Scammed

[PatMcDuck]

This afternoon, DH and DD (age 22) both got texts from "Bank of America" urging them to call a certain phone number.

DH called me right away, I checked our balances, and saw we were fine. (DH does nothing with our banking). I googled the phone #, and saw it is a scam. No harm, no foul.

5 minutes later, DD calls me. She got the same text, BUT SHE called the number back, and gave them ALL and I mean ALL, her personal information! She is at work, or I would have prevented this. She realized it was odd, and called the REAL BoA 5 minutes later. They said scam, and closed her accounts off, will send her a new debit card. They said, not to worry, you are flagged to someone trying to open a new account, etc. But jeez, she even have her SS#!! Couldn't the scammer just go to Chase and open a card or something. And shouldn't they send her new checks and everything?

She is freaking out, I am looking for advice on what to do next, to prevent this error from being a full fledged identity theft.

PS DD called, because SHE is set up for text alerts from BoA, she gets them for low balances, and when direct deposits are credited, etc, so it was not weird to her that they would reach her by text. And she said when she called, it even had the BoA chimes or something.

 

[OrangeCountyCommuter]

She needs to put a watch on her credit with the major credit agencies.

 

[nugov2]

I would pay for credit monitoring. That would make me very nervous if someone had my SS#, but you can't unring a bell. I would just have her do all that she can to protect herself. If you talk to someone at the bank they will no how long she should have it monitored by a company.

 

[Starwind]

The three credit bureaus all allow a security lock (sorry, forget its exact name) to be put on a person's file. The upside is that it prevents people from opening credit in your name; the downside is it prevents you from opening credit in your own name without going through a number of steps.


For the future, one security practice that my own bank told me about many years ago when i first got a credit card from them -- if anyone calls or writes claiming to be from my bank and asking me to call them at any number, do NOT call the number they provide. for that matter, claiming to be my bank and wanting me to give them any personal information (hang up and)...

Instead, look on the back of the credit card (or debit card) and call the bank at the number you find on the card itself -- you know it is ACTUALLY the bank. It is a 24 hour/7 day a week number. It is usually toll-free. If the bank really is trying to get ahold of you, there should be a note in your bank file. The bank customer service person can track down whatever unit needs to speak with you and transfer you to them. They can also confirm your identity by asking the security questions *you* established with them, NONE of which should include asking your social security number.


-SW

 

[minnie45]

I get emails like that (from "Bank of America"). The email tells me that I've been locked out of my account and in order to unlock my account I need to enter information.....I know it is a scam because I use a different email account for my credit cards. Then I check my account information to make sure all is well....

 

[PatMcDuck]

Young people are so exposed to this because they do so many things by text.

She gets texts from them regularly.

It was an automated thing, not a human.....ugh

 

[MOpGrad2013]

OP--I hope this will all work out for your DD. Unfortunately, she is not alone.

We were receiving phone calls from a computer system asking for information. Our credit union uses a similar system to remind of loan payments. We phoned about it. It was a spam. The only difference between the systems, our credit union actually says it's name after you click 1 for continue and it will leave a voice mail.

I did get upset at our credit union about it. Because it phones up and just asks if you are Joe Street, click 1..Then it identifies itself. They explained that because of the collection or something regulations and security they don't say the name of the bank.

Now I just send them all to voice mail--my DH's voice mail.

My insurance also sent out emails asking for correspondence confirmation. Didn't click through the email...but when I logged in, there was a message saying they had sent the email. Above the message is a big notice "we will never email you asking for your preferences..." Um...

 

[sookie]

She needs to put a freeze on all credit reports. That locks them down... not just an alert.

 

[zoemurr]

I would also contact the IRS. I had someone file taxes with my name and SS#. (No idea how they got it.) The IRS does not cross check any information. This person filed as a single (I file jointly) with a different address, job, and in another state.

They were given a huge refund, no questions asked, and I had to jump through hoops to get mine 10 months later.

Now I can only file with my PIN #. Maybe they can give her one?

 

[havaneselover]

My parents just got phones with that they can text on and on day 2 while I was visiting my mom got a text like this from Wells Fargo. Luckily I googled it and read that it was a scam.

 

[PatMcDuck]

So how are these scammers getting our cell phone numbers, and how do they know which bank we use? We feel like the leak has to be at the bank, they know our cell phone numbers. Unless it is a leak at Verizon, who knows which bank we use to pay our bill each month, I guess. It has to be one or the other.

Because they tried this on my husband, who does not have debit card, and this is a debit card scam. So it was not a leak from Home Depot, or Target, as BoA wanted to claim.

Of course, no harm possible with this particular scam, if you are responsible with your information. I realize that.


Thanks all for the tips!

 

[Josh Hendy]

So how are these scammers getting our cell phone numbers, and how do they know which bank we use? We feel like the leak has to be at the bank, they know our cell phone numbers. Unless it is a leak at Verizon, who knows which bank we use to pay our bill each month, I guess. It has to be one or the other.

Because they tried this on my husband, who does not have debit card, and this is a debit card scam. So it was not a leak from Home Depot, or Target, as BoA wanted to claim.

Of course, no harm possible with this particular scam, if you are responsible with your information. I realize that.


Thanks all for the tips!

Most people nowadays use a free email service such as gmail, hotmail (or bing or msn or live.com or whatever they decide to call it), yahoo, etc. I think these companies are DYING for you to give them your cell# ... allegedly for "security" of your email but I think it's really because connecting an email to a phone# is sooo valuable to them for marketing purposes and to resell to other marketers. Not that they would deliberate scam you or allow you to be scammed, but ... once the database exists then it's a cinch for someone to hack their database either from the outside or by a rogue employee on the inside.

The "do not call" boondoggle ... err, service ... that the government was hyping a few years ago also resulted in a database connecting millions of people's phone#'s and email addresses together, which if leaked or hacked can be used to leverage all kinds of private, allegedly secure information about you.

That's my theory, anyways ...

 

[ksyfumedland]

I would just have her do all that she can to protect herself.

 

[jerseygal]

I have used my Disney Visa Credit card for YEARS now, with no problem.

Got an e mail alert header from Chase end of August and was afraid to open the link...I immediately called the number from my home phone on the back of my Chase Visa and I immediately knew there was a problem because there were many security questions as prompts.. I was transferred to fraud detection and someone had stolen our cc #, made up a fraudulent Visa Card and attempted to use it in Michigan. Because of our "purchasing history", transaction was rejected...Anyway, a real hassle because I use that card EXTENSIVELY to take advantage of Disney Rewards...After reading recently about the Home Depot credit card problem, I now believe that my problem resulted from using my Disney Visa in Home Depot twice this summer...

Anyone using ANY FORM OF PAYMENT in Home Depot, debit card or credit card from April 1st forward is "vulnerable" to credit card theft!
A major inconvenience, but THANKFULLY Chase detected the fraud!

Additionally, the IRS scam is PERVASIVE! I constantly read about people falling prey to this IRS scam which threatens to remove passports to people, drivers license, etc...In the "heat of the moment" unfortunately many fall prey, especially the elderly!

I tell my elderly mother to NOT ANSWER THE PHONE to ANY unknown numbers I will then follow up with any phone calls for her if any voicemail is left!

 

[FairestOfThemAll37]

We've had to lock down our credit cards due to theft before. The upside is they make it nearly impossible for anybody to do any damage and the downside is that it makes it difficult for you yourself to use your cards but worth it to avoid identity theft.

I've found the banks have gotten pretty good at this themselves. I lived abroad for three years. Despite telling chase that they would be seeing charges regularly, my charges were often declined. Got really annoying when there fraud department is only open 8am-7pm and I was living on a 15hr time difference lol. It took a year and a half for them to properly flag my card and it was disastrous when traveling. I carried a lot of cash those 3 years haha.

 

[lanejudy]

So how are these scammers getting our cell phone numbers, and how do they know which bank we use? We feel like the leak has to be at the bank, they know our cell phone numbers. Unless it is a leak at Verizon, who knows which bank we use to pay our bill each month, I guess. It has to be one or the other.

It's unlikely to be a "leak" from a legitimate source -- just scammers who scour databases to get phone numbers and email addresses. I actually get BoA emails and texts frequently, but do not have an account with them (though once upon a time a store account might have been through BoA). I also get them from Chase. Both are large national banks. These scammers know the odds -- they are likely to get x% of responses for every y# of emails/texts/phone calls sent out.

It is very hard nowadays, and the young people who do so much electronically are particularly vulnerable, as are the elderly who don't understand the new technology and "trust" it. Best advice is to continue to re-iterate to the kids NEVER give any information to someone who calls, do not reply or click links in emails or texts. Use the contact info that you already have (on a statement, on a card, on info provided when you opened the account) to reach the financial institution directly and ask if they are trying to contact you.

Best of luck to your DD. If the bank didn't do so for her already, she should contact the 3 major credit bureaus. It could take months -- long after this incident isn't fresh in her mind -- before something is attempted.

 

[scard192]

I have used my Disney Visa Credit card for YEARS now, with no problem.

Got an e mail alert header from Chase end of August and was afraid to open the link...I immediately called the number from my home phone on the back of my Chase Visa and I immediately knew there was a problem because there were many security questions as prompts.. I was transferred to fraud detection and someone had stolen our cc #, made up a fraudulent Visa Card and attempted to use it in Michigan. Because of our "purchasing history", transaction was rejected...Anyway, a real hassle because I use that card EXTENSIVELY to take advantage of Disney Rewards...After reading recently about the Home Depot credit card problem, I now believe that my problem resulted from using my Disney Visa in Home Depot twice this summer...

Anyone using ANY FORM OF PAYMENT in Home Depot, debit card or credit card from April 1st forward is "vulnerable" to credit card theft!
A major inconvenience, but THANKFULLY Chase detected the fraud!

Additionally, the IRS scam is PERVASIVE! I constantly read about people falling prey to this IRS scam which threatens to remove passports to people, drivers license, etc...In the "heat of the moment" unfortunately many fall prey, especially the elderly!

I tell my elderly mother to NOT ANSWER THE PHONE to ANY unknown numbers I will then follow up with any phone calls for her if any voicemail is left!

my Chase Amazon card was compromised a few years ago, they declined the charge. I got a phone call and e-mail and was afraid to use either, so like you called Chase using the number on card

 

[Arielle22]

It's unlikely to be a "leak" from a legitimate source -- just scammers who scour databases to get phone numbers and email addresses. I actually get BoA emails and texts frequently, but do not have an account with them (though once upon a time a store account might have been through BoA). I also get them from Chase. Both are large national banks. These scammers know the odds -- they are likely to get x% of responses for every y# of emails/texts/phone calls sent out.

I agree. We see it at work. All emails get a scam email concerning a vendor we use. Scammers are hoping the person that deals with the vendor falls for it while the other ignore it.

 

[jahber]

Most people nowadays use a free email service such as gmail, hotmail (or bing or msn or live.com or whatever they decide to call it), yahoo, etc. I think these companies are DYING for you to give them your cell# ... allegedly for "security" of your email but I think it's really because connecting an email to a phone# is sooo valuable to them for marketing purposes and to resell to other marketers. That's my theory, anyways ...

Google asking for your number IS for security and ONLY for security. It's called two-factor authenticificafion and it can prevent someone from taking over your email account. If the celebrities whose iCloud backups were stolen (resulting in their personal photos being broadcast to the world) had been able to use two-factor authentification, the violation of their privacy might have been avoided. If someone is required to have both your email (or website) password AND your cell phone in hand in order to access your account, they almost certainly won't be able to hack your account.

I only mention this because there is so much fear-mongering about privacy these days (seriously, FB messenger is not recording your private conversations!) that it's scaring people away from taking reliable steps to protect themselves. And if someone hacked into google and stole our phone numbers, we'd have a MUCH bigger problem than spam phone calls.

 

[ktlm]

I would highly suggest that you get Lifelock or another identity theft prevention service like it if her social security number has been compromised. My friend had her social security card stolen from her home along with some other items (her family's cards were stolen too). She was told by the police to get Lifelock as they are seeing social security numbers "sold" on the black market. She got Lifelock, and sure enough has gotten repeated reports of credit cards attempted to be opened using her (or other family members) name and social security number, as well as having it attempted to be utilized for other things, including someone attempting to file a tax return using one of her family's SSN. It has been about a year, and lifelock has caught a ton of stuff in that time. It is finally starting to die down, but she had 1 pop up again last month. SSN has actually issued a couple of her family members new SSN because of all the issues that were occuring with their numbers. She said Lifelock was well worth the money she had to spend on it, because without them, there is no telling what all would have been opened in her name that she would have had to deal with.

You should also try contacting the IRS and Social Security Commission to advise them of your daughter being taken in by this scam. Here is some information from SSA on theft of a SSN:
http://www.ssa.gov/pubs/EN-05-10064.pdf

It is also a good idea to advise your local attorney general's office as well. They need to know that this is happening in your area. Often this type of stuff comes from out of the country and they can't stop it- but they can at least set out warnings to others.