The Investment Scientist

When a client wanted to move half a million dollars …

Posted on: June 5, 2017

Identity-Theft.gifOne day two years ago, I got an email from a client of mine. In a very concise manner, he told me he was in Singapore for a business deal and he needed to wire $500k from his investment account to a bank account in Singapore.

To raise the money, I would need to sell some of his highly appreciated investments. I didn’t want him to be surprised by capital gain taxes, so I replied with an explanation of the tax implications.

After that, I was ready to wire the money, so I sent him a short message: “You know our standard procedure, any time a client wants to move more than $10k, he needs to call me to tell me in his own voice.” I totally expected my phone would ring right away.

Instead, I got another email: “I am in Singapore, I don’t have a phone with me, take this email as my authorization to wire the money.”

That’s when my hair stood on end – Singapore is one of the most developed countries in the world.  What were the odds that he had access to a computer but not a phone? I called my client’s cell phone immediately. He picked up and I found out that he wasn’t in Singapore, and none of those emails were sent by him. His Yahoo mail account had been hacked!

Since that incident, I have become even more careful about protecting both my clients’ and my own identity information.

Here are ten things I do:

  1. Use two factor authentication for my own email and for all money-related account logins.
  2. Never send birthday and social security number in an email.
  3. Regularly check my credit reports for unknown accounts, names and addresses.
  4. Activate credit freeze with the three credit agencies so others can not request your credit information.
  5. Activate transaction alert for my credit cards. Every time there is a purchase more than $50, I will get a text or email.
  6. Use complicated and varied passwords for my logins. You won’t believe how many people use “12345” and “password” as their password.
  7. Use lastpass.com to manage my passwords.
  8. Review my health insurance bill for unfamiliar charges.
  9. Use a Chromebook instead of Window and Mac.
  10. Never click on a link in the email (unless I am using a Chromebook.)

What do you do to protect your identity?

1 Response to "When a client wanted to move half a million dollars …"

I never click on a link in an e-mail for any financial transaction, even in what I think of as my most secure (work) account. There’s no incentive for someone to hack a newsletter, but people want to beat Google, Citibank, Yahoo, Vanguard, etc. to get money.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Author

Michael Zhuang is principal of MZ Capital, a fee-only independent advisory firm based in Washington, DC. He is also a regular contributor to Morningstar Advisor and Physicians Practice. To explore a long-term wealth advisory relationship, schedule a discovery meeting (phone call) with him.



You may also get his monthly newsletter, or join his Facebook page for regular wealth management insights. Michael's email is info[at]mzcap.com.

Twitter: @mzhuang

Error: Please make sure the Twitter account is public.

%d bloggers like this: