@MacInWin....
Well, the short description of the event can be viewed as "not a symptom of being hacked", but...The longer one below may change your mind...
@Slydude...
I tend to agree with you about being "on the ball", but in this case investment company was. I don't get impressed by fraud protection department these guys were just fine.
So some background....
Last Sunday, I did log in to the investment company without any issues. Late last Monday I've got the alert that my email address had been changed on the account and called the company first thing on Tuesday. That's when I had been informed that the account had been locked due to fraudulent activities by the fraud department. Yesterday the fraud department contacted me and stated, that someone tried to setup a bank account and transfer out a substantial amount from my account.
He restored my account to the previous state and requested to change the account name and password. So I did in KeePass. For financial accounts my standard is minimum 12 charterers randomly generated UID and so is the PWD. He set a temporary password and me to login to my account and change the password. After logging in couple of times for testing purposes, we were pretty much done and he of course removed the lock. This is where it becomes interesting, keep in mind that the UID/PWD had only been stored on the MacBook.
An our later he called and informed me that someone tried to wire out 1K to the same bank that he removed, he had prevented the wire transfer and locked the account again. He also stated that it seems the MacBook had been hacked. I had him leave the lock on until I clean up my MacBook.
One more note... The company does use 2FA with text PIN#. Instead of coming to my phone it went to my wife's, who did not receive it. I don't know why, still looking into it and open for suggestions....
TIA...