While spending a week out of town for the holidays, I woke up two days ago with a text alert that my checking account balance was ~$30... Obviously I was confused and logged in immediately to check my accounts and saw my savings account was also basically empty.
Basically, someone transferred my entire savings account to checking then made multiple online purchases and TransferWise transfers with the ~$8000. They also somehow re-opened my closed paypal account (closed because of a previous fraud event which they were entirely unhelpful about) and added my bank account to it. My credit card was untouched. This all happened between 12 and 5 am.
I have an open fraud investigation and I'm pretty confident everything will be reversed and I'll be ok. I use Bank of America, and as I referenced above i had someone commandeer my paypal account and used it to purchase random stuff. Paypal support was useless and Bank of America was great with reversing everything.
I'm not really sure how this was all pulled off, but according to BoA support they said the purchases were made with my debit card number, and there is a sign-in history to my BoA web account deep into the night. I obviously changed all of my passwords and added 2-factor authentication to everything.
Things I learned:
1) BoA changed their alert settings at some point and defaulted almost all alerts to off. I don't understand why this happened, and while it wouldn't have changed anything, I was mad that they effectively made things less secure.
2) USE TWO FACTOR AUTHENTICATION. For everything. Most of us have a lot of accounts with substantial sums of money and a username/password IS NOT ENOUGH security to protect your money.
3) Double check all of your security alerts. It's better to be annoyed about getting a lot of alerts than to miss fraudulent activity while it's happening.
4) I'm thinking of opening an unlinked savings account with another bank to keep some or all savings there. Having all my liquid cash in one spot has proven to not be very wise.
5) Credit cards get a bad rap at times but without them I'd have been completely dead in the water.
6) I haven't been able to piece together how everything happened, I use LastPass with 2-factor, gmail with 2-factor. It feels like they'd need access to my email to pull off some of what they did (like reopen paypal, and open a transferwise transaction with my email address...) but I have no fraudulent sign-in history on my google account. I just don't know. DOUBLE CHECK ALL YOUR ACCOUNTS. I thought I was secure, I was not.
I'm making this post because it might make some people take a second look at their finances and accounts and maybe prevent something like this in the future. A week ago I was speaking proudly of how set up my finances are right now and felt great financially, and now I'm dealing with every bit of cash I have being stolen. Shit changes overnight so do your due diligence to stay secure.
Submitted December 31, 2017 at 01:31PM by romple http://ift.tt/2ChOXyl