If Hackers Empty Your Online Mutual Fund Accounts, Too Bad! (Unless ...)

If you're the victim of a "phishing" incident (you respond to a bogus email, and hand over social security numbers, account numbers, and passwords) or someone uses other illegal methods to steal your logon info for your mutual fund accounts, do you think you're protected, and you'll get reimbursed?

Think again, says Kimberly Lankford's column in the May Kiplinger's: (Page 97, link not yet available, subscribe here):

Question: "... What if someone hacks into my account and empties it? Would I have any legal recourse to require the mutual fund company to reimburse me for the loss?"

Lankford's answer: "To put it bluntly, no. 'Customes have no recourse unless they can prove that the institution was negligent in the theft,' says Matt Bienfang, senior analyst with TowerGroup, a financial services consulting firm" (please read the rest of the article when it comes online, there are a few other caveats as well)

That's not the worst of it. If you're like most people, you are probably at great risk for this type of loss, by virtue of your computing habits. Ask yourself these questions:

1) Do you use a Windows PC at home?
2) Do you write down passwords, and leave them near the computer?
3) Do you use the same password at multiple websites?
4) Do you share account information, including passwords, with other people?

If you answered yes to any of these questions, it's time to take some steps to minimize the risk of getting hacked. These aren't hard things to do, and may save you a lot of money and grief. Here's Fidelity Observer's five-step program to safe computing with an eye to protecting your assets:

1) Get a Mac. Home computers using Windows operating systems are terrible security threats, even if you have security software installed. There are just too many vulnerabilities, many of them are unknown or poorly understood, and there are thousands of exploits that take advantage of them and people's trust. Spyware or malware can be installed onto your computer without your knowledge -- often by clicking on a popup ad or downloading a plugin -- and from there can steal your passwords and other information. Almost all of these hacker tools are aimed at computers running Windows, not only because the operating system is junk, but also because that's what most people use. That doesn't mean Macs are immune, but to date I have never heard of this type of software aimed at the Macintosh OS X operating system. The Mac OS X is also a pleasure to use, is great for Web surfing, can run identical or even better applications that your home Windows machine can use (with the exception of games), and never crashes for most people. Fidelity Observer uses an iMac. My sister uses an eMac, which is aimed at students. But I just bought a Mac Mini for my parents, which is a great choice because it's cheap ($600, plus $200 for the Applecare 3-year warranty) and they can use their old PC monitor. Mac laptops include the lower-end iBook and high-performance MacBook Pro.

2) If you can't get rid of your PC, then at least get a decent security software package. Fidelity Observer doesn't use a PC, so I can't recommend a particular package, but here's a selection of current security software.

3) After you get a Mac or upgrade your security software, change your passwords on the most critical Websites and applications that you use -- financial, email, tax, etc. Use a robust password that can't be guessed. Not your birthday, kids names, pet's name, your own name spelled backwards, or something from the dictionary. It should ideally be a combination of lower and upper-case letters and at least one number. I often do this -- make up a sentence, and then use the first letter of each word. Here's an example:

GCI06WSd (Go Cleveland Indians '06 World Series dream)

Wh3ka1cnR (We have 3 kids and 1 cat named Rufus)

4) Don't use the same password for different sites. If one of those sites gets hacked, they could conceivably get into your accounts on other sites. Also, consider changing the password every 12-18 months.

5) Once you have reset your password, don't share it with anyone else unless you have to. My spouse doesn't even know mine. Don't leave it lying around on a slip of paper next to the computer, where someone else can find it.

Anyone else want to share their safe computing habits, or horror stories?


Read this post on the PFBlog.com/fidelityobserver mirror -- Reader comments often appear there that won't show up on this page. You can leave comments on either page, I'll read 'em all!