We have been asking clients to check their statements closely for years now. Unfortunately, fraud is on the uptrend, and the people targeting you are getting much better.
The big thing is to promptly check the withdrawals area on the first page with numbers on your monthly statement. This will tell you if any unauthorized withdrawals were made, just like you check your credit card bill.
If too much time goes by between the crime and noticing it, it might be an even bigger problem.
Thanks for taking a look, and if you want to brainstorm around fraud and your specific situation, please reach out to us.
-ISC Financial Advisors
Losing It All
OVER A PRODUCTIVE 30-year career that ended in 1950, Willie Sutton robbed as many as 100 banks for gains worth $40 million today—without ever firing a shot. That sort of bank robbery is rare now and, when it happens, customers don’t lose a dime, thanks to FDIC insurance.
Today, Sutton—the Babe Ruth of robbers—wouldn’t waste time knocking over banks. Trillions of dollars held in millions of internet-accessible retirement and brokerage accounts are much softer and more lucrative targets. He’d use a cyber-heist known as an account takeover. For that, our modern Willie Sutton would access your account with your weak and often reused password (the one in that massive leak) or by stealing your password when you click on links in his spear phishing outreach. In a typical takeover, Sutton would log into your account, link a bank account he controls to yours and then start transferring cash out. All while sipping espresso.
But that won’t happen to your online retirement accounts, right?
In a recent incident, elderly grandparents in Illinois had $40,000 wired out of their hijacked Fidelity Investments account. They discovered the theft long after the money had vanished by wire transfer into a bank account that the attacker had linked to theirs. The money was then transferred again and lost forever. It seems investors don’t need to dump their retirement savings into cryptocurrency or lottery tickets to lose it all. Instead, just sign up for online access to your investment accounts.
Was the couple reimbursed? At first, the answer was “no” because they reported the incident long after the deadline in their account agreement. On top of that, they hadn’t enabled certain security features that would have made it harder to change account contact information or to add additional linked bank accounts to their investment account.
Who bears the cost of these sorts of incidents is highly dependent on circumstances. There’s little consistency in cybercrime fraud policies across mutual fund and brokerage firms, and no industry-wide insurance system that pools risk and reimburses losses. Investment firms aren’t keen to bear the full burden of liability unless you’ve used certain security features on their site—many of which are off by default. This feels a bit like an automaker that sells cars with seat belts and airbags that are optional, and then accuses customers injured in car crashes of negligence.
Want to reduce the risk of loss? Here are five habits that’ll help protect you and your investment company:
-David Powell | July 5, 2021
Continued in the video below