I hate thieves

[davsel]

I've been with USAA for close to 30 years. They've been great, and I'm sure they will take care of my issue.
They sent me an Identity Theft checklist of organizations to contact and things to look for after your identity has been stolen.
Now I just have to keep an eye on my credit reports and tax info to make sure the thief doesn't continue using my info in additional scams.

[hurley842002]

I check my accounts almost everyday. It is the only way I feel safe.

Yup, with today's easy access to accounts, there is no reason to let my money sit for more than a day without checking on it.

[DireWolf]

Wow, he cloned your cell phone number? That's no ordinary identity thief. I don't know what's behind Grant's hate for USAA (I'm sure there's a story behind it) but I've never had better service from any financial institution.
The fact he appeared to be you by calling from a verified number and passing the security questions explains their expediting the card to him -- I've had them have to send me an emergency card while I was on travel and they are very good with that once they feel they have verified your identity. Remember, they are used to trying to support military personnel and they bend over backwards to take care of personnel who are traveling.

I doubt they actually cloned the cell/sim, most likely just spoofed the caller-ID, which is much easier to pull off (neither is beyond the ability of a tech/electronics-savvy high-school kid with internet access and enough time on their hands/physical access)...

What takes a bit more skill/effort is the intelligence gathering to track down and correlate all the (personal) info to SE your way past the information checks....Still not that hard to do, but I'm not going to elaborate on methods here for the obvious reasons....Suffice it to say, for those types of checks, use something you can remember but which is complete BS and can't be tracked down online, etc...

This is why is can't stand the tendency of many organizations (banks have traditionally been some of the worst offenders) to use history/life questions as a "supposed" second factor of authentication (hint: it's not), or things like caller-ID, which while convenient offer little in the way of real protection against a determined adversary (just like how locks mainly keep honest people honest, but most can be picked/defeated quite easily), mainly because they're too damn cheap to do it the right way....

Wherever possible, REAL multi-factor authentication should be enabled for account access (many providers now offer this, but it usually needs to be turned on manually). Examples include requiring a (time-specific one-time-use) code which can only be generated from a device which you physically possess, outbound call to a predefined number for verification, etc. (text messages are no good because they can be intercepted). Also, keep in mind that there may be precursor events/attacks involving other providers or services (e.g. kill chain events/sequencing), which can clue you in to a active/pending breach/theft/etc....

Sent from my SM-N920T using Tapatalk

[WETWRKS]

I don't know about them cloning a phone or sim but it did happen to my mother and I. Family plan...mom, sis, bil, myself all on a family plan. Suddenly we get a bill for about 4K. Dad calls me wanting to know just what I have been doing...then looks closer into the bill. Mom and my phones were cloned and placing calls around the clock from Florida to Cuba. Every few minutes a call was going out. Sounds like someone was selling phone calls to the locals there on our dime. Phone company ended up dropping the charges as it was obviously not us.

[Zundfolge]

This is why is can't stand the tendency of many organizations (banks have traditionally been some of the worst offenders) to use history/life questions as a "supposed" second factor of authentication (hint: it's not)

This is why you never use the actual truth. You just have to keep track of what lies you've told ... so if you say your Mother's Maiden Name is X at one location and Y at another, you need to either remember it or write them all down and keep them in a safe place.

[CS1983]

I had a guy the other day whose first car was "beer".

[tmjohnson]

My information got hacked in the big Government compromise. My personal credit card company contacted me first saying they had a suspicious purchase in a foreign country and wanted to know if it was mine. I told them it wasn't and I had them cancel the card and send me a new card. 3 weeks later new card got hacked. Cancelled card all together. Government security company that was hired to monitor our credit finally contacted me and said there was an issue. They told me the only way they could fix the issue was for me to give them power of attorney. Needless to say they are no longer monitoring my accounts.
I froze my credit report and cancelled credit cards and haven't had any more problems.
It sure was nerve racking experience.

[Skip]

I'm happy they're taking care of it.

That is a lot of info for someone to have for a $1,000 score. It kind of screams inside job to me but I'm sure they're on it. The PIN thing is odd unless you had an account hacked that used the same PIN.

And who the heck offers a debit card on a savings account? I thought that was the whole idea of having a savings account; it's not liquid and you can move money over as needed.

[Grant H.]

Glad they are taking care of you.

Yes, there is a story behind my dislike of USAA, to the tune of $10k because of their shady sh*t. Assh*les...

[brutal]

I'm happy they're taking care of it.

That is a lot of info for someone to have for a $1,000 score. It kind of screams inside job to me but I'm sure they're on it. The PIN thing is odd unless you had an account hacked that used the same PIN.

And who the heck offers a debit card on a savings account? I thought that was the whole idea of having a savings account; it's not liquid and you can move money over as needed.

My checking and savings at one bank are both tied to the visa debit/ATM card.

That said, the card gets used ONLY at my bank ATM and for nothing else. No online transactions, no gas pumps, etc. I also have email alerts for ANY spend and daily limits on both accounts.

IMHO, using a bank atm/debit card is just asking for a hassle when, not if, you get hit. Use a no-fee rewards/miles CC and pay it off religiously before interest kicks.

Freeze on all credit bureaus, try to use two factor auth where possible (but I'm often lazy and just have SMS to my cell.)

They might get me for a little for one day, and I've had CC hacks, and even my tax return last year, but never my bank accounts (yet perhaps), and I can accommodate the lack of funds for a few days or a week until resolved.

The tax return thing sucked aas I had to paper file and then also send ID theft documents into the IRS. Lady told me EVERYONE will be getting PIN mailed to home address from now on and no PIN, no file. I suppose next the damn theives will be trying to steal more of your mail.