Bitcoin Blackmailers Tried to Take $25K From My Dad's E-Trade Account

A cautionary tale about a new kind of financial fraud.

Farnoosh Torabi Former Editor at Large
Farnoosh Torabi is a financial strategist, host of the award-winning podcast So Money and a bestselling author.
Farnoosh Torabi
4 min read
Digital media illustration of the bitcoin logo on a fish hook
Westend61/Getty Images

Earlier this year, my dad woke to find the his E-Trade account had been hacked -- and he almost lost $25,000.

The culprit was a bitcoin blackmailer, a title the Federal Trade Commission has appointed to the internet hackers that threaten to seize money or reveal unflattering details about someone's personal life unless they receive gobs of bitcoin. And while the media tends to cover these bad actors when they demand millions in bitcoin after hacking major companies like Colonial Pipeline, they're also targeting everyday consumers like my dad.

Here's how it all played out in my father's case. He received a push message from his E-Trade account that said his full investment in Apple stock had been sold. He had not requested any such sale, but when he logged into his account, his fears were confirmed: Someone had broken into his account over the weekend and placed a sell order on his Apple stock to occur on Monday morning. 

Now, when you sell a stock, it usually takes a few business days to process. The cash from the liquidated stock then appears in your account, at which point you can transfer it to an external bank account. Luckily the transaction in my father's account was still pending when he found out, and the hacker had not yet linked an account to wire the money. My father immediately called E-Trade and the company was able to abort the transaction.

Then came some strange emails. The fraudster sent multiple emails to my dad throughout the day suggesting that he'd hacked his account and wanted more. "Sorry in advance…," they said. "I have access to Amazon and some of your banks. I have your routing number and bank account number. We'll just take [your money] the good way. What if you give me 5000$ payment in bitcoin. I promise not to sell your important bank data."

The FTC says these types of messages demanding bitcoin in exchange for not violating your life are growing in number. To avoid falling prey, here are some steps you can take today.

Don't respond to emails or texts requesting passwords

These phishing scams, where fraudsters send seemingly legit messages asking for personal information, are what often lead to financial fraud. You may receive an email that appears to be from your bank, the IRS or another institution asking you to click on a link and update your password or login to retrieve an important message related to your account. Be sure to check the sender's email address and any links to verify the legitimacy of the sender. If the IRS or your bank needs important information from you, they probably won't email or text.

In my dad's case, he recalled an email from "Amazon" asking him to update details for a recent order. He hadn't recognized the order, but figured my mother must have placed it since they share an account. When he clicked on the email, he was asked to enter his username and password. Unfortunately, he did.

Update your passwords regularly

And be sure you don't use the same one for various accounts. My father's Amazon username and password were identical to the one he used for E-Trade. He now uses a password manager that helps generate and store unique passwords for all of his accounts. Some password managers that we like at CNET include LastPass and Bitwarden.

Opt for 2FA when possible

My father also believes the bitcoin blackmailer was ultimately able to access his E-Trade account because he had not signed up for two-factor authentication. That means that when you log in, the site will require a second step to authorize the login, usually by sending the account holder a text message with a code they can use to verify a login attempt and gain access.

Talk to your financial institutions 

If you believe your account's been hacked or if you receive any cryptic emails from potential bitcoin blackmailers, check with your financial institutions. My dad's first instinct was to call E-Trade -- a wise step. The company immediately helped put a stop to the transfer so the pirate was unable to sail away with my dad's money. My dad discovered later that E-Trade had also notified local police and social services; he received calls from both agencies later in the day. The police wanted to gather more information for an investigation, and the social services team was calling to ensure my dad wasn't too shaken up and that his financial health was OK (kinda sweet).

My dad was fortunate and acted quickly to protect his assets, but many have fallen prey to this and other crypto-related scams. The best way to protect yourself and your financial accounts is to take preventive steps like never opening emails from institutions claiming to need your personal information, updating and differentiating your passwords, and opting for two-factor authentication wherever possible.