Update on my DCCU Scam:
First, I feel like an old soldier
locked in a time warped initially calling the credit union DECU. It has obviously got new initials and I
apologize for using its old acronym.
Secondly, MY MONEY HAS BEEN FULLY
RECOVERED!!!!!!!! Of course that was a
big big thing for Barb and I because I had the notion that it had been
transferred and that I may not see it again.
See story below.
Here
is the rest of the story about my DCCU Scam:
In Mid March I can verify that I received
an email or two that was a phishing scam for the DCCU. My scammers got my login at the credit union
in some way. It may have been from a
response to one of these emails in (one of my more stupid and weaker moments). I can’t be sure, but I do know for sure that
the scammers logged in as me and manipulated my account.
In a virtual simultaneous act the
scammers on Mar 29th, created instantly online at the DCCU 3
accounts of their own under pseudonyms.
They then transferred (not wired) money from my account in 4 separate
$4350 amounts to these fake member accounts.
The scam then schemes to get the money out of those accounts as soon as
possible. Sometimes using ATM’s, or
wiring, or simply walking in and making a withdrawal. In CVG the same type of scam happened and the
perpetrators came in with grandma (whose name they used to create the fake
member accounts) and asked for a $100,000 withdrawal. They were arrested. Unfortunately, no similar word yet on the
scammers that got me.
The Fraud Dept of the CU was off on
Saturday the 30th when our alerts went in. Notice the scammers knew that and used the
weekend for this activity. But, an agent
who happened to stop by and see the “urgent freeze request” executed the order
on mine and the fake accounts. This
action certainly saved most of the money and may have saved all of the money
from ever leaving the CU. On Monday the
1st my April fool’s joke now turned into a blessing as all the funds
were returned to my account. We were
made completely whole in these banking accounts. That is something that has not happened to my
company stolen retirement funds in our retirement accounts.
In the past, when I had a home
break-in, we closed and re-opened our accounts.
This time, a different tact was used. The password was changed, and the
username (which for most of us is our normal employee number) has also been
changed and a audio phone password has been added for anyone calling in and
attempting to be me. Are there
additional steps that I would recommend for the DCCU security…….YES!!! But for
now I feel that our accounts are secure enough for the time being. And we also
feel very relieved and satisfied that the funds were returned.
Others Scammed:
Date: 3/30/2013 4:14:45 PM
To: Mark Sztanyo
Subject: How to protect yourself from internet and other
thieves
Mark,
OK. My voyage of discovery began when I received a call from the
DCCU wire transfer dept asking if
I had tried to transfer $100K from my checking account to an address in
China. I was astounded, of
course, and the DCCU very rightly wanted to verify that I was me...and
we went through a very extensive
id process via phone.
Seems that a person had hacked into my DCCU account, transferred $100K
from my HEL to my checking
account and then, had contacted the DCCU asking that this money be wire
transferred to China. They
were suspicious and played 20 questions with this person, who knew a
great deal about me, but did
not know my working dept #, which every pilot knows, and other critical
information. They told this person
they would contact him via the contact number listed on my account.
This is where it got interesting...earlier that morning, he had called
my phone company posing as me, and reported
trouble on the line and asked that our home telephone be transferred to
"his" cell phone so he could take
some business calls while they sent a repair truck out. Thus,
when the DCCU called my home number, they
got "him" again...but they were still not buying it. They
persisted, and by this time, I received a call from the phone
company asking if the phone was now working...and said it was never not
working. Now, when the DCCU called,
they got me as the phone company has stopped the forward to the thief's
cell phone.
Two days before this attempted theft from the DCCU, the same person I
believe tried to penetrate my investment
accounts at Merrill Lynch but was foiled. He had my account # and
thought by calling ML he would be speaking
to a large company where no one knew anyone, but got my investment
advisor's administrative assistant who
knew me well and knew my voice. They foiled his plan but this was the
first clue something was amiss. I used
my laptop in Shanghai two days before all this began, but did not
access any of my financial accounts so if
someone penetrated my security, they were very clever.
There are many lessons learned, and I'll share only a few:
1. Never, ever use your laptop using a public Wi-Fi to access
financial information. Thieves can sit nearby in
a public place and use a "keylogger" program to intercept and
decipher your passwords. So, don't ever use
a public wi-fi for other than routine transactions, and this goes for
hotels while on the road. Don't do it!
2. At home, be sure you set us 128 bit encryption on your
wireless router. Easy to do and you never know when
someone is listening in.
3. Change your passwords frequently. I know it's a pain but
make a habit of doing this on a periodic basis.
4. Set up telephone passwords with your financial institutions
AND your phone company. Basically, if you set
up a password, no one can do anything to your accounts until they
provide this password. For example, I now
have an audio password with my phone company, with my investment
advisor, and with the DCCU and my
other bank accounts. When I call in, they ask me for my password first
thing - this is both the first line of defense
and the last thing a thief can penetrate. So simple but so very
important.
5. Freeze your credit for both you and your spouse with all 3
credit reporting agencies (Experian, TransUnion,
and Equifax). You can freeze your credit online with each for a
very nominal fee. Once this is done, you
will receive a PIN that allows you to "unthaw" your credit
when you wish to give someone access to your
credit history, such as when you refi, or apply for a new credit card
or loan. While this is a small hassle, it
is essential to do and will go a long way to prevent unauthorized
access to your accounts. I've found that
of the 3 credit agencies, Equifax is the most difficult to deal with
but not so bad as to not be worth the hassle.
If you have been the victim of a theft, like Mark recently, fill out a
police report and report to the US Government
dept of consumer affairs which you can access online. Filing out
a police report will allow you, in Georgia and
many other states, to freeze and thaw your credit history without charge...this
is by law. Don't expect the police
to do anything...my experience is that they are snowed with similar
cases to yours and simply do not have the
skill or resources to pursue each case. The DCCU was able to
identify the computer used to attempt the theft
from my accounts, and I dutifully reported this to the police who
promptly did nothing.
6. Be security conscious. For example, do not ever respond
to emails purporting to be from your financial
institutions...they don't do business this way. Always give them a call
via phone to confirm when you get
suspicious emails.
Where it asks you to sign your credit cards, write in bold letters
"Ask for ID"...and when you present it, the
cashier should do just that. If stolen, this is a way to prevent
unauthorized use when someone tries to
present the card...they will not have appropriate ID.
Check your receipt when you make credit card purchases. There is a
version of a scam where the cashier
keeps cash from your credit card, when you did not ask for cash
back...so, check the receipt to insure the
amount is correct and there are not suspicious notations on the
receipt.
Phones are a huge target of thieves these days. Be security conscious
with your phones, and do not give
confidential information over the phone and be aware your data base
could be accessed and compromised.
Use a password to unlock your phone as a basic precaution.
Never, ever send confidential information via email. If you need
to send passwords, account numbers,
etc. to someone, send them a fax or find another means to get it to
them.
Stay situationally aware. Thieves may be watching you physically or
electronically, so your SA is
very important.
There are many others techniques but the ones I've listed are from the
school of hard knocks. One final
thought...LifeLock is good for what it does. Would not have prevented
access to your bank accounts, but
could prevent other types of illegal access...but, if you freeze your
credit history, you have done more than
any of these companies will ever do to prevent unauthorized access to
your credit history and accounts.
Stay well, be of good cheer, and peace be with you this Easter weekend.
Best regards,
Alan Price
Re: PCN - Re: FRAUD ALERT - DECU
Mark's personal account HACKED Mar 31
My accounts where Hacked
too !! I read it and called the CU before I was Hacked. DECU gave me my money
back. Bless them. JBoot (JBootenhof@aol.com )
Editor: I have been told that there is a real rash of
this going on right now. So caution and
staying alert is the word. The DCCU has
been an target for a while and the numbers of these scams and attempts have
definitely been on the upswing. I heard
from others besides Alan and JB so we are not alone. Ya’ll
be careful now ya’here!
Additonal Shared Security Tips:
Re: PCN - Re: FRAUD ALERT - DECU
Mark's personal account HACKED Apr 1
Another follow-up...
There are certain ‘Tells’
(indicators) about fraudulent emails looking for info:
1.
Dear Customer
2.
Look closely at the link. It will not be a link to the proper URL.
3.
There are normally 2 or more links that would indicate a different location,
but when you place your mouse over
the link (DO NOT click on it), the URL address is the same.
4. In ALL
cases, be prudent and CALL the number on your credit/bank card to verify
the request. Never call an
unknown number.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Full post disclaimer in left column. PCN Home Page is located at: http://pcn.homestead.com/home01.html
No comments:
Post a Comment