Retirement Account Stolen by Identity theft

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
csm
Posts: 619
Joined: Sun Mar 27, 2016 7:52 am

Re: Retirement Account Stolen by Identity theft

Post by csm »

OP, thanks so much for posting this frightening story so we are all aware of what can happen.

One other step you may wish to take going forward is to set up a CreditKarma account for your father, using your own email address, and monitor it frequently.

When my mother passed away a few years ago, this was one of the pieces of advice for how we could identify all of her accounts, credit cards and/or loans and also keep an eye out to be sure her information was not used for identity theft.

Best of luck in getting this sorted out for your father.
MikeG62
Posts: 5065
Joined: Tue Nov 15, 2016 2:20 pm
Location: New Jersey

Re: Retirement Account Stolen by Identity theft

Post by MikeG62 »

learning_head wrote: Thu Oct 05, 2017 8:49 pm...I would suggest contacting all current financial institutions with your dad's accounts and explaining the situation and seeing what they can do to flag his account requiring extra steps for any money withdraws. Make sure to take down employee name and identifying information and let them know you are recording this for your records, in case funds start disappearing from their institution.
This is good advice.

If someone has your Dad’s personal information they may well use it elsewhere. Close down all those exposures asap.
Real Knowledge Comes Only From Experience
ROIGuy
Posts: 2452
Joined: Sun May 08, 2016 10:10 am

Re: Retirement Account Stolen by Identity theft

Post by ROIGuy »

Just to reiterate what somebody said before do not call the number that the company of the IRA gave you or use their link if it was an email
go directly to the company's website and access the IRA account through your own computer link to verify this. This could be a scam.
Call_Me_Op
Posts: 9881
Joined: Mon Sep 07, 2009 2:57 pm
Location: Milky Way

Re: Retirement Account Stolen by Identity theft

Post by Call_Me_Op »

This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians even though Vanguard's security seems solid.

Brak, please keep us informed.
Best regards, -Op | | "In the middle of difficulty lies opportunity." Einstein
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: Retirement Account Stolen by Identity theft

Post by ResearchMed »

Call_Me_Op wrote: Fri Oct 06, 2017 8:21 am This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians.
Bingo.

We use Fidelity, Vanguard, and TIAA for 403b accounts; Vanguard and Schwab for IRA's.
Local bank and credit union for everyday "cash" accounts.

But we figured it would "help" in case one of their computer systems had a long outage or their system got hacked, until they could recover.
Sure, we were aware of a possible problem like OP described, but it seemed "unlikely". Ha!

RM
This signature is a placebo. You are in the control group.
Exterous
Posts: 300
Joined: Mon Feb 20, 2012 12:34 pm

Re: Retirement Account Stolen by Identity theft

Post by Exterous »

OP - I hope things work out well for your father and thanks for posting this thread. Its certainly an unfortunate situation but there is a lot of good information in here to help keep others safe.

On a side note I can't help but think this is a potential benefit to a local AUM adviser. My mom continues to use the same one my father and her used for decades and there is no way he would have gone through with this. As a Fidelity customer I have no such luxury (but also have no plans on changing). Would probably make for good marketing material
ji.isaacs
Posts: 103
Joined: Sat May 24, 2014 3:19 pm

Re: Retirement Account Stolen by Identity theft

Post by ji.isaacs »

csm wrote: Fri Oct 06, 2017 6:40 am OP, thanks so much for posting this frightening story so we are all aware of what can happen.

One other step you may wish to take going forward is to set up a CreditKarma account for your father, using your own email address, and monitor it frequently.

When my mother passed away a few years ago, this was one of the pieces of advice for how we could identify all of her accounts, credit cards and/or loans and also keep an eye out to be sure her information was not used for identity theft.

Best of luck in getting this sorted out for your father.
When my spouse passed I was advised to send a certified copy of the death certificate to one of the credit bureaus (who would automatically notify the other two). I received written confirmation and a notation of death on the credit report to prevent identity theft. I also notified Credit Karma for the same purpose and they closed access to the account.

My reason for wanting to have the death notice officially noted was due to a letter I received from the hospital a month or so after telling me my spouses information was exposed due to unauthorized access to the electronic record.
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: Retirement Account Stolen by Identity theft

Post by TravelGeek »

So "Know your customer" failed in the case of the bank account opened with false information?
User avatar
prudent
Moderator
Posts: 9085
Joined: Fri May 20, 2011 2:50 pm

Re: Retirement Account Stolen by Identity theft

Post by prudent »

TravelGeek wrote: Fri Oct 06, 2017 11:14 am So "Know your customer" failed in the case of the bank account opened with false information?
It would certainly seem that way, but maybe the bank employee can avoid problems by saying something as simple as "they had a driver's license, it looked genuine to me."

I also echo the above comment(s) that these account hijackings makes one think that there is real value in working with a local outfit. Perhaps a way to set up an account such that funds cannot be transferred without providing some info that could not be gleaned from stolen credit files. There have been times my bank wouldn't give me info I wanted unless I told them the amount of my last deposit and how the deposit was made (in branch, mobile, ATM, direct deposit).
User avatar
JamesSFO
Posts: 3404
Joined: Thu Apr 26, 2012 10:16 pm

Re: Retirement Account Stolen by Identity theft

Post by JamesSFO »

So sad to read about this, hopefully given the $ amounts involved, law enforcement will take strong action to help in recovering the monies. :(
letsgobobby
Posts: 12073
Joined: Fri Sep 18, 2009 1:10 am

Re: Retirement Account Stolen by Identity theft

Post by letsgobobby »

Deleted
Last edited by letsgobobby on Thu Oct 03, 2019 1:15 am, edited 1 time in total.
SimonJester
Posts: 2500
Joined: Tue Aug 16, 2011 12:39 pm

Re: Retirement Account Stolen by Identity theft

Post by SimonJester »

prudent wrote: Fri Oct 06, 2017 11:28 am ...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
User avatar
Sandi_k
Posts: 2304
Joined: Sat May 16, 2015 11:55 am
Location: SF Bay Area

Re: Retirement Account Stolen by Identity theft

Post by Sandi_k »

Because of this thread, I called and instituted two-factor authentication and voice print security protocol with my retirement firm.

Thanks for this thread, Brak - it's chilling. My best wishes for a good resolution for your dad on this issue...
Topic Author
brak
Posts: 477
Joined: Thu Apr 24, 2008 6:00 am

Re: Retirement Account Stolen by Identity theft

Post by brak »

Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).
User avatar
prudent
Moderator
Posts: 9085
Joined: Fri May 20, 2011 2:50 pm

Re: Retirement Account Stolen by Identity theft

Post by prudent »

SimonJester wrote: Fri Oct 06, 2017 1:33 pm
prudent wrote: Fri Oct 06, 2017 11:28 am ...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...
Certainly dIdn't mean to imply they should manage the funds, just be the custodian.
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Re: Retirement Account Stolen by Identity theft

Post by Rupert »

brak wrote: Fri Oct 06, 2017 2:51 pm Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).
You're doing all the right things. When you next meet with the police, specifically ask them if it would be better to refer it out to the US Attorney due to the interstate nature of the crime. Local police/prosecutors are often happy to offload such cases (they usually don't have the resources to investigate them properly), and they do it all the time. There's a formal process in place for such referrals.
WillRetire
Posts: 781
Joined: Mon Jun 05, 2017 10:01 am

Re: Retirement Account Stolen by Identity theft

Post by WillRetire »

In answer to this part of the original post: "what steps should he undertake to protect investments he has at other institutions..."

Help your father register for online access to ALL investment and bank accounts, also Social Security, Medicare, and all health plans. This way, he'll at least have online access thus preventing someone else from taking that step. Of course, someone (he or you) should monitor all accounts periodically, and check email at the email address connected to them.

During the process of registering for online access to all accounts, he & you will find out if someone else has already registered, indicating more potential foul play in progress.

Also, select security questions that require information that cannot be gleaned from credit history. Good ones: favorite food, first manager's name, first concert, that sort of thing.

Good luck.
truenorth418
Posts: 637
Joined: Wed Dec 19, 2012 6:38 am

Re: Retirement Account Stolen by Identity theft

Post by truenorth418 »

OP - Thank you for coming here to Bogleheads for advice and thus sharing your experience with others. I wish you all the best in resolving this and recovering the funds. This thread has inspired me to add 2 factor authentication to my accounts immediately (I had been putting it off). I had already frozen my credit at the Big 3 but there are other steps such as Chexsystems and the 4th credit agency discussed here that I had not considered.
User avatar
CaliJim
Posts: 3050
Joined: Sun Feb 28, 2010 7:47 pm
Location: California, near the beach

Re: Retirement Account Stolen by Identity theft

Post by CaliJim »

Two more things:

1) Document everything: take notes on every phone call, save every email, keep keep a copy of every letter sent or received

2) See a lawyer. You may have rights and claims for compensation from the involved institutions, regardless of the outcome of the investigation and recovery of the funds. A letter from your lawyer to TransAmerica may be all that is required to get the money back. I wouldn't think you need to be too involved or worried about the investigation and prosecution of the case. IMHO: the failure was the custodians. "Call from out of state", "Transfer to out of state bank" - too many red flags were ignored.
-calijim- | | For more info, click this Wiki
NotWhoYouThink
Posts: 3595
Joined: Fri Dec 26, 2014 3:19 pm

Re: Retirement Account Stolen by Identity theft

Post by NotWhoYouThink »

prudent wrote: Fri Oct 06, 2017 2:53 pm
SimonJester wrote: Fri Oct 06, 2017 1:33 pm
prudent wrote: Fri Oct 06, 2017 11:28 am ...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...
Certainly dIdn't mean to imply they should manage the funds, just be the custodian.
Still no. I think the chances of being defrauded by a dishonest local broker are greater than the chances of something like this. I read about cases of that every week. The local FAs I know use someone like Schwab or Fidelity as custodians.
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Retirement Account Stolen by Identity theft

Post by tadamsmar »

Call_Me_Op wrote: Fri Oct 06, 2017 8:21 am This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians even though Vanguard's security seems solid.

Brak, please keep us informed.
Maybe, but it's important to know that all custodians are not equal. So you could diversify into a riskier custodian.

Also, this is not just about Vanguards's security, this it about the client's personal online security. This about a crook stealing your login credentials from you when Vanguard is not at fault in the matter.

This is not just about Vanguard's security. It's about their reimbursement commitment:
Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.
https://personal.vanguard.com/us/help/S ... ontent.jsp

The OP's father's custodian was Transamerica, here is their "commitment":
We are not responsible for damages or losses resulting from any breach of security caused by your failure to maintain the confidentiality of your Access Codes or any other security or authentication technique we utilize, unless otherwise required by law.
https://www.transamerica.com/individual ... neservices

Note that nothing is required by federal law. All you have is the custodian's reimbursement commitment (if there is one).

See the difference? Do you really want to diversify into Transamerica?

Note that Schwab and Fidelity have reimbursement guarantees as good or better than Vanguard.

Be careful where you diversify to.

And, note that you have responsibilities under all these reimbursement commitments, they are two-way contracts. Live up to your responsibilities.
Lynette
Posts: 2407
Joined: Sun Jul 27, 2014 9:47 am

Re: Retirement Account Stolen by Identity theft

Post by Lynette »

deleted - fraud from overseas - not relevant for this thread.
Last edited by Lynette on Fri Oct 06, 2017 7:42 pm, edited 2 times in total.
Wakefield1
Posts: 1059
Joined: Mon Nov 14, 2016 9:10 pm

Re: Retirement Account Stolen by Identity theft

Post by Wakefield1 »

I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.
User avatar
CAsage
Posts: 3539
Joined: Sun Mar 27, 2016 6:25 pm

Re: Retirement Account Stolen by Identity theft

Post by CAsage »

In California, when you get a document notarized, the notary checks your ID, writes down the Drivers License # and takes a thumbprint. Might want to track down that notary!
Salvia Clevelandii "Winifred Gilman" my favorite. YMMV; not a professional advisor.
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Retirement Account Stolen by Identity theft

Post by tadamsmar »

Wakefield1 wrote: Fri Oct 06, 2017 7:33 pm I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.
According his son's posts here, victim had security questions specified:
So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions
Therefore, I think it is beyond doubt that the victim had logon credentials.
littlebird
Posts: 1868
Joined: Sat Apr 10, 2010 6:05 pm
Location: Valley of the Sun, AZ

Re: Retirement Account Stolen by Identity theft

Post by littlebird »

tadamsmar wrote: Fri Oct 06, 2017 7:53 pm
Wakefield1 wrote: Fri Oct 06, 2017 7:33 pm I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.
According his son's posts here, victim had security questions specified:
So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions
Therefore, I think it is beyond doubt that the victim had logon credentials.
Institutions can, and usually do, ask security questions when you contact them by phone - either those you've set up in advance, or those they glean from your info or your account activities - without any necessity for having an online account.
Topic Author
brak
Posts: 477
Joined: Thu Apr 24, 2008 6:00 am

Re: Retirement Account Stolen by Identity theft

Post by brak »

Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Retirement Account Stolen by Identity theft

Post by tadamsmar »

brak wrote: Fri Oct 06, 2017 8:03 pm Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.
Perhaps your father has a good case for reimbursement, since he apparently did nothing wrong. He also reported it in a timely fashion according to your posts.

If Transamerica refused to reimburse, then I would probably get a lawyer and threaten to go to the media and drag Transamerica's name through the mud. Hopefully they will reimburse to get your father's signature on a nondisclosure agreement.

There are cases like this in the past where the custodian reimbursed after they started getting bad press. They claimed that the had recovered the money. Perhaps they did, but the timing made it look like they were reacting to the bad press. In that case the client's case was less defensible than yours. He was in China and not monitoring his account. This was a long time ago when perhaps it was not easy to follow online accounts while in China.

Come to think of it, a lawyer would probably tell you to stop talking about this online or to the public because that makes the threat to publicize it more potent. I personally would not openly discuss it, if I were you, unless Transamerica refuses to pony up.

On the other hand, maybe Transamerica's clients are more businesses (401Ks) than the general public, so maybe they are not that scared of bad press, not sure.
Last edited by tadamsmar on Sun Oct 28, 2018 1:55 pm, edited 3 times in total.
NotWhoYouThink
Posts: 3595
Joined: Fri Dec 26, 2014 3:19 pm

Re: Retirement Account Stolen by Identity theft

Post by NotWhoYouThink »

In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
Wakefield1
Posts: 1059
Joined: Mon Nov 14, 2016 9:10 pm

Re: Retirement Account Stolen by Identity theft

Post by Wakefield1 »

I believe pre-computer era accounts did sometimes have security questions on them. Such as having to answer a question when calling by phone to ask what your balance in checking was before the bank representative would give you the balance. I don't think that is a "logon".
Of course a simple answer such as date of birth does not give much protection as compared to a pre arranged code question with a pre arranged nonsense response.
Does anyone remember the old Vanguard tele account? I think that could have had some such question set up (before they had Vanguard.com),to call them now they want something like that but I don't think they have tele-account anymore.

(edit) looks like they still offer it but maybe not to new brokerage account holders
Last edited by Wakefield1 on Fri Oct 06, 2017 8:32 pm, edited 2 times in total.
Wakefield1
Posts: 1059
Joined: Mon Nov 14, 2016 9:10 pm

Re: Retirement Account Stolen by Identity theft

Post by Wakefield1 »

brak wrote: Fri Oct 06, 2017 8:03 pm Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.
Not very good security questions at all.
2b2
Posts: 325
Joined: Sun Sep 28, 2008 7:21 am
Location: Location: Location:

Re: Retirement Account Stolen by Identity theft

Post by 2b2 »

My suggestion may meet with some resistance but here's something I do.
Check accounts every day. If you see a notation "pending transaction" on a holding, and you didn't request a transaction....well.....

2b2
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: Retirement Account Stolen by Identity theft

Post by ResearchMed »

NotWhoYouThink wrote: Fri Oct 06, 2017 8:17 pm In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
Never seen a request for any fingerprints for a notary.

And what would that help or prove?

Isn't the point of using a notary is to "prove" (in quotes, as it's not really *proof*!) that the person signing is indeed the person who is supposed to be signing?
All a fingerprint would do (until there is an Easily Accessible Fingerprint Registry (TM) so the notary could confirm identity!) is to provide a history that could later be used to confirm - or not - the identity of the person signing.
A bit too late in many cases...

RM
This signature is a placebo. You are in the control group.
letsgobobby
Posts: 12073
Joined: Fri Sep 18, 2009 1:10 am

Re: Retirement Account Stolen by Identity theft

Post by letsgobobby »

Deleted
Last edited by letsgobobby on Thu Oct 03, 2019 1:13 am, edited 1 time in total.
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Retirement Account Stolen by Identity theft

Post by tadamsmar »

brak wrote: Thu Oct 05, 2017 6:18 pm Celia - the custodian did not realize the funds were stolen until we contacted them, which occurred after we received a transaction confirmation in the mail showing that the account had $52,000 withdrawn. We received the confirmation letter approximately twelve days after the withdrawal actually occurred.
I have read that one should use a certified letter to inform a custodian of a breach. But that was in a context where there was a federal law with reporting deadlines like for personal bank accounts or credit cards. Timely reporting still may be a consideration here to make it more likely that you get reimbursed.
Wakefield1
Posts: 1059
Joined: Mon Nov 14, 2016 9:10 pm

Re: Retirement Account Stolen by Identity theft

Post by Wakefield1 »

I would still like to see this end like a good detective story-the perps traced down and (some?) of the money tracked down-and perhaps there are some other victims of the same perp or perps who might not even realize yet that their money is missing-and perhaps potential future victims would be spared some of this
meanwhile day to day security gets more and more involved,more hoops to jump through
investorpeter
Posts: 609
Joined: Sun Jul 31, 2016 5:46 pm

Re: Retirement Account Stolen by Identity theft

Post by investorpeter »

Rupert wrote: Fri Oct 06, 2017 4:22 pm
brak wrote: Fri Oct 06, 2017 2:51 pm Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).
You're doing all the right things. When you next meet with the police, specifically ask them if it would be better to refer it out to the US Attorney due to the interstate nature of the crime. Local police/prosecutors are often happy to offload such cases (they usually don't have the resources to investigate them properly), and they do it all the time. There's a formal process in place for such referrals.
Law enforcement is not going to pursue this with the same vigor as you would. $52,000 is a lot of money for one person to lose, but for the US attorney or FBI, it may not generate much more activity than a report that gets filed somewhere. They will likely tell you this happens all the time. They may initially assume it was a bank error or family dispute. Meanwhile evidence could be lost like video from Region's bank or from the notary office. If you do leave it up entirely to law enforcement, your best bet is to present as much evidence as possible that this was clearly fraud. And push them to pursue the many leads you already have. Personally, I would want to pursue this on my own to the point of making it abundantly clear it was fraud such as by having a copy of the notarized document with a fake notarization (a true notary's name will be registered and easily confirmed) or the wire transfer showing the money was transferred from Regions to some foreign bank.
Call_Me_Op
Posts: 9881
Joined: Mon Sep 07, 2009 2:57 pm
Location: Milky Way

Re: Retirement Account Stolen by Identity theft

Post by Call_Me_Op »

NotWhoYouThink wrote: Fri Oct 06, 2017 8:17 pm In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
And Missouri is the "Show Me State."
Best regards, -Op | | "In the middle of difficulty lies opportunity." Einstein
Exterous
Posts: 300
Joined: Mon Feb 20, 2012 12:34 pm

Re: Retirement Account Stolen by Identity theft

Post by Exterous »

Sandi_k wrote: Fri Oct 06, 2017 2:36 pm Because of this thread, I called and instituted two-factor authentication and voice print security protocol with my retirement firm.
So I just looked into my voice print options and read the FAQ. If the voice print validation isn't accepted the fall back is to be asked "security questions". I tried to enroll this morning but looks like they are closed till Monday so I couldn't get more information about what those questions are but its something to keep in mind
aristotelian
Posts: 12277
Joined: Wed Jan 11, 2017 7:05 pm

Re: Retirement Account Stolen by Identity theft

Post by aristotelian »

Wakefield1 wrote: Fri Oct 06, 2017 8:54 pm I would still like to see this end like a good detective story-the perps traced down and (some?) of the money tracked down-and perhaps there are some other victims of the same perp or perps who might not even realize yet that their money is missing-and perhaps potential future victims would be spared some of this
meanwhile day to day security gets more and more involved,more hoops to jump through
Me too. This is a sophisticated operation undoubtedly with more victims, in the past and in the future. I would start with the person in OP's dad's office. Who has access to those numbers? Identify that person, then you get the accomplice.
User avatar
TheTimeLord
Posts: 12130
Joined: Fri Jul 26, 2013 2:05 pm

Re: Identity theft

Post by TheTimeLord »

brak wrote: Tue Oct 03, 2017 12:27 pm So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions and requested a change in email address and that forms for withdrawal of funds be sent to that email. Around two weeks later the custodian received all the paperwork authorizing the withdrawal of funds from the account, and the electronic transfer of said funds into a bank account under my father's name at a bank he had never heard of and certainly did not use for banking (Regions Bank). The custodian states that the paperwork had my father's (alleged) signature notarized, and also included a copy of a check from the bank account into which the funds were to be deposited. At that point, the custodian effected the requested transfer of $52,000. That is where things stand. The custodian (Transamerica) is initiating an investigation, we will be filing a police report. I have no idea how this could have happened, and more importantly what safety precautions we need to take at this point. We are freezing my fathers accounts with Transition, Experian and Equifax but I don't know what else to do. And obviously the question of who is on the hook for the money lingers out there. Any and all input would be most welcomed.
Maybe someone has pointed this out but on every account I have I immediately get a notification at my old email address that it has been changes along with a message to contact them if this is an unauthorized change. Does TransAmerica not do this?
IMHO, Investing should be about living the life you want, not avoiding the life you fear. | Run, You Clever Boy! [9085]
david99
Posts: 719
Joined: Sat Mar 03, 2007 10:56 am

Re: Retirement Account Stolen by Identity theft

Post by david99 »

Thanks for posting this. I've increased the security on my accounts.
I would get a lawyer involved in this situation. I think that a letter from your lawyer will put more pressure on Trans America. In the event that Trans America does not return your money, I would let them know that you plan to go to the news media with this story. I don't think that a big company like Trans America wants this kind of bad publicity all over the Internet. This would be especially true if this has happened to several accounts at Trans America and multiple stories of theft at their company start to hit the Internet.
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: Retirement Account Stolen by Identity theft

Post by TravelGeek »

NotWhoYouThink wrote: Fri Oct 06, 2017 8:17 pm In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
I have had stuff notarized in CA and Oregon, and in both cases ID and thumb print were recorded in the notary's book. And I believe the OP mentioned that the notary in this case was allegedly (if real) in CA.

How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: Retirement Account Stolen by Identity theft

Post by TravelGeek »

tadamsmar wrote: Fri Oct 06, 2017 6:41 pm This is not just about Vanguard's security. It's about their reimbursement commitment:
Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.
https://personal.vanguard.com/us/help/S ... ontent.jsp

[...]

And, note that you have responsibilities under all these reimbursement commitments, they are two-way contracts. Live up to your responsibilities.
Right, live up to your responsibilities. Among them, as documented on the page you linked to:

"Never share your user name, password, or other account-related information with anyone."

Don't share your passwords with anyone includes your spouse or children (if elderly); you can give them access rights through their own login account, so Vanguard can track who is actually transacting or accessing data. I only learned that through a BH thread a couple years ago (thanks!); until then I was managing my wife's account by logging in as her.

And further, while I am not a lawyer, that "anyone" to me also means aggregation services like Mint. Vanguard certainly can determine based on server access logs whether login requests for your account come from Intuit's servers. Whether they would actually use that in case of a loss of money in your account to get out of reimbursement promises I don't know, of course.

Also speaking of Vanguard's security practices and security questions, as mentioned in another thread a while ago, Vanguard has representatives that think nothing about placing unsolicited calls to your number, introducing themselves as Vanguard reps who want to talk about your account and then proceed to ask you the security questions. Indistinguishable from phishing.
fposte
Posts: 2327
Joined: Mon Sep 02, 2013 1:32 pm

Re: Identity theft

Post by fposte »

TheTimeLord wrote: Sat Oct 07, 2017 7:49 am
Maybe someone has pointed this out but on every account I have I immediately get a notification at my old email address that it has been changes along with a message to contact them if this is an unauthorized change. Does TransAmerica not do this?
I believe Brak has said his father had no email address.
letsgobobby
Posts: 12073
Joined: Fri Sep 18, 2009 1:10 am

Re: Retirement Account Stolen by Identity theft

Post by letsgobobby »

Deleted
Last edited by letsgobobby on Thu Oct 03, 2019 1:13 am, edited 1 time in total.
Bliss
Posts: 33
Joined: Sat Feb 13, 2016 7:13 am

Re: Retirement Account Stolen by Identity theft

Post by Bliss »

TravelGeek wrote: Sat Oct 07, 2017 9:01 am How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?
Each state has a department, usually the Treasury, that maintains a registry of all notaries and can provide a document to confirm that the notary's commission was valid and verify the stamp/signature. I've had to get these documents in international transactions that require an Apostille.

However, this process requires payment and takes a few weeks and there is no instant access to verify a notary. So, this wouldn't have helped in the situation the OP described.
Wakefield1
Posts: 1059
Joined: Mon Nov 14, 2016 9:10 pm

Re: Retirement Account Stolen by Identity theft

Post by Wakefield1 »

david99 wrote: Sat Oct 07, 2017 8:25 am Thanks for posting this. I've increased the security on my accounts.
I would get a lawyer involved in this situation. I think that a letter from your lawyer will put more pressure on Trans America. In the event that Trans America does not return your money, I would let them know that you plan to go to the news media with this story. I don't think that a big company like Trans America wants this kind of bad publicity all over the Internet. This would be especially true if this has happened to several accounts at Trans America and multiple stories of theft at their company start to hit the Internet.
As long as Trans America seems to be cooperating and investigating the theft avidly I would be reluctant to take such a threatening or adversarial measure against them.
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: Retirement Account Stolen by Identity theft

Post by TravelGeek »

letsgobobby wrote: Sat Oct 07, 2017 9:22 am One benefit of Vanguard flagship has been the assigned rep, whose voice I know well. If anyone else called asking security questions I would not have answered. With the recent transition of Flagship from "individual rep" to "team" approach, I don't know how this will work going forward.
The guy who called me was my flagship agent. I have been a Vanguard customer (owner?) for 20+ years and had never talked to him or one of his predecessors (just never had the need). I did recognize his name from my statements, but that isn't exactly sufficient authentication (and my wife wouldn't have recognized his name since she doesn't read the statements).

Anyway, I don't want to sidetrack this thread from the OP's topic; just a general warning to be careful out there and don't expect the custodians (whether Vanguard or otherwise) to be 100% bullet proof. This thread includes a lot of action items for me and others, it seems :)
My spouse has never - repeat, never - logged into her Vanguard account in our 20 years together. She only has Vanguard accounts to the extent I have funded them for her (I helped her complete her 403b paperwork at work, I fund the IRAs, etc). Would she really not be offered protection by Vanguard in the event of a loss?
If you were the one using her account credentials to defraud her, I could see Vanguard invoking that rule. But if someone else somehow hacked into Vanguard and accessed her account, I don't think they could even determine that it was you who all these years managed her account (shared computer, so access to your and her account from same IP is legitimate). They could perhaps ask her if she ever shared her credentials with anyone.
Last edited by TravelGeek on Sat Oct 07, 2017 9:43 am, edited 1 time in total.
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: Retirement Account Stolen by Identity theft

Post by ResearchMed »

Bliss wrote: Sat Oct 07, 2017 9:25 am
TravelGeek wrote: Sat Oct 07, 2017 9:01 am How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?
Each state has a department, usually the Treasury, that maintains a registry of all notaries and can provide a document to confirm that the notary's commission was valid and verify the stamp/signature. I've had to get these documents in international transactions that require an Apostille.

However, this process requires payment and takes a few weeks and there is no instant access to verify a notary. So, this wouldn't have helped in the situation the OP described.
And the use of a finger print (per a previous post)?

How does that get "verified" or otherwise become useful, *especially* pro-actively, to help determine whether the "account holder" is the *real* account holder?
(Sure, it might be helpful after the fact to "prove" that the fingerprint did not belong to the account holder, but ... the horses are already out of the barn at that point.)

Even if the local notary took a fingerprint, at what point would that be used to validate the request to remove funds, in a timely fashion or not?

And then there is the complication if there is a need for someone with a Durable PoA to handle the transaction...
This already can be extremely difficult.

But this entire scenario - and trying to prevent it - is only going to become more and more tricky, and never foolproof.

RM
This signature is a placebo. You are in the control group.
Post Reply