"$32,000 is gone," I told my mother-in-law on Monday. "Did you authorize a wire transfer of $32,000 out of your account today?"
"No," she said.
Someone else got her information and used it maliciously.
We jumped on it as soon as we discovered it. We spent the rest of the day and night closing accounts and cleaning up computers. But I'm afraid the damage was already done... Her personal information and passwords are in the hands of a skilled computer hacker.
It could just as easily happen to you.
And if you don't discover it as quickly as we did, or know what to do, then you could lose a whole lot more money. Worse, you could spend the next few years with the difficult task of getting back your money when you don't know who you're chasing.
It all started innocuously enough...
"Steve, can you help me get into my e-mail?" my mother-in-law asked. "For some reason, my password doesn't work anymore." We're on a mini-vacation to the Florida Keys, so I'm the default computer guru.
"It seems like you changed your password," I said. She told me she hadn't.
I tried to request a new password online, but we couldn't answer the "security questions." This was strange... But at this point, we still didn't have a clue something was wrong. So we called her Internet provider.
We finally got a new password and checked her e-mail. And there was the wire transfer... $32,000 going OUT.
We immediately called the bank, got through to the fraud department, and they went to work on getting it back. (As of this writing, the money is NOT back yet.)
Then we tried to get back on her e-mail. Whoa! We couldn't get in. The hacker had changed her password again.
We called her Internet provider, asking to close the account immediately. Unbelievably, they wouldn't let us do it. We were informed that the Billing Department was now closed. They said we'd have to call back in the morning. (That, in my opinion, is a terrible business practice. Who knows what other vital information this hacker stole before the account was closed?)
So how did this happen?
It is my non-technical opinion that my mother-in-law was a victim of a newly discovered security "hole" in Microsoft's Internet Explorer. The flaw allows hackers to get your passwords... which means access to your personal information, bank accounts, etc. You're probably using Internet Explorer right now to read this e-mail. If so, you are likely vulnerable...
Microsoft says it's fixed the hole. But if you haven't gone to the trouble of updating your Internet Explorer with the security patch, you are still exposed to the exact same attack that hit my mother-in-Law. (You can read the details at www.microsoft.com/security.)
We updated Internet Explorer. But we also stopped using it. We're using Google Chrome as our browser now. (Go to www.google.com/chrome to download it free.)
We've taken all the steps we know... For example, we placed a "Fraud Alert" through Equifax, which goes to all three credit-report agencies. But a little prevention sure would have been easier than chasing a thief.
A starting point for protection is the Federal Trade Commission's website. Go to www.ftc.gov then read the "Identity Theft" and "Internet Fraud" segments right there on the home page.
We've been assured we'll recover the $32,000. And we've closed all accounts and reopened them with new account numbers and passwords. But are we safe from more attacks? We don't know – this hacker has my mother-in-law's personal information.
Please, do yourself a huge favor. Remember the old "ounce of prevention/pound of cure" saying. Take more steps to protect yourself online than you ever thought you needed to. At least upgrade Internet Explorer or switch browsers immediately.
Identity theft is serious stuff. And you are likely at risk, right now. But you think, "Aw, that won't happen to me," until it does. Take care of yourself. Believe me. We wish we had.
Call it a New Year's resolution if you'd like. But promise to do something right now to protect your personal information... and your wealth.
Good investing,
Steve
