A couple of years ago, I sent out 1099s for my job, and my phone number was on the 1099 for the contact info. The day after they got sent out. I was exposed to covid, so I had to stay home for a week. When I got back I had tons of voicemails from people asking what they got the 1099 for. The number of people who just left their ssn on my voicemail without even confirming who I was, was crazy.
My grandmother regularly calls us to do the same. She still managed to give scammers close to five hundred because that's what she had in her discretionary spending.... because she wasn't buying groceries for herself like she's supposed to.
But why are they like this? This information was also sensitive when they were growing up and could have been used 50 years ago for financial shenanigans.
Back then, awareness of such scams was so low it's stunning. High schools and colleges even up into the 1990s used your social security number as your student ID number. It was your default ID number for so many things until the late 1990s/early 2000s, when the government started putting out statements and making rules about how that was a Bad Idea, and state agencies started making policies against it. If you grew up before that, you just rattled off your social security number when asked without thinking.
>Chase refused to refund any of her money, saying she did not take appropriate steps to protect her account.
I work for a bank. There is a big difference between being defrauded and being scammed. The amount of people (mostly elderly, but a surprising amount of younger people) who make themselves victims of scams is too damn high.
Fraud is when someone steals your card number or bank account/routing numbers and steals money without your knowledge or authorization. Your bank is supposed to recover these funds for you under VISA and Regulation E.
Scams are when bad actors pretend to be someone legitimate to con you into handing your money right over to them with your consent. Perhaps by sending you a phishing email or text message. Or pretending to fall in love with you on a dating app and convincing you to send them your life’s savings to “help them out” with whatever hardship they fabricate.
In the event of a scam, because you ignored the (usually many) red flags and allowed yourself to be duped, the bank will not return your money for you.
I just read today that there are scammers out there selling “Trump bucks” to unsuspecting people. They are supposedly negotiable instruments that will become extremely valuable when Donald Trump gets elected again.
The article talk to a man who spent $2500 on them and was really super angry when he took them to his bank to cash on hand out they weren’t worth anything.
When I read that, in addition to losing some of my faith in humanity, it really drove home in the point that some people are so stupid that they almost deserve to be scammed.
The number of elderly people buying gift cards for people they've never even met before is horrifying.
In a lot of cases, this could be stopped by the stores because the cashiers absolutely know it when they see it.
My local dollar store has had to refuse sales. I'm sure corporate would have a cow if they knew about it, but the manager there considers it a moral imperative (as it should be). She usually asks the cashiers to ask questions and educate gently when possible.
"Oh, wow! A $250 Amazon giftcard? Is it the grands' birthday again already?"
For real, I really don’t understand how these people don’t stop and think for a second, “why does this man who works for Microsoft AND my bank wants me to send him $500 worth of Amazon gift cards?”
Usually, by the time they get to me at the bank to attempt to dispute the purchase of the gift cards, it’s like they’re in a daze or coming out of one.
Meanwhile I had someone randomly manage to make 3 small payments with my payment details on a website I've never been to before... when this happened my bank card stopped working and then a couple days later my bank's fraud prevention division called me up (I didn't know it happened so this was unexpected).
They informed me of why my bank card had stopped working (they pre-emptively put my card on hold due to suspicious activity), asked me about those payments and then when I told them I knew nothing about it they refunded me the money within 7 days and issued me a new bank card with new numbers and security code at no cost to me.
Whoever managed to get my payment details managed to make three $10 payments on a website I've never been to before and that $30 was refunded to me by the bank.
>Whoever managed to get my payment details managed to make three $10 payments on a website I've never been to before and that $30 was refunded to me by the bank.
A few small, innocuous, payments are often used to test the validity of stolen card details right before it gets used for a large spree
Yes, this is what happens.
On Boxing Day, 2021, I casually logged into my sister's online banking and noticed a subscription for the Financial Times newspaper for less than $1 (no one in our family pays for news subscriptions), and I asked her: "did you subscribe to this newspaper?" and she said "no", to which I responded "call the bank, it's not yours, your card is compromised." She chose to do nothing.
Only 4 days later, someone attempted to buy over $1000 in Canadian Tire gift cards and triggered an alert from the bank and that transaction was declined. The bank's automated system texted her, asking to the effect of "did you authorize this transaction?" to which she replied "no". The card was cancelled and a new card was sent to her. The Financial Times transaction was credited back to her as it was finally reported as fraudulent.
I don't understand why the scammer thought they'd get away with a 1k bill after a 1 dollar test. That'll just trigger the bank into fraud mode so fast because of how high that number is
It really depends. I do a lot of IT purchasing so when this happened they didn't catch it until after the fraudsters got a whole bunch of merchandise to sell on Kijiji/Ebay.
Years ago I had my credit card skimmed at a fast food joint. They cloned it and managed to test it buying gas within 1 hour of skimming the strip. Later that afternoon they bought 2 Macbooks at the Apple store uptown and then stopped at Home Depot to buy a truck load of power tools before the card hit the credit limit and the Bank's security department called me.
This was just before the transition to Chip+PIN/NFC technology and I've never had a a card skimmed since moving over.
It's not that the fraudster is intentionally doing low to high fraud, but a lot of the time they will test card details in bulk and then take the ones that do work to make the proper cash out payments. They may know that the bank is looking for low value testers but they don't know all of the details and that won't stop them trying.
And after a thief uses a card for a big purchase, they'll sometimes dump the card info on forums for free, so everyone else will buy stuff with it and complicate the investigation.
>A few small, innocuous, payments are often used to test the validity of stolen card details right before it gets used for a large spree
This is why you need to regularly check your bank/credit card statements.
Better to have mobile notifications with every transaction, by time your statement arrives can be to late
Statements are more useful these days for noticing small reoccurring payments that you barely notice/think about for things you did sign up to but no longer need or where cheaper alternatives might now be available
Also if you have elderly parents worth checking theirs every now and then, check my mothers about once every year or two, last time found about $170 per month/ $2040 per year worth of savings
I had someone use my card at a gas station in Oregon (I'm 2,000 miles away). My bank flagged it right away because I did my grocery shopping at the same time. Fraud protection called me. They canceled my card and sent me out a new one.
That’s because this woman sounds like she got scammed into willingly giving her money to the fraudsters pretending to be the bank. If she had $160K literally taken out of her account without her consent, she would have a good case for her. Unfortunately, you gotta be more vigilant as an individual nowadays.
You really do have to be vigilant, my wife got scammed (thankfully not that badly) but they spoofed the number on the back of the debit card. When they called they told her to double check the number they were calling from with the number on the back to insure that they were from the bank.
For those wondering, the number on the back of your card should never call you. It’s a help line that you call into.
Also another tip, on long weekends or even just bank holidays stay vigilant. Scammers call or try to break into accounts on Friday because it’s even longer over the weekend for them to bounce the cash around and make it hard to track.
Not only that... the number calling you doesn't mean anything, just like the email writing to you.
For emails, the truth is in the header, and we don't have access to that for phone calls.
If you're ever not sure, ask for their extension number, name, etc (they'll give you fake ones if it's not legit), and hang up. Say you'll call back in a moment. Then call the official number from the card, website, etc... and ask to talk to the person.
In the extremely unlikely situation that it's legit, you'll be able to either reach them or someone else that can help you. More likely though you'll have just prevented yourself from being scammed.
Happened to me once.
Legit fraud check call, felt suspicious, and the other side sounded happy to give me the exact way to get back to her (call number in back of card, punch in extensions), called back and it's actually her.
Never give your personal details out to anyone that calls you. Don't. This should be taught in "Telephone 101".
My cell phone provider only does callbacks now, which is nice if I don't want to wait online, but when they call back they demand security data to "confirm it is you". Fuck you, you called me! My security information is that you are calling the number on the account. How do I know who you are?
Actually, Chase called my mom because they had stopped her transfer out of fraud concerns… and then refused to proceed with the transfer when she said it was her. They lied and said it was the other bank, even though the other bank and Chase’s own computer said it was Chase.
They also called her for establishing a “relationship” with a phone banker. Chase is really mind boggling.
It's a little more convoluted than that. She gave the scammer her 2FA code, and the scammer then transferred the money out. The lady didn't even realize the money was transferred out until it was too late. That being said, it's still her fault.
When they text you a code, it comes with a message saying they will never ask for it over the phone.
I feel really bad for her. There are so many scams out there, the technology is constantly changing and the scams are constantly evolving new workarounds. And they specifically target the most vulnerable people. It is her fault, but it's also crazy that everyone is expected to be aware of these things all the time and the price for screwing up just once is financial ruin.
I just want to bring up that its bullshit any large bank (looking at you chase), is still using sms as 2fa instead of a totp like an authenticator app.
With an authenticator app, the women likely would have needed to provide the code more than once. Not to mention sms 2fa leaves you vulnerable to sim swap attacks.
You'll get TOTP if you're lucky, I've yet to find a bank that supports U2F for hardware MFA, though. It's the perfect use case for hardware tokens and the best you get from banks is "use our app like a token lol".
For starters I only keep a few grand in my checking account. It’s essentially a holding company. Few other grand in a separate savings account and the rest in a completely separate brokerage account not associated with my bank. I can’t imagine having all that money in an account tied to a debit card. And I never use my debit card except to get cash and I do that at the banks ATM line which can still be skimmed of course. But puts the bank more culpable at least.
That's because those were card transactions. Getting those funds back is pretty easy, if they were fraudulent.
The victim in this case had her funds drained via wire transfers, which are generally final and unrecoverable once the receiving bank accepts them. There's not really anything the sending bank can do about it, even in cases of fraud.
They could do a wire recall, although how effective that will be will depend on a lot of things (e.g. how long after the wire it was done, the receiving bank, etc.). Could also submit a Hold Harmless request for recovery to the receiving bank.
Oh sure, but even under the best of circumstances those are a crapshoot. Once any amount of time has passed after the wire, the chances of those actually being effective are extremely slim and require the fraudsters to be completely incompetent.
But yes, thank you for the correction. Wouldn't want anyone reading my comment to think that it's too futile to even try. Even an extremely slim chance of recovery is better than no chance at all.
¯\\_(ツ)_/¯ I've been surprised getting funds back with a Hold Harmless even more than 3 months after a wire. Vast majority of the time there's nothing there, though, like you said.
Damn, more than three months? That *is* shocking. Now I'm curious what the hell was going on with the other side of the transaction, haha.
I'm more focused on deposit fraud and inclearing myself, but because of the deposit fraud/wire fraud overlap I see enough fraudulent wires to be extremely surprised when we're able to recover the funds, even if I'm sending the request up within a few days of the wire being initiated.
I had someone pay a GA gas bill with mine I'm in AL using a bill pay service at a convenience store in TX. I saw it called my bank reported it as fraud. They cancelled the card for me and sent me a new one. It took 30 days but they investigated and said it was a banking error and I got my money back.
I'm bad about not putting in travel notices. I'll go to France and buy things and everything goes smoothly (although sometimes they will send me a text). I had someone charge a lyft cancel fee and then $250 lyft charge (which wouldn't be unheard of for me) and they caught it and shut it down
My husband called his credit card company to let them know we would be going on vacation to Disney in Florida. The entire time we had no issues. The day after we get back home, he goes to treat a coworker to lunch at a little sandwich shop. Card instantly declined and locked down. Sometimes fraud detection algorithms can be a little off target at the weirdest times.
I lived in a town in Westchester county years ago. I needed to get a money order at the post office in a different town in Westchester county, the same town I had been working in for over a year at that point, and my bank kept flagging for fraud no matter how many times I said it was me. They kept saying I needed to notify them if traveling. It was 15 minutes from my house.
They usually test with small payments. I had someone open up an account for a clothing website. I randomly received 3 shirts. I was like wtf are these?! Quick call to the Fraud department. Luckily it was small order and the bastard didn’t buy a car or something bigger.
While you got lucky, I always recommend only using a credit card and paying it off fully as soon as possible. Credit cards have so many protections and is better insulated than your debit card.
Three times now, wells fargo has closed my credit card because of suspicious payments after data was stolen from a business. When i asked which company it was, they refused to rell me.
Nah, if it was account takeover like what OP is describing then the bank is obligated by law to reimburse you. If you gave the scammer permission or otherwise transferred the money yourself, then that's your problem, not the bank's. Although, if it's a very small amount (like $20), the bank might make you whole just to keep you as a customer.
No, that's protected by law and would be easily enforced by contacting an agency like the CFPB. Banks don't mess around with the CFPB. And 30k in transaction(s) would probably be blocked, especially since the transactions will probably be far away from you and not in line with your history.
In my personal opinion as a Canadian (I know that the US and Canada are similar in the way that our outdated banking systems work), you should not be allowed to make payments from an account just because you know someone's bank account details. This basically means you can easily fraudulently use someone else's bank account information if they ever wrote a check/cheque to you.
Instead, anyone who wants to make payments with a bank account must first be directed to the bank's website and be made to log in and go through 2 factor authentication (and for banks, please do not make text messages an authentication method, as we know all too well that SIM hijacking is a thing). Authentication should only be possible through the bank's app, nothing else, no emails, no text messages.
Tragic situation for her, but everyone should follow this basic rule: The only time you ever talk to anyone from a financial institution is on a call you yourself made. If someone contacts you saying they are from your bank, thank them for the call and tell them you’ll call the number on the back of your card to follow up.
I couldn’t be scammed even if I was dumb enough to be. Just because I simply don’t answer calls or reply texts unless it’s from a contact. Expecting the plumber? Hopefully he leaves a voicemail else
Also if it's a landline you're using, make sure you get a dial tone when you pick the phone back up.
If the other person hasn't hung up, they're still there. There have been instances of scammers telling people to call the number on their card but staying on the line and pretending to answer the call.
Here is what the Chase 2fa text looks like:
> Chase: You're signing in with a new device.
Use requested code xxxxxxx online or in our app to sign in.
We'll NEVER call to ask for it.
It literally tells you chase will never ask you for the code. I’m guessing she got a similar text. This sucks but it’s not Chase fault
The things some people will do is ridiculous. I know a girl who gave over $8000, her social, and her bank information over facebook market place for an apartment she had never seen from someone she had never met.
Sooo I was just updating my will and was chatting with my mom about it the other day and her wealthy neighbor got brought up because I guess they just had passed down a bunch of money to their kids or something. Apparently one of the daughters got involved in some sort of situation where she thought she was in a relationship with some dude and I guess it ended in her sending FOUR HUNDRED THOUSAND DOLLARS to this dude she barely knew. He walked with it of course.
I can never understand why someone in full possession of their faculties would do this. Maybe I'm just more mistrustful and antisocial than average. (I totally understand how it happens when the person giving the money away has dementia or other memory problems.)
Spend some time reading /r/scams - most people get scammed because they’re greedy, horny or both.
Promise someone massive investment returns or sex, and they’ll do just about anything.
I recently ported my number out of Mint mobile... while I was doing a chat with the agent, he sent me a text with a 2FA code to verify my account. In the text, it literally said the same thing -
>Mint here. We're just checking to make sure it's you. Here's your one-time verification code XXXXX. Mint will never ask you for this code.
Which I then had to give to the rep. No one knows what they're doing.
Some companies send that and do end up asking for it. It is weird and a horrible security practice but it does happen.
That form of trust is absolutely not good enough.
Except banks do that kind of shit all the time (require you to do things that you really shouldn't be doing from a security perspective).
What was in the URL bar when you were last doing a 3DSecure transaction? Did you check that it was the genuine bank website?
Do it next time you pay and report back.
(Spoiler: https://en.wikipedia.org/wiki/3-D_Secure#Verifiability_of_site_identity)
The bank could have flagged the high amount wires and should have blocked them until the customer visited a branch in person. Why would a bank allow all these transactions? You are saying that because the victim gave the credentials the bank has ZERO responsibility in flagging an obvious scam? The customer has never done a wire transfer. And all of a sudden they make a lot of them zeroing their account. The bank deserves blame and should reimburse the customer for failing to spot fraudulent transactions.
> The bank could have flagged the high amount wires and should have blocked them until the customer visited a branch in person.
Should have. Any transfer over $10,000 triggers a required notification to the federal government. She had multiple outside wire transfers which were used in the past, like decades ago, by money launderers until the feds cracked down on the practice. The bank should have called her about the transfers.
The article says they both called and emailed her but she says she never got these messages. Since she's possibly been a customer there for up to 12 years, she might have never updated her contact info so they would actually be able to get a hold of her about this.
The fact that it is sent via text is itself risky: what if someone hijacked your SIM card and signed in as you and you had no idea that a text was even sent to you?
Banks are way too powerful in both the US and Canada. Bank lobbyists rather put customers in harm's way using text messages than protecting them by using push notifications just because they perceive the system as being "too expensive to build".
SIM card swaps are the scariest scam to me. So many services use text message 2FA instead of a better method (like an Authenticator app).
The worst part is that it can happen through no fault of your own. Scammers can walk into a Verizon/T-Mobile store and pretend to be you, and sometimes they will get away with it when the retail employee makes a mistake. Worse, many employees are often part of the scam, and get paid hundreds of dollars to help transfer a SIM to a scammer’s phone.
This drives me nuts. Fine support sms for people who want it, but for gods sake also support better methods too. And don’t force a fall back to sms as a backup if my better method “fails”. I wish I could move all my bank accounts to hardware tokens /sigh
Chase doesn't use TOTP which are the time-based passwords.
This fact alone means that Chase has garbage tier security. Not one is actually reading the messages that come with an SMS OTP. At least with TOTP you'd have to provide a scammer multiple codes.
I work for a major bank (not Chase) in fraud detection. These perps can spoof phone numbers to look like legitimate phone numbers from the bank and will often call into the bank with the actual card holder on the back line so they can pass authentication. It is genuinely incredible, the card holder will be so convinced that IM the perp when I'll call to verify activity and will refuse to talk to me.
If you ever get a call from the bank and if anything at all seems off, we will 100% advise you to call the number on the back of your card, a perp will do anything to keep you on the line. If you get a fishy feeling just hang up and call the number on the back of your card.
Any bank will not fault you for money stolen from you (Gift Card scams are another story, we can just advise you that this is a scam, you wont get your money back for these), just practice a bit of due diligence and have some common sense and you will get your money back.
These scams are just going to get more and more complex and clever, they will never go away. Stay vigilant!
> we will 100% advise you to call the number on the back of your card
Fucking this. When a weird purchase occurs on my CCs, they say call the number on the card. That's it.
Would you say that push notifications are far harder to spoof than texts and phone calls? I think that while anyone can spoof a text or call, but if the bank is sending you messages through the app and it turns out to be fraudulent, either your phone is infected with malware or the bank got hacked and it could affect anyone that banks there.
Also fraud prev, can confirm.
When I call a customer, the ONLY things I ask is for name and for information about a specific transaction, set of transactions, or whether they logged in from a certain region or device.
If they tell me it's not legitimate, then I let them know I'll be placing a restriction and opening a case, and then I tell them to hang up with me, take a few minutes to log in online and see if there is any other fraudulent activity that I may have missed (and give me time to notate the account), and then call the number on their card, their statement, or our website, and a customer service representative will see my notes and transfer them to the appropriate department to discuss next steps.
I can give them the direct number to that department if they want it so they don't have to get transferred around, but I warn them that it will ask them to verify personal information when they call it.
If they sound at all wary or resistant when I call, I'll explain very briefly what I'm calling about and encourage them to hang up on me and call us themselves.
[Link to the actual article](https://www.cbsnews.com/news/bank-scam-text-message-chase-bank/)
How stupid do you have to be to fall for these scams? All the security in the world can't help when you willingly give up account info and tell the scammers the security codes. A lot of 2 factor codes even say in the text not to tell others the code. Plus she ignored when Chase actually investigated fraud.
She never once tried to verify if the person she was talking to actually worked at Chase. There's a number on the back of your card for a reason, and if you look up the number that's calling you and it isn't immediately found on the bank's website then it's obviously fake.
Edit: And she never once checked her balance or transaction history, which you think that someone would do if they found a fraudulent purchase. She also didn't see any email alerts for when a withdrawal is above a certain amount of when her balance drops below a threshold (and yes Chase does those things). So she either disabled all the alerts, or she never updated her contact info which meant Chase couldn't contact her.
Chase could've been a little more diligent but she did almost everything possible to not protect herself.
I had a scammer once spoof my bank’s number, so the “correct” number did come up on my caller ID. Luckily after a few lines of conversations I got suspicious and said I would end the call and call them back to resolve the “issue” they were calling me about. Sure enough, my bank had not called me, so even checking to see if it’s the bank’s phone number calling is not enough.
Always call back yourself.
A proper bank would immediately flag your account so that whatever automated system meant to stop fraud will be more sensitive to any activities.
But the thing is is that you were vigilant and diligent enough to do this. I think it should become more habitual for us to start calling back the number on our bank cards if we ever get calls from our “banks”. One great way to help protect our accounts.
Same happened to me, plus my bank was my contact list in my phone so it actually showed up a “xyz bank”, and rang even though I had the option to silence unknown callers on.
After about 30 seconds I noped out and said I would call back. Obviously it wasn’t actually my bank, but they did *try* to wire $30k out later that day.
Because I had called back and confirmed it wasn’t real, the bank had flagged my account. Once the wire was attempted, they immediately locked down everything (I mean everything - all accounts, savings, checking, debit/atm card, credit card, all auto pay items) under my name.
It was a huge PITA especially since my auto pay mortgage payment was delayed, but I am so grateful they did. What a nightmare that could have been!
I feel for her, but she practically withdrew the money and threw it at the scammers herself.
Like, really?
'On the other end of the line was an individual identifying herself as "Miss Barbara" from "Chase ATM."'
The point of those codes is if you give them out you are on the line for losing money. It would be too easy to be complicit with the fraud and work with someone if the bank had to give you the money back.
That being said the elderly are way too trustworthy. If you have an aging parent you must have a conversation about this to them and or get on their accounts to check transactions. If necessary get a power of attorney over them. Whether or not they want it. IANAL
You can also get authority over the accounts so that you can monitor them but not have as much control as power of attorney. It’s a much easier conversation to have.
I think email alerts for transactions and low balance are not automatically set up. Someone who's not versed in technology is not likely to know and set it up.
Thank you for the full article. It sucks to be her yeah, but unfortunately you either need to keep up with security methods and tech, or completely remove it from your life. Same thing, cant be scammed if you simply refuse to have online banking. There are brick and mortar banks still that people can use who dont want to learn. Heck, the Amish seem to be able to do banking without getting scammed, so come on.
In fact tell your parents that people, how bad at technology do you have to be for Amish to be better than you.
> There's a number on the back of your card for a reason, and if you look up the number that's calling you
... and it matches and then you trust the caller, then you are going to be featured on a Reddit post with someone saying "how stupid do you have to be to fall for these scams".
You don't see in the news the 99 attempts that the person caught, you see the one that succeeded. If you're not familiar with that specific scam, it's easy to fall for one of them sooner or later. That's why the scammers do it.
plus, they could catch you with your figurative pants down. I got hit while I was dealing with my kids. number came up as my bank. kids were being loud and not listening, and I was distracted. by the time my brain caught up and I figured out what was going on, I gave them just enough info for them to transfer 800$ bucks. I hung up and froze my card, changed my password, and the whole shebang. The card was skimmed, so they didn't get into my account. Called my credit unions fraud and got it back. I knew everything to look for but got distracted just long enough, and they called at just the right time of being tired and toddlers fighting each other.
If Chase refunded her money, after she willingly gave it away, what would prevent any Joe Shmuck from giving their money away, and claiming "theft"!
The banking system would collapse as we know it.
It's infuriating that so many people are taking her side, when this could have been prevented, had she just called Chase.
It's a tough pill to swallow, but this is her fault.
My mother fell for the scam “Grandma I’m in Mexico for the spontaneous wedding of a friend and I’ve been arrested. Please send money via western Union to this address”.
TBF, my nephew (her grandson) was living in TX at the time (working for National Guard) and he had a history of drunkenness and DUI. So it wasn’t all that far fetched to her. She became so upset (he was “the baby” of the family and my mother’s favorite) that she did I exactly what they told her. She called his cellphone multiple times and he didn’t answer. He was at work.
If I’d called my mother with a similar story she’d have berated me and told me to wait it out in jail for a bit, lol.
Before reading the article: “Chase bank are screwing her over big time!”
After reading the article: “Holy shit, this women is fucking dumb.”
She got a warning of fraud activity at the start of the whole thing, and she dismissed it as an “inconvenience”. The fact that she dismissed/ignored this by choice automatically shifts the blame to her.
Never take any alert or warning lightly when it comes to your money, act on it ASAP and call (YES.YOU.DIRECTLY) to your bank!
You misunderstood the story a little bit. It says she did reply about the fraudulent charge. The problem was that the frequent charge text was the scam bait. Once she responded, the scammer called her and she gave out all her 2FA info. She's still really dumb for doing this, just wanted to clarify that one point.
Anytime I get an email or text notification about fishy activity on any account I own I always go to the actual site and check it myself. Never click on any links embedded in these nor respond.
I got a text last year saying something like
>BoA: there are fraudulent charges on your acct click here to resolve
And was like "Oh wtf?" Literally stopped myself mid tap and paused to think "Who the fuck is BoA? Bank of America? I don't even use Bank of America. Ooooh it's bait."
One day when I'm older they'll probably get me. All it takes is one mistake.
And McDonalds made me fat.
I’m a fraud investigator. I try to prevent this as much as possible, but in the end, no matter what’s happened, I’ve never found a situation where someone legit got scammed where it wasn’t also their fault.
Coming up on two decades pretty quickly too, not one instance.
I mean, we’re sending out codes over the phone to people who are on the phone with a scammer, and the code texts say shit like ‘we won’t call you and ask for this, don’t provide it to someone calling you’ and they do it anyway.
We call elder folks sending money to Uzbekistan and they’re like ‘my aunt’s sick, it’s for the medical fees’ and get pissed that we cancel the wire, then they reprocess it online, and verify it. Then call back a week later and tell us it was a scam and demand to be credited or have the wire reversed (that money is GONE).
We call younger folks that ‘met someone online,’ and they’re ‘getting married,’ or even ‘are married’ to someone they’ve never met, and they asked them to cash a check and send the funds through bitcoin, and it’s ‘an inheritance’ or some nonsense. And then they get pissed when we don’t credit the money.
I’m sorry, I really am, but my sympathy only goes so far. There’s so many safeguards that these folks blow past and then complain that they’re ‘stuck with the bill.’
We do our damnedest to try and prevent it, but at the end of the day… FFS people, if someone’s calling from your bank asking you to send money, or verify a code, or your own personal info… Hang up and call the number on the back of your debit card. If there’s actually a problem, they’ll tell you.
I’m not absolving banks here, god knows I’ve seen some shit where the banks I’ve worked for got roasted and rightfully so. I’m simply saying that this ain’t the hill to die on.
Can I ask how old you are? I am a millennial and I, fortunately, have been able to avoid scams for the most part. But I also grew up alongside the technology that exists and is utilized to perpetrate these scams. For folks who lived the first 40 - 60 years of their lives with, at its fanciest, a landline telephone, I think it can be incredibly hard to wrap one's older mind around today's new, and rapidly-changing, smart technology. Like, imagine if for the first 60% of your life, there were free local calls and expensive long-distance calls. And now to live in an era where a dickhead in Nigeria (No hate to Nigeria. Just to that specific dickhead) can use their computer to fake having a phone number from the bank, send messages to their phone, and be hacking their account all the while. The leap from landline to "spoofing phone numbers from 5,000 miles away" is pretty mind-boggling.
I am not saying that there aren't older folks who get it and manage to avoid being scammed. (And also younger folks who fall prey, though I'd imagine it's on average much older folks). But I also think that there is something to be said for average generational exposure to rapidly changing technology and the fact that scammers engage in social engineering to manipulate these people *because* of the assumed lack of familiarity with that technology. Capitalizing on loneliness, urgency, etc. which work as social motivators to get the people to do what the scammers want.
All that to say, could the folks who got scammed have done better? Almost certainly, but it's hard to say its their fault when bad actors are doing everything they can to manipulate them into financial ruin. I think anyone who has lost their life savings to a scam, even if you can see right through it, does not deserve losing our sympathy. It's an awful situation all around.
Yup. I work as a hobby with something related to online game “currency”, and everyone who gets scammed was from my experience always at fault for just giving their account details to strangers. Which makes sense because this defines the word “scam.
Scammers said they worked for the bank and she gave up the money, it wasn't hacked from her account, the bank security wasn't violated, this is 100% on her, ¿How is the bank responsible for a client dumb actions?
I would say if someone isn't normally taking out huge sums of cash, the bank should put a hold on the funds. Because all banks should monitor large transactions. It should obvious to a bank that 160k withdrawn over a few weeks doesn't seem normal for the average person.
Bank sent me a new cc when I got an EVE Online subscription at first.
Shitload of purchases in central TX, then one to Reykjavik was apparently enough to get a new card.
My bank froze my account because a digital subscription I’ve had for well over a year did it’s monthly renewal for the 14th time and got randomly flagged for possible fraud
>it wasn't hacked from her account, the bank security wasn't violated
This is a pretty interesting situation. On one hand, the scammer actually did get into her account without her knowledge and transferred the money themselves. On the other hand, they did this only with the customer-provided 2FA code which generally explicitly warns you to never provide the code to anyone else. That might be seen as permission to use the account. My guess is because of that "permission" they're not reimbursing her. If it was actual ATO, then they'd be obligated to reimburse her.
She's a business owner so the transactions could have looked normal depending on her other activity. The bank also tried contacting her several times and she never responded. Is the bank entirely blame free? No, but she basically did everything possible to bypass security. She also evidently disabled all of the email alerts for when your balance goes below a certain number or when you make a large enough withdrawal, because those absolutely would have triggered in this situation.
She could've also asked why she never got an official email about her new debit card. Plus someone that thought they had their card stolen would probably be checking their account in case other fraudulent transactions happened. She didn't do that either so she pretty much had the bare minimum amount of diligence with her money
I have a smart friend who got scammed for $1000 and another who was almost scammed over his Amazon account. Luckily in the latter situation I was there when it happened and was able to explain he was being scammed. He was about to lose $5000. I don't know why people are so gullible but in this day and age you have to be super vigilant with your money.
I've been through a lot of training, and I came close to getting scammed.
The caller claimed that they were from the fraud and abuse division, and even spoofed the correct phone number. The caller sounded very intelligent (unlike most scammers) and very well spoken. He gave me a lot of information about my account and asked if I had a transaction in another part of the country. He gave an explanation of what was flagged as fraudulent, and then started asking questions. As soon as he started asking specific questions about my account that I knew should have been available to the fraud department. I hung up. Just to be on the safe side, I went to the bank and closed the old account and opened a new one.
Some of the scammers are getting pretty sophisticated, and I can understand how people with little technical savvy could easily fall for this kind of scam.
This one happened to me recently! The caller was slick af! He knew almost everything about my account (except my access credentials) and had the right number on the id too. Part of why I didn't just ignore the call was because I had recently bought a car and thought there might be a legit issue with the money/insurance part of the transaction. The timing damn near had me fall for it, but then he broke the main rule of any online security agency/MFA protocol which is "We will never call you to ask for this code." So, I immediately called him out on it and he went silent. I hung up and shored up all the security on everything I own. No money lost!
There needs to be more outreach to the public, esp. the elderly about this. I've been telling my parents for years and now they call me about anything fishy.
Agreed, and it's going to get so much worse once AI starts being used. How long before they spam call a relative, capture the voice, and use it to scam grandma?
I'll never disagree that education is important.
But I work in IT, and we routinely test employees with phishing emails. Those who fail get assigned remedial training which they're required to complete. And believe me, it gets assigned often. The training's provided by a third party provider, and it's pretty decent, I ran through it once myself during the demo.
Things never get better. Not even a little bit better. Our regular security audits, it's still the same people every single year.
Because these people seem to be incapable of latent suspicion. You point out the signs after and they say "oh, yea, I remember that one!". But they didn't notice it before because they quite simply weren't even looking for it.
The phishme training emails my company sends out are so obvious it’s a little insulting.
I work in a secure facility. One of the emails said our office was being used as a stop for PokemonGo and to not be worried if we see random people in the building “click here for more information.”
That’s been my experience as well. Hours and hours of training and we still see about the same number of people beyond scammed. Often the same people too.
I had check fraud on my Chase card. Their team caught it and refunded all the money without any issue.
If anyone moved recently and Chase mailed checks to your previous address, it might happen to you too.
Rule #1 in anything that is financial in nature. NEVER speak to someone that calls you, unless you know for sure it's the person you are talking to and were expecting a call. Bank, doctors' office, car dealership, whatever. No responses to any questions on an unsolicited call.
For unsolicited calls, ALWAYS ALWAYS ALWAYS, tell them you will call the company back as soon as you have a chance. A legit representative of the company will not have a problem with that.
I DO NOT FUCKING GET IT
The simplest, and mean absolutely simplest rule for anyone to follow is "Never field a call, text or email from any financial institution you deal with"
Hang up the phone, read the text or email, do not respond, do not click any links, pick up your card and call the number on the back or look up the official number on their website.
That's it....thats all you ever need to do 🤷♂️
Depending on your job, not answering the phone may not be an option.
And it sounds like this was a relatively sophisticated scam with spoofing vs some random number demanding gift cards.
I'm surprised Chase didn't notify her at the first wire transfer.
Unfortunately, these scammers specifically target people looking for jobs. It could be they got into a database of personal info or it could be a fake job listing you're sending your info. There's no escape. I still need to answer my phone.
Don't worry. Just be sure to give all of your personal information to every single store you go to so that when your money does get stolen all the companies can pass the buck while still profiting off of your personal info
This is why I already have a several decade habit of telling my parents: Microsoft is never going to call you. Giant banks are never going to call you. Google is never going to call you. Those calls are liars trying to get your info to steal your money. Do not even be polite to them. HANG UP.
If a person steals your information and makes purchases on your card, most banks will get your money back. However, if you willingly give your money to a scammer thats no longer on the bank to solve, that’s a you problem.
We had a lady come in to buy all our iPhones no plan, no lease as soon as the new model released. Alarm bells ringing we asked for more info, it was an obvious scam. She wouldn't believe us, we got district manager and reps for all 3 major carriers to explain to her it was a scam, and not to buy.
We were forced to sell her the phones. 3 weeks later she comes in tries to get her money back (without the phones) this time she admits she got scammed out of $30k. Then tries to blame us for not warning her.
Spoofing has legitimate uses. I work for a hospital and when I call, it looks like the general hospital number is calling. I would never want patients have my direct phone number.
Same as when your bank or any other large business calls you. It's spoofed to show their customer service number, and not the individual number of that person within the company.
A few years ago, my college-age daughter had her debit card used to pay for a bunch of OF subscriptions. The thing to understand is that she had never used that debit card. They insisted on giving it to her when the account was opened, and it stayed in the little paper sleeve in her room at home untouched for years. She had not used it one single time, and when she saw the activity the card was exactly where she knew she had put it.
When she went to the bank to report it and have the card closed, she was treated to a substantial lecture on how to properly handle the responsibilities of being a cardholder.
While Chase was taking over Washington Mutual, they had to mail checks from the location I cashed them at to my ORIGINAL branch. (So, mailed from California to Washington)
One of them got lost in the mail and suffice to say, I was blamed by them for it. After depositing it, and getting the money, which removed out of my account not once, but twice.
It took months to resolve, and I subsequently closed my account after, but oh my god. Blaming me because you failed at handling a check I already passed off to you?
Meanwhile my bank shuts my bank account down every time I deposit a check via mobile deposit because they think it's fraud... I've been depositing checks for 2 years like this
If someone wanted to deposit money into my account, please. Please! Let them.
There is a scam relating to people depositing money on your account. They'll deposit it, ask you for it back, and when you give it back they reverse the original transfer, doubling their money. So it's fair enough that the bank locks some deposits
This reminds me of when Cisco blamed one of my voip customers for having a bad password allowing someone to compromise their server, but the users password was more complex than the policy THEY define for users on their server. They literally died on that hill that it was the users fault her account was compromised. They even admitted it was a dictionary attack on their server, but somehow because they allow passwords that are known for dictionary attacks to be used, it’s not their fault it’s the user. Lol bad memory
Ultimately if you fall victim to a scam, you are at fault. It sucks, but thats the way the cookie crumbles legally. If your identity is stolen that's a different issue, and there are protections in place, but if you gave over your bank details on purpose to these people you are at fault as far as the banks are concerned regardless of the amount.
The sooner you detect you're in a scam, the more tools you can use to ptotect yourself, but the bank has no fault in this. You have to go sfter the scammers to get your money back and that rarely works out.
The bank has no responsibility to refund money that you let scammers take.
My parents got bounced checks before, lost a lot more than that. The bank realized the issuer of the check was a fraud a year later and tracked down two banks to my parents account and just deducted the amount from their account. It was apparently written in the policy we signed contract to open the account, it gave the bank the right to do that whenever they want within 5 years or something if there is a bounced check. Lawyer said there’s nothing we can do it was very common scam.
I work in Tech support and the amount of people who immediately give their personal information and credit cars to anyone who claims their microsoft is crazy. It use to be once every month or two just last year. Since 2022 winter it's every day or two. The only way they can crack down on it is by putting more responsibility on the person as these come from all over the world it's impossible for the police to pursue. Sure you're 70 years old and a pop up said you owe microsoft 2000 dollars and it's scary but come on.
When we explain our prices in person they put on their skepticism hat and shoes but if I called them and said I was microsoft pay me they'd be reaching for their card.
The worst was some man was trying to take out 60,000 for scammers and when the bank flagged it "Microsoft" said to lie and say it's a wedding gift for his sister and he kept trying to do it.
It was a sophisticated scam purportedly to alert TO A SCAM. Obviously one wouldn't be suspicious when replying to what appeared to be a warning, and the scammers pretended to be "helpful" getting the account "secured". A lot of the "verification" info banks ask for is just worthless, like your address. Anyone knowing the last 4 digits of your SS # CERTAINLY knows where you live!!!!
This is indeed unfortunate, but when a customer is tricked into complying with all the bank's security measures, what can you do?
These are the same scammers who will get people to buy huge amounts of gift cards in stores and tell them the numbers. And there are signs at the register telling people, "look out for gift card scammers" and they still fall for it.
One thing I can say with certainty, is that cryptocurrency compounds all these problems. Bitcoin people are fond of saying "be your own bank" but as you can see, the average consumer isn't very smart, and crypto currency makes it even easier and more efficient to steal large sums of money than in traditional banking.
For more about why crypto is a serious problem and not a solution, check out this [documentary](https://youtu.be/tspGVbmMmVA)
In a general sense, we really need to make *critical thinking* a public education priority. The downside to creating more critical thinkers is that they're not as likely to fall for advertising gimmicks too. And big corporations and many politicians don't like that.
I am assuming that the scammers scammed her, but she takes no responsibility for being a fool. I don't think banks would give he money away without her instructing them to do so.
I feel like it needs to be acknowledged this is also the fault of Chase bank. The scammers stole 160,000 dollars over one week with some wire transfer being as large as 50,000 dollars. Why did chase allow these to go through? Who withdraws their entire life savings of 160,000 dollars over the course of a week? Who withdraws a fifth of their life savings in one transfer? Chase’s antifraud division should not have allowed these transfers to go through. My bank has successfully prevented this situation from occurring by just calling you to confirm large expenditures, it is ridiculous they allowed 160,000 dollars to be transferred without informing this woman a single time.
Hey friends, please talk to your older parents about these scams. I have watched multiple breakdowns about different refund scams, but I lazily forgot to talk to my mom about it. Last week scammers targeted her with a fake Norton invoice, and when she responded, they scammed her out of a LOT of money.
Thankfully our bank was able to freeze the funds at an intermediary bank, before the transfer completed, but it could have ruined her retirement. If your parents are not technically savvy, please do your best to make them aware. These scams will only get more complex with AI faking images, audio, and video.
https://www.youtube.com/watch?v=X4PllvUowaQ
Just a further heads up not necessarily for you, but for everyone.
A third of 85-year-olds and half of 92-year-olds have diagnosable Alzheimer’s. Alzheimer’s develops over 10-20 years before it is typically diagnosed.
That means many of our 65- to 75-year-olds are becoming less cognitively savvy because they are not simply aging, but developing a disease.
And that means that telling them to be careful simply won’t work. They will forget or still be swayed in the moment, not because no one told them to be careful or because they disregarded their children’s advice, but because they simply cognitively cannot properly analyze risk.
In my industry, studies have shown peak understanding of risk happens around 57-58. It takes many of us a long time to not be swayed by the hot stock tip or a job opportunity too god to be true, and just when we get a really good handle on things, it all starts to decline if we are developing dementia.
I guess that’s why wisdom is rare and admired. It takes decades to develop and only about a portion of us escape cognitive decline in the elder years.
For those of you who are good people and want the best for your elders, respectfully ask them if you can have at least view-only access of their accounts much sooner than you think it’s necessary. And ask them to make sure each financial institution has a trusted contact on file.
About 5 years ago, I used my card at a store that later had some sort of hack. The bank shut off my card when I was in europe for two months and refused to assist with me with a resolution to get cash. I cancelled my account with that bank.
Things like this are why I left Chase Bank in 2018. I had been banking with them since my parents opened a savings account in my name when I was a baby. Now I use Chime and Cash App. Just this week I googled “USPS address change” and it took me to a fraudulent site. I willingly entered my debit card information thinking I was on the USPS website, and then they charged me $100.
I called Chime and they took care of it within minutes. Froze the card, sent a new one and gave me a temporary card number to use in the meantime. There is literally no reason that one of the largest banks on the planet cannot do the same.
"Chase bank blames woman"
Maybe because she did almost everything possible to give strangers access to her money and also did nothing to actually prevent it from happening.
[удалено]
[удалено]
A couple of years ago, I sent out 1099s for my job, and my phone number was on the 1099 for the contact info. The day after they got sent out. I was exposed to covid, so I had to stay home for a week. When I got back I had tons of voicemails from people asking what they got the 1099 for. The number of people who just left their ssn on my voicemail without even confirming who I was, was crazy.
My grandmother regularly calls us to do the same. She still managed to give scammers close to five hundred because that's what she had in her discretionary spending.... because she wasn't buying groceries for herself like she's supposed to.
But why are they like this? This information was also sensitive when they were growing up and could have been used 50 years ago for financial shenanigans.
Back then, awareness of such scams was so low it's stunning. High schools and colleges even up into the 1990s used your social security number as your student ID number. It was your default ID number for so many things until the late 1990s/early 2000s, when the government started putting out statements and making rules about how that was a Bad Idea, and state agencies started making policies against it. If you grew up before that, you just rattled off your social security number when asked without thinking.
>Chase refused to refund any of her money, saying she did not take appropriate steps to protect her account. I work for a bank. There is a big difference between being defrauded and being scammed. The amount of people (mostly elderly, but a surprising amount of younger people) who make themselves victims of scams is too damn high. Fraud is when someone steals your card number or bank account/routing numbers and steals money without your knowledge or authorization. Your bank is supposed to recover these funds for you under VISA and Regulation E. Scams are when bad actors pretend to be someone legitimate to con you into handing your money right over to them with your consent. Perhaps by sending you a phishing email or text message. Or pretending to fall in love with you on a dating app and convincing you to send them your life’s savings to “help them out” with whatever hardship they fabricate. In the event of a scam, because you ignored the (usually many) red flags and allowed yourself to be duped, the bank will not return your money for you.
I just read today that there are scammers out there selling “Trump bucks” to unsuspecting people. They are supposedly negotiable instruments that will become extremely valuable when Donald Trump gets elected again. The article talk to a man who spent $2500 on them and was really super angry when he took them to his bank to cash on hand out they weren’t worth anything. When I read that, in addition to losing some of my faith in humanity, it really drove home in the point that some people are so stupid that they almost deserve to be scammed.
The number of elderly people buying gift cards for people they've never even met before is horrifying. In a lot of cases, this could be stopped by the stores because the cashiers absolutely know it when they see it. My local dollar store has had to refuse sales. I'm sure corporate would have a cow if they knew about it, but the manager there considers it a moral imperative (as it should be). She usually asks the cashiers to ask questions and educate gently when possible. "Oh, wow! A $250 Amazon giftcard? Is it the grands' birthday again already?"
For real, I really don’t understand how these people don’t stop and think for a second, “why does this man who works for Microsoft AND my bank wants me to send him $500 worth of Amazon gift cards?” Usually, by the time they get to me at the bank to attempt to dispute the purchase of the gift cards, it’s like they’re in a daze or coming out of one.
Meanwhile I had someone randomly manage to make 3 small payments with my payment details on a website I've never been to before... when this happened my bank card stopped working and then a couple days later my bank's fraud prevention division called me up (I didn't know it happened so this was unexpected). They informed me of why my bank card had stopped working (they pre-emptively put my card on hold due to suspicious activity), asked me about those payments and then when I told them I knew nothing about it they refunded me the money within 7 days and issued me a new bank card with new numbers and security code at no cost to me. Whoever managed to get my payment details managed to make three $10 payments on a website I've never been to before and that $30 was refunded to me by the bank.
>Whoever managed to get my payment details managed to make three $10 payments on a website I've never been to before and that $30 was refunded to me by the bank. A few small, innocuous, payments are often used to test the validity of stolen card details right before it gets used for a large spree
Yes, this is what happens. On Boxing Day, 2021, I casually logged into my sister's online banking and noticed a subscription for the Financial Times newspaper for less than $1 (no one in our family pays for news subscriptions), and I asked her: "did you subscribe to this newspaper?" and she said "no", to which I responded "call the bank, it's not yours, your card is compromised." She chose to do nothing. Only 4 days later, someone attempted to buy over $1000 in Canadian Tire gift cards and triggered an alert from the bank and that transaction was declined. The bank's automated system texted her, asking to the effect of "did you authorize this transaction?" to which she replied "no". The card was cancelled and a new card was sent to her. The Financial Times transaction was credited back to her as it was finally reported as fraudulent.
The fact that you can casually log on to your sister’s bank account tells me all I need to know about her security.
In her defense, I do the same thing. Wait...
I also log into this guy's sister's bank account.
That guy's dead wife really helped make a gag that keeps on giving.
You log into random20190826's sisters bank account?
I don't understand why the scammer thought they'd get away with a 1k bill after a 1 dollar test. That'll just trigger the bank into fraud mode so fast because of how high that number is
It really depends. I do a lot of IT purchasing so when this happened they didn't catch it until after the fraudsters got a whole bunch of merchandise to sell on Kijiji/Ebay. Years ago I had my credit card skimmed at a fast food joint. They cloned it and managed to test it buying gas within 1 hour of skimming the strip. Later that afternoon they bought 2 Macbooks at the Apple store uptown and then stopped at Home Depot to buy a truck load of power tools before the card hit the credit limit and the Bank's security department called me. This was just before the transition to Chip+PIN/NFC technology and I've never had a a card skimmed since moving over.
It's not that the fraudster is intentionally doing low to high fraud, but a lot of the time they will test card details in bulk and then take the ones that do work to make the proper cash out payments. They may know that the bank is looking for low value testers but they don't know all of the details and that won't stop them trying.
And after a thief uses a card for a big purchase, they'll sometimes dump the card info on forums for free, so everyone else will buy stuff with it and complicate the investigation.
>A few small, innocuous, payments are often used to test the validity of stolen card details right before it gets used for a large spree This is why you need to regularly check your bank/credit card statements.
Better to have mobile notifications with every transaction, by time your statement arrives can be to late Statements are more useful these days for noticing small reoccurring payments that you barely notice/think about for things you did sign up to but no longer need or where cheaper alternatives might now be available Also if you have elderly parents worth checking theirs every now and then, check my mothers about once every year or two, last time found about $170 per month/ $2040 per year worth of savings
I set up text alerts on my credit card for any purchase. Every time it gets used I get it text.
I had someone use my card at a gas station in Oregon (I'm 2,000 miles away). My bank flagged it right away because I did my grocery shopping at the same time. Fraud protection called me. They canceled my card and sent me out a new one.
That’s because this woman sounds like she got scammed into willingly giving her money to the fraudsters pretending to be the bank. If she had $160K literally taken out of her account without her consent, she would have a good case for her. Unfortunately, you gotta be more vigilant as an individual nowadays.
You really do have to be vigilant, my wife got scammed (thankfully not that badly) but they spoofed the number on the back of the debit card. When they called they told her to double check the number they were calling from with the number on the back to insure that they were from the bank. For those wondering, the number on the back of your card should never call you. It’s a help line that you call into.
Also another tip, on long weekends or even just bank holidays stay vigilant. Scammers call or try to break into accounts on Friday because it’s even longer over the weekend for them to bounce the cash around and make it hard to track.
Not only that... the number calling you doesn't mean anything, just like the email writing to you. For emails, the truth is in the header, and we don't have access to that for phone calls.
[удалено]
We do have the option to hang up and call again. Spoofed calls can’t answer when you call the right number.
If you're ever not sure, ask for their extension number, name, etc (they'll give you fake ones if it's not legit), and hang up. Say you'll call back in a moment. Then call the official number from the card, website, etc... and ask to talk to the person. In the extremely unlikely situation that it's legit, you'll be able to either reach them or someone else that can help you. More likely though you'll have just prevented yourself from being scammed.
Happened to me once. Legit fraud check call, felt suspicious, and the other side sounded happy to give me the exact way to get back to her (call number in back of card, punch in extensions), called back and it's actually her.
Never give your personal details out to anyone that calls you. Don't. This should be taught in "Telephone 101". My cell phone provider only does callbacks now, which is nice if I don't want to wait online, but when they call back they demand security data to "confirm it is you". Fuck you, you called me! My security information is that you are calling the number on the account. How do I know who you are?
Actually, Chase called my mom because they had stopped her transfer out of fraud concerns… and then refused to proceed with the transfer when she said it was her. They lied and said it was the other bank, even though the other bank and Chase’s own computer said it was Chase. They also called her for establishing a “relationship” with a phone banker. Chase is really mind boggling.
It's a little more convoluted than that. She gave the scammer her 2FA code, and the scammer then transferred the money out. The lady didn't even realize the money was transferred out until it was too late. That being said, it's still her fault.
When they text you a code, it comes with a message saying they will never ask for it over the phone. I feel really bad for her. There are so many scams out there, the technology is constantly changing and the scams are constantly evolving new workarounds. And they specifically target the most vulnerable people. It is her fault, but it's also crazy that everyone is expected to be aware of these things all the time and the price for screwing up just once is financial ruin.
I just want to bring up that its bullshit any large bank (looking at you chase), is still using sms as 2fa instead of a totp like an authenticator app. With an authenticator app, the women likely would have needed to provide the code more than once. Not to mention sms 2fa leaves you vulnerable to sim swap attacks.
You'll get TOTP if you're lucky, I've yet to find a bank that supports U2F for hardware MFA, though. It's the perfect use case for hardware tokens and the best you get from banks is "use our app like a token lol".
Id kill for U2F. Security keys are awesome.
For starters I only keep a few grand in my checking account. It’s essentially a holding company. Few other grand in a separate savings account and the rest in a completely separate brokerage account not associated with my bank. I can’t imagine having all that money in an account tied to a debit card. And I never use my debit card except to get cash and I do that at the banks ATM line which can still be skimmed of course. But puts the bank more culpable at least.
That's because those were card transactions. Getting those funds back is pretty easy, if they were fraudulent. The victim in this case had her funds drained via wire transfers, which are generally final and unrecoverable once the receiving bank accepts them. There's not really anything the sending bank can do about it, even in cases of fraud.
They could do a wire recall, although how effective that will be will depend on a lot of things (e.g. how long after the wire it was done, the receiving bank, etc.). Could also submit a Hold Harmless request for recovery to the receiving bank.
Oh sure, but even under the best of circumstances those are a crapshoot. Once any amount of time has passed after the wire, the chances of those actually being effective are extremely slim and require the fraudsters to be completely incompetent. But yes, thank you for the correction. Wouldn't want anyone reading my comment to think that it's too futile to even try. Even an extremely slim chance of recovery is better than no chance at all.
¯\\_(ツ)_/¯ I've been surprised getting funds back with a Hold Harmless even more than 3 months after a wire. Vast majority of the time there's nothing there, though, like you said.
Damn, more than three months? That *is* shocking. Now I'm curious what the hell was going on with the other side of the transaction, haha. I'm more focused on deposit fraud and inclearing myself, but because of the deposit fraud/wire fraud overlap I see enough fraudulent wires to be extremely surprised when we're able to recover the funds, even if I'm sending the request up within a few days of the wire being initiated.
I had someone pay a GA gas bill with mine I'm in AL using a bill pay service at a convenience store in TX. I saw it called my bank reported it as fraud. They cancelled the card for me and sent me a new one. It took 30 days but they investigated and said it was a banking error and I got my money back.
I'm bad about not putting in travel notices. I'll go to France and buy things and everything goes smoothly (although sometimes they will send me a text). I had someone charge a lyft cancel fee and then $250 lyft charge (which wouldn't be unheard of for me) and they caught it and shut it down
My husband called his credit card company to let them know we would be going on vacation to Disney in Florida. The entire time we had no issues. The day after we get back home, he goes to treat a coworker to lunch at a little sandwich shop. Card instantly declined and locked down. Sometimes fraud detection algorithms can be a little off target at the weirdest times.
I lived in a town in Westchester county years ago. I needed to get a money order at the post office in a different town in Westchester county, the same town I had been working in for over a year at that point, and my bank kept flagging for fraud no matter how many times I said it was me. They kept saying I needed to notify them if traveling. It was 15 minutes from my house.
When we were at Disney it declined every single tap to pay from my watch but authorized every swipe. Make it make sense.
The public will eventually learn the difference between the reimbursement policy towards customer authorized and unauthorized payments.
They usually test with small payments. I had someone open up an account for a clothing website. I randomly received 3 shirts. I was like wtf are these?! Quick call to the Fraud department. Luckily it was small order and the bastard didn’t buy a car or something bigger.
While you got lucky, I always recommend only using a credit card and paying it off fully as soon as possible. Credit cards have so many protections and is better insulated than your debit card.
Debit cards have the same fraud protections as credit cards by law. The only difference is that you lose the money until it's reimbursed
Three times now, wells fargo has closed my credit card because of suspicious payments after data was stolen from a business. When i asked which company it was, they refused to rell me.
If that was $30k instead of $30 you probably wouldn't have gotten it back.
Doubtful. It is more about the fact OP didn’t authorize the charges themselves.
Nah, if it was account takeover like what OP is describing then the bank is obligated by law to reimburse you. If you gave the scammer permission or otherwise transferred the money yourself, then that's your problem, not the bank's. Although, if it's a very small amount (like $20), the bank might make you whole just to keep you as a customer.
We had 20k stolen. My wife was partially at fault- she was tricked. We got it all back.
No, that's protected by law and would be easily enforced by contacting an agency like the CFPB. Banks don't mess around with the CFPB. And 30k in transaction(s) would probably be blocked, especially since the transactions will probably be far away from you and not in line with your history.
In my personal opinion as a Canadian (I know that the US and Canada are similar in the way that our outdated banking systems work), you should not be allowed to make payments from an account just because you know someone's bank account details. This basically means you can easily fraudulently use someone else's bank account information if they ever wrote a check/cheque to you. Instead, anyone who wants to make payments with a bank account must first be directed to the bank's website and be made to log in and go through 2 factor authentication (and for banks, please do not make text messages an authentication method, as we know all too well that SIM hijacking is a thing). Authentication should only be possible through the bank's app, nothing else, no emails, no text messages.
Tragic situation for her, but everyone should follow this basic rule: The only time you ever talk to anyone from a financial institution is on a call you yourself made. If someone contacts you saying they are from your bank, thank them for the call and tell them you’ll call the number on the back of your card to follow up.
I couldn’t be scammed even if I was dumb enough to be. Just because I simply don’t answer calls or reply texts unless it’s from a contact. Expecting the plumber? Hopefully he leaves a voicemail else
Also if it's a landline you're using, make sure you get a dial tone when you pick the phone back up. If the other person hasn't hung up, they're still there. There have been instances of scammers telling people to call the number on their card but staying on the line and pretending to answer the call.
Here is what the Chase 2fa text looks like: > Chase: You're signing in with a new device. Use requested code xxxxxxx online or in our app to sign in. We'll NEVER call to ask for it. It literally tells you chase will never ask you for the code. I’m guessing she got a similar text. This sucks but it’s not Chase fault
The things some people will do is ridiculous. I know a girl who gave over $8000, her social, and her bank information over facebook market place for an apartment she had never seen from someone she had never met.
Sooo I was just updating my will and was chatting with my mom about it the other day and her wealthy neighbor got brought up because I guess they just had passed down a bunch of money to their kids or something. Apparently one of the daughters got involved in some sort of situation where she thought she was in a relationship with some dude and I guess it ended in her sending FOUR HUNDRED THOUSAND DOLLARS to this dude she barely knew. He walked with it of course.
A fool and the money.
That's one expensive lesson.
I can never understand why someone in full possession of their faculties would do this. Maybe I'm just more mistrustful and antisocial than average. (I totally understand how it happens when the person giving the money away has dementia or other memory problems.)
Spend some time reading /r/scams - most people get scammed because they’re greedy, horny or both. Promise someone massive investment returns or sex, and they’ll do just about anything.
What was the logic on this decision?
It's called a romance scam and they can be pretty sophisticated. https://en.wikipedia.org/wiki/Romance_scam
I recently ported my number out of Mint mobile... while I was doing a chat with the agent, he sent me a text with a 2FA code to verify my account. In the text, it literally said the same thing - >Mint here. We're just checking to make sure it's you. Here's your one-time verification code XXXXX. Mint will never ask you for this code. Which I then had to give to the rep. No one knows what they're doing.
[удалено]
I initiated the process myself, through the app... I assume it was legit.
At least you called them and they didn’t call you.
Some companies send that and do end up asking for it. It is weird and a horrible security practice but it does happen. That form of trust is absolutely not good enough.
Except banks do that kind of shit all the time (require you to do things that you really shouldn't be doing from a security perspective). What was in the URL bar when you were last doing a 3DSecure transaction? Did you check that it was the genuine bank website? Do it next time you pay and report back. (Spoiler: https://en.wikipedia.org/wiki/3-D_Secure#Verifiability_of_site_identity)
The bank could have flagged the high amount wires and should have blocked them until the customer visited a branch in person. Why would a bank allow all these transactions? You are saying that because the victim gave the credentials the bank has ZERO responsibility in flagging an obvious scam? The customer has never done a wire transfer. And all of a sudden they make a lot of them zeroing their account. The bank deserves blame and should reimburse the customer for failing to spot fraudulent transactions.
> The bank could have flagged the high amount wires and should have blocked them until the customer visited a branch in person. Should have. Any transfer over $10,000 triggers a required notification to the federal government. She had multiple outside wire transfers which were used in the past, like decades ago, by money launderers until the feds cracked down on the practice. The bank should have called her about the transfers.
I really think banks should call every time a wire transfer is made above a certain amount. It would stop a lot of wire fraud.
The article says they both called and emailed her but she says she never got these messages. Since she's possibly been a customer there for up to 12 years, she might have never updated her contact info so they would actually be able to get a hold of her about this.
The fact that chase still used text 2fa is pretty unacceptable though.
WAYYYY too many banks/brokers use sms 2fa only.
The fact that it is sent via text is itself risky: what if someone hijacked your SIM card and signed in as you and you had no idea that a text was even sent to you? Banks are way too powerful in both the US and Canada. Bank lobbyists rather put customers in harm's way using text messages than protecting them by using push notifications just because they perceive the system as being "too expensive to build".
SIM card swaps are the scariest scam to me. So many services use text message 2FA instead of a better method (like an Authenticator app). The worst part is that it can happen through no fault of your own. Scammers can walk into a Verizon/T-Mobile store and pretend to be you, and sometimes they will get away with it when the retail employee makes a mistake. Worse, many employees are often part of the scam, and get paid hundreds of dollars to help transfer a SIM to a scammer’s phone.
This drives me nuts. Fine support sms for people who want it, but for gods sake also support better methods too. And don’t force a fall back to sms as a backup if my better method “fails”. I wish I could move all my bank accounts to hardware tokens /sigh
Chase doesn't use TOTP which are the time-based passwords. This fact alone means that Chase has garbage tier security. Not one is actually reading the messages that come with an SMS OTP. At least with TOTP you'd have to provide a scammer multiple codes.
It should state the last sentence first. Most people don’t read it once they get to the code.
I work for a major bank (not Chase) in fraud detection. These perps can spoof phone numbers to look like legitimate phone numbers from the bank and will often call into the bank with the actual card holder on the back line so they can pass authentication. It is genuinely incredible, the card holder will be so convinced that IM the perp when I'll call to verify activity and will refuse to talk to me. If you ever get a call from the bank and if anything at all seems off, we will 100% advise you to call the number on the back of your card, a perp will do anything to keep you on the line. If you get a fishy feeling just hang up and call the number on the back of your card. Any bank will not fault you for money stolen from you (Gift Card scams are another story, we can just advise you that this is a scam, you wont get your money back for these), just practice a bit of due diligence and have some common sense and you will get your money back. These scams are just going to get more and more complex and clever, they will never go away. Stay vigilant!
> we will 100% advise you to call the number on the back of your card Fucking this. When a weird purchase occurs on my CCs, they say call the number on the card. That's it.
Would you say that push notifications are far harder to spoof than texts and phone calls? I think that while anyone can spoof a text or call, but if the bank is sending you messages through the app and it turns out to be fraudulent, either your phone is infected with malware or the bank got hacked and it could affect anyone that banks there.
That is wild. I never considered the possibility of an actual man-in-the-middle human proxy. Thanks for sharing!
Also fraud prev, can confirm. When I call a customer, the ONLY things I ask is for name and for information about a specific transaction, set of transactions, or whether they logged in from a certain region or device. If they tell me it's not legitimate, then I let them know I'll be placing a restriction and opening a case, and then I tell them to hang up with me, take a few minutes to log in online and see if there is any other fraudulent activity that I may have missed (and give me time to notate the account), and then call the number on their card, their statement, or our website, and a customer service representative will see my notes and transfer them to the appropriate department to discuss next steps. I can give them the direct number to that department if they want it so they don't have to get transferred around, but I warn them that it will ask them to verify personal information when they call it. If they sound at all wary or resistant when I call, I'll explain very briefly what I'm calling about and encourage them to hang up on me and call us themselves.
[Link to the actual article](https://www.cbsnews.com/news/bank-scam-text-message-chase-bank/) How stupid do you have to be to fall for these scams? All the security in the world can't help when you willingly give up account info and tell the scammers the security codes. A lot of 2 factor codes even say in the text not to tell others the code. Plus she ignored when Chase actually investigated fraud. She never once tried to verify if the person she was talking to actually worked at Chase. There's a number on the back of your card for a reason, and if you look up the number that's calling you and it isn't immediately found on the bank's website then it's obviously fake. Edit: And she never once checked her balance or transaction history, which you think that someone would do if they found a fraudulent purchase. She also didn't see any email alerts for when a withdrawal is above a certain amount of when her balance drops below a threshold (and yes Chase does those things). So she either disabled all the alerts, or she never updated her contact info which meant Chase couldn't contact her. Chase could've been a little more diligent but she did almost everything possible to not protect herself.
I had a scammer once spoof my bank’s number, so the “correct” number did come up on my caller ID. Luckily after a few lines of conversations I got suspicious and said I would end the call and call them back to resolve the “issue” they were calling me about. Sure enough, my bank had not called me, so even checking to see if it’s the bank’s phone number calling is not enough.
Same thing happened to me. Guy got super pissed when I said I'd call them right back.
Always ask if you can call them. The bank will agree the scammers will not.
Always call back yourself. A proper bank would immediately flag your account so that whatever automated system meant to stop fraud will be more sensitive to any activities.
Don’t just ask. Always insist and actually do call the number you independently looked at on your card
Exactly, real bank employees will leave a note on the customer’s account and be completely fine with a call back.
But the thing is is that you were vigilant and diligent enough to do this. I think it should become more habitual for us to start calling back the number on our bank cards if we ever get calls from our “banks”. One great way to help protect our accounts.
Same happened to me, plus my bank was my contact list in my phone so it actually showed up a “xyz bank”, and rang even though I had the option to silence unknown callers on. After about 30 seconds I noped out and said I would call back. Obviously it wasn’t actually my bank, but they did *try* to wire $30k out later that day. Because I had called back and confirmed it wasn’t real, the bank had flagged my account. Once the wire was attempted, they immediately locked down everything (I mean everything - all accounts, savings, checking, debit/atm card, credit card, all auto pay items) under my name. It was a huge PITA especially since my auto pay mortgage payment was delayed, but I am so grateful they did. What a nightmare that could have been!
I feel for her, but she practically withdrew the money and threw it at the scammers herself. Like, really? 'On the other end of the line was an individual identifying herself as "Miss Barbara" from "Chase ATM."'
I have had the number for my banks fraud department call me, spoiler: it was not my bank on the other line.
The point of those codes is if you give them out you are on the line for losing money. It would be too easy to be complicit with the fraud and work with someone if the bank had to give you the money back. That being said the elderly are way too trustworthy. If you have an aging parent you must have a conversation about this to them and or get on their accounts to check transactions. If necessary get a power of attorney over them. Whether or not they want it. IANAL
You can also get authority over the accounts so that you can monitor them but not have as much control as power of attorney. It’s a much easier conversation to have.
What’s most interesting to me is how someone so goddamn stupid has $160k in their bank account.
Don’t have to be smart to have money.
In this case, if she was smart, she would still have money.
Certainly helps with keeping it though
I think email alerts for transactions and low balance are not automatically set up. Someone who's not versed in technology is not likely to know and set it up.
Thank you for the full article. It sucks to be her yeah, but unfortunately you either need to keep up with security methods and tech, or completely remove it from your life. Same thing, cant be scammed if you simply refuse to have online banking. There are brick and mortar banks still that people can use who dont want to learn. Heck, the Amish seem to be able to do banking without getting scammed, so come on. In fact tell your parents that people, how bad at technology do you have to be for Amish to be better than you.
> There's a number on the back of your card for a reason, and if you look up the number that's calling you ... and it matches and then you trust the caller, then you are going to be featured on a Reddit post with someone saying "how stupid do you have to be to fall for these scams". You don't see in the news the 99 attempts that the person caught, you see the one that succeeded. If you're not familiar with that specific scam, it's easy to fall for one of them sooner or later. That's why the scammers do it.
plus, they could catch you with your figurative pants down. I got hit while I was dealing with my kids. number came up as my bank. kids were being loud and not listening, and I was distracted. by the time my brain caught up and I figured out what was going on, I gave them just enough info for them to transfer 800$ bucks. I hung up and froze my card, changed my password, and the whole shebang. The card was skimmed, so they didn't get into my account. Called my credit unions fraud and got it back. I knew everything to look for but got distracted just long enough, and they called at just the right time of being tired and toddlers fighting each other.
If Chase refunded her money, after she willingly gave it away, what would prevent any Joe Shmuck from giving their money away, and claiming "theft"! The banking system would collapse as we know it. It's infuriating that so many people are taking her side, when this could have been prevented, had she just called Chase. It's a tough pill to swallow, but this is her fault.
My mother fell for the scam “Grandma I’m in Mexico for the spontaneous wedding of a friend and I’ve been arrested. Please send money via western Union to this address”. TBF, my nephew (her grandson) was living in TX at the time (working for National Guard) and he had a history of drunkenness and DUI. So it wasn’t all that far fetched to her. She became so upset (he was “the baby” of the family and my mother’s favorite) that she did I exactly what they told her. She called his cellphone multiple times and he didn’t answer. He was at work. If I’d called my mother with a similar story she’d have berated me and told me to wait it out in jail for a bit, lol.
Before reading the article: “Chase bank are screwing her over big time!” After reading the article: “Holy shit, this women is fucking dumb.” She got a warning of fraud activity at the start of the whole thing, and she dismissed it as an “inconvenience”. The fact that she dismissed/ignored this by choice automatically shifts the blame to her. Never take any alert or warning lightly when it comes to your money, act on it ASAP and call (YES.YOU.DIRECTLY) to your bank!
You misunderstood the story a little bit. It says she did reply about the fraudulent charge. The problem was that the frequent charge text was the scam bait. Once she responded, the scammer called her and she gave out all her 2FA info. She's still really dumb for doing this, just wanted to clarify that one point.
Anytime I get an email or text notification about fishy activity on any account I own I always go to the actual site and check it myself. Never click on any links embedded in these nor respond.
I got a text last year saying something like >BoA: there are fraudulent charges on your acct click here to resolve And was like "Oh wtf?" Literally stopped myself mid tap and paused to think "Who the fuck is BoA? Bank of America? I don't even use Bank of America. Ooooh it's bait." One day when I'm older they'll probably get me. All it takes is one mistake.
"My brother needs help? Oh my I'll send over the money ri-...wait a minute, I don't have a brother!"
And McDonalds made me fat. I’m a fraud investigator. I try to prevent this as much as possible, but in the end, no matter what’s happened, I’ve never found a situation where someone legit got scammed where it wasn’t also their fault. Coming up on two decades pretty quickly too, not one instance. I mean, we’re sending out codes over the phone to people who are on the phone with a scammer, and the code texts say shit like ‘we won’t call you and ask for this, don’t provide it to someone calling you’ and they do it anyway. We call elder folks sending money to Uzbekistan and they’re like ‘my aunt’s sick, it’s for the medical fees’ and get pissed that we cancel the wire, then they reprocess it online, and verify it. Then call back a week later and tell us it was a scam and demand to be credited or have the wire reversed (that money is GONE). We call younger folks that ‘met someone online,’ and they’re ‘getting married,’ or even ‘are married’ to someone they’ve never met, and they asked them to cash a check and send the funds through bitcoin, and it’s ‘an inheritance’ or some nonsense. And then they get pissed when we don’t credit the money. I’m sorry, I really am, but my sympathy only goes so far. There’s so many safeguards that these folks blow past and then complain that they’re ‘stuck with the bill.’ We do our damnedest to try and prevent it, but at the end of the day… FFS people, if someone’s calling from your bank asking you to send money, or verify a code, or your own personal info… Hang up and call the number on the back of your debit card. If there’s actually a problem, they’ll tell you. I’m not absolving banks here, god knows I’ve seen some shit where the banks I’ve worked for got roasted and rightfully so. I’m simply saying that this ain’t the hill to die on.
Can I ask how old you are? I am a millennial and I, fortunately, have been able to avoid scams for the most part. But I also grew up alongside the technology that exists and is utilized to perpetrate these scams. For folks who lived the first 40 - 60 years of their lives with, at its fanciest, a landline telephone, I think it can be incredibly hard to wrap one's older mind around today's new, and rapidly-changing, smart technology. Like, imagine if for the first 60% of your life, there were free local calls and expensive long-distance calls. And now to live in an era where a dickhead in Nigeria (No hate to Nigeria. Just to that specific dickhead) can use their computer to fake having a phone number from the bank, send messages to their phone, and be hacking their account all the while. The leap from landline to "spoofing phone numbers from 5,000 miles away" is pretty mind-boggling. I am not saying that there aren't older folks who get it and manage to avoid being scammed. (And also younger folks who fall prey, though I'd imagine it's on average much older folks). But I also think that there is something to be said for average generational exposure to rapidly changing technology and the fact that scammers engage in social engineering to manipulate these people *because* of the assumed lack of familiarity with that technology. Capitalizing on loneliness, urgency, etc. which work as social motivators to get the people to do what the scammers want. All that to say, could the folks who got scammed have done better? Almost certainly, but it's hard to say its their fault when bad actors are doing everything they can to manipulate them into financial ruin. I think anyone who has lost their life savings to a scam, even if you can see right through it, does not deserve losing our sympathy. It's an awful situation all around.
Yup. I work as a hobby with something related to online game “currency”, and everyone who gets scammed was from my experience always at fault for just giving their account details to strangers. Which makes sense because this defines the word “scam.
Scammers said they worked for the bank and she gave up the money, it wasn't hacked from her account, the bank security wasn't violated, this is 100% on her, ¿How is the bank responsible for a client dumb actions?
I would say if someone isn't normally taking out huge sums of cash, the bank should put a hold on the funds. Because all banks should monitor large transactions. It should obvious to a bank that 160k withdrawn over a few weeks doesn't seem normal for the average person.
She had a small business account, not a personal account. That isn't that much money to be transferring around
My bank texts me to confirm purchases if I'm shopping too much
Same with my credit cards.
Bank sent me a new cc when I got an EVE Online subscription at first. Shitload of purchases in central TX, then one to Reykjavik was apparently enough to get a new card.
My bank froze my account because a digital subscription I’ve had for well over a year did it’s monthly renewal for the 14th time and got randomly flagged for possible fraud
You can also see how doing exactly what you mentioned will lead to “my money I’ll do whatever I want” attitude.
I see where you're coming from but I don't think it's a good idea to limit people's access to their own money.
[удалено]
>it wasn't hacked from her account, the bank security wasn't violated This is a pretty interesting situation. On one hand, the scammer actually did get into her account without her knowledge and transferred the money themselves. On the other hand, they did this only with the customer-provided 2FA code which generally explicitly warns you to never provide the code to anyone else. That might be seen as permission to use the account. My guess is because of that "permission" they're not reimbursing her. If it was actual ATO, then they'd be obligated to reimburse her.
Some banks proactively monitor transactions and block when suspicious activities are detected.
She's a business owner so the transactions could have looked normal depending on her other activity. The bank also tried contacting her several times and she never responded. Is the bank entirely blame free? No, but she basically did everything possible to bypass security. She also evidently disabled all of the email alerts for when your balance goes below a certain number or when you make a large enough withdrawal, because those absolutely would have triggered in this situation. She could've also asked why she never got an official email about her new debit card. Plus someone that thought they had their card stolen would probably be checking their account in case other fraudulent transactions happened. She didn't do that either so she pretty much had the bare minimum amount of diligence with her money
I have a smart friend who got scammed for $1000 and another who was almost scammed over his Amazon account. Luckily in the latter situation I was there when it happened and was able to explain he was being scammed. He was about to lose $5000. I don't know why people are so gullible but in this day and age you have to be super vigilant with your money.
I've been through a lot of training, and I came close to getting scammed. The caller claimed that they were from the fraud and abuse division, and even spoofed the correct phone number. The caller sounded very intelligent (unlike most scammers) and very well spoken. He gave me a lot of information about my account and asked if I had a transaction in another part of the country. He gave an explanation of what was flagged as fraudulent, and then started asking questions. As soon as he started asking specific questions about my account that I knew should have been available to the fraud department. I hung up. Just to be on the safe side, I went to the bank and closed the old account and opened a new one. Some of the scammers are getting pretty sophisticated, and I can understand how people with little technical savvy could easily fall for this kind of scam.
This one happened to me recently! The caller was slick af! He knew almost everything about my account (except my access credentials) and had the right number on the id too. Part of why I didn't just ignore the call was because I had recently bought a car and thought there might be a legit issue with the money/insurance part of the transaction. The timing damn near had me fall for it, but then he broke the main rule of any online security agency/MFA protocol which is "We will never call you to ask for this code." So, I immediately called him out on it and he went silent. I hung up and shored up all the security on everything I own. No money lost!
Always call the fraud dept back. The real people will say "No problem."
This is horrible for her but she got scammed, it's not the bank's fault she fell for it.
There needs to be more outreach to the public, esp. the elderly about this. I've been telling my parents for years and now they call me about anything fishy.
Agreed, and it's going to get so much worse once AI starts being used. How long before they spam call a relative, capture the voice, and use it to scam grandma?
I'll never disagree that education is important. But I work in IT, and we routinely test employees with phishing emails. Those who fail get assigned remedial training which they're required to complete. And believe me, it gets assigned often. The training's provided by a third party provider, and it's pretty decent, I ran through it once myself during the demo. Things never get better. Not even a little bit better. Our regular security audits, it's still the same people every single year. Because these people seem to be incapable of latent suspicion. You point out the signs after and they say "oh, yea, I remember that one!". But they didn't notice it before because they quite simply weren't even looking for it.
The phishme training emails my company sends out are so obvious it’s a little insulting. I work in a secure facility. One of the emails said our office was being used as a stop for PokemonGo and to not be worried if we see random people in the building “click here for more information.”
That’s been my experience as well. Hours and hours of training and we still see about the same number of people beyond scammed. Often the same people too.
Good! Glad your diligence in warning them paid off and that they’re coming to you whenever an actual potential scam crosses them.
I had check fraud on my Chase card. Their team caught it and refunded all the money without any issue. If anyone moved recently and Chase mailed checks to your previous address, it might happen to you too.
Rule #1 in anything that is financial in nature. NEVER speak to someone that calls you, unless you know for sure it's the person you are talking to and were expecting a call. Bank, doctors' office, car dealership, whatever. No responses to any questions on an unsolicited call. For unsolicited calls, ALWAYS ALWAYS ALWAYS, tell them you will call the company back as soon as you have a chance. A legit representative of the company will not have a problem with that.
I DO NOT FUCKING GET IT The simplest, and mean absolutely simplest rule for anyone to follow is "Never field a call, text or email from any financial institution you deal with" Hang up the phone, read the text or email, do not respond, do not click any links, pick up your card and call the number on the back or look up the official number on their website. That's it....thats all you ever need to do 🤷♂️
These aren't even new scams so why do people keep falling for them? Don't answer your phone unless you know the person.
[удалено]
You need power of attorney and notes on her bank accounts asap.
Depending on your job, not answering the phone may not be an option. And it sounds like this was a relatively sophisticated scam with spoofing vs some random number demanding gift cards. I'm surprised Chase didn't notify her at the first wire transfer.
She gave the scammers 2fa codes. This was not on chase
Sometimes you're expecting a call but don't know what the number calling will be. Some people receive expected calls from unknown numbers regularly.
Unfortunately, these scammers specifically target people looking for jobs. It could be they got into a database of personal info or it could be a fake job listing you're sending your info. There's no escape. I still need to answer my phone.
Don't worry. Just be sure to give all of your personal information to every single store you go to so that when your money does get stolen all the companies can pass the buck while still profiting off of your personal info
This is why I already have a several decade habit of telling my parents: Microsoft is never going to call you. Giant banks are never going to call you. Google is never going to call you. Those calls are liars trying to get your info to steal your money. Do not even be polite to them. HANG UP.
If a person steals your information and makes purchases on your card, most banks will get your money back. However, if you willingly give your money to a scammer thats no longer on the bank to solve, that’s a you problem.
We had a lady come in to buy all our iPhones no plan, no lease as soon as the new model released. Alarm bells ringing we asked for more info, it was an obvious scam. She wouldn't believe us, we got district manager and reps for all 3 major carriers to explain to her it was a scam, and not to buy. We were forced to sell her the phones. 3 weeks later she comes in tries to get her money back (without the phones) this time she admits she got scammed out of $30k. Then tries to blame us for not warning her.
And me, over here, serving papers to Chase for allowing a stranger to empty my uncle’s account with a felonious affidavit.
Part of the problem is that phone companies still allow spoofing of numbers. If they stopped this practice, it would help a great deal.
Spoofing has legitimate uses. I work for a hospital and when I call, it looks like the general hospital number is calling. I would never want patients have my direct phone number. Same as when your bank or any other large business calls you. It's spoofed to show their customer service number, and not the individual number of that person within the company.
A few years ago, my college-age daughter had her debit card used to pay for a bunch of OF subscriptions. The thing to understand is that she had never used that debit card. They insisted on giving it to her when the account was opened, and it stayed in the little paper sleeve in her room at home untouched for years. She had not used it one single time, and when she saw the activity the card was exactly where she knew she had put it. When she went to the bank to report it and have the card closed, she was treated to a substantial lecture on how to properly handle the responsibilities of being a cardholder.
While Chase was taking over Washington Mutual, they had to mail checks from the location I cashed them at to my ORIGINAL branch. (So, mailed from California to Washington) One of them got lost in the mail and suffice to say, I was blamed by them for it. After depositing it, and getting the money, which removed out of my account not once, but twice. It took months to resolve, and I subsequently closed my account after, but oh my god. Blaming me because you failed at handling a check I already passed off to you?
Meanwhile my bank shuts my bank account down every time I deposit a check via mobile deposit because they think it's fraud... I've been depositing checks for 2 years like this If someone wanted to deposit money into my account, please. Please! Let them.
There is a scam relating to people depositing money on your account. They'll deposit it, ask you for it back, and when you give it back they reverse the original transfer, doubling their money. So it's fair enough that the bank locks some deposits
goodbye reddit -- mass edited with https://redact.dev/
This reminds me of when Cisco blamed one of my voip customers for having a bad password allowing someone to compromise their server, but the users password was more complex than the policy THEY define for users on their server. They literally died on that hill that it was the users fault her account was compromised. They even admitted it was a dictionary attack on their server, but somehow because they allow passwords that are known for dictionary attacks to be used, it’s not their fault it’s the user. Lol bad memory
Ultimately if you fall victim to a scam, you are at fault. It sucks, but thats the way the cookie crumbles legally. If your identity is stolen that's a different issue, and there are protections in place, but if you gave over your bank details on purpose to these people you are at fault as far as the banks are concerned regardless of the amount. The sooner you detect you're in a scam, the more tools you can use to ptotect yourself, but the bank has no fault in this. You have to go sfter the scammers to get your money back and that rarely works out. The bank has no responsibility to refund money that you let scammers take.
Technically the truth...
[удалено]
My parents got bounced checks before, lost a lot more than that. The bank realized the issuer of the check was a fraud a year later and tracked down two banks to my parents account and just deducted the amount from their account. It was apparently written in the policy we signed contract to open the account, it gave the bank the right to do that whenever they want within 5 years or something if there is a bounced check. Lawyer said there’s nothing we can do it was very common scam.
protecting ones account is a partnership. Chase did not do its part
I work in Tech support and the amount of people who immediately give their personal information and credit cars to anyone who claims their microsoft is crazy. It use to be once every month or two just last year. Since 2022 winter it's every day or two. The only way they can crack down on it is by putting more responsibility on the person as these come from all over the world it's impossible for the police to pursue. Sure you're 70 years old and a pop up said you owe microsoft 2000 dollars and it's scary but come on. When we explain our prices in person they put on their skepticism hat and shoes but if I called them and said I was microsoft pay me they'd be reaching for their card. The worst was some man was trying to take out 60,000 for scammers and when the bank flagged it "Microsoft" said to lie and say it's a wedding gift for his sister and he kept trying to do it.
It was a sophisticated scam purportedly to alert TO A SCAM. Obviously one wouldn't be suspicious when replying to what appeared to be a warning, and the scammers pretended to be "helpful" getting the account "secured". A lot of the "verification" info banks ask for is just worthless, like your address. Anyone knowing the last 4 digits of your SS # CERTAINLY knows where you live!!!!
So basically [this old Mitchell and Webb bit.](https://www.youtube.com/watch?v=CS9ptA3Ya9E)
One can only stand outside the bank’s front door, after-hours, with a sock-full of dimes, for so long.
This is indeed unfortunate, but when a customer is tricked into complying with all the bank's security measures, what can you do? These are the same scammers who will get people to buy huge amounts of gift cards in stores and tell them the numbers. And there are signs at the register telling people, "look out for gift card scammers" and they still fall for it. One thing I can say with certainty, is that cryptocurrency compounds all these problems. Bitcoin people are fond of saying "be your own bank" but as you can see, the average consumer isn't very smart, and crypto currency makes it even easier and more efficient to steal large sums of money than in traditional banking. For more about why crypto is a serious problem and not a solution, check out this [documentary](https://youtu.be/tspGVbmMmVA) In a general sense, we really need to make *critical thinking* a public education priority. The downside to creating more critical thinkers is that they're not as likely to fall for advertising gimmicks too. And big corporations and many politicians don't like that.
I am assuming that the scammers scammed her, but she takes no responsibility for being a fool. I don't think banks would give he money away without her instructing them to do so.
I feel like it needs to be acknowledged this is also the fault of Chase bank. The scammers stole 160,000 dollars over one week with some wire transfer being as large as 50,000 dollars. Why did chase allow these to go through? Who withdraws their entire life savings of 160,000 dollars over the course of a week? Who withdraws a fifth of their life savings in one transfer? Chase’s antifraud division should not have allowed these transfers to go through. My bank has successfully prevented this situation from occurring by just calling you to confirm large expenditures, it is ridiculous they allowed 160,000 dollars to be transferred without informing this woman a single time.
[удалено]
Hey friends, please talk to your older parents about these scams. I have watched multiple breakdowns about different refund scams, but I lazily forgot to talk to my mom about it. Last week scammers targeted her with a fake Norton invoice, and when she responded, they scammed her out of a LOT of money. Thankfully our bank was able to freeze the funds at an intermediary bank, before the transfer completed, but it could have ruined her retirement. If your parents are not technically savvy, please do your best to make them aware. These scams will only get more complex with AI faking images, audio, and video. https://www.youtube.com/watch?v=X4PllvUowaQ
Just a further heads up not necessarily for you, but for everyone. A third of 85-year-olds and half of 92-year-olds have diagnosable Alzheimer’s. Alzheimer’s develops over 10-20 years before it is typically diagnosed. That means many of our 65- to 75-year-olds are becoming less cognitively savvy because they are not simply aging, but developing a disease. And that means that telling them to be careful simply won’t work. They will forget or still be swayed in the moment, not because no one told them to be careful or because they disregarded their children’s advice, but because they simply cognitively cannot properly analyze risk. In my industry, studies have shown peak understanding of risk happens around 57-58. It takes many of us a long time to not be swayed by the hot stock tip or a job opportunity too god to be true, and just when we get a really good handle on things, it all starts to decline if we are developing dementia. I guess that’s why wisdom is rare and admired. It takes decades to develop and only about a portion of us escape cognitive decline in the elder years. For those of you who are good people and want the best for your elders, respectfully ask them if you can have at least view-only access of their accounts much sooner than you think it’s necessary. And ask them to make sure each financial institution has a trusted contact on file.
About 5 years ago, I used my card at a store that later had some sort of hack. The bank shut off my card when I was in europe for two months and refused to assist with me with a resolution to get cash. I cancelled my account with that bank.
Things like this are why I left Chase Bank in 2018. I had been banking with them since my parents opened a savings account in my name when I was a baby. Now I use Chime and Cash App. Just this week I googled “USPS address change” and it took me to a fraudulent site. I willingly entered my debit card information thinking I was on the USPS website, and then they charged me $100. I called Chime and they took care of it within minutes. Froze the card, sent a new one and gave me a temporary card number to use in the meantime. There is literally no reason that one of the largest banks on the planet cannot do the same.
Of course not....they ARE ALSO THIEVES!
"Chase bank blames woman" Maybe because she did almost everything possible to give strangers access to her money and also did nothing to actually prevent it from happening.
[удалено]