Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
“YOUR CHECKING ACCOUNT balance is low.” It’s an alert none of us wants to receive, especially if we’ve just been paid. But that was the message that a friend—let’s call him Ron—got recently. A hacker had gained control of his account and started bleeding it dry.
Ron, it turns out, was lucky to have received that alert. Another friend—let’s call him Arthur—received no such alert when his account was also taken over by hackers this summer.
Both are customers of Bank of America, which was the victim of a data breach earlier this year. The reality, though, is that this could occur at any bank, so it’s worth understanding what happened and what steps consumers can take to toughen their defenses against a similar attack.
For both Ron and Arthur, the thieves’ playbooks were similar. The first step was to gain control of their online accounts. In Arthur’s case, it was a two-step process. First, the crooks tricked his cell phone carrier into activating a new phone with Arthur’s number. Then, the thieves went to Bank of America’s website and requested a password reset. To authenticate the hacker, Bank of America sent a text message to Arthur’s phone number, which the thieves had in their control. That gave them access to Arthur’s account, where they were able to make a note of Arthur’s account number and—he thinks—see copies of canceled checks with Arthur’s signature.
Next, the crooks walked into a Bank of America branch in another state and requested a cash withdrawal. They had Arthur’s account number, and the signature used matched the signature on file. The thieves didn’t have any identification, though, so for authentication purposes the bank teller sent a code to Arthur’s phone number, which the crooks had in their possession. While the details are still unclear, apparently that process is sufficient for a teller to authenticate a customer. The hackers were then able to walk out with $10,000 in cash from Arthur’s account. Later that day, the crooks did the same thing at another branch and walked out with Arthur’s remaining account balance.
Hearing this story, you might wonder about the safeguards that should have been in place. Sadly, thieves are often a step ahead. They knew that banks typically email customers when their passwords have changed, and Bank of America did do that. But to cover their tracks, the hackers buried Arthur’s email box in spam messages. In the space of minutes, hundreds of thousands of messages came in, making it impossible for Arthur to see the all-important message from the bank.
Ron’s experience was very similar, including the flood of spam. But instead of walking into a branch, the hackers took a different tack. After gaining access to Ron’s online login, they opened a new joint account in the name of Ron’s wife and another, presumably phony individual’s name. They then transferred Ron’s checking account balance into this new account and, from there, wired the funds out to an account owned by the crooks.
While Bank of America has committed to restoring the stolen funds to both Arthur and Ron, these experiences have nonetheless been a significant headache. By siphoning off nearly every available penny, the thieves triggered a financial domino effect. Scheduled transactions—from mortgage payments to electric bills—all failed, and neither had any access to cash.
Years ago, I recall attending a presentation by technology executives from J.P. Morgan. What surprised me was the frequency of cyberattacks they described. They measured them by the number of attempted attacks per day. In other words, it’s an ongoing battle, and there’s no silver bullet, so I recommend doing everything you reasonably can. Here are 12 steps to consider:
Adam M. Grossman is the founder of Mayport, a fixed-fee wealth management firm
This article first appeared on HumbleDollar. If you’d like to receive the site’s free weekly newsletter, sign up here.
This post was last modified on October 23, 2023 11:51 am
If you're considering subscribing to Fubo, you need to be comfortable missing out on some…
Are you looking for a way to earn 2% back on every purchase you make…
You're not alone if you're running a balance on your credit cards. Collectively, Americans are…
A big part of saving money comes down to knowing how to comparison shop. But…
If you work for a big company as a full-time employee, chances are you have…
Are you a Peacock subscriber? You soon will have to pay more to watch NBCUniversal's…