My mother would have said I got my “comeuppance”. The ancient Greek might have felt the gods were
punishing me with Hubris for predicting the future. My peers might have smiled and said, “I got
my just desserts.” Whichever, only about
five weeks after I wrote a post titled “Hackers” and drew the conclusion that
privacy was an acceptable trade-off for data accessibility, I found my primary
bank account raided for almost $15,000 in a two day period.
You might find the story interesting and perhaps
enlightening.
On April 3rd I was about to deposit a
sizeble check into the Navy Federal Credit Union account I have held for more
than forty years. Although NFCU has kept
current with security measures, as evidenced that I have a random access account
number that bears no relationship to any other personal information I have,
financial or otherwise, and that NFCU remains one of the few institutions that
does not download into my Quicken account on a real-time basis, I have not kept
abreast of their concerns. My password
was not only “weak”, it also was one I used on several other sites and my
mother’s maiden name and favorite pet were pieces of information that someone
might find in the public domain.
I was to discover that my attitude was at best
sophomoric and at worst, and there was a worst, dangerous.
When I went online to see which of the five linked
accounts I wanted to deposit my check (really there are only two legitimate
accounts, exclusion Mary’s, my checking or my savings, with the choice being
how soon I would need to write a check against the balance. At the time, I had several large checks
either outstanding or imminent, and so I expected to deposit my check into
checking.
My checking balance was not the $6000 I expected, but
was less than $100.
There was history of about five transfers in my
account: two from one account to another and three from my account to another
NFCU member, whom I did not know. $4,900
had been moved out of my account on April 1, and another $10,000, in two increments,
was transferred on April 2nd.
Mary’s account was virtually depleted as were both my checking and
savings.
How did that happen?
When the Fraud investigation at NFCO traced the NFCU
transfer they discovered a common scam.
That NFCO member had probably been contacted by a Nigerian
“businessman”, who told of the frustration his company has because of US
money-laundering legislation. He was
probably offered $200 if he would exchange funds placed in his NFCU account for
a money order, which he could buy at Walmart and send it to Nigeria.
Indeed, when NFCU looked into the account my funds
were transferred to, they found the owner had sent the majority of the money as
requested and still had $155 left, which NFCU seized.
Thankfully, since Credit Unions are now included under
Federal Reserve FDIC protection, I received the entire $14,900 back into my
account and was able to redistribute it so Mary retrieved all of her funds.
Of more interest is why was I targeted and how did the
Nigerians get access to my account?
You may have read or heard recently that Anthem Health
compromised some 80 million pieces of Personal Health Information. While they do not believe that any financial
information was compromised, it is hard to ignore that when I worked for
WellPoint (purchased by Anthem) my checks were Direct Deposited into that very
same account. Both NFCU and I believe
that was how access was obtained. The
company hired by Anthem to assist hacked members has been less than responsive
but I am hopeful that I will recover incidental expenses incurred as the result
of the event, such as $300+ for new checks, and interest on a few accounts
where checks on the closed account were returned.
Which brings to mind the other issues from the
incident:
·
I have Direct Deposit of both my military
retired pay and Social Security for Mary and me. Thankfully, because the event occurred at the
first of the month I was able to get all three changed to the new account
without delay.
·
Most of the checks that were returned
forgave any penalties with a copy of the letter NFCU Fraud Unit provided. This included four personal recipients and
several credit cards.
·
I was able to write checks to both the IRS
and the California Franchise Tax Board for estimated 2015 taxes before the
April 154th deadline. While
we haven’t completed forgiveness of my returned checks, I have some optimism
that I was be exonerated.
·
The Fraud Unit helped me improve the
security on my new account, letting me choose a unique, strong password and
teaching me to lie about my personal hints so outsiders will not be able to
answer them. As an example, “What was your first school? Answer: “Strawberry”.
I have not subscribed to a password vault yet, nor
have I really changed m y thought that the Millennials treasure data
convenience enough so they will risk an occasional hack, as long as they are
protected from catastrophic loss. I
wonder how long it will be before I pull a ten dollar bill from my pocket and
some youngster will ask, “What is that?”
My local supermarket says about 15% or customers now use Apple Money,
and more are doing so every day.
In my next Post I intend to revisit a topic I wrote
about two years ago or so: online
college. I have grandchildren now who
are affected, and I hope you will join me.