I have spent the last month recovering from an attempted wire transfer fraud on my bank account.
It started July 1, when I received a notice from one of my credit card companies that they detected potential fraud. I see the text and then a voicemail. So I go online to the main website because I never call a number that was texted to me. After getting to fraud department they said there was a login attempt that was stopped because the computer being used had malware and so the company blocked our login access. I checked and it was true. I was locked out from my account. They suggested running my malware/virus scan and when I did I was able to log back in because the malware was supposedly removed.
An hour later I get a call from my bank asking if I am approving the $2800 wire transfer to a Ms. Blakes in Metairie Louisiana. I said what are you talking about? I did not activate any wire transfer.
Since it was the beginning of the month my wife did her usual accounting and paid appropriate bills and transferred funds to investment accounts, etc. My bank, after I said there was no wire transfer, froze my account. Unfortunately that caused the in process transfers to other investment accounts to be considered as no funds available and these accounts locked our access. So due to timing, almost all of my access to money was locked.
Although we routinely use MFA and reasonably strong passwords, we went on a journey to change all of our accounts usernames and passwords. Please note, that some accounts you have will not allow you to change a username from anything other than a combination of your last name and initial or email address. A vulnerability in my opinion. So, we work through that and we work to open a new account at our bank and have the money moved from the old account to new account. This occurred during 4th of July week and the individual we worked with was not particularly fast. My wife actually found an email address for the COO and contacted him and he actually responded quickly and by the end of the day we had our new account. The day after the event the fraud folks emailed me securely and said we think someone logged in as you and then were somehow able to receive a text message to gain access to the supplied authorization code to go forward with the wire transfer. I said I never got a text on my phone.
I checked on line and the only way, it seemed, to get a text like that to another phone would be to do a SIM card scam. That is where the actor calls your phone company and convinces them it is you and tells them I got a new SIM card so please switch my phone number to this card. If they do that the actor can get the text, but my phone however would be dead from receiving calls and texts. So I knew that couldn't be how it happened.
So after a few days I secure messaged the fraud person at my bank to give me more specific details of what occurred other than what he said over the phone. Maybe like a log.
Well, they sent the log and my jaw dropped.
On July 1, you can see where I logged into the account to check that my pension check had been electronically deposited. It was there. Great.
Then at around 10 am you see a log in, a initiation of a wire transfer, a question back from the bank saying do you want to close the account, a response saying no and then a text verification code being issued to the person and then them entering it. I was astonished.
But even more astonishing when I looked at the details, all of the computer based work was from my internets actual IP Address, my version of windows and the browser I normally use to access this account. The text message went to my exact phone number and iPhone type and IOS Operating system number. So everything involved with this fraud attempt looked like I was doing it and approving it.
Again, I was totally astonished because I never actually received any texts at the time the bank log said one should have been received. I even went on line to ATT to check their records of logs and lo and behold I see a text at that time to my phone but I still had not received one to my actual phone. Now, I have gotten text messages before and deleted them and thought well that is that I can never see that message again. So bad on me that I did not know the messages could be recovered. My wife showed me how. Man I felt dumb. So I recover all of my texts from the beginning of the month going forward and there it was. A text message at precisely that time from my bank providing me a code. Jesus. It never showed up in my messages because my phone was in hand scrolling Twitter while watching the EUROs. No messages came through for me to actually see at that time because I would have noticed it immediately.
This really bothered me and I spent a lot of time engaging and trying to find out how that could happen. I finally came across the fact that someone can see the messages on your phone if they have access to your Apple ID. That way they can be on a completely different apple device and receive and control your text messages. That made sense because I would receive my text messages to my phone on my iPAD as well since they were tied in to the same Apple ID. So the fraudsters were able to get the text code and have it go to deleted before I ever even knew it happened.
I called our internet company and ended up getting a new modem/router from them. Went about changing all of the passwords to everything again once we established the new modem.
I honestly do not know how the Christ they got access to my computer. I figure from there they were able to access my Apple ID from remnants of stuff on the laptop. Neither one of us open links from emails sent to us or texts from people we do not know. The only thing we can even remotely think is we bought something at a roadside stand that has been on a road about two miles from our house for the last ten years. We used our credit card and an email came with the receipt. Didn't think anything of it since we knew we had just made that purchase and we opened the receipt to be sure the charge was correct. Everything looked valid but this is the only thing I can even think that we made an error on. Hell, I won't even open a legitimate email from Home Depot because of al of the fake ones that say YOU HAVE WON A MAKITA TOOL SET or whatever.
So our threat level skepticism is off the charts now. Anything that once seemed like a blip annoyance we now wonder why. We had a storm the other night and the internet blipped off for a couple of minutes. We wanted to believe it was the storm but were also suspicious of it being something else.
I post this just to give you fair warning that we are all vulnerable even if you consider yourself a decent cyber threat preventer.
It started July 1, when I received a notice from one of my credit card companies that they detected potential fraud. I see the text and then a voicemail. So I go online to the main website because I never call a number that was texted to me. After getting to fraud department they said there was a login attempt that was stopped because the computer being used had malware and so the company blocked our login access. I checked and it was true. I was locked out from my account. They suggested running my malware/virus scan and when I did I was able to log back in because the malware was supposedly removed.
An hour later I get a call from my bank asking if I am approving the $2800 wire transfer to a Ms. Blakes in Metairie Louisiana. I said what are you talking about? I did not activate any wire transfer.
Since it was the beginning of the month my wife did her usual accounting and paid appropriate bills and transferred funds to investment accounts, etc. My bank, after I said there was no wire transfer, froze my account. Unfortunately that caused the in process transfers to other investment accounts to be considered as no funds available and these accounts locked our access. So due to timing, almost all of my access to money was locked.
Although we routinely use MFA and reasonably strong passwords, we went on a journey to change all of our accounts usernames and passwords. Please note, that some accounts you have will not allow you to change a username from anything other than a combination of your last name and initial or email address. A vulnerability in my opinion. So, we work through that and we work to open a new account at our bank and have the money moved from the old account to new account. This occurred during 4th of July week and the individual we worked with was not particularly fast. My wife actually found an email address for the COO and contacted him and he actually responded quickly and by the end of the day we had our new account. The day after the event the fraud folks emailed me securely and said we think someone logged in as you and then were somehow able to receive a text message to gain access to the supplied authorization code to go forward with the wire transfer. I said I never got a text on my phone.
I checked on line and the only way, it seemed, to get a text like that to another phone would be to do a SIM card scam. That is where the actor calls your phone company and convinces them it is you and tells them I got a new SIM card so please switch my phone number to this card. If they do that the actor can get the text, but my phone however would be dead from receiving calls and texts. So I knew that couldn't be how it happened.
So after a few days I secure messaged the fraud person at my bank to give me more specific details of what occurred other than what he said over the phone. Maybe like a log.
Well, they sent the log and my jaw dropped.
On July 1, you can see where I logged into the account to check that my pension check had been electronically deposited. It was there. Great.
Then at around 10 am you see a log in, a initiation of a wire transfer, a question back from the bank saying do you want to close the account, a response saying no and then a text verification code being issued to the person and then them entering it. I was astonished.
But even more astonishing when I looked at the details, all of the computer based work was from my internets actual IP Address, my version of windows and the browser I normally use to access this account. The text message went to my exact phone number and iPhone type and IOS Operating system number. So everything involved with this fraud attempt looked like I was doing it and approving it.
Again, I was totally astonished because I never actually received any texts at the time the bank log said one should have been received. I even went on line to ATT to check their records of logs and lo and behold I see a text at that time to my phone but I still had not received one to my actual phone. Now, I have gotten text messages before and deleted them and thought well that is that I can never see that message again. So bad on me that I did not know the messages could be recovered. My wife showed me how. Man I felt dumb. So I recover all of my texts from the beginning of the month going forward and there it was. A text message at precisely that time from my bank providing me a code. Jesus. It never showed up in my messages because my phone was in hand scrolling Twitter while watching the EUROs. No messages came through for me to actually see at that time because I would have noticed it immediately.
This really bothered me and I spent a lot of time engaging and trying to find out how that could happen. I finally came across the fact that someone can see the messages on your phone if they have access to your Apple ID. That way they can be on a completely different apple device and receive and control your text messages. That made sense because I would receive my text messages to my phone on my iPAD as well since they were tied in to the same Apple ID. So the fraudsters were able to get the text code and have it go to deleted before I ever even knew it happened.
I called our internet company and ended up getting a new modem/router from them. Went about changing all of the passwords to everything again once we established the new modem.
I honestly do not know how the Christ they got access to my computer. I figure from there they were able to access my Apple ID from remnants of stuff on the laptop. Neither one of us open links from emails sent to us or texts from people we do not know. The only thing we can even remotely think is we bought something at a roadside stand that has been on a road about two miles from our house for the last ten years. We used our credit card and an email came with the receipt. Didn't think anything of it since we knew we had just made that purchase and we opened the receipt to be sure the charge was correct. Everything looked valid but this is the only thing I can even think that we made an error on. Hell, I won't even open a legitimate email from Home Depot because of al of the fake ones that say YOU HAVE WON A MAKITA TOOL SET or whatever.
So our threat level skepticism is off the charts now. Anything that once seemed like a blip annoyance we now wonder why. We had a storm the other night and the internet blipped off for a couple of minutes. We wanted to believe it was the storm but were also suspicious of it being something else.
I post this just to give you fair warning that we are all vulnerable even if you consider yourself a decent cyber threat preventer.
