Appreciate Ideas - What to Do

[kannon]

Morning - appreciate your ideas as this past few days have been "interested"

Background. All started got a text msg alert from BoA on low cash reserve. Alerts set up before. Didn't understand why. Seems that someone walked into a BoA South Carolina bank and withdrew $5200 from our checking acct. BTW - we live in Maryland.

Now we also set up alerts for large withdrawals - and here's the interesting part. The bank claims a text msg was sent to the phone number on file. That's my wife's iphone. The person in SC stealing our money got the text msg according to the bank and provided the required code.

Oh .. and while this was going on my wife's iphone all of a sudden she noticed she was not getting any phone calls and could only connect via wifi (no cellular).

Seems that her iphone identification was hacked and ported to the criminal's phone so the text went there.

Anyhow - we have had to close checking acct, deactivate SIM chip, police reports, fraud reports, ... wonderful day.

So - appreciate a couple of thoughts.

First - how did criminal both have quote "federal approved ID" and able to get wife's text msg? BTW - I was a victim yrs ago of the OPM breach as a federal civilian employee so possible loss of identity there. And in that security file is wife's information. But the SIM chip transfer is bewildering.

Second - I am done with BOA. Good time to move direct deposit to someplace new. Thinking take advantage of new accounts with either cash back or flying points. Where do you keep your cash? We really just need a small amount of cash accessible from ATM. We do use online bill paying so should we keep small amount of cash one place and we could pay our bills and keep a higher balance someplace safer (thinking where no person can physically try to access it like a bank teller).

Sorry for long post - but appreciate your ideas. Not happy BOA customer.

 

[Rianne]

If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

There is another thread on this forum discussing stolen cell phone numbers/SIM, with an article. Sorry I don't remember the title. One of the alerts is your wifi bar does not show any bars. And of course, you're not receiving texts or calls.

 

[njhowie]

Interesting. If someone walks in to BofA and wants to make a withdrawal, they also want to see id. If it's a larger withdrawal they ask for even more. When I was getting a cashiers check from a local branch, they not only asked for my id, but gave me the third degree - wanting me to tell them a few of my recent transactions. It actually almost became combative.

 

[MichaelB]

Sorry to hear this is happening.

There’s a security lapse with cell phone providers, such as AT&T and Verizon. Apparently employees are working with hackers to swap SIM cards, hijack phone numbers and use them to raid financial accounts. Here’s one incident https://arstechnica.com/tech-policy...-hackers-rob-man-of-1-8-million-lawsuit-says/

Here’s an article by Krebs on this https://krebsonsecurity.com/2019/08/who-owns-your-wireless-service-crooks-do/

Here’s another older article https://www.vice.com/en_us/article/...-telecom-employees-sim-swapping-port-out-scam

I was in a Verizon store recently and was a bit shocked to see how much unsupervised access to my account the employees had.

 

[Spock]

I'm not saying this would have prevented it, but putting a credit freeze at NCTUE in addition to the 4 primary credit bureaus will supposedly close one avenue of hijacking phones:
https://www.nctue.com/

 

[jazz4cash]

If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

There is another thread on this forum discussing stolen cell phone numbers/SIM, with an article. Sorry I don't remember the title. One of the alerts is your wifi bar does not show any bars. And of course, you're not receiving texts or calls.

Here’s the other thread. I agree it sounds similar.
Online banking from the road
http://www.early-retirement.org/forums/showthread.php?t=100458

If someone walked into a branch, they also have video. I use BoA but barely have enough in checking to pay my bills and nothing in savings usually. I’ve been thinking about setting up an emergency account with no online access.

It sounds like some text msgs go to you while others go to DW (which are diverted to hacker).

I hope you get some restitution, OP. Thanks for sharing so maybe others don t get burned.

 

[tmm99]

My friend's phone number was ported after she received a fraudulent alert call from a hacker pretending to be calling from her credit card company. She said that all sounded legitimate except that the caller asked her to take him off her speakerphone...(Why? I don't know...) Her phone quit working afer the call and she called her phone provider right away and changed passwords to all her financial institutions. No harm done except for all the hassle.

I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.

 

[tmm99]

If the text message went to the hacker, does that mean when you sign in to bank accounts to pay bills, those text verification codes also go to hacker. So every financial account is compromised?

.

Yes.

 

[pacergal]

Thats odd, I use B of A also. Whenever I am in the bank and withdraw larger amounts than usual, I not only have to show my ATM card, but drivers license.
As stated previously, bank should have video of transaction, which hopefully might help with ID and arrest of person.
Frightening how sophisticated some schemes are getting to be.

 

[kannon]

Excellent point. You are right - not sure what texts got to this bad guy. Vanguard texts go to me. Credit card online go to me. No funny stuff either places.

with new SIM chip, think the text msg issue is over with but how do we know in future if gets stolen again? Can't make calls?? How else would we know?

 

[kannon]

I talked to the bank manager and she said the person had proper federal ID - whatever that means - and then did the second level of security checking using text msg.

I was surprised such a large amount could be given out right away but manager said no limit (don't believe that).

Any suggestions on how to minimize/prevent/be notified of SIM chip stealing? We use two factor authorization on all investment sites. At least our username and passwords were not compromised.

 

[jazz4cash]

I wonder if email alerts for activity would be more secure? I m not diligent checking for emails but that’s mostly what I use except for 2FA.

 

[kannon]

My friend's phone number was ported after she received a fraudulent alert call from a hacker pretending to be calling from her credit card company. She said that all sounded legitimate except that the caller asked her to take him off her speakerphone...(Why? I don't know...) Her phone quit working afer the call and she called her phone provider right away and changed passwords to all her financial institutions. No harm done except for all the hassle.

I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.

Did your friend respond to the text? We get spam texts a lot but don't respond.

 

[gwraigty]

Second - I am done with BOA. Good time to move direct deposit to someplace new. Thinking take advantage of new accounts with either cash back or flying points. Where do you keep your cash? We really just need a small amount of cash accessible from ATM. We do use online bill paying so should we keep small amount of cash one place and we could pay our bills and keep a higher balance someplace safer (thinking where no person can physically try to access it like a bank teller).

Sorry for long post - but appreciate your ideas. Not happy BOA customer.

That's terrible that this happened to you! We have Fidelity's Cash Management Account and Charles Schwab High-Yield (not really, lol) Checking that automatically comes with their brokerage account. Both have online billpay, support direct deposit, free ATM withdrawals. There are no bank branches accessible with the Fidelity CMA. Schwab has one physical branch in Reno, NV. Between the two, if you have no need of another brokerage product, I'd recommend Fidelity's CMA.

Ally Bank is also a good choice. Their free ATM withdrawals do have a monthly limit though, last I knew. Definitely no branches for someone to walk into.

 

[tmm99]

I talked to the bank manager and she said the person had proper federal ID - whatever that means - and then did the second level of security checking using text msg.

.

I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?

 

[Jerry1]

I cannot imagine anybody being able to go into their bank and withdraw money without their physical ATM card and correct passcode.

I go into my credit union and withdraw money all the time with only my drivers license. I have the card somewhere but just providing proper ID seems to get the job done just fine. I'd really like to know (see) what form of "proper federal ID" was provided. My driver's license has my address on it, which is something I know they check. So, does the thief know where you live? That's a little scary.

 

[kannon]

I go into my credit union and withdraw money all the time with only my drivers license. I have the card somewhere but just providing proper ID seems to get the job done just fine. I'd really like to know (see) what form of "proper federal ID" was provided. My driver's license has my address on it, which is something I know they check. So, does the thief know where you live? That's a little scary.

I think someone got hold of a lot of our personal information - thinking OPM security clearance file was hacked yrs ago - know too much.

 

[kannon]

I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?

We use passcode for large transacations online at BOA. Good question - do banks require a text msg validation for large sums? i guess I took the manager's word for it

 

[jazz4cash]

I guess anybody can create a fake ID, but how about the passcode? Did this person provide the passcode? What the bank is saying doesn't really make sense to me. It even sounds a big fishy, because why would they send a text to a phone if you're standing right in front of them?

I agree it does not add up and the bank seems to be taking a defensive posture instead of a pro-active position. I’ve been contacted by BofA Fraud prevention a few times and they were always helpful to prevent or reimburse any loss. Sometimes overly cautious but I generally don’t have as much exposure as OP.

Did I understand correctly that OP and DW both had phone numbers associated with the account?

 

[FLSUnFIRE]

I would recommend changing your passcode/PIN whenever it is exposed to someone and/or changing providers.


I recently changed providers and got a new SIM. I set the passcode in the store (the person put it in), I changed it myself online a few days later so me and the computer should be the only ones with access... Of course, if someone has all your other personal data, they could call and get the passcode reset if they answer enough verification questions correctly. The passcode/PIN is required by your provider to release your number to be ported to another provider.

 

[GrayHare]

One way to reduce exposure to this type of scam is to be a customer of a local bank instead of a national or regional one.

 

[tmm99]

I go into my credit union and withdraw money all the time with only my drivers license. .

Didn't realize that's even possible. That is truly scary as I don't think it's that hard to create a fake drivers license.

 

[Teacher Terry]

I didn’t know this was possible either. It’s terrible what happened to you. Is the bank going to reimburse you? We use a local bank.

 

[davebarnes]

I keep my cash at DCU.org and have for 40 years.
DCU let's me have multiple sub-accounts and $2K of no-fee no-bounce checking. So, my typical checking account balance is a few hundred dollars. (I pay about $2/year in overdraft interest.)
I tend to visit the website daily to move money around.

 

[kannon]

Contacted Verizon. Seems the person of interest, using my ID information, had my DW phone number ported to their phone. I asked if verizon has the IMEI of the phone that temporary used DW phone number, they said yes, but only police could get it. They also said the phone could not be found based on the IMEI - which I think is incorrect.

Unfortunately the police in MD said that the crime happened in SC so it's not them. Verizon won't give me the store where the number was ported over so I don't know which police dept to contact. Besides - don't think any police dept would waste time on this when they are short handed with much higher priority needs.

Learning a lot.