Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Fidelity Account Hacked
Old 01-04-2020, 07:21 AM   #1
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Fidelity Account Hacked

New Year's eve I received an email from Fidelity informing me that my new IRA account needed profile information entered. Went to Fidelity's website and after reviewing the portfolio it looked like an IRA account with a 0 balance was the one in question. In the past Fidelity would send a letter requesting personal information on all our Fidelity accounts so this request did not seem odd to me.

I also thought I set up the IRA by mistake when moving two accounts from Vanguard to Fidelity nine months ago.

After speaking with a Fidelity Rep it was determined the account was set up four days earlier. The next step was speaking to the Fraud Department. I knew that someone hacked into the account because I was in the hospital the day the account was set up. DH was at the hospital too. The Fraud guy wanted to know if anyone had my sign on or access to it. I assured him that nobody knew my sign on not even DH. He determined the person who set up the IRA did it online with my user id and password. I told him I use a password manager and change passwords on a regular basis. Overall my passwords and user id's are not easy to guess. I ran a log report from my password manager and nothing seems suspicious. A rep from the company also confirmed this.

So I spent days changing all user id and passwords and downloading better ?? anti virus and malware software programs.

This is very concerning because we have 90% of our money at Fidelity. At the moment the Fraud Department has blocked our accounts and are doing an in depth investigation to determine how this happened.
littleb is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-04-2020, 07:23 AM   #2
Recycles dryer sheets
 
Join Date: Jan 2013
Posts: 312
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
Unpaintedhuffhines is offline   Reply With Quote
Old 01-04-2020, 07:27 AM   #3
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Quote:
Originally Posted by Unpaintedhuffhines View Post
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
A already do the two step process. That is why this is so perplexing.
littleb is offline   Reply With Quote
Old 01-04-2020, 07:30 AM   #4
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 10,656
If something got into one of your devices that you use to log into Fidelity, that might be how they did it....a key logger. But my first thought was that you went for a phishing email in the past. That's where you get a legit looking email, click a link, and they present you with what looks like Fidelity's login. They get your credentials then, if it's a good one, the bounce you to the real Fidelity site, so everything works perfectly, but they now have your credentials and can use them at a later date.


EDIT: I just read you use two-factor. Always?
sengsational is offline   Reply With Quote
Old 01-04-2020, 07:31 AM   #5
Moderator
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 13,879
did you access your accounts while in the hospital - from their network perhaps?
Aerides is offline   Reply With Quote
Old 01-04-2020, 07:33 AM   #6
Moderator
Jerry1's Avatar
 
Join Date: Nov 2014
Posts: 9,101
Scary. One of my worst nightmares. I’ve even discussed it on the site. The fear of waking up and seeing that zero balance on my main IRA (half of my wealth). I’m glad yours was only zero on a new (fraudulent) account and that you did not apparently lose anything.

That you use a password generator and two factor authentication is very troubling. Please keep us informed in what Fidelity finds out.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
Jerry1 is online now   Reply With Quote
Old 01-04-2020, 07:35 AM   #7
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Quote:
Originally Posted by sengsational View Post
If something got into one of your devices that you use to log into Fidelity, that might be how they did it....a key logger. But my first thought was that you went for a phishing email in the past. That's where you get a legit looking email, click a link, and they present you with what looks like Fidelity's login. They get your credentials then, if it's a good one, the bounce you to the real Fidelity site, so everything works perfectly, but they now have your credentials and can use them at a later date.


EDIT: I just read you use two-factor. Always?
I read about a key logger. If I was plished it was many many years ago since I am more aware now. I always do the two step factor if it is offered at my financial institutions.
littleb is offline   Reply With Quote
Old 01-04-2020, 07:37 AM   #8
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Quote:
Originally Posted by Aerides View Post
did you access your accounts while in the hospital - from their network perhaps?
No, the day the account was set up I was not able to sign on to anything.

I also have my password manager on my phone where you need to know the Master Password (20 characters) to even get to the apps in question.
littleb is offline   Reply With Quote
Old 01-04-2020, 07:43 AM   #9
Recycles dryer sheets
Involuntary Retiree's Avatar
 
Join Date: Jul 2018
Posts: 141
Yikes! Please keep us posted as the investigation develops, if you don't mind.
Involuntary Retiree is online now   Reply With Quote
Old 01-04-2020, 07:44 AM   #10
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Quote:
Originally Posted by Jerry1 View Post
Scary. One of my worst nightmares. I’ve even discussed it on the site. The fear of waking up and seeing that zero balance on my main IRA (half of my wealth). I’m glad yours was only zero on a new (fraudulent) account and that you did not apparently lose anything.

That you use a password generator and two factor authentication is very troubling. Please keep us informed in what Fidelity finds out.
My biggest fear too. Thank goodness I have my money in three different places so that a block does not effect me.

I am hoping Fidelity has a state of the art fraud department that can get to the bottom of this.
littleb is offline   Reply With Quote
Old 01-04-2020, 07:58 AM   #11
Thinks s/he gets paid by the post
 
Join Date: Aug 2014
Location: Chicago West Burbs
Posts: 2,998
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
CRLLS is offline   Reply With Quote
Old 01-04-2020, 07:58 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: NC
Posts: 21,204
Quote:
Originally Posted by Unpaintedhuffhines View Post
Ack! that's terrible. If you aren't already, I suggest using two factor authentication - I can have your credentials, but if I don't also have your phone, I'd be out of luck to sign into your Fidelity account.
Quote:
Originally Posted by littleb View Post
A already do the two step process. That is why this is so perplexing.
Without the users phone, hacking 2FA is difficult and rare, and even then the user has to fall for a phishing attempt so the hacker can grab a session cookie. A two-factor code changes every few seconds, so taking that from the user page is pointless.

I hope the OP will keep us posted, hopefully there’s more to the story. And we shouldn’t leave Fidelity’s culpability up in the air IMO.

2FA greatly enhances security.

https://www.cnet.com/news/two-factor...d-to-know-faq/
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 50% equity funds / 45% bonds / 5% cash
Target WR: Approx 1.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Old 01-04-2020, 08:00 AM   #13
Recycles dryer sheets
littleb's Avatar
 
Join Date: May 2015
Posts: 244
Quote:
Originally Posted by CRLLS View Post
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
No money lost since I called within a few days of the Fidelity email.
littleb is offline   Reply With Quote
Old 01-04-2020, 08:01 AM   #14
Thinks s/he gets paid by the post
Rianne's Avatar
 
Join Date: Aug 2017
Location: Champaign
Posts: 4,689
Quote:
Originally Posted by littleb View Post
Went to Fidelity's website and after reviewing the portfolio it looked like an IRA account with a 0 balance was the one in question. In the past Fidelity would send a letter requesting personal information on all our Fidelity accounts so this request did not seem odd to me.

I also thought I set up the IRA by mistake when moving two accounts from Vanguard to Fidelity nine months ago.

After speaking with a Fidelity Rep it was determined the account was set up four days earlier. The next step was speaking to the Fraud Department.
When you spoke to the fraud dept., did they say the account was set up online or via phone? Our log in is voice verified over the phone. You mentioned they sent a letter, via e-mail or snail mail? Opening a new IRA account gives hacker ability to see your entire portfolio? Or does Fidelity wait for updates in your profile before actually setting it up? It seems strange that hacker would not attempt something else in the process of setting up new IRA. Fraud dept. should be able to tell you what they know about your entire portfolio now.
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."

Ralph Waldo Emerson
Rianne is offline   Reply With Quote
Old 01-04-2020, 08:02 AM   #15
Moderator
Jerry1's Avatar
 
Join Date: Nov 2014
Posts: 9,101
Quote:
Originally Posted by CRLLS View Post
OMG! I can't imagine how that might feel. I hope they can make you whole soon. Thank you for posting. It has made me enable 2FA on my account.
Nothing was lost. A new account was set up. Probably on the way to a loss, but stopped in progress thankfully. Still very upsetting I’m sure.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
Jerry1 is online now   Reply With Quote
Old 01-04-2020, 08:10 AM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: NC
Posts: 21,204
Quote:
Originally Posted by littleb View Post
No money lost since I called within a few days of the Fidelity email.
So Fidelity confirmed they sent the original email? And you reviewed your email inbox from 4 days ago to see if anything questionable came in?
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 50% equity funds / 45% bonds / 5% cash
Target WR: Approx 1.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Old 01-04-2020, 08:18 AM   #17
Thinks s/he gets paid by the post
 
Join Date: Jul 2009
Posts: 1,605
I’m not yet convinced this was hacking - or at least that it was done from outside.

Fidelity should be able to scratch down through the entire event ... including whether a 2FA code was sent, when it was sent, if it was used, etc ...
stephenson is offline   Reply With Quote
Old 01-04-2020, 08:21 AM   #18
Recycles dryer sheets
 
Join Date: Feb 2019
Posts: 384
Definitely interested in the full story here. I am wondering if maybe it was an agent that made a mistake. DW had a $2,000 gift to her IRA last year. I caught the error and gave it back.
Dalmore is offline   Reply With Quote
Old 01-04-2020, 08:29 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 11,078
If I was inclined to hack someone's account and had their username and password I wouldn't set up new a account.[emoji41] Maybe tell Fidelity to back off and see if they fund it?
MRG is offline   Reply With Quote
Old 01-04-2020, 08:30 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 11,078
Quote:
Originally Posted by Dalmore View Post
Definitely interested in the full story here. I am wondering if maybe it was an agent that made a mistake. DW had a $2,000 gift to her IRA last year. I caught the error and gave it back.
Most hacks are internal.
MRG is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Amazon Account Hacked eytonxav Other topics 13 10-25-2019 03:47 PM
Amazon Account Hacked SumDay Technology, Media & e-Gadgets 36 10-08-2019 07:37 AM
Transfer HSA account to my Fidelity HSA account fh2000 FIRE and Money 4 08-12-2019 11:27 AM
Which Facebook Account was Hacked? TromboneAl Technology, Media & e-Gadgets 14 07-29-2019 02:14 PM
Ronstar's account hacked? braumeister Forum Admin 7 07-08-2017 03:41 PM

» Quick Links

 
All times are GMT -6. The time now is 01:23 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.