So, I check my bank account online today, and notice that a savings account I never use is down over $1000.

I call USAA and find out that the bank expedited a debit card to Florida on the 5th, and then today a deposit of $4000 went into my account followed by 8 ATM withdrawals in Florida between $300 and $800 each until less than $500 remained in the account.

USAA will take care of it, but this means someone out there has enough of my information to have a debit card mailed to them without my knowledge.

I know all my info got stolen in the last govt. security clearance cluster, and they gave me free ID theft protection - A lot of good that did. I didn't get any notification from the bank or the ID protection people that a debit card was expedited to Florida. How can that be?

That sucks.

I'm surprised USAA didn't contact you about the expedited debit card. I have my accounts set up to alert me for any debit above a certain amount. It means I get a lot of text messages I don't care about but I'd rather get those and delete them than have a surprise like you had.

One more reason to not like USAA.

Chase texts me if they see anything out of the ordinary on any of my accounts, and I didn't have to tell them to do that.

One more reason to not like USAA.

Chase texts me if they see anything out of the ordinary on any of my accounts, and I didn't have to tell them to do that.

Yeah, Chase didn't text me a damn thing when someone bought $950+ worth of plane tickets using my card, then didnt reimburse me for over a week.

USAA called and text me within minutes and reimbursed me within hours of having debit card problems.


This kind of stuff sucks, but happens. No bank can prevent all of it, but I am confident saying that USAA will get this squared away sooner than later.

Update

Called USAA back this morning and found out the thief called in with my cell phone number and passed several, but not all, of the security questions, passwords, and pin I had in my profile. USAA "verified" it was me and expedited the thief a debit card for my savings account. The thief then deposited $4000 into my savings account and started withdrawing cash from an ATM until the account was empty. I asked why I was not notified, considering they send me email and docs all the time, and she said they will be checking for any mistakes USAA may have made.

USAA had me change all my profile info, and added some more security procedures since the thief was able to clone my cell phone number. They said the money should be returned in three to five days.

I am impressed with the ability of this particular thief - the information they provided over the phone is not something I would have expected them to know, such as the name of my elementary school and other info. They should have placed the effort toward someone who has some descent money in the bank - all they got from me was $1501, and USAA will have that returned soon.

Now I have to jump through more hoops to access my accounts, and I'm sure they will find a way around that too if they really try.

I'll be burying another ammo can this weekend if the ground is not too frozen.

Thieves suck.

I'm sure you've already fantasized about noticing the $4,000 and moving it into a different account before it got withdrawn.

I asked USAA if it would be returned along with the rest of my money, and she said she did not know.
I then asked if I could testify, and she said it would be up to the investigators.
I then asked if I could pull the lever at the hanging, and she said she did not know.

She tried to remain professional, but I got her to laugh a bit.

I check my accounts almost everyday. It is the only way I feel safe.

Wow, he cloned your cell phone number? That's no ordinary identity thief. I don't know what's behind Grant's hate for USAA (I'm sure there's a story behind it) but I've never had better service from any financial institution.
The fact he appeared to be you by calling from a verified number and passing the security questions explains their expediting the card to him -- I've had them have to send me an emergency card while I was on travel and they are very good with that once they feel they have verified your identity. Remember, they are used to trying to support military personnel and they bend over backwards to take care of personnel who are traveling.

I've been with USAA for close to 30 years. They've been great, and I'm sure they will take care of my issue.
They sent me an Identity Theft checklist of organizations to contact and things to look for after your identity has been stolen.
Now I just have to keep an eye on my credit reports and tax info to make sure the thief doesn't continue using my info in additional scams.

I check my accounts almost everyday. It is the only way I feel safe.
Yup, with today's easy access to accounts, there is no reason to let my money sit for more than a day without checking on it.

Wow, he cloned your cell phone number? That's no ordinary identity thief. I don't know what's behind Grant's hate for USAA (I'm sure there's a story behind it) but I've never had better service from any financial institution.
The fact he appeared to be you by calling from a verified number and passing the security questions explains their expediting the card to him -- I've had them have to send me an emergency card while I was on travel and they are very good with that once they feel they have verified your identity. Remember, they are used to trying to support military personnel and they bend over backwards to take care of personnel who are traveling.
I doubt they actually cloned the cell/sim, most likely just spoofed the caller-ID, which is much easier to pull off (neither is beyond the ability of a tech/electronics-savvy high-school kid with internet access and enough time on their hands/physical access)...

What takes a bit more skill/effort is the intelligence gathering to track down and correlate all the (personal) info to SE your way past the information checks....Still not that hard to do, but I'm not going to elaborate on methods here for the obvious reasons....Suffice it to say, for those types of checks, use something you can remember but which is complete BS and can't be tracked down online, etc...

This is why is can't stand the tendency of many organizations (banks have traditionally been some of the worst offenders) to use history/life questions as a "supposed" second factor of authentication (hint: it's not), or things like caller-ID, which while convenient offer little in the way of real protection against a determined adversary (just like how locks mainly keep honest people honest, but most can be picked/defeated quite easily), mainly because they're too damn cheap to do it the right way....

Wherever possible, REAL multi-factor authentication should be enabled for account access (many providers now offer this, but it usually needs to be turned on manually). Examples include requiring a (time-specific one-time-use) code which can only be generated from a device which you physically possess, outbound call to a predefined number for verification, etc. (text messages are no good because they can be intercepted). Also, keep in mind that there may be precursor events/attacks involving other providers or services (e.g. kill chain events/sequencing), which can clue you in to a active/pending breach/theft/etc....

Sent from my SM-N920T using Tapatalk

I don't know about them cloning a phone or sim but it did happen to my mother and I. Family plan...mom, sis, bil, myself all on a family plan. Suddenly we get a bill for about 4K. Dad calls me wanting to know just what I have been doing...then looks closer into the bill. Mom and my phones were cloned and placing calls around the clock from Florida to Cuba. Every few minutes a call was going out. Sounds like someone was selling phone calls to the locals there on our dime. Phone company ended up dropping the charges as it was obviously not us.

This is why is can't stand the tendency of many organizations (banks have traditionally been some of the worst offenders) to use history/life questions as a "supposed" second factor of authentication (hint: it's not)

This is why you never use the actual truth. You just have to keep track of what lies you've told ... so if you say your Mother's Maiden Name is X at one location and Y at another, you need to either remember it or write them all down and keep them in a safe place.

I had a guy the other day whose first car was "beer".

My information got hacked in the big Government compromise. My personal credit card company contacted me first saying they had a suspicious purchase in a foreign country and wanted to know if it was mine. I told them it wasn't and I had them cancel the card and send me a new card. 3 weeks later new card got hacked. Cancelled card all together. Government security company that was hired to monitor our credit finally contacted me and said there was an issue. They told me the only way they could fix the issue was for me to give them power of attorney. Needless to say they are no longer monitoring my accounts.
I froze my credit report and cancelled credit cards and haven't had any more problems.
It sure was nerve racking experience.

I'm happy they're taking care of it.

That is a lot of info for someone to have for a $1,000 score. It kind of screams inside job to me but I'm sure they're on it. The PIN thing is odd unless you had an account hacked that used the same PIN.

And who the heck offers a debit card on a savings account? I thought that was the whole idea of having a savings account; it's not liquid and you can move money over as needed.

Glad they are taking care of you.

Yes, there is a story behind my dislike of USAA, to the tune of $10k because of their shady sh*t. Assh*les...

I'm happy they're taking care of it.

That is a lot of info for someone to have for a $1,000 score. It kind of screams inside job to me but I'm sure they're on it. The PIN thing is odd unless you had an account hacked that used the same PIN.

And who the heck offers a debit card on a savings account? I thought that was the whole idea of having a savings account; it's not liquid and you can move money over as needed.

My checking and savings at one bank are both tied to the visa debit/ATM card.

That said, the card gets used ONLY at my bank ATM and for nothing else. No online transactions, no gas pumps, etc. I also have email alerts for ANY spend and daily limits on both accounts.

IMHO, using a bank atm/debit card is just asking for a hassle when, not if, you get hit. Use a no-fee rewards/miles CC and pay it off religiously before interest kicks.

Freeze on all credit bureaus, try to use two factor auth where possible (but I'm often lazy and just have SMS to my cell.)

They might get me for a little for one day, and I've had CC hacks, and even my tax return last year, but never my bank accounts (yet perhaps), and I can accommodate the lack of funds for a few days or a week until resolved.

The tax return thing sucked aas I had to paper file and then also send ID theft documents into the IRS. Lady told me EVERYONE will be getting PIN mailed to home address from now on and no PIN, no file. I suppose next the damn theives will be trying to steal more of your mail.

Hey, Dav, did you have your text alerts active at the time?

Hey, Dav, did you have your text alerts active at the time?

Negative

My checking and savings at one bank are both tied to the visa debit/ATM card.

That said, the card gets used ONLY at my bank ATM and for nothing else. No online transactions, no gas pumps, etc. I also have email alerts for ANY spend and daily limits on both accounts.

IMHO, using a bank atm/debit card is just asking for a hassle when, not if, you get hit. Use a no-fee rewards/miles CC and pay it off religiously before interest kicks.

Freeze on all credit bureaus, try to use two factor auth where possible (but I'm often lazy and just have SMS to my cell.)

They might get me for a little for one day, and I've had CC hacks, and even my tax return last year, but never my bank accounts (yet perhaps), and I can accommodate the lack of funds for a few days or a week until resolved.

The tax return thing sucked aas I had to paper file and then also send ID theft documents into the IRS. Lady told me EVERYONE will be getting PIN mailed to home address from now on and no PIN, no file. I suppose next the damn theives will be trying to steal more of your mail.

Using a CC is so smart, I can't even begin the count the ways.

I don't even use ATMs anymore. I go into the bank and withdraw cash from checking and checking only. They do a good job verifying it's me every time. My checking has overdraft protection that goes against a CC just for that reason that is not used for anything else. So my savings should be protected but one always wonders.

I still check the accounts every day.

I use the Citi 2% MC for everyday stuff. My wife and I have the same card, I pay it off each money (according to budget). I have no other accounts at Citi.