Cybersecurity's Family Threat: Protecting Your Assets Starts at Home
Not all criminals are shady strangers lurking on the Internet. Some are much closer than you think (like family and friends), so don't let your guard down, even in your own home.


Cybersecurity isn’t AN issue, it is THE issue with respect to financial institutions. Government and financial institutions worldwide are facing constant assaults from all sides that seek to steal assets from banks and securities brokerage firms. But investors can advance their own security.
Most investors have online access to their brokerage accounts. This allows them to buy and sell securities from their own homes, with no direct interaction with a human being. Investors can order funds to be delivered to others to pay bills, or for any other reason. So here is a hypothetical phone call from an investor to her broker:
Brokerage Firm: “Good morning, Interplanetary Investments, how may I direct your call?”

Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Client: “This is Myra Mistletoe. My brokerage account has been hijacked and $250,000 has been taken out without my permission. I want that money put back. I never authorized any sales of my securities or withdrawals.”
Brokerage Firm: “One moment Ms. Mistletoe.”
Brokerage Firm: “Good morning Ms. Mistletoe, this is Jack Justice at the Cyber Security Desk at Interplanetary Investments. I understand that assets have been removed from your account without permission and you want those assets replaced by this firm.”
Client: “Of course that’s what I want.”
Brokerage Firm: “We will of course make a full investigation, and if we discover what happened to your assets we will let you know immediately. I should tell you that if the firm was negligent in allowing the assets to be removed from your account, Interplanetary Investments can and will replace them.”
Client: “Well, investigate quickly.”
Brokerage Firm: “The investigation will begin immediately. There is one thing you should know. We will work with criminal authorities on a matter of this magnitude, and before Interplanetary Investments replaces your assets, you will have to give the firm an assignment of your rights against all wrongdoers (meaning we will pursue lawsuits against the people who stole the money, and we will seek criminal charges against those people as well) and cooperate in any criminal investigation.”
Brokerage Firm: “Ms. Mistletoe? Are you still there?”
What just happened?
A fair number of client complaints end right there.
Why? Because a substantial number of such thefts involve a family member, or a close friend or a business associate, not a cybercriminal in North Korea or the Russian held-portion of Ukraine. A Web search for so-called “familiar fraud” yields evidence that a high percentage of identity theft is perpetrated by someone the victim knew. Most people do not want their relatives sent to prison. If they believe this was done by a family member, they often withdraw a claim against the brokerage.
What is the lesson here?
If your home office is typical of most home offices, anyone with regular access to your computer may be able to find your log-in codes or your password to the brokerage account and wreak havoc with you cash and securities. A financially desperate in-law, an addicted relative, or anyone else with a craving for instant cash is a person the criminal authorities may focus on and locate in their investigation. In many instances, the demand to replace assets in the account ends with the discovery of who committed the crime.
So what to do?
- Remove temptation. Don’t be an easy target. You already know how, so just do it. Don’t put your user name and password codes on a Post-it Note on the side of your computer screen.
- When using a financial institution website, don’t check the option on the logon page that automatically remembers your user name and password.
- Change those passwords to a non-intuitive phrase, or a limerick, or the chorus of a song you like, and then secure that data elsewhere.
- If you have any concerns that you could be at risk of becoming a victim, consider signing up for identity theft protection to assist you in recouping your assets should anything happen.
- Review your account statements religiously. If there is something missing, contact the brokerage firm immediately. Stop the bleeding. Put a freeze on any other outflows from the account.
If you do think assets have been removed without your consent, what then?
- Many brokerage firms have a “Report Fraud Here” message, or something similar, on the firm’s website that will walk you through the process.
- Remember that this is your money. It is important. You should make a paper trail the people you contacted, the documents you sent, and the people you sent them to.
- Write a chronological narrative of what you have discovered, everything you did, who you spoke to and what you said. Attach documentation as you add to the chronology. This will give you a consistent and logical narrative of what happened, and what you have tried to do.
- Say the following sentence three times: “Telephone calls are worth the paper they’re written on.” In a world with email, there is no excuse for not confirming a telephone conversation with an electronic summary of what both parties to the call said, and what they promised to do. Keep the notes for your own records, and send a copy of them to the brokerage firm to give them a full explanation of what happened.
I don’t want to minimize the threat from criminal elements who would steal your identity and your assets, without even knowing who you are. But I urge you to do things within your control to prevent a crime of opportunity by someone you let into your home, and give you a methodology for recovering your assets if the worst happens.
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.

Stephen Harbeck served as President and Chief Executive Officer of the Securities Investors Protection Corp., a nonprofit created by Congress to protect customers of failed brokerage firms, from 2003 to 2018. He guided SIPC through the insolvency of Lehman Brothers, the largest bankruptcy in history, the collapse of Bernard Madoff’s brokerage firm, the largest Ponzi Scheme in history, and other major insolvencies. Harbeck retired as President and CEO of SIPC in 2019. Since then, he has acted as a consultant to the Shanghai Financial Court, and Shanghai Jiao Tong University, and is currently a consultant to the Japan Investor Protection Fund.
-
Our Annual Grandparents’ Guide to Today’s Pop Artists
If you grew up loving Dylan, Coltrane or other great artists, here are some modern musicians that tap into similar styles and spirits. Check out our playlist.
-
What You Expect in Retirement vs What You Get: Where Reality Can Surprise You
A financial planner explores how your expectations for retirement can greatly differ from reality — and how you can plan for that.
-
What You Expect in Retirement vs What You Get: Where Reality Can Surprise You
A financial planner explores how your expectations for retirement can greatly differ from reality — and how you can plan for that.
-
What's Up With the 10-Year Treasury Bond: Four Financial Experts Weigh In
A financial professional and three colleagues explain the fluctuations in the 10-year Treasury bond and what investors should do.
-
Time to Spring-Clean Your Finances: A Financial Professional's Four Steps to Tidy Them Up
A midyear review of everything from spending to saving, with adjustments as needed, can set you on track to financial security. Plus, don't forget to check in on your workplace benefits.
-
Why a Law Firm Secretly Recording Client Conversations Is Wrong (and Illegal)
A law firm that has been recording client conversations without the clients' knowledge or permission and has threatened employees if they speak out faces legal and ethical challenges.
-
Donating Complex Assets Doesn't Have to Be Complicated
If you're looking to donate less-conventional assets but don't know where to start, this charity executive has answers, such as considering a donor-advised fund (DAF) for its tax benefits and ease of use.
-
Think a Repeal of the Estate Tax Wouldn't Affect You? Wrong
The wording of any law that repeals or otherwise changes the federal estate tax could have an impact on all of us. Here's what you need to know, courtesy of an estate planning and tax attorney.
-
In Your 50s? We Need to Talk About Long-Term Care
Many people don't like thinking about long-term care, but most people will need it. This financial professional recommends planning for these costs as early as possible to avoid stress later.
-
Social Security Pop Quiz: Are You Among the 89% of Americans Who'd Fail?
Shockingly few people have any clue what their Social Security benefits could be. This financial adviser notes it's essential to understand that info and when it might be best to access your benefits.