Longer story somewhat shorter: I was at work all day. My bank (USAA) called me from their official number twice but I was busy so I didn't answer. A couple hours later they called again back to back so I answered. The USAA rep (male) told me my debit card had fraudulent activities today. He read me my full address to me, to confirm it was correct. He said USAA froze my account after the second failed possible-fraudulent withdrawal. My bank cancelled my card while I was on the phone and was sending me a new card in the mail. I'm covered for all losses due to my bank's policy. Before hanging up, the USAA rep asked me if I got my notifications on my app today when the activities posted. I said no, I've been at work. He asked me to log onto the app while he was on the phone. He said to verify two notifications so USAA knows my app is working. I verified the first notification even though it was a bit odd, it was asking me to verify I approved a potential fraudulent charge. The second notification the USAA rep instructed me to approve was a withdrawal limit increase on my checking account.
At that point I knew there was no way my bank would ask me to approve a special notification like that just so "USAA could verify my phone app was working" because "a lot of customers have had issues lately with the app so we need to be sure"..... I told the USAA rep I respect he's doing his job but I have to hang up, I said I'll call him right back on the USAA number he called from (the same number posted on the USAA website). I got his extension after some reluctantcy on his side. He said "I can just transfer you to my manager, he can verify whatever you need" but that wouldn't prove anything (obviously) so I was immediately even more suspicious.
I hung up and called USAA right back. The rep that helped me had no record I spoke to anybody at USAA. And there was no extension 804. There are other details I figured out that confirm the first rep wasn't actually a USAA rep but that's a lot more to type. WTAF?
My accounts are frozen for several days while an investigation is underway on me and my accounts by USAA.
There were actually 12 attempted transactions on my account today, not 2. One was in a city <2hrs from me, I'm assuming to test if the fake card worked with my info. Then at least 2 transactions were made in California today shortly after. Typical card skimmer BS. But what's crazy to me is somebody somehow spoofed my bank's actual phone number and called me, with a 15min phone call end-game of luring me into this grand fake phone call supposedly saving me from fraudulent charges, just to get me to log onto my app to actually APPROVE the fake charges and approve a withdrawal limit raise so they could drain the rest of my checking account.
I don't use that debit card on gas pumps, EVER. I have a gas card I use for my work car. I don't own a personal car. I have Amazon Prime linked to Paypal. I don't use my card to buy stuff online.
The only thing I've done recently out of the normal is apply for an auto loan at a local car dealership that has 5-8 stores locally (a huge reputable local franchise).
I feel like this is a little more than a skimmer on a gas pump. For someone to get all that info on me (listed below in my TLDR).... how?? I feel overly paranoid sometimes because I don't even toss loan spam or any paperwork in the trash whole. I hand-shred less important documents and mail spam, and I full-on shred important documents.
.
.
TL:DR; Someone had/has my full current address, full name, debit card info to forge a replica card, knows my bank for the card, and knew my personal cell phone number I use for the bank. And then they spoofed my bank's phone number and called my cell, then almost tricked me out of my entire savings. I've never heard of a skimmer to go through the lengths of spoofing a bank number and going through such lengths for so little money (I don't have a lot saved). How the actual f did someone get all that info together??
.
.
.
Edit: I work in IT and have a keen interest in cybersecurity, which I think helped save me before it was really too late. I'm just shook I almost really fucked up. I'm still shocked someone spoofed my bank's number and put all this together for "little old me" much less at all. How was I targeted and how did who get access to all my info? Ugh I can't stop thinking about it. I want to catch the people who did this but I feel like it's impossible. I feel like I'm wasting time and should be doing something. I feel like my bank is A) really suspicious of me. and B) Not outwardly concerned when I told them someone might have pretended to be a USAA rep and spoofed their number.
Submitted July 25, 2018 at 08:34PM by MrSavvy https://ift.tt/2LTmYWw
