Skip to content

The Bad Guys are everywhere

Someone stole 57,900 miles from my JetBlue account.

They used the miles to buy themselves a roundtrip ticket from New York to Vegas.

To its credit, JetBlue told me about the theft and put the miles back into my account. They made me change my email address, my userID and my password.

My friend had $34,000 stolen from her savings and checking accounts via ACH. But she got the money back because her bank was able “to pull the money back.” ACH has a 60-day window for pulling money back. It works — if the money’s still there.

Banks and airlines are not obligated to restore your thefts. Most will if you’re a good customer and didn’t do something completely stupid.

Spoiler alert: Your email addresses, your physical address, your userIDs, your passwords and your bank account numbers are all available for sale on the “dark web.” That’s where crooks go. That’s where Equifax 143 million hacked accounts are undoubtedly living.

Days of studying all this stuff lead me to two conclusions:

  1. You’ll never be 100% safe online.
  2.  But you can avoid most problems. Here’s how:

+ Every account you have on line should have a different and complex userID and password. Don’t use variations of your real name for your userID or your password. Too easy for computers to randomly generate.

+ Eyeball all your bank accounts regularly. Look for strange transactions. Like a few pennies in and out. They’re testing, getting ready for the big dip.

+Make sure you have virus checking software on all your computers, including Apple Macbooks, which are vulnerable. Make sure your operating system is up-to-date. Install patches from Intel when they figure out how to fix the recently discovered flaws in their processors.

+ You can close ACH transfers and use your bank’s BillPay. They will send their checks to your debtors. That’s nice because with BillPay, you can specify the precise amount to send. ACH is a “Help Yourself” service. Remember also your checks contain valuable hacking material — your account number, your bank’s ABA routing number and, often, your address. It’s prudent to be careful where you send your personal checks. Checks from your bank are anonymous.

+ Unlink PayPal and others from your bank account. Link PayPal to a credit card — which is only used for PayPal and can be easily closed. Don’t use your main credit card.

Most importantly, don’t fall for obvious phishing attempts like this which I got this morning:


Be wary of phone calls from the “Fraud Department” at the IRS. I got one of them this morning.

Be careful getting money out of ATM machines:

How to spot an ATM card skimmer

Peter Lynch’s logic doesn’t always work

Helen of Troy (HELE) owns my favorite gadget company, Oxo. Our home is loaded with Oxo’s great stuff. Hence I figured — using Peter Lynch logic — I should buy the stock. I go to HELE’s investor relations web site and I learn:

They sell over $1.4 billion of stuff each year. But they’re losing money — a reported GAAP Diluted Loss Per Share of $1.12. Their loss came from non-cash asset impairment charges of $82.2 million associated with the Company’s Nutritional Supplements segment.

Look at the nonsense they put on their web site:


Enough. If they can’t make money selling $1 billion+ stuff, they don’t deserve my hard-earned shekels. They should sell Oxo to Warren Buffett.

Good news! GE is edging up.

Lots of good ink. And lots of buying. Here’s the last month:


Disappearing money

From today’s Wall Street Journal:

A Crypto Website Changes Its Data, and $100 Billion in Market Value Vanishes
Bitcoin, Ethereum and XRP fall sharply after removes data from some South Korean exchanges

For more, click here. 

Warren Buffett believes bitcoin “will end badly.”

In case you missed the brilliant New York Review of Books article on “Bitcoin Mania,” please read it here.

I don’t own any bitcoin. But I do own oodles of Berkshire Hathaway.

Favorite old advertisement


They actually ran advertisements like the above. And people believed them.

What’s next? Prevagen, the brain supplement from brainless jellyfish?

Harry Newton, who spent the entire yesterday having a wonderful dermatologist progressively dig basal cell carcinoma out of my ear. Then I needed a plastic surgeon to fix the hole. Then the surgeon fitted me with new ears and glasses. You like my new look?


  • drm200

    Some banks allow you to setup ACH filters … For example:
    – ACH Debit Block. Prohibits all ACH debit withdrawals from the account.
    – ACH Debit Filters. Only ACH debit transactions that match criteria you set based on payee, dollar amount, etc., are permitted.
    – ACH Positive Pay. Allows accountholder to review ACH debit requests before they are paid.

    Fidelity Investments, allows you to setup an email alert every time there is a ACH transaction in your account. So you would know immediately of any suspicious activity They do not have the ACH debit filters or positive pay, but you can setup ACH debit block by disabling ACH for any account (if it has been previously enabled).

  • Glenn

    Someone stole your airline miles. Now that I’ve never heard of. I’ve had people write fake checks and make ACH pulls from my business accounts as well. Luckily Chase is good about crediting the money back. And I can’t count the number of times I’ve had fraudulent charges on my credit cards. So my big question is who covers all these loses, the banks? It has to be in the tens of billions each year.

  • jpfreemon

    Investment and Bank accounts: Online or telephone access to my accounts requires insertion of an access code received by my phone before the login is completed .

  • jpfreemon

    PayPal. I do use it, however I have no card or bank account permanently associated with it. When I intend to make a purchase, I associate a credit card with my PayPal account, and as soon as the purchase is reflected on my card, I delete the association from PayPal. Call me paranoid.