Almost scammed

Somebody on the Fidelity forum posted a similar experience and they DID give the caller the code. And the rest is history. The account was hacked.
The code text even says to not give the code to anyone.
NEVER GIVE YOUR 2FA CODE TO ANYONE.
 
  • Like
Reactions: MRG
We had a call like this from Chase bank, and at some point DW hit a button on her phone to begin recording the call, . . . . and the caller hung up.
 
I was just involved with attempted hack of Fidelity credit card. I got an two emails indicating the addition of a new telephone number and new phone were added to my account. I called and locked card and fortunately I was still able to access my account. They had successfully added the email and phone. No unauthorized charges but certainly a close call. My guess is they used forgot username/password via credit card access to add data ? They are getting very sophisticated.
 
fosterscik said:
The number, FWIW, was 848 326 7050. I didn't check to see if it was a legitimate Fidelity security department number, but I'm not sure how I would do that.
Click to expand...

I think there was a recent BH thread that indicated that the number associated with a text message can be spoofed, so even if the text came from a "real" Fidelity number, it could still be a scam.

Given the sophistication of this one, it wouldn't surprise me at all if the number matched a legitimate Fidelity source.
 
Jerry1 said:
Now that we’re aware of this problem, maybe a best practice is to not respond to any texts and immediately call the number on the back of the card instead.
Click to expand...
Agree. Also, as far as texts, I don't delete the legitimate (that I have authorized in my settings) text history on my phone for notifications from my accounts, and thus, when I receive a security "notification" text from one of those entities, my first clue that it could be fake is when I try to scroll up and all my previous legitimate notifications are not there (i.e., if it came from a brand new number in my texts list, I will not trust it, and will verify by calling a known number and attempt to login on the app or at the known www. address I normally use). Either way, I'm not clicking any links in emails or texts.
 
Dalton said:
Agree. Also, as far as texts, I don't delete the legitimate (that I have authorized in my settings) text history on my phone for notifications from my accounts, and thus, when I receive a security "notification" text from one of those entities, my first clue that it could be fake is when I try to scroll up and all my previous legitimate notifications are not there (i.e., if it came from a brand new number in my texts list, I will not trust it, and will verify by calling a known number and attempt to login on the app or at the known www. address I normally use). Either way, I'm not clicking any links in emails or texts.
Click to expand...
I went through my text list and added these known text numbers to my address book so that in the future when I get a legitimate text it will appear as e.g. Fidelity Security rather than a string of digits which may or may not be from the genuine article.

As you say never click on a link, but they were sneakier here.
 
COcheesehead said:
Somebody on the Fidelity forum posted a similar experience and they DID give the caller the code. And the rest is history. The account was hacked.
The code text even says to not give the code to anyone.
NEVER GIVE YOUR 2FA CODE TO ANYONE.
Click to expand...

What happened, did the person lose their money ? , after all they gave away the 2FA code so I could see a financial institution saying that is like giving away your password.
 
OP- Was smart/lucky to catch on about this before handing over the code.

Now that I think about it. These messages from credit cards, I won't care if I get a text asking if it's a legit use of Credit card, when I haven't just used the card in the last 3 minutes for the amount I just did.

Suppose I get a text: Did you spend $XXX.xx ... , and I don't reply,
  • The CC allows it: I have 30 days after my bill to dispute false charges.
  • The CC denys it: I didn't do it anyhow.
  • The CC freeze my CC: Fine, I'll notice and use one of my other CC's and fix it later from home via the phone.
This experience of OP has awakened me to just ignore those stupid texts from CC company.
 
Looks like Fidelity would not have reimbursed me if I had give a 2FA code to a phisher.

Fidelity Customer Protection Guarantee | Fidelity

We're proud to offer our Customer Protection Guarantee: We will reimburse your Fidelity account for any losses due to unauthorized activity.
www.fidelity.com
What are examples of when I won't be covered?
If you grant access or authority to, or share your Fidelity account access credentials or information with, any persons or entities, their activity will be considered authorized by you and not covered by the Customer Protection Guarantee. Losses of cash, securities, or digital assets transferred to outside accounts that are beneficially owned by you are not covered by the Customer Protection Guarantee. Also not covered is any activity by an employer/plan administrator, financial intermediary, or third-party who is authorized by you to access your data (or who received your data as a result of that access), or with whom you've shared or provided access to your username, password, or account number, or from malware or a breach of security that affects the systems of any of those parties. If you direct us to share account access information about you or your accounts with any third-party, the Customer Protection Guarantee does not cover any losses or activity resulting from the sharing of that information, including any misuse or theft of that information from a third-party.
Click to expand...
 
frayne said:
That's a pretty sophisticated scam...
Click to expand...
I disagree. From the OP:

I got a text from "Fidelity" this morning about a suspected fraudulent credit card purchase attempt. It looked identical to others I have received in the past and ask me to reply YES or NO to "did you make this charge".

I dutifully answered No....
Click to expand...

I keep telling people - this is simple. NEVER respond to an unsolicited communication like this. Assume it is a scam, and go to a known phone number for that company and check if you think it might be real.

I cringe when I hear people say 'look for misspelled words, bad grammar, a foreign accent, etc' - NO. Just ignore it and call a known number if you have a concern. Period. No exceptions. Simple. Works every time.
 
ShadowBloom said:
I've always thought it's a bad practice that Fidelity (and maybe other co's) ask you to read back a code to them. Even if you've initiated the call with them, it undermines the anti-scam training to never share the authorization code.
Click to expand...
But it is a one time code, not your password. Why is this a problem?
 
Sunset said:
What happened, did the person lose their money ? , after all they gave away the 2FA code so I could see a financial institution saying that is like giving away your password.
Click to expand...
It was about a year ago. I don’t remember the exact solution.
 
ERD50 said:
But it is a one time code, not your password. Why is this a problem?
Click to expand...
You should never share your code. I was on with Fidelity and I needed to remove the transfer lockdown. The rep said she couldn’t do it and waited for me to 2FA the process. She never asked for the code.
 
easysurfer said:
Did the caller have a foreign accent? That may be a tip off too.

Recently, I was traveling and did a pre-check in after getting a text. Wasn't a scam but still I was sending very personal data to register. Namely, my DL and credit card info. Next time, think I will do an older fashioned check in in front of a real person instead.
Click to expand...
Even that isn't always safe. If they take your card back to somewhere other than right in front of you, they can scan it in a moment. That happened to me once when I was at a seafood counter at a beach town. I was buying 2 dozen oysters. Handed them my card, they went to the back, bought them out in a box and handed my card back. That night, got a call from the cc company, did l just pay $800 for drinks at a bar in NYC? No, but I did buy oysters at that time in Bodega, California. They froze the card and sent me a new one the next day.
 
Sunset said:
OP- Was smart/lucky to catch on about this before handing over the code.

Now that I think about it. These messages from credit cards, I won't care if I get a text asking if it's a legit use of Credit card, when I haven't just used the card in the last 3 minutes for the amount I just did.

Suppose I get a text: Did you spend $XXX.xx ... , and I don't reply,
  • The CC allows it: I have 30 days after my bill to dispute false charges.
  • The CC denys it: I didn't do it anyhow.
  • The CC freeze my CC: Fine, I'll notice and use one of my other CC's and fix it later from home via the phone.
This experience of OP has awakened me to just ignore those stupid texts from CC company.
Click to expand...
I get those infrequently as well.
Rather safe to reply "yes" and avoid getting that card locked...
 
You should not reply to the text - ever. If you are concerned, call the customer service number on the back of your card. Period.

Responding yes or no confirms they linked your name and cell number with stolen information the bad guys have collected on you, possibly over the past few years !
 
fosterscik said:
I went through my text list and added these known text numbers to my address book so that in the future when I get a legitimate text it will appear as e.g. Fidelity Security rather than a string of digits which may or may not be from the genuine article.
Click to expand...
I also do this.
 
ERD50 said:
But it is a one time code, not your password. Why is this a problem?
Click to expand...
Because if you are being scammed they can use the one-time code to get into your account. The rule, including at Fidelity, is to not share that code. But now Fidelity has created an exception to the rule, meaning you need to think whether you should share your code when it's requested, meaning you can get that wrong and end up being scammed.
 
My temporary financial financial firm has stopped asking for a password. After providing the login they immediately send the one time code. Seems less secure to me although I have noticed other websites have started doing this.
 
skipro33 said:
Even that isn't always safe. If they take your card back to somewhere other than right in front of you, they can scan it in a moment.
Click to expand...
Haven't had it in years, but every single time my credit card was compromised, I was able to trace it back to a time when I used it in a restaurant and the waiter disappeared with it for a few minutes until bringing it back to me with the receipt.
Since then, I've always carried enough cash to pay for a good restaurant meal and I've never had it happen again.
I love the way they do it in many other countries where the waiter brings the machine to your table and your card is never out of your sight.
 
Over the past year, I've noticed many restaurants now either have a machine at the table to pay your bill, or bring you a portable machine to pay your bill.
 
Dalton said:
Agree. Also, as far as texts, I don't delete the legitimate (that I have authorized in my settings) text history on my phone for notifications from my accounts, and thus, when I receive a security "notification" text from one of those entities, my first clue that it could be fake is when I try to scroll up and all my previous legitimate notifications are not there (i.e., if it came from a brand new number in my texts list, I will not trust it, and will verify by calling a known number and attempt to login on the app or at the known www. address I normally use). Either way, I'm not clicking any links in emails or texts.
Click to expand...
I think that’s a good idea. DW was buying a mattress at a department store. Fidelity texted me to authorize. I could see the past alerts so I know it was legit. There was no phone number associated with the text (AFAIK), just the 5 digit text number. I added it to my contacts as Fidelity Fraud Alert. They declined the purchase even though I replied promptly. Then another text instructing me to resubmit the purchase.
 
You must log in or register to reply here.

Similar threads

Amethyst
New hack tactic? Someone bought Amazon (electronic) gift cards using my Amazon credit card, and the cards went to me!
2 3
audreyh1
audreyh1
O
Was this a scam ?
Crewer
C
Kings over Queens
PSA - Zelle Scam
2
audreyh1
audreyh1
S
Identity Theft via Auto Insurance
engineernerd
E
R
Musings... how to nudge "kid" to get a new car
2
Chuckanut
Chuckanut

Latest posts

Back
Top Bottom