Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
It's been 13 years but I'm back! Now how to protect our IRAs?
Old 12-07-2020, 03:45 PM   #1
Recycles dryer sheets
just_hatched's Avatar
 
Join Date: Sep 2005
Posts: 94
It's been 13 years but I'm back! Now how to protect our IRAs?

Hi! I joined the forum in 2005 and last posted in 2008, wow.

Anyway, our IRAs (DW and me) have grown at Vanguard in index funds
since then (thank you lengthy bull market) and now after my own
identity theft scare recently where someone fraudulently ported my
phone number (I finally got it back after 3 weeks), I'm starting to
wonder about cybersecurity and asset protection and all that jazz.

I wasn't able to find a post that discussed this (which is surprising, so
maybe something is wrong with my search) but has anyone been discussing
best practices for this kind of thing?

For example, here is an article from 2011 about this topic:
https://www.cbsnews.com/news/how-to-...nternet-fraud/

Thanks! I hope everyone is doing well!
-just_hatched
just_hatched is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 12-07-2020, 03:59 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RunningBum's Avatar
 
Join Date: Jun 2007
Posts: 10,875
VG makes me type in a code they send by text or email if I log in from a new IP address, as someone who has hacked me is likely to do. Or you could set up for 2-Factor Authentication every time, where you'd have to do the same no matter where you logged in from.

I also try to log into my VG and other accounts at least once a week and look for any unrecognized transactions.

Don't use articles from 9 years ago on how to keep up with internet fraud. Tech has changed way too much since then.
RunningBum is offline   Reply With Quote
Old 12-07-2020, 05:14 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,274
When someone fraudulently ports your number, they get 2-factor codes allowing them to change your password, etc..
It's VERY scary as everyone's security depends upon a store clerk earning minimum wage only porting when proper.

I'm amazed with OP that they were not cleaned out in the 3 weeks it took to get the number back.

I wish all financial institutions would use some type of key fob/RSA device. I don't want the phone as the device, because if someone ports your number, they can download all the backups to their device, so they then have all the security measures.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is online now   Reply With Quote
Old 12-07-2020, 05:29 PM   #4
Recycles dryer sheets
 
Join Date: Jul 2018
Posts: 142
Quote:
Originally Posted by just_hatched View Post
Hi! I joined the forum in 2005 and last posted in 2008, wow.

-just_hatched
Where you been in JAIL.
Bruno is online now   Reply With Quote
Old 12-07-2020, 05:33 PM   #5
Recycles dryer sheets
just_hatched's Avatar
 
Join Date: Sep 2005
Posts: 94
Quote:
Originally Posted by Bruno View Post
Where you been in JAIL.
Close. I had 2 kids.
just_hatched is offline   Reply With Quote
Old 12-07-2020, 05:35 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,274
Quote:
Originally Posted by just_hatched View Post
Close. I had 2 kids.
And you kicked them out after 13 yrs
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is online now   Reply With Quote
Old 12-07-2020, 05:50 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RunningBum's Avatar
 
Join Date: Jun 2007
Posts: 10,875
Quote:
Originally Posted by Sunset View Post
When someone fraudulently ports your number, they get 2-factor codes allowing them to change your password, etc..
It's VERY scary as everyone's security depends upon a store clerk earning minimum wage only porting when proper.

I'm amazed with OP that they were not cleaned out in the 3 weeks it took to get the number back.

I wish all financial institutions would use some type of key fob/RSA device. I don't want the phone as the device, because if someone ports your number, they can download all the backups to their device, so they then have all the security measures.
Yeah, good point. First thing I'd do if my phone # got ported would be to remove it from all accounts, starting with financials. That would force it to go to email. Likewise, if email got hacked I'd switch it to another email account I have.
RunningBum is offline   Reply With Quote
Old 12-07-2020, 06:11 PM   #8
Moderator
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 8,000
wb!

I think in your shoes I'd get a new number. You can get them from google very easily, and map that to any accounts, and toss the compromised one.
Aerides is offline   Reply With Quote
Old 12-07-2020, 06:15 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 5,302
Based on a friend's advice, I have very strong passwords on my email accounts. Logic being that if someone has access to my email account they can impersonate me, get a 2F code, etc.

I lost my cell phone the other day, and the first thing I thought of was my Vanguard accounts. I emailed fraud@vanguard.com (that's the proper email, but get it from Vanguard's website not me) with my concern and they were very helpful. They replied within an hour that no fraud had taken place and told me how to proceed regarding accessing my account again.

I also changed my email passwords and the passwords to a few of my most important accounts. I also disconnected my Google account from my cell phone. A day later I got a replacement phone and SIM card and ported my cell number via chat with my cell carrier. Fortunately I think I'm in the clear.

I monitor almost all my accounts daily via Quicken, and I have email alerts turned on for my credit cards for a lot of different things. 2F authentication turned on where I can. I check statements monthly too, but a fast moving criminal would be problematic for monthly checks.

Although I do both, I tend to think fast detection and remediation is a better strategy than trying to completely prevent an attack. At least for me.

Some people suggest not using strange Internet connections (like Starbucks wifi), but if I don't worry about that as long as I see https.

Oh, and I don't go to weird places on the Internet and I'm mindful to make sure I never download executables or anything similar from places that are not 100% trustworthy. With some computer knowledge in my background, I think I have a better than average chance of knowing whether or not to click on a button on my browser screen.
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 12-07-2020, 06:32 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,274
Quote:
Originally Posted by SecondCor521 View Post
B...... A day later I got a replacement phone and SIM card and ported my cell number via chat with my cell carrier. Fortunately I think I'm in the clear.

.....
That is what is scary, that someone could chat with support and get a number ported without physically standing there with various ID to prove identity.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is online now   Reply With Quote
Old 12-07-2020, 06:34 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,274
While fast detection is important, it's hard sometimes to notice the phone is not getting calls or text anymore, which is a sign it's been ported.
Especially if I'm sleeping
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is online now   Reply With Quote
Old 12-07-2020, 06:52 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 5,302
Quote:
Originally Posted by Sunset View Post
That is what is scary, that someone could chat with support and get a number ported without physically standing there with various ID to prove identity.
Well, I did have to provide my passcode to my carrier before they would deal with me on my account. So there was some protection.
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 12-07-2020, 06:52 PM   #13
Recycles dryer sheets
lucky penny's Avatar
 
Join Date: Jan 2010
Location: NYC
Posts: 347
I've never heard of a phone number being "ported". From the comments I think I'm getting the drift of what it means but I'm not sure - can someone explain?
lucky penny is offline   Reply With Quote
Old 12-07-2020, 06:58 PM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 5,302
Quote:
Originally Posted by lucky penny View Post
I've never heard of a phone number being "ported". From the comments I think I'm getting the drift of what it means but I'm not sure - can someone explain?
The normal use for a port it's if you want to switch cell phone carriers - say, from AT&T to Sprint, or Sprint to T-Mobile. It used to be that if you switched carriers, you'd have to get a new phone number, which we decided was an impediment to switching and competition. So there was a law that got passed that said that cell phone carriers had to let you take your phone number with you. So if my Sprint phone number was (800) 555-1212, I could switch to T-Mobile and you could still call me at (800) 555-1212.

In my case, I stayed with the same carrier but switched the phone/SIM connected to my phone number from my lost phone/SIM to my replacement phone/SIM. So I'm using the term "port" sort of loosely.

Since a lot of 2FA codes are sent to a person's cell phone number, porting to a different phone could be helpful to a criminal.
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 12-07-2020, 07:19 PM   #15
Recycles dryer sheets
just_hatched's Avatar
 
Join Date: Sep 2005
Posts: 94
Quote:
Originally Posted by SecondCor521 View Post
Well, I did have to provide my passcode to my carrier before they would deal with me on my account. So there was some protection.
I already had a passcode with AT&T also, but when the number was ported to T-Mobile (within 48 hours), AT&T didn't tell me definitely whether the requester used the correct passcode or not. They were basically like "you must have given someone you know your passcode." But these were just frontline people because they won't connect you to any upper management to talk to. Otherwise I'd be like "play me the phone recording then."

Whoever the port requester was, AT&T and T-Mobile still haven't given me any definite details about how the port was accomplished. Did the person have the passcode? Did the person use a SSN instead? Over the phone? In-person at a store? How?
I did since change the passcode and online password on the AT&T account.
But that's why it took 3 weeks - nobody higher up at AT&T would come on the line and T-Mobile won't answer anything because I'm not their customer.
Even the local police said T-Mobile probably wouldn't tell them either.
AT&T kept saying they'd try to get the number ported back to me, but then they'd say "We need the T-Mobile account number."
(plug your ears for this part) I DON'T HAVE THE T-MOBILE ACCOUNT NUMBER!
just_hatched is offline   Reply With Quote
Old 12-07-2020, 08:50 PM   #16
Recycles dryer sheets
 
Join Date: Dec 2018
Posts: 135
This is a very very serious and scary problem. There is no real defense for it if you use 2FA. If someone ports your number itís going to be a lot of work to untangle it.

Iíve heard some horror stories like the OPs. Wish there was a better way. But as someone said, oftentimes itís an inside job by a min wage employee who is in on it or doesnít care qnd gives up your number.

Very scary stuff.
Retireby45ish is offline   Reply With Quote
Old 12-07-2020, 11:32 PM   #17
Recycles dryer sheets
lucky penny's Avatar
 
Join Date: Jan 2010
Location: NYC
Posts: 347
Quote:
Originally Posted by SecondCor521 View Post
The normal use for a port it's if you want to switch cell phone carriers - say, from AT&T to Sprint, or Sprint to T-Mobile. It used to be that if you switched carriers, you'd have to get a new phone number, which we decided was an impediment to switching and competition. So there was a law that got passed that said that cell phone carriers had to let you take your phone number with you. So if my Sprint phone number was (800) 555-1212, I could switch to T-Mobile and you could still call me at (800) 555-1212.

In my case, I stayed with the same carrier but switched the phone/SIM connected to my phone number from my lost phone/SIM to my replacement phone/SIM. So I'm using the term "port" sort of loosely.

Since a lot of 2FA codes are sent to a person's cell phone number, porting to a different phone could be helpful to a criminal.
Thank you
lucky penny is offline   Reply With Quote
Old 12-08-2020, 06:36 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 10,340
Quote:
Originally Posted by RunningBum View Post
Yeah, good point. First thing I'd do if my phone # got ported would be to remove it from all accounts, starting with financials. That would force it to go to email. Likewise, if email got hacked I'd switch it to another email account I have.
This might be difficult if you couldn't get in because you couldn't get the 2FA. I would immediately call my financial institutions and ask them to freeze my accounts while I sort out the problem.

Porting does seem to be a big vulnerability. Of course, the bad guys also need your passwords.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 12-08-2020, 07:12 AM   #19
Recycles dryer sheets
 
Join Date: Nov 2019
Location: Jersey City
Posts: 315
One way of protecting yourself from porting is to set additional PIN number/security question on the carrier website. With some carriers you can request for the porting to be executed at the physical store - where you have to show the ID before it happens.

Other things you can do: use password manager. I cannot stress how helpful, easy (after the initial setup) and important that is. You will never re-use the same password so any potential damage will be limited. I recommend bitWarden - open software, free (or you can pay $10/year for additional features; it goes towards development and maintenance) and very flexible.

Wherever possible use true 2FA, either physical (like YubiKey that you need to plug into your computer or phone) - that's if you're truly paranoid - or an app, like Authy (can be installed on 2 phones) or Google Authenticator. They generate random codes every 30 seconds and are much more secure than text messages. You can also use bitWarden for that.

Lastly, consider getting Google Voice number (free) and using that for 2FA wherever true 2FA is not available - ironically: big banks and financial institutions. GV may not always work since it's not a true mobile number - and banks don't like it - but because it's attached to your gmail it requires L/P and gmail can be secured with a true 2FA. One additional benefit of GV (besides it being free) is that it works everywhere in the world - convenient for expats. I'm using it with Chase, Schwab, Amex, PayPal and and a bunch of other services without issues.
tenant13 is offline   Reply With Quote
Old 12-08-2020, 08:11 AM   #20
Full time employment: Posting here.
 
Join Date: Jun 2012
Posts: 621
Tenant's advice is good, including GV being useful internationally where SMS isn't always reliable.

With SMS-based secondary authentication, besides fraudulently porting your number thieves with enough technical capability could potentially temporarily spoof (take over) your number on the PSTN long enough to reset your account. Also, SMS is not encrypted, so again with enough technical capability they could see your SMS text's code in transit to your real phone.

SMS for 2FA is better than none, but the least good of the 2FA options.
someguy is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Retiring in 7-8 Years But Have Been Big Spenders PandaBear Hi, I am... 30 09-14-2015 09:13 AM

» Quick Links

 
All times are GMT -6. The time now is 11:23 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2021, vBulletin Solutions, Inc.