Home Credit union The Convincing Bay Area Banking Scam I Almost Fell For

The Convincing Bay Area Banking Scam I Almost Fell For


In this age of endless spam and scam calls, I don’t pick up my phone for anyone unless I recognize the number.

That’s why when my friendly Bay Area credit union called, I picked up. I’ve learned from painful personal experience that when the credit union calls, there’s usually a fraud issue, and the sooner it’s dealt with, the better.

What I didn’t know, but gradually learned over the half-hour phone call, was that the person on the other end of the line wasn’t exactly a helpful employee of the credit union. He was a scammer who used every tool in his arsenal to take control of my bank account.

A few hours later, when it was all over, a rep from my credit union’s fraud department — the real rep, not a scammer — said stigma was a big issue when it came to fraud. People don’t talk about falling for scammers because it’s embarrassing. It feels like we’re constantly being warned about how to spot and avoid scams, so when it happens to us, it’s easy to blame ourselves.

But like sex education, talking about the scams we’ve been through can break the stigma, making us all savvier — and harder to fool.

So in the interest of public service, here’s how the scammer (almost) got me, and what I should have done:

How to Spot a Bank Fraud Scam

It all started with the worst possible news: someone had hacked into my bank account and tried to transfer the funds. The “credit union employee” needed me to confirm my account username and then asked me to verify the transactions.

Red flag #1: Your bank never needs your login credentials. They already have access to your account information. The login details are just for you.

But, I thought, it was an unverified login to my account that it was checking, and it wasn’t asking for my password, so maybe that was part of the procedure? I put the username back.

Big mistake. Never “provide your account information over the phone unless you initiated the call,” the California Attorney General’s office warns in its bank information protection guide.

Then the scammer spent a lot of time getting me to “verify” some “fraudulent transactions”. No, I told him, I wasn’t in Utah and hadn’t logged into my account today. No, I did not transfer any funds today.

I apologized to him for being distracted. I was attending a work meeting remotely when he called and I was torn between telling my colleagues that I was busy with the bank and listening to his instructions. The fraud department representative later told me that scammers rely on this distraction, which makes it harder for you to detect their suspicious behavior and questions.

A lot of fraud education says to beware of anyone pushing you to “act fast”, but this scammer was very nice and patient, encouraging me to take my time. I think that was also part of the script: the fraudulent transactions were meant to gain my trust (and make me forget that I had already given him half of my login details).

At the same time, I logged into my bank and looked for a record of these transactions – but couldn’t find them. When I asked the scammer about this he said they would not show up as pending as they were flagged as a potential fraud.

At this point, reader, you may be screaming at your screen wondering why I didn’t hang up right away. I do not know. I saw the red flags, but instead of adding them up and coming to the very obvious conclusion that I had been duped, I clung to whatever the scammer said that had even the slightest hint of truth.

Then the scammer said he will reverse the transactions and lock my account to block any unauthorized logins. He gave me a temporary password which I dutifully copied. And then – and this was the key part of the scam – he asked me for my password so he could “cancel credentials”.

Finally, all the calculations were added up.

“Yeah, I’m not going to do that,” I said.

And the line is dead.

How to clean up after a scam attempt

My first action after the scammer hung up was to call my credit union – for real this time. Unfortunately their call center was blocked and after waiting 30 minutes I selected the option “save my place in the queue” and went to the nearest branch.

It turned out to be the best decision I could have made.

In branch, a representative was able to verify that no unauthorized person had connected to my account. She also told me how to change my online banking username, so the scammer doesn’t even have it. I changed both my username and my password, even though I hadn’t given my password, just to be sure. We’ve also implemented two-factor authentication, which is a bit of a pain but ensures I have extra protection to verify any login attempts.

I showed the rep my call log with the incoming call which appeared to be from the credit union. The person on the phone used a technique known as spoofing, in which scammers make their phone call appear to be from someone else, often a trusted source. The bank representative reported the impersonation attempt to their fraud department. Imposter scams, in which the scammer impersonates a friend, relative or authority figure, were the most common type of scam last year, accounting for $2.3 billion, according to Federal Trade Commission data. dollars of losses, nearly double the figure for 2020.

I usually spam calls from area codes, but I never answer them. It was the first time I received a fake call that seemed to come from an institution I knew.

“If you think a phone call might be legitimate, tell the caller that you will contact your bank or credit union and call the phone number listed on your bank statement or the back of your credit card,” a said the state attorney general’s office. If it’s a legitimate call from your bank, someone will be able to help you when you call back and you’ll know for sure you’re talking to the right person.

How scammers get your information

Still, I was confused by how the scammer knew both my name and where I was banking.

After my visit to the branch, a representative from the fraud department got in touch and talked about best practices for avoiding scams in the future. They assured me that the credit union was monitoring my account for suspicious activity.

When I asked how the scammer knew my name, phone number and banking information, she replied that most of this information could be obtained from a compromised card reader wherever I used my card. of debt.

The idea was scary, especially since I once had access to my debit card information and now use my hand to cover the pin pad every time I need to enter a pin. But apparently cloning a debit card isn’t the only thing compromised card readers can be used for.

Always: All’s well that ends well. The scammers never managed to get my username, and this username is now useless. I’ve beefed up my online security and learned a valuable lesson. What if the worst thing to come out of this ordeal is that I get a little egg on my face? So it wasn’t that bad at all.