The Investment Scientist

When a client wanted to move half a million dollars …

Posted on: June 5, 2017

Identity-Theft.gifOne day two years ago, I got an email from a client of mine. In a very concise manner, he told me he was in Singapore for a business deal and he needed to wire $500k from his investment account to a bank account in Singapore.

To raise the money, I would need to sell some of his highly appreciated investments. I didn’t want him to be surprised by capital gain taxes, so I replied with an explanation of the tax implications.

After that, I was ready to wire the money, so I sent him a short message: “You know our standard procedure, any time a client wants to move more than $10k, he needs to call me to tell me in his own voice.” I totally expected my phone would ring right away.

Instead, I got another email: “I am in Singapore, I don’t have a phone with me, take this email as my authorization to wire the money.”

That’s when my hair stood on end – Singapore is one of the most developed countries in the world.  What were the odds that he had access to a computer but not a phone? I called my client’s cell phone immediately. He picked up and I found out that he wasn’t in Singapore, and none of those emails were sent by him. His Yahoo mail account had been hacked!

Since that incident, I have become even more careful about protecting both my clients’ and my own identity information.

Here are ten things I do:

  1. Use two factor authentication for my own email and for all money-related account logins.
  2. Never send birthday and social security number in an email.
  3. Regularly check my credit reports for unknown accounts, names and addresses.
  4. Activate credit freeze with the three credit agencies so others can not request your credit information.
  5. Activate transaction alert for my credit cards. Every time there is a purchase more than $50, I will get a text or email.
  6. Use complicated and varied passwords for my logins. You won’t believe how many people use “12345” and “password” as their password.
  7. Use to manage my passwords.
  8. Review my health insurance bill for unfamiliar charges.
  9. Use a Chromebook instead of Window and Mac.
  10. Never click on a link in the email (unless I am using a Chromebook.)

What do you do to protect your identity?

1 Response to "When a client wanted to move half a million dollars …"

I never click on a link in an e-mail for any financial transaction, even in what I think of as my most secure (work) account. There’s no incentive for someone to hack a newsletter, but people want to beat Google, Citibank, Yahoo, Vanguard, etc. to get money.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Michael Zhuang is principal of MZ Capital, a fee-only independent advisory firm based in Washington, DC.


%d bloggers like this: