I have filed complaints with the Better Business Bureau, the FTC, CFPB, FINRA, and also the state Attorney General of Texas. I was at a doctors appointment when I started seeing these emails and I tried to reach out to them by looking for a phone number. Guess what they have none so you are left with contacting them via email or text, which is what I did this is what I did all day by the time I changed my password all the transactions have taken place The biggest one was when they moved $13,300 from my savings to a brokerage account. I did everything I knew was possible.
If you look at the email they sent me, they are basically saying they are not responsible and they’re not gonna do anything to help me recoup my money.
My immediate concern would be figuring out what happened. What network were you using? What device? Other accounts may be in peril, especially if there is a key logger installed.
Yeah, those are all very good points. I recently added a link and I thought it was almost too easy even though I had to unlock the account, provide account and routing #’s, confirm name on account, and enter 2FA code. Then I got notifications of changes and account activity.
I think a lot of financial companies are too lax about these things and should have better security. They should at least offer options. I like Fidelity's Money Transfer Lockdown, though I'm not sure that covers this exact situation.
I looked at that second link (Internet Crime Complaint Center) and they pointed out one way a person's login could be compromised: a fake copy of the financial institution's homepage and login site. They cautioned against finding the website through an internet search, you should always either use a bookmark or type it in from scratch. A fake site like that can defeat 2FA by feeding your user ID, password, and 2FA code through to the real site but then interact with the site on their own once in.
I found these ^ - government websites. I would start by report it to as many government entities as possible from local, to state, to federal. Collect reports, and then follow-up with e-mails and letters (regular & CMRRR) with copies of the reports and demands for reimbursement.
I would also do further research regarding your reporting requirements and rights so as to cover as many basis as possible.
I guess they are accepting OP's explanation, right? I looked at the Public.com website. It doesn't say that 2FA is required (but maybe it is) and the only version of 2FA mentioned is sms. I would have thought that the $13,000 transfer to a brokerage account could be clawed back. I hope OP is able to recover the funds.
Right. I looked at the Public,com website and they had a section on security but 2FA was not cited so I thought they did not offer it. They actually do offer it but they could probably promote it better. I had a peeve with their advertising a "fixed bond account" with a locked rate. It was targeted to new investors. I thought it was false advertising to promote it as being "locked rate product". It's just a bond ladder so the rate is only "locked" until the first maturity but a newbie could be fooled.
It's all very scary.
That seems sketchy. I have added a link to one place where they mention 2FA below. I'm not saying that this applies to OP but if a company recommends 2 factor and a strong password are they resposible if the user didn't implement?
After learning of it, I locked my Fidelity account as well. However, it can be easily turned off - all you need to do is log in. For a hacker to transfer money, they'd be logged in right? So I'm not sure what a lock like this accomplishes?
That page is a bit misleading. They title it "How do I keep my account secure?" but much of it is how THEY keep your account secure. Apparently, SPIC protection doesn't cover this, so that is only for internal type fraud. This is all a bit upsetting.
Use a OTP app for 2FA. Don't rely on texts or email.
Since the fraudulent transactions were from your high-yield savings account as I understand it, I would suggest that you contact New York State Department of Financial Services (DFS). Their consumer hotline is (800) 342-3736.
2FA is required to make changes to MTL and then I get a push notification of the change. MTL is not available for 401k plans at Fido. It blocks internal transfers between a client’s accounts for some reason I do not understand. I guess it’s possible to be exposed if you left one account unlocked. MTL does not block direct debits which troubles me. MTL is an added layer to the normal verification steps to enable a transfer.
Fidelity's Money Transfer Lockdown is special-purpose. You know how, if you want to open a brokerage account at (say) Schwab using assets transferred from Fidelity, you only have to contact Schwab and then Schwab takes care of everything? Apparently there are crooks who can fool Schwab (or any brokerage firm) that they are you, then once the new account has the assets they withdraw the funds. So the lockdown communicates that you did not authorize any other brokerages to take assets from your Fidelity account.
Yes, but if the hacker got into your email, they can intercept that 2FA (if dome by email).
I think that the only direct debits allowed are ones that existed prior to you setting the lock. So a @engineernerd says above, it could stop a 'pull' like another brokerage does under your direction, if a hacker was able to impersonate you.
