with today?". The victim has linked up with an employee benefits law firm and they have filed suit.

Here is a link to a media article describing the event.
-gauss

One interesting line from the article:


Quote:
401k accounts are particularly vulnerable to fraud, because they are typically not accounts that account holders interact with frequently, according to Teresa Renaker, an attorney who is representing Ms. Berman in her case against Estée Lauder and Alight. “You don’t check your 401k every day or even every month,” she noted. Plans are only required to mail statements every quarter. “Indeed, participants are generally advised to leave their 401k accounts alone,” Renaker said.
I feel it strange to not check my account frequently. Even though I have alerts set up at all of the various institutions, I am still looking at the accounts almost every day. Only on my own wireless network of course - NEVER on a public wifi network.

This also raises a concern to me about using "account aggregators" like PersonalCapital, or even Quicken who use your account login credentials to access your account balances. I am seeing too much risk in doing that. I more comfortable with entering changes manually.
__________________
FIREd date: June 26, 2018 - "This Happy Feeling, Going Round and Round!" (GQ)
jollystomper is offline   Reply With Quote
Old 01-10-2020, 07:47 PM   #97
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Katsmeow's Avatar
 
Join Date: Jul 2009
Posts: 5,307
Quote:
Originally Posted by jollystomper View Post

I feel it strange to not check my account frequently. Even though I have alerts set up at all of the various institutions, I am still looking at the accounts almost every day. Only on my own wireless network of course - NEVER on a public wifi network.
I log in daily to my accounts -- well every business day except in rare instances. I do have Quicken and I thought long and hard about using it to update. In the end I did it, but I did not save my Vault password to the computer. I manually type it in each time I update.
Katsmeow is offline   Reply With Quote
Old 01-10-2020, 09:30 PM   #98
Recycles dryer sheets
 
Join Date: Dec 2009
Location: Ft Lauderdale
Posts: 165
Quote:
Originally Posted by RobbieB View Post
Another reason I like my managed accounts. I can't get my own money so I don't think the hackers will either.

I have to talk to a real person and they do the sales and transfers.
I have 2 managed accounts at Fidelity. And yes, I think it would be pretty hard for anyone can get at those. I have 4 other non-managed accounts with them. 3 of them are on "Lockdown". An optional feature available in their Security Center.
Tracer is offline   Reply With Quote
Old 01-11-2020, 01:23 AM   #99
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
samclem's Avatar
 
Join Date: May 2004
Location: SW Ohio
Posts: 14,404
Quote:
Originally Posted by urn2bfree View Post
One level of protection that I believe I have has also been annoying to me at times, and it is not inexpensive, but it is another layer. I have a financial advisor on my accounts. (FLAT RATE- not AUM rip off, but let's not hijack this thread about that)
Nothing can be done with my funds at Fidelity without the financial advisor approving it. So the thief would have to know my advisor, contact him, get his ok (all via secure encrypted emails to my personal email account or my voice on my phone) I do not believe he would ok anything from a new phone or new email address without lots of confirmation.
I'm not seeing how this reduces your risk. If your FA is sloppy with his data security, then a hacker can get the credentials needed to get into your Fido accounts (just as if you were sloppy). And you've got an additional node where an "insider" can get access to your info (your FA's office).

And with another entity having access to your account, if there are any unexplained transfers/withdrawals, figuring out who is to blame could get a little more difficult.

Maybe it's normal, but I wouldn't want a setup where I couldn't call Fidelity and get access to my accounts.
samclem is offline   Reply With Quote
Old 01-11-2020, 07:23 AM   #100
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 10,656
I have a feeling that the Alight Financial case will turn out to be something other than a foreign hacker with stolen credentials. The article says:



Quote:
The suit does not mention the exact mechanism by which the fraudulent transfers happened. It is unclear whether the criminals responsible for it were relatives of the plan holder, insiders at the firm managing the 401k, cyber criminals acting from afar – or none of the above.

With 401k plans, it's harder for people to move to another custodian, but there are probably people who are using Alight by choice. I'd be the first one to leave if it turns out they let "cyber criminals acting from afar" to get away with it, or more precisely, leave the account owner holding the bag.
sengsational is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Amazon Account Hacked eytonxav Other topics 13 10-25-2019 03:47 PM
Amazon Account Hacked SumDay Technology, Media & e-Gadgets 36 10-08-2019 07:37 AM
Transfer HSA account to my Fidelity HSA account fh2000 FIRE and Money 4 08-12-2019 11:27 AM
Which Facebook Account was Hacked? TromboneAl Technology, Media & e-Gadgets 14 07-29-2019 02:14 PM
Ronstar's account hacked? braumeister Forum Admin 7 07-08-2017 03:41 PM

» Quick Links

 
All times are GMT -6. The time now is 02:41 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.