Posted on 10/04/2018 2:34:50 AM PDT by NY.SS-Bar9
If you have a bank account with any kind of phone or online access, read carefully:
Over the weekend, someone was able to call into TD Bank and impersonate me. They were able to change my contact information and sign up for P2P transfers using Zelle. I was locked out of my account and started watching alert messages pop into email as my checking account was drained.
I suspect that this compromise involved data from the Experian breach allowing a thief to impersonate me. That, and dubious security at TD, left me $3,000.00 lighter.
I strongly suggest that everyone contact their bank and disable any option for P2P transfers. If your bank will not, take your business elsewhere.
My entire family had to get new accounts, new debit cards and rework all direct deposits and electronic payments. As of this morning, TD has refunded the stolen money.
I handled one of these for a client that involved $8,000 being paid to the thief in University City in the South, just last month. Think it was Oxford Mississippi.
Using the recipient bank’s information, I managed to have the thief’s bank accounts frozen and the funds returned. But you must act quickly.
I’m a retired forensic CPA so this brought back many old memories.
These usually begin with an email phishing for access to your email account. They will act as your email provider and give you a link to change your access password.
I might go and do a complete virus check of my laptop/PC, to ensure they did not get the info via it.
I never, ever even click those.
Anything of importance I do my own check ups.
NEVER NEVER NEVER use a login link sent to you in an email. It is very easy to create a web page that looks like the real one and then use it to steal your information.
I’ve read where the phone banking apps aren’t as secure as computer connections. My kids all use their phones. My wife uses the computer a lot. I still mainly use checks to pay bills.
I go through a set of checks in about 4 or 5 years.
I try to go cash, some debit or credit card when I have to.
My bank uses a 3 or 4 multiple choice questions based on credit history to authenticate. (what addresses have you been associated with, car make and model etc.) Information that would have had to have come from a credit report file. Answering those questions left my account wide open. Given the Experian data breach, using this method of authentication is ridiculous.
Sorry this happened to you...it is an awful thing to go through What is : P2P transfers:???
Someone tried to drain my accounts last week. They called in with my full SSN and everything. Moved money from all Welks Fargo accounts into 1 and tried to then drain money using my credit card info through Worldremit. They tried to access my account online and had the username but not the correct password according to Wells Fargo.
One option you might consider is to simply use banking web sites on your phone, rather than the banking app. They all have a “mobile” version that works just fine. That’s what I do - as I suspect that phone apps - besides being less secure (in my opinion) like every other app you download harvests far more information than necessary for them to complete a transaction. I also use 2-factor authentication to log in (every time) on accounts that can be so configured.
I write maybe 5 checks a year.
It may not be a perfect system but it has worked for me and I don't worry too much if a large website gets hacked.
This is why I closely monitor my online statements on both my bank account and my credit card account. Sometimes as much as four times a day.
Actually, the app for my bank and credit card,downloaded through the iOS App Store, works very well in my case. Mostly because it requires pretty strict login credentials.
We set up text message alerts on both our CU accounts and our credit card. Anything over $500 and we get a ping. Oh, and ANY transaction at a gas station triggers an alert.
If I ever found a credit card, the first place I would go is a gas station and tank up. They check nothing there.
That only works if you know the mailing zip....the pumps ask you what the zip code of the credit card owner is.
Allows for one person to pay directly into another persons bank account using an app. These apparently can be hacked easily and info and money redirected.
I have that set up on my credit cards to alert me for ANY amount and here's why. I got an early morning phone call from my Capital One credit card about a 57 cent purchase on the card, which they took to be a "testing" charge ... nothing big that would raise alarms but so small I might not notice. They said that's a trick of fraudsters to see if the card holder is paying attention, and if they're not, they'll go back and charge something big.
Cap One was on it immediately. The card was cancelled and they issued me a new one.
This has nothing to do with a debit card. They called int the bank, authenticated using the Experian data, changed my contact info and set up the P2P transfer. How the bank allows all that based on a phone call is beyond me.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.