Attempted Hack on my Vanguard Accounts

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
boater07
Posts: 788
Joined: Sun Apr 15, 2007 7:44 pm
Location: Northwest

Attempted Hack on my Vanguard Accounts

Post by boater07 »

In addition to my Quicken download issues that Vanguard admits to their server problem,
someone is attempting to get into my accounts. I have "not" tried signing in for at least
a week yet account is blocked again this weekend.
Is it enough to simply give the info and assign a new password? Or is there more I can do
to protect myself like a new user name?
By the way, I did report the issue to V.
User avatar
JamesSFO
Posts: 3404
Joined: Thu Apr 26, 2012 10:16 pm

Re: Attempted Hack on my Vanguard Accounts

Post by JamesSFO »

I believe you can configure your account to only allow signon from a particular computer.
User avatar
midareff
Posts: 7711
Joined: Mon Nov 29, 2010 9:43 am
Location: Biscayne Bay, South Florida

Re: Attempted Hack on my Vanguard Accounts

Post by midareff »

I'd make sure my password was as complex as they allow with numbers, caps and symbols if permitted.
User avatar
midareff
Posts: 7711
Joined: Mon Nov 29, 2010 9:43 am
Location: Biscayne Bay, South Florida

Re: Attempted Hack on my Vanguard Accounts

Post by midareff »

JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
May/June 2012 I was assured I would not be able to access my accounts from out of the country. Logged in from Thailand on my g/f's (now wife) computer without issue.
Swampy
Posts: 804
Joined: Fri Aug 31, 2012 7:16 am
Location: Paradise

Re: Attempted Hack on my Vanguard Accounts

Post by Swampy »

My wife's email was hacked into last year. It took three months to get most of the headaches cleared up.

This morning I received a phone call from a man claiming to be from Microsoft asking for me by name. He had a very thick Indian or Pakistani accent, He went on to state that my computer has been hacked by keystroker theft and he 'needed' to 'walk me through fixing the problem.' He asked if I was sitting at the computer - I wasn't. He asked if I could get to the computer - I couldn't. He stated he would call back. I stopped him and asked for his call back number, which I wrote down and googled. It's a hacker's scam.

The number is 315-633-4050. DO NOT CALL THEM OR GIVE THEM ANY INFO. My caller ID indicated the call came from
a nonsense number 58-974-5625

It's a brazen attempt by these shmucks to get you to unwittingly hack yourself and give them your sensitive data.
Last edited by Swampy on Tue Oct 22, 2013 11:18 am, edited 1 time in total.
If I have seen further, it was by standing on the shoulders of giants.
User avatar
JamesSFO
Posts: 3404
Joined: Thu Apr 26, 2012 10:16 pm

Re: Attempted Hack on my Vanguard Accounts

Post by JamesSFO »

JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
gulliver
Posts: 94
Joined: Wed Aug 05, 2009 12:54 pm

Re: Attempted Hack on my Vanguard Accounts

Post by gulliver »

deleted
Last edited by gulliver on Tue Jan 14, 2014 9:40 pm, edited 1 time in total.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Attempted Hack on my Vanguard Accounts

Post by bertilak »

gulliver wrote:Make sure that your user name is sufficiently unusual. Often the problem is caused by some other Vanguard member accidentally keying yours.
When I signed up for VG I gave them an ID I wanted to use but it turned out someone else already had it so I picked another ID out of the air. It took me a while to stop using my preferred ID by mistake. I probably locked out the poor VG customer several times!

If that's you, sorry! :oops:

I am past that now, I hope. But wait 'till senility sets in then watch out!
Last edited by bertilak on Tue Oct 22, 2013 12:09 pm, edited 1 time in total.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
User avatar
abuss368
Posts: 27850
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
Contact:

Re: Attempted Hack on my Vanguard Accounts

Post by abuss368 »

You can also call client services and add an "enhanced password" that you would have to provide each time you call. This would at least help from a telephone standpoint.
John C. Bogle: “Simplicity is the master key to financial success."
Jeff7
Posts: 329
Joined: Sat Nov 24, 2012 1:30 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Jeff7 »

Swampy wrote:My wife's email was hacked into last year. It took three months to get most of the headaches cleared up.

This morning I received a phone call from a man claiming to be from Microsoft asking for me by name. He had a very thick Indian or Pakistani accent, He went on to state that my computer has been hacked by keystroker theft and he 'needed' to 'walk me through fixing the problem.' He asked if I was sitting at the computer - I wasn't. He asked if I could get to the computer - I couldn't. He stated he would call back. I stopped him and asked for his call back number, which I wrote down and googled. It's a hacker's scam.

The number is 315-633-4050. DO NOT CALL THEM OR GIVE THEM ANY INFO. My caller ID indicated the call came from
a nonsense number 58-974-5625

It's a brazen attempt by these shmucks to get you to unwittingly hack yourself and give them your sensitive data.
Yes, this is a classic scam.
Just as Microsoft doesn't do anything "if you forward this e-mail to 20 people by such-and-such date," they aren't monitoring your computer for problems, and they won't call you.

These people will likely tell you to install TeamViewer, or otherwise enable remote access - giving them direct control over your PC. They might just take data outright, or as soon as they get in, you'll start getting all kinds of wacky problems, at which point I'm sure they'll ask for your credit card info.



If someone calls or e-mails you and wants any kind of personal information, payment information, or asks you to do something to your computer, they're probably up to no good.
If you get an e-mail talking about some account needing attention (Your Visa bill is late! Click here now to avoid penalties!), do not click the link. If you want to be sure of it, go to your Internet browser, type in the correct address manually, and go to the billing site that way. You'll probably find nothing wrong.
User avatar
AAA
Posts: 1885
Joined: Sat Jan 12, 2008 7:56 am

Re: Attempted Hack on my Vanguard Accounts

Post by AAA »

JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
I routinely clear the cache and history from my browser, especially after entering personal information on a web site. Does that make it an "unrecognized computer" or is some other feature of the computer used for recognition?
User avatar
JamesSFO
Posts: 3404
Joined: Thu Apr 26, 2012 10:16 pm

Re: Attempted Hack on my Vanguard Accounts

Post by JamesSFO »

AAA wrote:
JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
I routinely clear the cache and history from my browser, especially after entering personal information on a web site. Does that make it an "unrecognized computer" or is some other feature of the computer used for recognition?
No clue, I don't use this feature, perhaps call Vanguard.
Dan999
Posts: 412
Joined: Mon May 24, 2010 1:23 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Dan999 »

Previous poster said:
"My wife's email was hacked into last year. It took three months to get most of the headaches cleared up."

My granddaughter got an email from my Verizon email promoting a weight loss product. No one else appears to have gotten this email. This alarmed me so:

I added an alias email at Verizon and an using that now. They would not cancel my old email address since it was in the computer as their contact email.

I notified everyone in my contact list about the potential problem.
I change my Amazon login, and password.
Canceled the credit card used in Amazon and other on line uses.
Changed email name on my on line accounts. Notified regular senders of the change,

Notified Vanguard about the email change. I do not have an online Vanguard account. I used to, but someone tried to login and it was locked, so I bailed on the online account. I have telephone password when I call Vanguard. Vanguard already has a certified letter revoking redemption privileges in my IRA account until further notice.
Also had a note added to my file that I do not anticipate any withdrawals from my IRA for a few years.

Placed a credit fraud alert on 3 credit agencies, and later a credit freeze or lockout with 3 agencies.

I think I over reacted, but did everything I could think of.

Any other advice or comments?

Thanks

Dan
Dan999
lostInFinance
Posts: 218
Joined: Sun Mar 03, 2013 2:57 pm

Re: Attempted Hack on my Vanguard Accounts

Post by lostInFinance »

It's possible no one was trying to hack your account unless you have an unusual user name. If Vanguard has 12 John Smiths, one of them could forget whether his user name was johnsmith7 or johnsmith8.
Jfet
Posts: 1081
Joined: Tue Dec 21, 2010 6:20 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Jfet »

This panics me that someone could hack into one of our brokerage accounts and execute some weird trade, like buying 400,000 shares of Etoys or something at the ask. How could you prove you didn't do the trade?
User avatar
Boglenaut
Posts: 3509
Joined: Mon Mar 23, 2009 7:41 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Boglenaut »

Most likely just someone with a user name like yours, as someone mentioned above.

I had an e-mail like MyFirstName@MyCableCompnayName.Com.

Every two weeks someone would lock me out of my account trying to change what they thought was their e-mail password. Or someone in Michigan would use it to set up a iTunes account and I'd see all of their personal info.
User avatar
telemark
Posts: 3389
Joined: Sat Aug 11, 2012 6:35 am

Re: Attempted Hack on my Vanguard Accounts

Post by telemark »

Dan999 wrote:My granddaughter got an email from my Verizon email promoting a weight loss product. No one else appears to have gotten this email. This alarmed me so:
This doesn't necessarily mean your email was hacked; return addresses are easy to forge and spammers like to do that. I occasionally get bounce messages from spam sent using my email address. Nothing I can do about it.

Did you overreact? Perhaps, but better safe than sorry.
User avatar
Doc
Posts: 10607
Joined: Sat Feb 24, 2007 12:10 pm
Location: Two left turns from Larry

Re: Attempted Hack on my Vanguard Accounts

Post by Doc »

In addition to my Quicken download issues that Vanguard admits to their server problem,
someone is attempting to get into my accounts. I have "not" tried signing in for at least
a week yet account is blocked again this weekend.
It's probably not a hack. It may be your attempts through Quicken that don't go through that is causing the problem. Vanguard may think they are hacks and blocks the account.
A scientist looks for THE answer to a problem, an engineer looks for AN answer and lawyers ONLY have opinions. Investing is not a science.
User avatar
widestance
Posts: 143
Joined: Fri Jun 07, 2013 5:37 pm

Re: Attempted Hack on my Vanguard Accounts

Post by widestance »

Are you sure you don't have Quicken setup to automatically login and download recent transactions?
If it has bad login info, it could be responsible to locking out your account.
Everybody's got a plan until they get punched in the face - Mike Tyson
Topic Author
boater07
Posts: 788
Joined: Sun Apr 15, 2007 7:44 pm
Location: Northwest

Re: Attempted Hack on my Vanguard Accounts

Post by boater07 »

Initially with the Quicken problem, I did get blocked a couple of times due to the download requests.
However,I do not get anything automatically downloaded. Waiting for Van to give me the ok for future downloads.
After talking to V today, we decided nothing to be gained with new user name if it is an unusual ID. Started new
password and only enabled access to my computer as suggested above.
I'll keep my fingers crossed.
Quickfoot
Posts: 1166
Joined: Fri Jan 11, 2013 12:03 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Quickfoot »

Entirely possible some software you were running or trying to run keeps locking you out. If you weren't having lockout problems until you tried to integrate the software that's probably the problem. Use a complex, non significant password and enable all available security options on your account.
User avatar
frugaltype
Posts: 1952
Joined: Wed Apr 24, 2013 9:07 am

Re: Attempted Hack on my Vanguard Accounts

Post by frugaltype »

telemark wrote:
Dan999 wrote:My granddaughter got an email from my Verizon email promoting a weight loss product. No one else appears to have gotten this email. This alarmed me so:
This doesn't necessarily mean your email was hacked; return addresses are easy to forge and spammers like to do that. I occasionally get bounce messages from spam sent using my email address. Nothing I can do about it.

Did you overreact? Perhaps, but better safe than sorry.
+1 Also, if you look at the full header of the email your granddaughter received, you may find that the return address is not yours.
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: Attempted Hack on my Vanguard Accounts

Post by rkhusky »

AAA wrote: I routinely clear the cache and history from my browser, especially after entering personal information on a web site. Does that make it an "unrecognized computer" or is some other feature of the computer used for recognition?
On my system, Vanguard (and my bank too) uses a flash cookie to indicate that it is a trusted computer. If it doesn't recognize the system, you have to answer security questions. I have a flash control panel where I can see which flash cookies are on the system and delete ones that I don't recognize. I have it set that it asks me before storing any information in a new flash cookie. If the flash cookie gets corrupted and you are constantly asked to answer the security questions, deleting the flash cookie restores the functionality.

I also only allow javascript for sites that I trust and clear cookies, cache and browser history on quitting.
imperialyoyo
Posts: 28
Joined: Fri May 10, 2013 11:31 am

Re: Attempted Hack on my Vanguard Accounts

Post by imperialyoyo »

I have had the same problem crop up in the past month. Locked out of my vanguard account over 5 times now. I cannot tell who or what is locking it out, as access logs are not available for my perusal. I have to commend google on their security settings, both recent activity and 2 stage security would be nice to have for all financial institutions.

Vanguard's suggestion to me is to change the account username.
User avatar
Higman
Posts: 229
Joined: Wed Aug 20, 2008 7:51 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Higman »

Rkhusky – thanks for the tip on flash cookies. I didn’t know anything about their existence. And yes, I see vanguard.com in the list of local shared objects. I would recommend everyone check their systems. I do routinely run Ccleaner and it defaults to cleaning Adobe flash player file. However I did not realize the significance of the cleaning nor the fact that companies were skipping HTTP cookies in favor of flash cookies. Here is a link that gives a live look at the flash cookies.

http://www.macromedia.com/support/docum ... ger07.html
aquifer
Posts: 334
Joined: Sat Oct 20, 2012 9:01 am

Re: Attempted Hack on my Vanguard Accounts

Post by aquifer »

This happened to me also. Change your username to something more complicated. Then they can't keep locking up your account by guessing a bunch of passwords. If they can't guess your username they can't lock up he account with failed attempts.
Jim180
Posts: 479
Joined: Wed Jun 26, 2013 9:47 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Jim180 »

abuss368 wrote:You can also call client services and add an "enhanced password" that you would have to provide each time you call. This would at least help from a telephone standpoint.
Rather than call I wish Vanguard could send us a Security Token like Schwab. Everytime you login you enter the random number on your token along with your password. Of course creating tokens for everyone is an added cost for Vanguard, but it would make many feel safer.
User avatar
Majormajor78
Posts: 910
Joined: Mon Jan 31, 2011 8:13 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Majormajor78 »

I hate to admit it but I accidentally block somebodies Vanguard account at least once or twice a year. Somebody has the same username as I have on one of my TD Ameritrade accounts so I'll plug in my username and password on autopilot and then oops! :oops:

My bad. Sorry.
"Oh, M. le Comte, it is only a loss of money which I have sustained... nothing worth mentioning, I assure you."
sunnyday
Posts: 1679
Joined: Sat Jul 16, 2011 8:48 am

Re: Attempted Hack on my Vanguard Accounts

Post by sunnyday »

JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
If you delete your cookies or clear your cache with this setting, I believe your computer will become unrecognizable. Then you'll need to call Vanguard. That seems less than ideal but could work for some
Dan999
Posts: 412
Joined: Mon May 24, 2010 1:23 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Dan999 »

I have used the token system with a Wells Fargo business account. This would be great if Vanguard would do this.
I would even pay a surcharge for this feature. I would go back to using an online account.

Hey Vanguard, are you listening?

Dan
Dan999
rkhusky
Posts: 17763
Joined: Thu Aug 18, 2011 8:09 pm

Re: Attempted Hack on my Vanguard Accounts

Post by rkhusky »

sunnyday wrote:
JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
If you delete your cookies or clear your cache with this setting, I believe your computer will become unrecognizable. Then you'll need to call Vanguard. That seems less than ideal but could work for some
You don't just have to answer a security question? I'll have to look into it.
kdub2008
Posts: 22
Joined: Wed Jul 10, 2013 9:05 pm

Re: Attempted Hack on my Vanguard Accounts

Post by kdub2008 »

rkhusky wrote:
sunnyday wrote:
JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
If you delete your cookies or clear your cache with this setting, I believe your computer will become unrecognizable. Then you'll need to call Vanguard. That seems less than ideal but could work for some
You don't just have to answer a security question? I'll have to look into it.
I can second this. If you change your settings to "Restrict unrecognized computers from accessing my accounts" and you delete your cookies and cache...it WILL become an unrecognized computer. I've dealt with this first hand multiple times...
User avatar
Phineas J. Whoopee
Posts: 9675
Joined: Sun Dec 18, 2011 5:18 pm

Re: Attempted Hack on my Vanguard Accounts

Post by Phineas J. Whoopee »

I've concluded my user name, rather than my account, at a reasonably secure site was attacked.

I tried to log in one week on my ordinary schedule, and it told me to contact customer service. Somebody had tried my user name from an untrusted computer and failed to answer the security questions correctly. The CSR unlocked the account and I logged in.

The next week, as usual, I tried and the same thing happened. I contacted customer service, and somebody had attempted again, but failed to answer security questions. He unlocked the account and I logged in.

Out of curiosity I tried the very next day and again was locked out. This time the CSR suggested I change my username, because somebody was "obviously confused" about their own. She enabled it, and I did it.

Again out of curiosity, a few days later, I tried my old user name. It existed and with different security questions.

That's why I've concluded somebody really wanted my user name. Fortunately, I don't care, so they can have it. But I'd not thought before about even the possibility of that sort of a denial-of-service attack.

PJW
JerseyKC
Posts: 34
Joined: Sun Jul 12, 2009 5:53 pm

Re: Attempted Hack on my Vanguard Accounts

Post by JerseyKC »

AAA wrote:
JamesSFO wrote:
JamesSFO wrote:I believe you can configure your account to only allow signon from a particular computer.
Under Account Maintenance > Security > Computer access restrictions

Then pick "Restrict unrecognized computers from accessing my accounts." and save.
I routinely clear the cache and history from my browser, especially after entering personal information on a web site. Does that make it an "unrecognized computer" or is some other feature of the computer used for recognition?
Yes, I have Firefox set up to clear cache when I exit the browser. We are asked a security question each time we log into the Vanguard site.
Post Reply