03-28-2015, 08:41 PM
[PSA] Hijacked checking account. Keep a close eye on financial accounts and take steps to protection them. (Long post)
Last week, a fraudster got through the automated system of the bank where my wife and I keep one of our joint checking accounts. He/she used my name, birth date and either my account number or ATM card number to fool the system and the representative who ended up handling the call. Once through security, the fraudster changed the address affiliated with the checking account. It's called hijacking a bank account - a form of identity theft - and changing the address is the first stage of it.
Technically, when someone changes the address on an account, the bank is supposed by law to send letters to the current address and the new address. Or, so I was told by an attorney. I never received a letter. The only reason I knew something happened to the account is because I access all of my financial accounts on a regular basis for day to day tasks. In this case, I logged into the checking account via the bank’s web site to pay some bills and was surprised when I saw a message stating Bill Payment was unavailable and that my account wasn’t allowed to use the feature.
Bill Pay being unavailable wasn’t a surprise. It happens now and again. My account being the wrong kind for bill payment? That was a huge red flag. I contacted the 800 number for the bank who went through extensive security questions and then informed me the account had been flagged for fraud and I had to go to a local branch to resolve the problem. I immediately went to a local branch and that's when I found out what actually happened and took immediate action to deal with the situation.
To make a long story short, after speaking with my wife about the situation, I opened a new account on the spot with the bank and transferred all of the money from the old account into it. My wife and I had a significant amount of money in the old account since it's our primary checking account and I was just about to pay a credit card bill and cut the IRS a check for taxes. The fraudster might have managed to get all of it if I hadn't acted so quickly.
I had to leave the old account open temporarily, restricted and flagged for fraud, but open so I could change a biweekly direct deposit and three monthly automatic deductions. It took me a couple of days to get that done. Once I confirm the changes are in place, the old account will be closed permanently. I’ll have the bank send me a “letter of clearance” or a letter confirming the account is closed due to theft or fraud once that is done.
But, opening a new account and transferring the money into it was just the beginning. If the fraudster did that with one account, he/she may have done it with others and might even have my social security number. As a result of the hijacking, I had to contact every financial institution I use (bank account, investment accounts, credit card, etc) and confirm that all was well. Fortunately, the fraudster appears to not have gotten my social security number and did not do anything to any of my other financial accounts. After taking those steps, I put fraud alerts and security freezes on my credit accounts with TransUnion, Experian and Equifax as a precaution and filed a police report. I needed the police report for putting extended fraud alerts in place.
It took me days to do all this and I'm still have work to do. And, this is just because of a hijacked checking account. I can't fathom what I'd have to do if it was full-scale identity theft! Weeks, months, years, attorneys, the police, you name it. I consider myself fortunate!
And, apparently, much to my chagrin, it’s easy to hijack a checking account. All someone needs to access an account is your name, birthday and either an account or ATM card number. And, all of that information is a cinch to obtain. Name and birthday? They’re all over the place. Account number? Copy it off a statement or a check. People still need to use checks now and again, even in this day and age. ATM card number? Skimmers are popular amongst fraudsters or it can be gotten when a company suffers from a security breach. Mine is a plain ATM card, useful only at ATM machines. You can't make purchases with it.
This situation confirmed something I’ve been saying for years. Take steps to protect your financial accounts. I have special passwords in place for all of my financial accounts, at least when the financial institution allows me to use one. Not all of them allow it. Unfortunately, to my dismay, the one I thought was set up at this bank turned out not to be in place. The rep my wife and I worked with when opening the account apparently didn't set it up properly. Human error. That password would have prevented the situation entirely. Needless to say, a password is in place now and I’ve confirmed it a few times just to make sure.
Despite all that happened, I'm staying with the bank. Although the password issue is a problem, my wife and I have many good reasons to stay with them. I can also say some level of fraud protection is definitely in place because they kicked into gear when the bank noticed unusual activity. That and the reps at the local branch - not the one I usually use - took phenomenal care of me. There is something to be said for that.
The other thing I learned is steps such as credit fraud alerts, monitoring credit reports and credit score, security freezes, using a service like Credit Karma that monitors your credit, etc, do nothing to protect bank accounts and other sensitive information. You need to take additional steps to protect non-credit related financial accounts. Even using a bank’s notification system won’t necessarily cut it. I’m now researching identity theft services since I feel something more comprehensive than Credit Karma and my protective measures has become imperative.
Although I’m still reeling from what happened and everything I’ve had to do to resolve the problem and further protect my identity, a fellow forumite suggested I post about the situation. I’m hoping everyone in the forum can learn something from my experience. And, I hope it doesn’t happen to any of you.
Robert
Last week, a fraudster got through the automated system of the bank where my wife and I keep one of our joint checking accounts. He/she used my name, birth date and either my account number or ATM card number to fool the system and the representative who ended up handling the call. Once through security, the fraudster changed the address affiliated with the checking account. It's called hijacking a bank account - a form of identity theft - and changing the address is the first stage of it.
Technically, when someone changes the address on an account, the bank is supposed by law to send letters to the current address and the new address. Or, so I was told by an attorney. I never received a letter. The only reason I knew something happened to the account is because I access all of my financial accounts on a regular basis for day to day tasks. In this case, I logged into the checking account via the bank’s web site to pay some bills and was surprised when I saw a message stating Bill Payment was unavailable and that my account wasn’t allowed to use the feature.
Bill Pay being unavailable wasn’t a surprise. It happens now and again. My account being the wrong kind for bill payment? That was a huge red flag. I contacted the 800 number for the bank who went through extensive security questions and then informed me the account had been flagged for fraud and I had to go to a local branch to resolve the problem. I immediately went to a local branch and that's when I found out what actually happened and took immediate action to deal with the situation.
To make a long story short, after speaking with my wife about the situation, I opened a new account on the spot with the bank and transferred all of the money from the old account into it. My wife and I had a significant amount of money in the old account since it's our primary checking account and I was just about to pay a credit card bill and cut the IRS a check for taxes. The fraudster might have managed to get all of it if I hadn't acted so quickly.
I had to leave the old account open temporarily, restricted and flagged for fraud, but open so I could change a biweekly direct deposit and three monthly automatic deductions. It took me a couple of days to get that done. Once I confirm the changes are in place, the old account will be closed permanently. I’ll have the bank send me a “letter of clearance” or a letter confirming the account is closed due to theft or fraud once that is done.
But, opening a new account and transferring the money into it was just the beginning. If the fraudster did that with one account, he/she may have done it with others and might even have my social security number. As a result of the hijacking, I had to contact every financial institution I use (bank account, investment accounts, credit card, etc) and confirm that all was well. Fortunately, the fraudster appears to not have gotten my social security number and did not do anything to any of my other financial accounts. After taking those steps, I put fraud alerts and security freezes on my credit accounts with TransUnion, Experian and Equifax as a precaution and filed a police report. I needed the police report for putting extended fraud alerts in place.
It took me days to do all this and I'm still have work to do. And, this is just because of a hijacked checking account. I can't fathom what I'd have to do if it was full-scale identity theft! Weeks, months, years, attorneys, the police, you name it. I consider myself fortunate!
And, apparently, much to my chagrin, it’s easy to hijack a checking account. All someone needs to access an account is your name, birthday and either an account or ATM card number. And, all of that information is a cinch to obtain. Name and birthday? They’re all over the place. Account number? Copy it off a statement or a check. People still need to use checks now and again, even in this day and age. ATM card number? Skimmers are popular amongst fraudsters or it can be gotten when a company suffers from a security breach. Mine is a plain ATM card, useful only at ATM machines. You can't make purchases with it.
This situation confirmed something I’ve been saying for years. Take steps to protect your financial accounts. I have special passwords in place for all of my financial accounts, at least when the financial institution allows me to use one. Not all of them allow it. Unfortunately, to my dismay, the one I thought was set up at this bank turned out not to be in place. The rep my wife and I worked with when opening the account apparently didn't set it up properly. Human error. That password would have prevented the situation entirely. Needless to say, a password is in place now and I’ve confirmed it a few times just to make sure.
Despite all that happened, I'm staying with the bank. Although the password issue is a problem, my wife and I have many good reasons to stay with them. I can also say some level of fraud protection is definitely in place because they kicked into gear when the bank noticed unusual activity. That and the reps at the local branch - not the one I usually use - took phenomenal care of me. There is something to be said for that.
The other thing I learned is steps such as credit fraud alerts, monitoring credit reports and credit score, security freezes, using a service like Credit Karma that monitors your credit, etc, do nothing to protect bank accounts and other sensitive information. You need to take additional steps to protect non-credit related financial accounts. Even using a bank’s notification system won’t necessarily cut it. I’m now researching identity theft services since I feel something more comprehensive than Credit Karma and my protective measures has become imperative.
Although I’m still reeling from what happened and everything I’ve had to do to resolve the problem and further protect my identity, a fellow forumite suggested I post about the situation. I’m hoping everyone in the forum can learn something from my experience. And, I hope it doesn’t happen to any of you.
Robert
