|
|
01-04-2020, 07:21 AM
|
#1
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Fidelity Account Hacked
New Year's eve I received an email from Fidelity informing me that my new IRA account needed profile information entered. Went to Fidelity's website and after reviewing the portfolio it looked like an IRA account with a 0 balance was the one in question. In the past Fidelity would send a letter requesting personal information on all our Fidelity accounts so this request did not seem odd to me.
I also thought I set up the IRA by mistake when moving two accounts from Vanguard to Fidelity nine months ago.
After speaking with a Fidelity Rep it was determined the account was set up four days earlier. The next step was speaking to the Fraud Department. I knew that someone hacked into the account because I was in the hospital the day the account was set up. DH was at the hospital too. The Fraud guy wanted to know if anyone had my sign on or access to it. I assured him that nobody knew my sign on not even DH. He determined the person who set up the IRA did it online with my user id and password. I told him I use a password manager and change passwords on a regular basis. Overall my passwords and user id's are not easy to guess. I ran a log report from my password manager and nothing seems suspicious. A rep from the company also confirmed this.
So I spent days changing all user id and passwords and downloading better ?? anti virus and malware software programs.
This is very concerning because we have 90% of our money at Fidelity. At the moment the Fraud Department has blocked our accounts and are doing an in depth investigation to determine how this happened.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
01-04-2020, 07:23 AM
|
#2
|
Recycles dryer sheets
Join Date: Jan 2013
Posts: 312
|
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
|
|
|
01-04-2020, 07:27 AM
|
#3
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Quote:
Originally Posted by Unpaintedhuffhines
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
|
A already do the two step process. That is why this is so perplexing.
|
|
|
01-04-2020, 07:30 AM
|
#4
|
Moderator
Join Date: Oct 2010
Posts: 10,656
|
If something got into one of your devices that you use to log into Fidelity, that might be how they did it....a key logger. But my first thought was that you went for a phishing email in the past. That's where you get a legit looking email, click a link, and they present you with what looks like Fidelity's login. They get your credentials then, if it's a good one, the bounce you to the real Fidelity site, so everything works perfectly, but they now have your credentials and can use them at a later date.
EDIT: I just read you use two-factor. Always?
|
|
|
01-04-2020, 07:31 AM
|
#5
|
Moderator
Join Date: Nov 2015
Posts: 13,879
|
did you access your accounts while in the hospital - from their network perhaps?
|
|
|
01-04-2020, 07:33 AM
|
#6
|
Moderator
Join Date: Nov 2014
Posts: 9,101
|
Scary. One of my worst nightmares. I’ve even discussed it on the site. The fear of waking up and seeing that zero balance on my main IRA (half of my wealth). I’m glad yours was only zero on a new (fraudulent) account and that you did not apparently lose anything.
That you use a password generator and two factor authentication is very troubling. Please keep us informed in what Fidelity finds out.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
|
|
|
01-04-2020, 07:35 AM
|
#7
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Quote:
Originally Posted by sengsational
If something got into one of your devices that you use to log into Fidelity, that might be how they did it....a key logger. But my first thought was that you went for a phishing email in the past. That's where you get a legit looking email, click a link, and they present you with what looks like Fidelity's login. They get your credentials then, if it's a good one, the bounce you to the real Fidelity site, so everything works perfectly, but they now have your credentials and can use them at a later date.
EDIT: I just read you use two-factor. Always?
|
I read about a key logger. If I was plished it was many many years ago since I am more aware now. I always do the two step factor if it is offered at my financial institutions.
|
|
|
01-04-2020, 07:37 AM
|
#8
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Quote:
Originally Posted by Aerides
did you access your accounts while in the hospital - from their network perhaps?
|
No, the day the account was set up I was not able to sign on to anything.
I also have my password manager on my phone where you need to know the Master Password (20 characters) to even get to the apps in question.
|
|
|
01-04-2020, 07:43 AM
|
#9
|
Recycles dryer sheets
Join Date: Jul 2018
Posts: 141
|
Yikes! Please keep us posted as the investigation develops, if you don't mind.
|
|
|
01-04-2020, 07:44 AM
|
#10
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Quote:
Originally Posted by Jerry1
Scary. One of my worst nightmares. I’ve even discussed it on the site. The fear of waking up and seeing that zero balance on my main IRA (half of my wealth). I’m glad yours was only zero on a new (fraudulent) account and that you did not apparently lose anything.
That you use a password generator and two factor authentication is very troubling. Please keep us informed in what Fidelity finds out.
|
My biggest fear too. Thank goodness I have my money in three different places so that a block does not effect me.
I am hoping Fidelity has a state of the art fraud department that can get to the bottom of this.
|
|
|
01-04-2020, 07:58 AM
|
#11
|
Thinks s/he gets paid by the post
Join Date: Aug 2014
Location: Chicago West Burbs
Posts: 2,998
|
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
|
|
|
01-04-2020, 07:58 AM
|
#12
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jan 2008
Location: NC
Posts: 21,204
|
Quote:
Originally Posted by Unpaintedhuffhines
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
|
Quote:
Originally Posted by littleb
A already do the two step process. That is why this is so perplexing.
|
Without the users phone, hacking 2FA is difficult and rare, and even then the user has to fall for a phishing attempt so the hacker can grab a session cookie. A two-factor code changes every few seconds, so taking that from the user page is pointless.
I hope the OP will keep us posted, hopefully there’s more to the story. And we shouldn’t leave Fidelity’s culpability up in the air IMO.
2FA greatly enhances security.
https://www.cnet.com/news/two-factor...d-to-know-faq/
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57
Target AA: 50% equity funds / 45% bonds / 5% cash
Target WR: Approx 1.5% Approx 20% SI (secure income, SS only)
|
|
|
01-04-2020, 08:00 AM
|
#13
|
Recycles dryer sheets
Join Date: May 2015
Posts: 244
|
Quote:
Originally Posted by CRLLS
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
|
No money lost since I called within a few days of the Fidelity email.
|
|
|
01-04-2020, 08:01 AM
|
#14
|
Thinks s/he gets paid by the post
Join Date: Aug 2017
Location: Champaign
Posts: 4,689
|
Quote:
Originally Posted by littleb
Went to Fidelity's website and after reviewing the portfolio it looked like an IRA account with a 0 balance was the one in question. In the past Fidelity would send a letter requesting personal information on all our Fidelity accounts so this request did not seem odd to me.
I also thought I set up the IRA by mistake when moving two accounts from Vanguard to Fidelity nine months ago.
After speaking with a Fidelity Rep it was determined the account was set up four days earlier. The next step was speaking to the Fraud Department.
|
When you spoke to the fraud dept., did they say the account was set up online or via phone? Our log in is voice verified over the phone. You mentioned they sent a letter, via e-mail or snail mail? Opening a new IRA account gives hacker ability to see your entire portfolio? Or does Fidelity wait for updates in your profile before actually setting it up? It seems strange that hacker would not attempt something else in the process of setting up new IRA. Fraud dept. should be able to tell you what they know about your entire portfolio now.
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."
Ralph Waldo Emerson
|
|
|
01-04-2020, 08:02 AM
|
#15
|
Moderator
Join Date: Nov 2014
Posts: 9,101
|
Quote:
Originally Posted by CRLLS
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
|
Nothing was lost. A new account was set up. Probably on the way to a loss, but stopped in progress thankfully. Still very upsetting I’m sure.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
|
|
|
01-04-2020, 08:10 AM
|
#16
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jan 2008
Location: NC
Posts: 21,204
|
Quote:
Originally Posted by littleb
No money lost since I called within a few days of the Fidelity email.
|
So Fidelity confirmed they sent the original email? And you reviewed your email inbox from 4 days ago to see if anything questionable came in?
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57
Target AA: 50% equity funds / 45% bonds / 5% cash
Target WR: Approx 1.5% Approx 20% SI (secure income, SS only)
|
|
|
01-04-2020, 08:18 AM
|
#17
|
Thinks s/he gets paid by the post
Join Date: Jul 2009
Posts: 1,605
|
I’m not yet convinced this was hacking - or at least that it was done from outside.
Fidelity should be able to scratch down through the entire event ... including whether a 2FA code was sent, when it was sent, if it was used, etc ...
|
|
|
01-04-2020, 08:21 AM
|
#18
|
Recycles dryer sheets
Join Date: Feb 2019
Posts: 384
|
Definitely interested in the full story here. I am wondering if maybe it was an agent that made a mistake. DW had a $2,000 gift to her IRA last year. I caught the error and gave it back.
|
|
|
01-04-2020, 08:29 AM
|
#19
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2013
Posts: 11,078
|
If I was inclined to hack someone's account and had their username and password I wouldn't set up new a account.[emoji41] Maybe tell Fidelity to back off and see if they fund it?
|
|
|
01-04-2020, 08:30 AM
|
#20
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Apr 2013
Posts: 11,078
|
Quote:
Originally Posted by Dalmore
Definitely interested in the full story here. I am wondering if maybe it was an agent that made a mistake. DW had a $2,000 gift to her IRA last year. I caught the error and gave it back.
|
Most hacks are internal.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|