My mother would have said I got my “comeuppance”. The ancient Greek might have felt the gods were punishing me with Hubris for predicting the future. My peers might have smiled and said, “I got my just desserts.” Whichever, only about five weeks after I wrote a post titled “Hackers” and drew the conclusion that privacy was an acceptable trade-off for data accessibility, I found my primary bank account raided for almost $15,000 in a two day period.
You might find the story interesting and perhaps enlightening.
On April 3rd I was about to deposit a sizeble check into the Navy Federal Credit Union account I have held for more than forty years. Although NFCU has kept current with security measures, as evidenced that I have a random access account number that bears no relationship to any other personal information I have, financial or otherwise, and that NFCU remains one of the few institutions that does not download into my Quicken account on a real-time basis, I have not kept abreast of their concerns. My password was not only “weak”, it also was one I used on several other sites and my mother’s maiden name and favorite pet were pieces of information that someone might find in the public domain.
I was to discover that my attitude was at best sophomoric and at worst, and there was a worst, dangerous.
When I went online to see which of the five linked accounts I wanted to deposit my check (really there are only two legitimate accounts, exclusion Mary’s, my checking or my savings, with the choice being how soon I would need to write a check against the balance. At the time, I had several large checks either outstanding or imminent, and so I expected to deposit my check into checking.
My checking balance was not the $6000 I expected, but was less than $100.
There was history of about five transfers in my account: two from one account to another and three from my account to another NFCU member, whom I did not know. $4,900 had been moved out of my account on April 1, and another $10,000, in two increments, was transferred on April 2nd. Mary’s account was virtually depleted as were both my checking and savings.
How did that happen?
When the Fraud investigation at NFCO traced the NFCU transfer they discovered a common scam. That NFCO member had probably been contacted by a Nigerian “businessman”, who told of the frustration his company has because of US money-laundering legislation. He was probably offered $200 if he would exchange funds placed in his NFCU account for a money order, which he could buy at Walmart and send it to Nigeria.
Indeed, when NFCU looked into the account my funds were transferred to, they found the owner had sent the majority of the money as requested and still had $155 left, which NFCU seized.
Thankfully, since Credit Unions are now included under Federal Reserve FDIC protection, I received the entire $14,900 back into my account and was able to redistribute it so Mary retrieved all of her funds.
Of more interest is why was I targeted and how did the Nigerians get access to my account?
You may have read or heard recently that Anthem Health compromised some 80 million pieces of Personal Health Information. While they do not believe that any financial information was compromised, it is hard to ignore that when I worked for WellPoint (purchased by Anthem) my checks were Direct Deposited into that very same account. Both NFCU and I believe that was how access was obtained. The company hired by Anthem to assist hacked members has been less than responsive but I am hopeful that I will recover incidental expenses incurred as the result of the event, such as $300+ for new checks, and interest on a few accounts where checks on the closed account were returned.
Which brings to mind the other issues from the incident:
· I have Direct Deposit of both my military retired pay and Social Security for Mary and me. Thankfully, because the event occurred at the first of the month I was able to get all three changed to the new account without delay.
· Most of the checks that were returned forgave any penalties with a copy of the letter NFCU Fraud Unit provided. This included four personal recipients and several credit cards.
· I was able to write checks to both the IRS and the California Franchise Tax Board for estimated 2015 taxes before the April 154th deadline. While we haven’t completed forgiveness of my returned checks, I have some optimism that I was be exonerated.
· The Fraud Unit helped me improve the security on my new account, letting me choose a unique, strong password and teaching me to lie about my personal hints so outsiders will not be able to answer them. As an example, “What was your first school? Answer: “Strawberry”.
I have not subscribed to a password vault yet, nor have I really changed m y thought that the Millennials treasure data convenience enough so they will risk an occasional hack, as long as they are protected from catastrophic loss. I wonder how long it will be before I pull a ten dollar bill from my pocket and some youngster will ask, “What is that?” My local supermarket says about 15% or customers now use Apple Money, and more are doing so every day.
In my next Post I intend to revisit a topic I wrote about two years ago or so: online college. I have grandchildren now who are affected, and I hope you will join me.