Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Appreciate Ideas - What to Do
Old 11-01-2019, 08:00 AM   #1
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
Appreciate Ideas - What to Do

Morning - appreciate your ideas as this past few days have been "interested"

Background. All started got a text msg alert from BoA on low cash reserve. Alerts set up before. Didn't understand why. Seems that someone walked into a BoA South Carolina bank and withdrew $5200 from our checking acct. BTW - we live in Maryland.

Now we also set up alerts for large withdrawals - and here's the interesting part. The bank claims a text msg was sent to the phone number on file. That's my wife's iphone. The person in SC stealing our money got the text msg according to the bank and provided the required code.

Oh .. and while this was going on my wife's iphone all of a sudden she noticed she was not getting any phone calls and could only connect via wifi (no cellular).

Seems that her iphone identification was hacked and ported to the criminal's phone so the text went there.

Anyhow - we have had to close checking acct, deactivate SIM chip, police reports, fraud reports, ... wonderful day.

So - appreciate a couple of thoughts.

First - how did criminal both have quote "federal approved ID" and able to get wife's text msg? BTW - I was a victim yrs ago of the OPM breach as a federal civilian employee so possible loss of identity there. And in that security file is wife's information. But the SIM chip transfer is bewildering.

Second - I am done with BOA. Good time to move direct deposit to someplace new. Thinking take advantage of new accounts with either cash back or flying points. Where do you keep your cash? We really just need a small amount of cash accessible from ATM. We do use online bill paying so should we keep small amount of cash one place and we could pay our bills and keep a higher balance someplace safer (thinking where no person can physically try to access it like a bank teller).

Sorry for long post - but appreciate your ideas. Not happy BOA customer.
__________________

kannon is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 11-01-2019, 08:24 AM   #2
Thinks s/he gets paid by the post
Rianne's Avatar
 
Join Date: Aug 2017
Location: Champaign
Posts: 2,424
If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

There is another thread on this forum discussing stolen cell phone numbers/SIM, with an article. Sorry I don't remember the title. One of the alerts is your wifi bar does not show any bars. And of course, you're not receiving texts or calls.
__________________

__________________
"If you want to go fast, go alone. If you want to go far, go together.
Rianne is online now   Reply With Quote
Old 11-01-2019, 08:25 AM   #3
Thinks s/he gets paid by the post
 
Join Date: Mar 2012
Posts: 1,215
Interesting. If someone walks in to BofA and wants to make a withdrawal, they also want to see id. If it's a larger withdrawal they ask for even more. When I was getting a cashiers check from a local branch, they not only asked for my id, but gave me the third degree - wanting me to tell them a few of my recent transactions. It actually almost became combative.
njhowie is online now   Reply With Quote
Old 11-01-2019, 08:26 AM   #4
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: lumpen slums of cyberspace
Posts: 30,540
Sorry to hear this is happening.

There’s a security lapse with cell phone providers, such as AT&T and Verizon. Apparently employees are working with hackers to swap SIM cards, hijack phone numbers and use them to raid financial accounts. Here’s one incident https://arstechnica.com/tech-policy/...-lawsuit-says/

Here’s an article by Krebs on this https://krebsonsecurity.com/2019/08/...ice-crooks-do/

Here’s another older article https://www.vice.com/en_us/article/3...-port-out-scam

I was in a Verizon store recently and was a bit shocked to see how much unsupervised access to my account the employees had.
MichaelB is online now   Reply With Quote
Old 11-01-2019, 08:35 AM   #5
Full time employment: Posting here.
 
Join Date: Jun 2016
Posts: 964
I'm not saying this would have prevented it, but putting a credit freeze at NCTUE in addition to the 4 primary credit bureaus will supposedly close one avenue of hijacking phones:
https://www.nctue.com/
Spock is offline   Reply With Quote
Old 11-01-2019, 08:37 AM   #6
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,642
Quote:
Originally Posted by Rianne View Post
If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

There is another thread on this forum discussing stolen cell phone numbers/SIM, with an article. Sorry I don't remember the title. One of the alerts is your wifi bar does not show any bars. And of course, you're not receiving texts or calls.


Hereís the other thread. I agree it sounds similar.
Online banking from the road
Online banking from the road

If someone walked into a branch, they also have video. I use BoA but barely have enough in checking to pay my bills and nothing in savings usually. Iíve been thinking about setting up an emergency account with no online access.

It sounds like some text msgs go to you while others go to DW (which are diverted to hacker).

I hope you get some restitution, OP. Thanks for sharing so maybe others don t get burned.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Old 11-01-2019, 08:38 AM   #7
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 2,977
My friend's phone number was ported after she received a fraudulent alert call from a hacker pretending to be calling from her credit card company. She said that all sounded legitimate except that the caller asked her to take him off her speakerphone...(Why? I don't know...) Her phone quit working afer the call and she called her phone provider right away and changed passwords to all her financial institutions. No harm done except for all the hassle.

I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.
tmm99 is offline   Reply With Quote
Old 11-01-2019, 08:41 AM   #8
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 2,977
Quote:
Originally Posted by Rianne View Post
If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

.
Yes.
tmm99 is offline   Reply With Quote
Old 11-01-2019, 08:46 AM   #9
Thinks s/he gets paid by the post
 
Join Date: Apr 2015
Posts: 1,171
Thats odd, I use B of A also. Whenever I am in the bank and withdraw larger amounts than usual, I not only have to show my ATM card, but drivers license.
As stated previously, bank should have video of transaction, which hopefully might help with ID and arrest of person.
Frightening how sophisticated some schemes are getting to be.
__________________
Give me a fish, I will eat for a day. Teach me to fish, I will eat for a lifetime.
pacergal is offline   Reply With Quote
Old 11-01-2019, 08:47 AM   #10
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
Excellent point. You are right - not sure what texts got to this bad guy. Vanguard texts go to me. Credit card online go to me. No funny stuff either places.

with new SIM chip, think the text msg issue is over with but how do we know in future if gets stolen again? Can't make calls?? How else would we know?
kannon is offline   Reply With Quote
Old 11-01-2019, 09:00 AM   #11
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
I talked to the bank manager and she said the person had proper federal ID - whatever that means - and then did the second level of security checking using text msg.

I was surprised such a large amount could be given out right away but manager said no limit (don't believe that).

Any suggestions on how to minimize/prevent/be notified of SIM chip stealing? We use two factor authorization on all investment sites. At least our username and passwords were not compromised.
kannon is offline   Reply With Quote
Old 11-01-2019, 09:01 AM   #12
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,642
I wonder if email alerts for activity would be more secure? I m not diligent checking for emails but thatís mostly what I use except for 2FA.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Old 11-01-2019, 09:02 AM   #13
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
Quote:
Originally Posted by tmm99 View Post
My friend's phone number was ported after she received a fraudulent alert call from a hacker pretending to be calling from her credit card company. She said that all sounded legitimate except that the caller asked her to take him off her speakerphone...(Why? I don't know...) Her phone quit working afer the call and she called her phone provider right away and changed passwords to all her financial institutions. No harm done except for all the hassle.

I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.
Did your friend respond to the text? We get spam texts a lot but don't respond.
kannon is offline   Reply With Quote
Old 11-01-2019, 09:23 AM   #14
Thinks s/he gets paid by the post
 
Join Date: Jan 2018
Location: NE Ohio
Posts: 1,198
Quote:
Originally Posted by kannon View Post
Second - I am done with BOA. Good time to move direct deposit to someplace new. Thinking take advantage of new accounts with either cash back or flying points. Where do you keep your cash? We really just need a small amount of cash accessible from ATM. We do use online bill paying so should we keep small amount of cash one place and we could pay our bills and keep a higher balance someplace safer (thinking where no person can physically try to access it like a bank teller).

Sorry for long post - but appreciate your ideas. Not happy BOA customer.
That's terrible that this happened to you! We have Fidelity's Cash Management Account and Charles Schwab High-Yield (not really, lol) Checking that automatically comes with their brokerage account. Both have online billpay, support direct deposit, free ATM withdrawals. There are no bank branches accessible with the Fidelity CMA. Schwab has one physical branch in Reno, NV. Between the two, if you have no need of another brokerage product, I'd recommend Fidelity's CMA.

Ally Bank is also a good choice. Their free ATM withdrawals do have a monthly limit though, last I knew. Definitely no branches for someone to walk into.
gwraigty is offline   Reply With Quote
Old 11-01-2019, 09:56 AM   #15
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 2,977
Quote:
Originally Posted by kannon View Post
I talked to the bank manager and she said the person had proper federal ID - whatever that means - and then did the second level of security checking using text msg.

.
I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?
tmm99 is offline   Reply With Quote
Old 11-01-2019, 10:14 AM   #16
Moderator
Jerry1's Avatar
 
Join Date: Nov 2014
Posts: 3,368
Quote:
Originally Posted by tmm99 View Post
I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.
I go into my credit union and withdraw money all the time with only my drivers license. I have the card somewhere but just providing proper ID seems to get the job done just fine. I'd really like to know (see) what form of "proper federal ID" was provided. My driver's license has my address on it, which is something I know they check. So, does the thief know where you live? That's a little scary.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
Jerry1 is online now   Reply With Quote
Old 11-01-2019, 10:23 AM   #17
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
Quote:
Originally Posted by Jerry1 View Post
I go into my credit union and withdraw money all the time with only my drivers license. I have the card somewhere but just providing proper ID seems to get the job done just fine. I'd really like to know (see) what form of "proper federal ID" was provided. My driver's license has my address on it, which is something I know they check. So, does the thief know where you live? That's a little scary.
I think someone got hold of a lot of our personal information - thinking OPM security clearance file was hacked yrs ago - know too much.
kannon is offline   Reply With Quote
Old 11-01-2019, 10:24 AM   #18
Recycles dryer sheets
 
Join Date: Feb 2011
Location: Nottingham
Posts: 160
Quote:
Originally Posted by tmm99 View Post
I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?
We use passcode for large transacations online at BOA. Good question - do banks require a text msg validation for large sums? i guess I took the manager's word for it
kannon is offline   Reply With Quote
Old 11-01-2019, 10:50 AM   #19
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,642
Quote:
Originally Posted by tmm99 View Post
I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?


I agree it does not add up and the bank seems to be taking a defensive posture instead of a pro-active position. Iíve been contacted by BofA Fraud prevention a few times and they were always helpful to prevent or reimburse any loss. Sometimes overly cautious but I generally donít have as much exposure as OP.

Did I understand correctly that OP and DW both had phone numbers associated with the account?
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is offline   Reply With Quote
Old 11-01-2019, 10:54 AM   #20
Dryer sheet aficionado
 
Join Date: Feb 2019
Location: Tampa Bay
Posts: 45
I would recommend changing your passcode/PIN whenever it is exposed to someone and/or changing providers.


I recently changed providers and got a new SIM. I set the passcode in the store (the person put it in), I changed it myself online a few days later so me and the computer should be the only ones with access... Of course, if someone has all your other personal data, they could call and get the passcode reset if they answer enough verification questions correctly. The passcode/PIN is required by your provider to release your number to be ported to another provider.
__________________

FLSUnFIRE is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Appreciate your ER Shabby Life after FIRE 28 07-09-2014 08:42 AM
Refinancing Mortgage - Appreciate Advice inquisitive FIRE and Money 47 01-27-2013 09:24 AM
Appreciate Some Florida Guidance JPatrick Travel Information 19 02-28-2012 04:51 PM
Giving notice soon - would appreciate feedback before I pull the plug...(long) skyline Young Dreamers 21 01-26-2010 10:07 PM
For Laurence and others who appreciate security humor cube_rat Young Dreamers 2 04-03-2007 03:05 PM

» Quick Links

 
All times are GMT -6. The time now is 01:33 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
×