We're all bombarded with information. Nowhere is this more true than in our mailboxes, both real and virtual. After all, everyone who wants to get in touch with us has a phone number, social media account and a million other low-cost ways to get in touch. It seems like the only people who send mail anymore are the folks who want to sell us something.
If you treat your mail like most people, you skim through it on your way from the mailbox to the door, stuff it in a mail sorter and promise to deal with it later. Your inbox gets treated the same way. If it's something from someone you know, you read it, chuckle, and respond. If not, it's probably safe to ignore.
This is the kind of behavior that identity thieves are counting on. Petr Murmylyuk, a Russian immigrant living in New York, was convicted earlier this year of breaking into a number of online brokerage accounts like Scottrade, E*Trade Financial, Fidelity, and Charles Schwab, among others. His purpose was to initiate trades that moved the price of assets in a complicated combination of identity theft and security manipulation. He cost his victims more than a million dollars in losses, and he will likely only have to pay about $500,000 in restitution. He didn't get away with his fraud, but his victims still lost a lot of money.
Imagine if this happens to you. You keep your retirement fund in an online brokerage account. You regularly deposit a few hundred dollars a month and you don't want to withdraw the money any time soon. So you just log in every so often to make sure your auto payments are being made and check the balance. One day, you check the balance and discover tens of thousands of dollars are just gone.
If you're counting on your brokerage to reimburse you, you might be waiting a while. Scottrade, for example, "does not cover situations in which ... you failed to take reasonable precautions to protect your privacy." Fidelity, too, specifies the need to ensure that transactions were not made by someone you "allowed" to access your account. Other online brokerage firms have similar policies to protect their own interests over yours.
What can you do to stop it? You already know how to maintain security on your online accounts. Choose strong, complex passwords. Don't access sensitive websites from public computers. Don't click links in emails that look suspicious. This is all the same financial personal hygiene you probably already practice.
However, when it comes to online financial accounts, like brokerages and draft accounts, there's an extra step you need to take. You need to read your statements carefully. Here's how the process works:
Pick a day each month. Making it the same time each month will help you remember as well as help you establish a reliable control. You don't need much time, just 20 or 30 minutes. Take care of it while you're drinking your coffee in the morning.
Go through monthly statements and confirmations for all your accounts. Make sure you or your spouse recognize every transaction that's been made. Keep an eye out for the following kinds of transactions:
- Transactions originating in foreign countries or other distant places. Identity thieves will often try to throw you off the trail and avoid prosecution by committing their crimes in distant places.
- Small transactions. It's tempting to write off a dollar here or there, but thieves are frequently counting on that tolerance. They'll use a small transaction to test a stolen credit card or breached account. If they get away with that, they'll try bigger amounts.
- If you suspect something is wrong with your security, call the company and ask for a login history. This is a document that lists the dates, times, and locations of every access that's been made to your account. This should let you know if someone else has gained access. Obviously, if that's the case, you should change your passwords and let your financial institutions know immediately.
If you notice anything else that's amiss, call the financial institution immediately. The longer you wait, the more likely it is they'll conclude it was something you authorized. Even if it's off business hours, call immediately and leave a message. Starting the process as soon as possible creates a trail that will be useful in the event of a dispute about responsibility.