Fidelity Account Hacked

Yes, many curious minds! With password manager, 2FA, & decent anti-virus software, doesn't sound like the glitch is at your end.
 
Another reason I like my managed accounts. I can't get my own money so I don't think the hackers will either.

I have to talk to a real person and they do the sales and transfers.
 
Re: 2 factor authentication -- I see text messages right on my computer, so I'm not sure that it adds any security at all.
 
Potstickers said:
Re: 2 factor authentication -- I see text messages right on my computer, so I'm not sure that it adds any security at all.
Click to expand...

Text messages are probably the least secure method of 2FA.
I use the Symantec VIP Access app on my phone to log in to my Fidelity and Schwab accounts (and a couple of others). It's good enough, I think.
 
So I am trying to figure out the end game here. They fund the IRA from one of your other accounts and then make a withdrawal? Seems like a lot of steps and waiting if they already have access to your account.

I have transfers blocked on all my accounts. So nothing leaves unless I remove the block.
 
stephenson said:
I’m not yet convinced this was hacking - or at least that it was done from outside.

Fidelity should be able to scratch down through the entire event ... including whether a 2FA code was sent, when it was sent, if it was used, etc ...
Click to expand...

Yes, I wonder if it was simply an error. Basically someone setting up an account for another user and put in your group of accounts by mistake.
 
Potstickers said:
Re: 2 factor authentication -- I see text messages right on my computer, so I'm not sure that it adds any security at all.
Click to expand...

I have them sent to my phone, so...
Hackers need my VG password and my phone that’s password protected, and I get emails and text confirmation for every transaction before it happens. For those of us that don’t use ETFs, that means waiting till the end if the day.
 
COcheesehead said:
So I am trying to figure out the end game here. They fund the IRA from one of your other accounts and then make a withdrawal? Seems like a lot of steps and waiting if they already have access to your account.

I have transfers blocked on all my accounts. So nothing leaves unless I remove the block.
Click to expand...

Assuming I have some basic information like last 4 digits off your SS number and mothers maiden name...
Hi, this is Mr Cheesehead, I like to remove the block and make a withdrawal ...
My last 4 digits....my mother’s name is Chedder, my dogs name is Swiss.... I like to transfer my $11 million IRA to an IRA I have with Cayman bank....
 
teejayevans said:
Assuming I have some basic information like last 4 digits off your SS number and mothers maiden name...
Hi, this is Mr Cheesehead, I like to remove the block and make a withdrawal ...
My last 4 digits....my mother’s name is Chedder, my dogs name is Swiss.... I like to transfer my $11 million IRA to an IRA I have with Cayman bank....
Click to expand...

It doesn’t work that way.
 
teejayevans said:
I have them sent to my phone, so...
Hackers need my VG password and my phone that’s password protected, and I get emails and text confirmation for every transaction before it happens.
Click to expand...

My cell phone decided it wanted to go for a swim last summer while I was away for a week or so. I wasn't near anyplace to get a new one for a while.

I realized that I would be screwed if I'd needed two-factor authentication for anything. Many people nowadays also use their phones for e-mail, particularly when away from home.

Also, if the credit card company detects an unusual purchase, they may block the card until you call them from the number on file, or may call that number and block the card if you don't answer. Either way, now you've got no phone AND no credit card. (Well, most of us carry more than one card, but you get the point.)

It's downright frightening how much we depend on those things always being with us and always working!
 
I leave my smart phone at home unless I'm going out of town.
 
RobbieB said:
Another reason I like my managed accounts. I can't get my own money so I don't think the hackers will either.

I have to talk to a real person and they do the sales and transfers.
Click to expand...


This is true. It's a good point for sure.
 
CaptTom said:
My cell phone decided it wanted to go for a swim last summer while I was away for a week or so. I wasn't near anyplace to get a new one for a while.

I realized that I would be screwed if I'd needed two-factor authentication for anything. Many people nowadays also use their phones for e-mail, particularly when away from home.

Also, if the credit card company detects an unusual purchase, they may block the card until you call them from the number on file, or may call that number and block the card if you don't answer. Either way, now you've got no phone AND no credit card. (Well, most of us carry more than one card, but you get the point.)

It's downright frightening how much we depend on those things always being with us and always working!
Click to expand...


If you own an Iphone and an Ipad you will never have that problem unless you lose both of them. I always take both with me when I travel.
 
Have not heard a word yet from Fidelity. In the meantime, I have been running virus scans and downloaded Malwarebytes and scanned both pc's. Results came back with spyware on one computer.

I downloaded my credit reports and nothing looks strange. Already had credit freezes on all three credit bureaus but on their site it states only a "credit lock" keeps someone from setting up a new account. There was a soft inquiry from Fidelity in February when I set up an IRA and ROTH at Fidelity. There was also a soft inquiry when the new account was set up the end of December. The one Fidelity is investigating. This is interesting to me because I thought a credit freeze kept ANYONE from setting up a new account in your name. The credit "lock" costs 25.00 monthly per credit bureau. Is this a new way for the credit bureaus to make money? I have always had to unfreeze my credit report when getting credit in my name.
 
littleb said:
This is interesting to me because I thought a credit freeze kept ANYONE from setting up a new account in your name. The credit "lock" costs 25.00 monthly per credit bureau. Is this a new way for the credit bureaus to make money? I have always had to unfreeze my credit report when getting credit in my name.
Click to expand...

From the Clarke Howard website:
 

Attachments

  • Credit.JPG
    Credit.JPG
    57.5 KB · Views: 166
littleb said:
I had an agent involved in moving money from an IRA to my ROTH the middle of December. I asked three reps at Fidelity if the agent opened this new IRA account. All three said "no." The money transfer was from December 13 and the new IRA was set up the end of December.....It is a possibility to me.
Click to expand...

Some weird end of year computer issue with Fidelity? It seems to me if you were going to mess with someone's money, the IRA would be a cumbersome way to do that. Or maybe you think the IRA account was the gateway to your other accounts?

Why do you automatically assume it was a hack? the 12/31 date makes me think it was something on the IT end.
 
I also believe it was done in error by a Fidelity rep. Even the Fraud Dept rep stated this did not happen. We shall see.
 
Potstickers said:
Re: 2 factor authentication -- I see text messages right on my computer, so I'm not sure that it adds any security at all.
Click to expand...
I always delete them immediately after entering. They say they're good for 10 minutes, I leave them there for @ 10 seconds. Can hackers hack deleted messages? Always wondered about that.
 
littleb said:
Have not heard a word yet from Fidelity. In the meantime, I have been running virus scans and downloaded Malwarebytes and scanned both pc's. Results came back with spyware on one computer.

I downloaded my credit reports and nothing looks strange. Already had credit freezes on all three credit bureaus but on their site it states only a "credit lock" keeps someone from setting up a new account. There was a soft inquiry from Fidelity in February when I set up an IRA and ROTH at Fidelity. There was also a soft inquiry when the new account was set up the end of December. The one Fidelity is investigating. This is interesting to me because I thought a credit freeze kept ANYONE from setting up a new account in your name. The credit "lock" costs 25.00 monthly per credit bureau. Is this a new way for the credit bureaus to make money? I have always had to unfreeze my credit report when getting credit in my name.
Click to expand...

I think if you have an existing relationship, in this case Fidelity, that negates a freeze and they can make an inquiry.
 
Scary thread, which I have just read through. I hope Fidelity can get to the bottom of the issue, my guess would be an error by them.

How would the hackers transfer money out of your account to theirs? I've been through setting up a new bank account recently with Vanguard (2016, so actually a few years ago!!) and it takes a lot of steps and a lot of time. Well after they had transferred several micro-amounts and reversed them from our new bank account and had me verify the actual amounts it still took so long that I called them up to ask what was going on. The rep told me that as well as the steps I could see, they also did more verification steps in the background before allowing me to start transferring money to and from the new established bank account.

For sure it is important to have 2FA on the email address registered with Fidelity as I'm sure they send verifications there as well. They won't send any actual info to an email address, just the notice that there is a secure message waiting or activity happening so you need to log onto your account.

My wife and I have "agent authorization" over each other's accounts at Vanguard and if I forget to tell her that I am doing something, such as selling, trading or transfering money then she gets alerts and will immediately ask if that was me.
 
My Fidelity login ID and password are both 25-characters, randomly generated by our password manager and changed every 60-90 days. The answers to all my security questions are also 25-character random combinations of letters, numbers, and special characters and stored in the password manager. The master code for our password manager is 25 characters and known only by DW and myself.

I use 2FA via the VIP Access app, where the temporary code changes every 30 seconds. Both the password manager and VIP access run on my smartphone which requires my fingerprint to unlock. I have all our accounts on money transfer lockdown, unless I need to move something, and then it's immediately turned back on. I also activated the Fidelity voice recognition verification system, so in theory, no one can call Fidelity pretending to be me.

Even if someone broke through all that and managed to steal some money, Fidelity has a fraud protection guarantee, which would reimburse us for any losses from unauthorized activity that occurred through no fault of our own.
 
Cobra9777 said:
My Fidelity login ID and password are both 25-characters, randomly generated by our password manager and changed every 60-90 days. The answers to all my security questions are also 25-character random combinations of letters, numbers, and special characters and stored in the password manager. The master code for our password manager is 25 characters and known only by DW and myself.

I use 2FA via the VIP Access app, where the temporary code changes every 30 seconds. Both the password manager and VIP access run on my smartphone which requires my fingerprint to unlock. I have all our accounts on money transfer lockdown, unless I need to move something, and then it's immediately turned back on. I also activated the Fidelity voice recognition verification system, so in theory, no one can call Fidelity pretending to be me.

Even if someone broke through all that and managed to steal some money, Fidelity has a fraud protection guarantee, which would reimburse us for any losses from unauthorized activity that occurred through no fault of our own.
Click to expand...

How sad that we have to go to such lengths just to protect a bank account. :(
 
CaliKid said:
How sad that we have to go to such lengths just to protect a bank account. :(
Click to expand...

Like Cobra, I don't know my passwords. They are 20 characters of gibberish.

So imagine recently when I went somewhere (can't remember, bank?) and they asked me to sign in to complete the transaction. I just started laughing and said my passwords were random strings of gibberish.

The young lady looked at me very puzzled. She could not grasp the concept that not only did I not know my password, but I was damn proud that I didn't know it.

Anyway, they had some other means of completing the transaction, something more old school like taking my driver's license or something.
 
littleb said:
A already do the two step process. That is why this is so perplexing.
Click to expand...



I use ‘VIP ACCESS’ app from Symantec for my Fido account. It generates code on the fly which is good for 30 secs.... Its free and Fidelity will help you link your account.

So for someone to hack...they need to know your id, passwd then they need to have access to your phone and then knowledge of VIP app. I think its better than two factor authentication.. saves you from ‘SIM Swap’.
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Fidelity Instead...
2 3
Replies
60
Views
5K
youbet
youbet
Surewhitey
Vanguard small-business retirement plan is moving to Ascensus
Replies
12
Views
527
Qs Laptop
Qs Laptop
C
PSA: BROKERED CD'S cannot be transferred in-kind to Fidelity
Replies
12
Views
1K
copyright1997reloaded
C
S
Problems with Fidelity Bond depth of book
Replies
3
Views
502
foxfirev5
foxfirev5
I
RMD Question
Replies
16
Views
1K
TrvlBug
T

Latest posts

Back
Top Bottom