Cybersecurity: An Alarming True Story and How to Protect Yourself

On the morning of January 12, 2022, I took a quick look at my checking account balance, as I do most days. Instead of seeing around $9,000 or $10,000 as I had expected, the balance staring back at me was $109.97. Huh?! There had to be some mistake.

I looked at recent transactions and saw $2,500 and $6,8000 withdrawals that morning. I called my credit union, and the representative said, “Yes, I see here that you made two cash withdrawals from our Lawrenceville, Georgia branch this morning.” I told him I lived in California and had never been to Lawrenceville, so he immediately transferred me to the fraud department, which helped me file a fraud report. 

Apparently, someone used a fake ID to enter the branch and withdraw $2,500 cash. They then saw the remaining balance on the withdrawal slip was $6,909.97, so they got back in line and withdrew an additional $6,800 in cash, leaving the balance at $109.97. 

Fortunately, my credit union put the missing funds back in my account before opening an investigation, and last month they concluded the investigation ruling in my favor. In the intervening months, I opened new checking and savings accounts and reestablished all of my ACH and electronic transfer links. Despite the low-tech nature of the crime, I reset my online access username and password, added a security layer by setting up a verbal phone password, and added alerts to my accounts so I’ll be immediately texted about any suspicious activity.

Cybersecurity Breaches are Everywhere

A recent Accenture study found cyberattacks cost the banking industry $18.3 million annually per company, but the onus is really on us to protect ourselves.

While my situation was frustrating and somewhat time-consuming, it was a walk in the park compared with the fraud that one of our longest-term client households experienced over the past several months. They agreed to allow me to write their story, but I’ll use the pseudonyms, William and Sandra, to protect their privacy. 

Sandra kept diligent records, and the spreadsheet below (with names, key details, and financial institution names also changed for privacy) will give you an overview of what happened. The details of each attempt are less important than understanding the relentless natures of the repeated fraud attempts (you can click on the graphic to open it in a new tab and click again to enlarge it).

I did reach out to two professionals I trust to help our clients but wish I had done so earlier. One of them was Linh Ho, the Founder of Fortress Networks, our IT consultant. The other was Jason Makevich, the Founder of Greenlight Information Services, which offers cyber protection and IT services. They provided a wealth of information and guidance. Fortunately, the cyberattacks have since stopped. It’s likely that the actions our clients took made the cyber thieves give up and move on to an easier target.

Just remember, you don’t want to be that easier target! In the hopes that this will be helpful to other clients, I’ve summarized their recommendations below.

How to Protect Yourself from Hackers and Identity Theft

The list below may seem overwhelming, but they’re all relatively easy to do if you take them one step at a time. These are things you should do if you suspect you’re a victim of identity theft, but you don’t have to wait until then because then it might be too late. Many of the items on this list are best practices that will help you avoid being an identity theft victim in the first place.

• First, change your usernames and passwords for all of your financial accounts. Sign up for two-factor authentication (2FA) with any institutions that offer it. That way, even if someone has your password, they won’t be able to log in unless they have a code that is texted to you or the authenticator app on your cell phone.

• Check your email accounts and look for any existing forwarding rules. If you’re unsure how to do this, you can do a Google search for “how to forward email in Yahoo (or Gmail or Outlook).” Then follow the directions for your specific email program to see if anyone has set up email forwarding.

• Check the login history on your email accounts. Google is another great source of information here as well. You can do a Google search on “how to check the login history in Yahoo (or Gmail or Outlook).”

• Next, turn on 2FA in your email program if that’s an option.

• Sign up for a password manager. Quite a few options are available, and PC Magazine has a great overview with recommendations in this article. These password managers allow you to manage all of your passwords in one place. You can create one strong, complex, long password and set up 2FA for extra security. I started using a password manager almost 10 years ago. Although it took some time and patience to set up, it saves me lots of time every day because I’m no longer wasting time trying to remember or look up passwords. It’s also much more secure than reusing passwords, writing them on a sticky note, or saving them in a file on your computer. Costs vary but are reasonable for the value you get. To give you an idea, the program I use only costs $36 per year.

• Report the identity theft on the Federal Trade Commission’s website at https://www.identitytheft.gov/#/. This website allows you to report what happened through an interactive question and answer process and creates a recovery plan for you based on your responses. You can also consider reporting the identity theft to your local police department. Each state has different rules, but under the law in California, where most of our clients live, you can report identity theft to your local police department.

• Consider using different/unique answers to password recovery questions when you set up different websites. For example, a lot of websites will ask you questions like “what was your first pet’s name” or “on what street did you grow up.” Giving different answers to those questions on different websites would make it harder for hackers to gain access to multiple sites. However, you’ll have to keep track of your answers. I keep the answers to those questions in the notes section of my password manager for each individual website.

• If you’re helping a loved one who’s had their identity stolen, make sure they are not secretly working with an “expert” that claims to be helping them with this. Unfortunately, many scammers and hackers impersonate experts to gain trust and access. They pass themselves off as an advocate when they successfully predict and accurately identify attacks that they’re secretly performing. In some cases, they convince their victims to tell no one, including family.

• Install internet kill switches on your home computers. A kill switch is a physical device you can buy on Amazon for around $25, and it plugs in between the router and the computer itself. After you’re done using your computer, you can push one button so nobody else can remotely access it.

• Freeze your credit. The three major credit bureaus, Equifax, Experian, and TransUnion, all allow you to freeze your credit for free. If your credit is frozen, nobody can open a credit card or take out a loan in your name without unfreezing your credit first. This protects you by presenting an extra barrier to would-be scammers. You can freeze and unfreeze your credit by writing a letter to the credit bureaus, but the easiest way is to do it online. Just do a Google search for “how to freeze (or unfreeze) credit with Equifax (or Experian or Transunion).”

• Ask your bank or credit union if you can add a phone codeword or personal identification number (PIN) to your account. That way, even if someone knows your Social Security Number and date of birth, the representative won’t talk to them unless they also know your verbal codeword or PIN.

• Finally, consider putting a lock on your physical mailbox or using a P.O. box. Identity theft doesn’t always occur through high-tech means. It’s possible that someone can steal your physical mail and gain enough information to steal your identity, so a lock can be a good defense.

We never found out specifically how William and Sandra’s identities were stolen, but our best guess is that it started when someone hacked into Sandra’s email account. After the dust settled, she found a Yahoo email alert from earlier this year that said:

“Your Yahoo account was used to sign in to a new third party application. If this wasn’t you, please use this link to revoke third party access to your account, and change your password.”

She completely disregarded the email when she first received it, but she clicked on the link when she was searching for clues and found the email last month. The link took her to a Recent Activity and Connected Devices page. That page showed multiple logins at all hours of the day and night from someone in Pasadena. Since Sandra lives in Orange County, it appears that was the root of the problem.

She removed their access and changed her password again, and no incidents have happened since. Fortunately, all of William and Sandra’s cash and fees were reimbursed, but it cost them countless hours of stress and frustration getting to that point.

Ways to Put More Money in Your Pocket as Interest Rates Rise

I wrote about this topic in our quarterly report cover letter last month, but I’ll include a slightly modified version here to get this information out to a wider audience.

One of our great long-time clients called me recently to ask about strategies to earn more money on his cash sitting in the bank. It was a timely call with the Federal Reserve raising interest rates while his bank pays him 0.05% interest on his savings. There are a lot of cash management options that weren’t viable even six months ago, so I’ll briefly outline some of the strategies we discussed below:

• Online Banks – Ally Bank, Capital One 360, and similar online banks currently pay rates around 1.60%. That’s a great rate in today’s environment for a fully liquid account with no fees, but you’d need to be comfortable using an online bank with no physical branches. Still, these deposits are FDIC insured and pay significantly higher rates than traditional banks.

• Money Market – The rates for Fidelity money market accounts have increased significantly in recent months and are currently paying upwards of 1.7%. With the fed expected to raise rates by another 0.50% at next month’s meeting, Fidelity money market rates will likely approach 2.5% by the end of the third quarter.

• 1-year Treasury Bills – The yield on these government bills has increased from around 0.07% last August to about 3.1% currently, one of the fastest increases on record. These bills are guaranteed by the US Government and are among the safest investments available. Someone with $400,000 sitting in the bank at 0.05% interest could earn approximately $12,000 more over the next year by switching to these bills at the current rates.

• Series I Savings Bonds – Finally, I bonds can be a good option, although there are several caveats. I bonds currently pay 9.62%, the highest guaranteed rate of any government bonds and the highest rate since being introduced in 1998. So what’s the catch? This rate is variable and resets every six months, so it could go down on the next reset this fall if inflation subsides. In addition, the only way to buy these bonds is through the cumbersome treasurydirect.gov website. You’re also limited to purchasing $10,000 per year, although couples and owners of trusts can double or triple that amount. Finally, you must keep these bonds for at least one year, and you would lose three months of interest if you cash them before five years. Despite the drawbacks, rates this high make them something to consider.

Last month’s inflation report announced annual inflation of 9.1%, the highest in nearly 41 years, so the above strategies could be important in minimizing the effects of inflation.

My interview on SiriusXM Radio

Last month I was interviewed by Wharton professor Kent Smetters, who is also the former Deputy Assistant Secretary of the U.S. Department of the Treasury, on his show, Your Money. We discussed a range of financial planning topics and my book Spiraling Up: Discover Financial Serenity, Make Work Optional, and Live Happily in Retirement.

The program was originally aired on SiriusXM Channel 132, Business Radio Powered by The Wharton School.

If you’d like to listen to the interview, you can click on the play button below:

Summer is Almost Over

It’s hard to believe that summer vacation is almost over and that my daughter Audrey is starting 10th grade and my son Conrad is starting 8th grade next week. We had a wonderful summer with Audrey going to surf camp and Conrad at a horse camp. We also had a family vacation in Hawaii, including grandparents, aunts, uncles, and cousins, 11 of us in all. Below are a few of my favorite pictures from the summer.

In Closing

This year has been a challenging market environment, and we understand you may have questions or concerns. Please know that we’re here to answer all of them, so don’t hesitate to reach out to us, whether it be via phone call or email.

In the meantime, Bob Kargenian and I will continue to follow our investment discipline to weather the current market storm. After the stock market bottomed in mid-June and began rising again, some of our investment models started to turn positive, and we sold our short-term bond positions on July 25 to invest in higher-risk/higher-reward high yield bond funds. We also increased our stock market exposure from our 20% floor to about 40% on August 1, and further increased it to around 55% today, August 8. Time will tell whether this is a temporary market rise or the start of a sustained new uptrend. Either way, we are prepared to act accordingly. Bob will be writing about our market positioning and outlook in greater detail in next month’s newsletter.

Thank you, as always, for your continued trust and confidence in all of us here at TABR Capital Management.

Sincerely,

Steven W. Medland, MBA, CFP^®

Partner

TABR Capital Management, LLC (“TABR”) is an SEC registered investment advisor with its principal place of business in the state of California.  TABR and its representatives are in compliance with the current notice filing and registration requirements imposed upon registered investment advisors by those states in which TABR maintains clients.  TABR may only transact business in those states in which it is notice filed, or qualifies for an exemption or exclusion from notice filing requirements.

This newsletter is limited to the dissemination of general information pertaining to our investment advisory/management services.  Any subsequent, direct communication by TABR with a prospective client shall be conducted by a representative that is either registered or qualifies for an exemption or exclusion from registration in the state where the prospective client resides.  For information pertaining to the registration status of TABR, please contact TABR or refer to the Investment Advisor Disclosure web site (www.adviserinfo.sec.gov).

The TABR Model Portfolios are allocated in a range of investments according to TABR’s proprietary investment strategies. TABR’s proprietary investment strategies are allocated amongst individual stocks, bonds, mutual funds, ETFs and other instruments with a view towards income and/or capital appreciation depending on the specific allocation employed by each Model Portfolio. TABR tracks the performance of each Model Portfolio in an actual account that is charged TABR’s investment management fees in the exact manner as would an actual client account. Therefore the performance shown is net of TABR’s investment management fees, and also reflect the deduction of transaction and custodial charges, if any.

Comparison of the TABR Model Portfolios to the Vanguard Total Stock Index Fund, the Vanguard Total International Stock Fund, the Vanguard Total Bond Index Fund and the S&P 500 Index is for illustrative purposes only and the volatility of the indices used for comparison may be materially different from the volatility of the TABR Model Portfolios due to varying degrees of diversification and/or other factors.

Past performance of the TABR Model Portfolios may not be indicative of future results and the performance of a specific individual client account may vary substantially from the composite results above in part because client accounts may be allocated among several portfolios. Different types of investments involve varying degrees of risk, and there can be no assurance that any specific investment will be profitable

For additional information about TABR, including fees and services, send for our disclosure statement as set forth on Form ADV from us using the contact information herein.  Please read the disclosure statement carefully before you invest or send money.

A list of all recommendations made by TABR within the immediately preceding one year is available upon request at no charge. The sample client experiences described herein are included for illustrative purposes and there can be no assurance that TABR will be able to achieve similar results in comparable situations. No portion of this writing is to be interpreted as a testimonial or endorsement of TABR’s investment advisory services and it is not known whether the clients referenced approve of TABR or its services.