Skip to content
 

I got hacked. Here’s how you can avoid being an idiot like me. The second BIG lesson for today is DON’T let your money dig a hole in your pocket

Second of two Big lessons for today:

+ Don’t let the cash money you have burn a hole in your pocket. Everybody (and their uncle) today has money and is searching for The Perfect Investment. All manner of overpriced private pre-IPO and venture fund investments are being peddled by online brokers who are over-eager to take your money. I can give you examples of recent hyped investments gone bad, e.g. Robinhood. But you don’t want to roll around in doo-doo.

As regards listed securities, energy stocks are doing well. But all our “favorite” tech stocks are doing awfully. Here’s Nasdaq for the last six months. Totally awful. Yuch. Yuch.

In contrast, here’s our energy stocks. Sadly, we haven’t owned most of them for the full six months. But creeping into them over the last few months has been profitable.

Now for the Number One Lesson: I got hacked.  I was beyond stupid. Here’s what happened. I received this email:

The email says Norton is going to bill me $373.99 if I don’t call them.

First, I should have looked at the “from” email address. It was clearly bogus — dlacerlancerking9336@gmail.com. It didn’t come from Norton.

Second, I should have noted how amateur and badly laid out the email was.

But I didn’t. I reacted stupidly, impulsively and called the number. By the time I figured out how stupid I was, I had downloaded a file called “Support.exe” which presumably infected my laptop.

Then I woke up. I shut my laptop down — took it safely off the Internet and moved to another identical ThinkPad Carbon X1 machine, on which I wrote this blog.

I will not use the infected machine until I reformat it and bring it back to original factory settings.

I don’t know if the bad guys sucked any useful stuff — like my bank accounts. I was assured by some experts that they didn’t. But I did learn:

+ Everyone should have two factor authentication on everything financial. That means you get a token every time you want to access your bank account. JPMorgan uses SecurID. Others send me a code to my cell phone. But there’s a trick the bad guys are using. They transfer your cell phone number to themselves. This way they can authorize their own hack. The way to stop this happening is to turn on what Verizon calls Number Lock. If you’re a Verizon cellphone customer, you should do this immediately — if not sooner. Why Number Lock is not standard with every Verizon beats me. I pay for three cell phone numbers for the family.

+ After that, I’ve done all the obvious things — changed passwords on every financial account I have — from banking to brokers. Chase agree to lock my bank account for a couple of weeks. Locking your bank account is critical because it’s so easy to pull money out of people’s account if you know the bank’s ABA number and the account number — information that’s on every check you’ve ever written. Security in the banking world is actually pretty lax. That’s for another blog.

Then I spent the weekend having nightmares. My worldly goods would be removed and I’d be out on the street, homeless in Portland, Oregon where I’d have lots of company.

My brilliant son Michael, who sort of works with computers (I’m not quite sure what he does) sent me a “Hacking List:

  • Ensure all three credit bureaus are locked down. Mine are and have been for years.
  • Call my banks, change passwords and get 2FA. Make sure they recognize the machine you’re using to access them.
  • Get new credit cards/ Don’t forget Amazon and Apple credit cards.
  • Don’t have the same password anywhere.
  • Give Fidelity (my online broker) a call and ensure they are confirming all moves of money and trades for a period of time. Better than that, Fidelity has a feature called Money Transfer Lockdown. For me, my Fidelity helper or a hacker to get money out of my account, I have to personally unlock the Lockdown. I like this.
  • Do you have 2 factor auth on everything?
  • Talk to Michael about encrypting passwords, etc. on your computer. I haven’t done that yet.

That’s it for now for me personally. Now, let’s look at our companies:

The world is freaking over cyber security

Our government has an agency called CISA:

It just issued a very important warning for American industry. The warning began:

The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:

+ Schneider Electric programmable logic controllers (PLCs),
+ OMRON Sysmac NEX PLCs, and
+ Open Platform Communications Unified Architecture (OPC UA) servers.

To read CISA’s release, click here.

Last night 60 Minutes led off with a segment on cybersecurity. They interviewed CISA’s head. You can watch the frightening segment here:

If you can’t see the video, click here and scroll down.

Today is tax day.

You can give them some money and ask for an automatic six month extension. Do it before midnight.

Has everyone seen this wonderful picture?


You can buy flagpoles and Ukrainian flags on Amazon (where else?). We’re flying one at the entrance to the Old Chatham Tennis Club, where I played tennis this morning. The blue goes on top.

If you find the information on security in this blog useful (It took hours and hours of research), please send some money to World Central Kitchen, which is providing zillions of meals inside and outside Ukraine to Ukrainian refugees. Click here.

Thank you for sending them money. There’s no harder working charity.

I’ll be back tomorrow or the next day. — Harry Newton