As I’ve discussed before, a common mistake in financial planning is focusing too much on asset allocation and tax planning, while neglecting other crucial aspects of your financial situation, such as estate planning, insurance coverage, spending tracking, or cybersecurity measures. This oversight can lead to significant financial losses, as illustrated by a recent case involving a long-time reader who fell victim to a fraud that resulted in a $4,000 theft from their IRA at Fidelity.
The incident began when the reader’s spouse, Rachel, received a suspicious text message claiming to be from Fidelity, inquiring about a transaction. The conversation read:
Incoming text: Fidelity ®: Did You Attempt A Transaction of $374.52 At MODERN FEMME FASHIONS 12/02/2025 (EDT).
Reply (YES) if Recognized.
Reply (NO) if Unauthorized, A Call Will Be Generated To You Momentarily
Outbound text: No
Incoming text: Fidelity ®: Thank you for confirming. Please hold for the next available agent to assist you.
After this exchange, Rachel received a phone call, during which the agent requested a 6-digit code to verify her identity. Unfortunately, this code was all the thief needed to access her Fidelity account, initiating several money transfers. Although John, the reader, promptly noticed the suspicious activity and contacted Fidelity, the theft resulted in a loss of approximately $4,000, which was not reimbursed by Fidelity due to the unintentional sharing of login information.
The fraud prevention mechanism in this case was compromised because the thief only needed the 6-digit multi-factor authentication (MFA) code to access the account. This code is often considered the weakest link in security protocols, as it can be easily obtained through phishing or other tactics. In fact, many financial institutions’ password-reset forms require only basic information, such as name, date of birth, and Social Security number, which can be readily available on the dark web due to large-scale data breaches, like the 2017 Equifax breach.
To avoid falling victim to similar cybersecurity threats, it’s essential to be cautious when contacted by financial institutions. If you receive a suspicious message or call, do not provide any information, including your date of birth, Social Security number, or MFA code. Instead, contact the institution directly using a trusted phone number, such as the one on the back of your credit or debit card. Remember to treat MFA codes with utmost security and caution, as they can be the key to accessing your account.
For individuals who have saved a significant portion of their income and are nearing retirement, it’s crucial to consider the next steps in financial planning. This may involve estate planning, charitable giving, or optimizing your investment portfolio. By prioritizing cybersecurity and taking proactive measures to protect your assets, you can ensure a secure financial future and avoid potential pitfalls, such as the one experienced by the reader. This book aims to provide guidance on navigating these complex issues and creating a comprehensive financial plan that addresses your unique needs and concerns.
