Article:Large Check Fraudulently Issued from Savings Account by Phone-In Impersonator

audreyh1

audreyh1

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
Jan 18, 2006
Messages
38,166
Location
Rio Grande Valley
I just ran across this article from last year where a financial blogger had an "official check" for $43,000 issued from his savings account due so someone calling in, spoofing his phone number, and despite failing pass a couple of security hurdles, was allowed access by giving a correct credit card number and date of birth.
The fraudster knew my phone number and had used widely-available black market tools to “spoof” it on the call-in. So, to the bank’s systems, his phone appeared to be mine. But the miscreant failed to answer my correct phone password, and then failed to supply another piece of identifying information. Finally, they provided my date of birth, and a credit card number, and were allowed in.
Click to expand...
He caught it immediately, but it had me scratching my head about a few things. I don't believe that our online high yield savings accounts allow issuing any checks, so I suppose this must have been a regular high yield savings account.

And the suggestion to change your phone number because someone is spoofing it seems way off base. Instead, banks/credit unions should not use your phone number as definitive ID due to rampant spoofing.

The credit card they had reissued with a new number as they should. Using a credit card number as ID - makes me suspect this is a bank or credit union with whom he had both the savings account and credit card. But I'm usually asked things like details on a recent deposit or check.
https://www.caniretireyet.com/identity-theft-strikes-home/
 
I'm not familiar with this blogger. This is the 2nd link to his blog that I have read today. I am not impressed at all, but won't go into that.

I think he implied that it was USAA and gave their customer service kudos for resolving the issue (despite having weak security allowing an imposter to gain access).

I assume a check could be issued by any savings account (unless there's a way to opt out....not sure), but I'd like to understand how the imposter was able to get a check issued and mailed(?) to an address that was not registered on the account. Doesn't really add up.

I was puzzled also about how they knew which bank to contact, but your explanation that he had both savings and credit accounts at the same bank makes sense.
 
jazz4cash said:
I'm not familiar with this blogger. This is the 2nd link to his blog that I have read today. I am not impressed at all, but won't go into that.

I think he implied that it was USAA and gave their customer service kudos for resolving the issue (despite having weak security allowing an imposter to gain access).

I assume a check could be issued by any savings account (unless there's a way to opt out....not sure), but I'd like to understand how the imposter was able to get a check issued and mailed(?) to an address that was not registered on the account. Doesn't really add up.

I was puzzled also about how they knew which bank to contact, but your explanation that he had both savings and credit accounts at the same bank makes sense.
Click to expand...
Well, I assumed that the credit card and savings were at the same institution, because otherwise why would they know a credit card number to verify.

The online high yield savings accounts I have explicitly state no checks. But I think a regular savings account can provide checks.

Yeah - the whole check issuance thing is confusing.
 
i strongly resist having more than $20k in any bank at any time

( it is a shame when you trust your stock-broker more than your banks , but scammers aren't the only issue , here )
 
Something about this article sounds really off... a retired software engineer that had never heard of a temporary pass code texted to their phone and had to google it??
Assuming he didn't type in the temp pass code to complete the transaction, that should have stopped things right there... unless that is where the scammer phoned in and talked his way through the transaction. But then why would the temp pass code txt stop the second attempt but not the first as stated in the article??

2 factor authentication (texting or emailing a code to the contact info on record) would have still stopped this cold.

There is a scam whereby the perp actually transfers your phone number to their phone to receive these auth code texts... but then the owners phone should have stopped working. (note: this is the reason for freezing your records at NCTUE in addition to the big name credit agencies).
 
Last edited:
Spock said:
Something about this article sounds really off... a retired software engineer that had never heard of a temporary pass code texted to their phone and had to google it??
Assuming he didn't type in the temp pass code to complete the transaction, that should have stopped things right there... unless that is where the scammer phoned in and talked his way through the transaction. But then why would the temp pass code txt stop the second attempt but not the first as stated in the article??

2 factor authentication (texting or emailing a code to the contact info on record) would have still stopped this cold.

There is a scam whereby the perp actually transfers your phone number to their phone to receive these auth code texts... but then the owners phone should have stopped working. (note: this is the reason for freezing your records at NCTUE in addition to the big name credit agencies).
Click to expand...

I think he was just getting a notification of a transaction and that prompted him to look things up and call in. He didn't have a two-way authentication set up.
 
Spock said:
Something about this article sounds really off... a retired software engineer that had never heard of a temporary pass code texted to their phone and had to google it??
Assuming he didn't type in the temp pass code to complete the transaction, that should have stopped things right there... unless that is where the scammer phoned in and talked his way through the transaction. But then why would the temp pass code txt stop the second attempt but not the first as stated in the article??

2 factor authentication (texting or emailing a code to the contact info on record) would have still stopped this cold.
.
Click to expand...


I agree the story sounds off/incomplete.
The fraudster got around the temporary passcode by calling in and convincing a live agent to complete the transaction. The author assumed the temp code notice only applied to the credit account. The bit about buying a boat seems odd. I’ve been dragging my feet wrt 2FA and some other safeguards I need to deploy.
 
Something seems/sounds off? Imagine that. Who fact checks bloggers before posting?

When I want fiction, I read novels, much more detailed with better story lines.
 
You must log in or register to reply here.

Similar threads

M
Ally Money Market - Checking+Savings+Debit Card?
2
Replies
34
Views
3K
euro
euro
S
Advice on Making More $$ in a Trust Account
2
Replies
26
Views
3K
pb4uski
pb4uski
J
Need Advice for Stepbrother
2
Replies
43
Views
3K
ncbill
N
L
Managing parent's finances - how to invest?
Replies
16
Views
1K
Badger
Badger
Chuckanut
Use only your phone wallet - has anybody come close.
4 5 6
Replies
141
Views
7K
audreyh1
audreyh1

Latest posts

Back
Top Bottom