Crime rates are down across the country due to the fact that most major cities have declared a state of emergency because of coronavirus. And that’s great news! But it doesn’t mean that you don’t still have to be on alert for criminal activity. The United States Department of Justice says that it is “remaining vigilant in detecting, investigating, and prosecuting wrongdoing related to the crisis. In a memo to U.S. Attorneys, Attorney General Barr said, ‘The pandemic is dangerous enough without wrongdoers seeking to profit from public panic and this sort of conduct cannot be tolerated.'”
The DOJ website, meanwhile, goes on to say that criminals are attempting to exploit COVID-19 worldwide through a variety of scams and that there have been reports of:
- Individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud.
- Phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention.
- Malicious websites and apps that appear to share virus-related information to gain and lock access to your devices until payment is received.
- Social media scams and telephone calls seeking donations fraudulently for illegitimate or non-existent charitable organizations.
Further to this, phishing (a fraudulent attempt to get your personal information like online log-ins, passwords and credit card information by impersonating someone trustworthy) is quite alive and well. Just this past week, I almost fell victim to a phishing scam. So to help you stay safe, I’m sharing my experience and tips so you don’t find yourself in the same situation.
RELATED: Coronavirus Resource Guide
Upon reflection, there were some warning signs that I should have noted right away. I’ll get to those shortly. But first, here’s what happened:
I got a text from Bank of America saying that a purchase for over $200 had been made on my card and they wanted to confirm it was me. I simply had to text back YES or NO. I’ve gotten these texts before, often when I’m traveling out-of-state or out-of-country. When I confirm that I’m actually the person making the purchase, Bank of America opens up my account and allows the transaction to go through. However, this time, I had not made the purchase in question so I texted back NO.
I was just Googling Bank of America’s fraud department phone number when a call came in from a phone number that was one digit different from the fraud department number I’d found online.
Sure enough, the person I was speaking to claimed to be from Bank of America and said that they’d received my confirmation that I had not made the $200+ purchase. He confirmed some information with me (my name and my address) and then proceeded to list two transactions, neither of which I had made. He told me that my account had been compromised and was at high risk, so we needed to disable my online access immediately before my account was drained.
All along, I was feeling suspicious but at the same time, if it were true, I was terrified of my account being drained and not having any recourse. That would suck under the best of circumstances but even more during these financially uncertain times.
The caller asked if I had changed by username and cited something bogus. No, I said, that’s not my username. “See?” he said. “They’ve already changed your username. Your account is at high risk. I just need your password to disable and protect your account. Once that’s done, you can set up a new log-in.”
Obviously, the fact that he’d asked for my password set off an alarm. I knew that Bank of America would never ask for my password but … I don’t know … I was nervous of the status of my account. I told him that I wasn’t sure about this so I would call Bank of America’s fraud department back myself and cite the case number that had been included in the text I’d gotten. “Ma’am, this is an urgent situation, your account is at risk, we need to do this now,” he said. Besides, he said, because of coronavirus, it would take forever for me to reach an agent.
Again, I knew something was wrong. A Bank of America agent would never pressure a customer this way and if you wanted to call back to confirm the phone number, they would be more than happy for you to do that. The fact that this guy was so insistent that we do this immediately was another warning sign. “Check the number on the back of your bank card, ma’am. You will see that it’s the same number that just called you.” (As I mentioned, the number was one digit different, but that didn’t seem unusual since I figured these 800 numbers have various extensions.)
Since the guy I was speaking to wasn’t making any headway with me, he asked if I wanted to speak to his supervisor. Honestly, I have no idea why I was still on the phone because my suspicions were very strong. But he was playing to my fear that someone would steal all my money. And … it worked, I guess.
He transferred me to his supervisor who continued more of the same thing, telling me he understands my hesitancy to share my information but that my account is high risk and that his job is to protect me. I held my ground and said I would call Bank of America’s fraud department back myself and he finally revealed his fraudulent motives when he yelled, ‘OK, b**ch,’ and slammed the phone down in my ear. His menacing tone left me shaken and very upset.
I immediately tried to call Bank of America’s real fraud department and also went online to check my accounts. There was no evidence of fraudulent purchases but I changed my passwords anyway. I was on hold for so long that I eventually gave up.
I was still shaken, mostly because the first person I’d spoken to had recited my address to me. That didn’t make me feel too good. Upon further reflection, I realized that there were some warning signs I should have caught right away:
- The text that I’d gotten came from an actual phone number. But when Bank of America texts me, the number is three digits dash two digits, like 739-81.
- Normally, when you text Bank of America back (either confirming or denying the purchase in question), you’ll get a response back immediately since it’s an automated system. I did not get a response back to my text.
- The phone number that called me back was one digit different from Bank of America’s fraud department number. But even if the number had been correct, it’s still not a sure sign since criminals can spoof any phone number so it looks like the incoming phone call is legitimate, even though it may not be.
- Their urgency was definitely a warning sign – and when I said I wanted to call the fraud department myself, they strongly discouraged me.
If you want to stay safe, here are a few tips:
- Never give out your sensitive information to anyone who calls you, since you can’t verify who you’re speaking to. Never give up your log-in, username, password, SSN, or anything else personal.
- Verify the call by calling back yourself. Since criminals can spoof phone numbers, it’s very difficult to trust incoming calls, regardless of what your caller ID says.
- Familiarize yourself with your bank’s protocols. I knew the bank would never ask for my password, they would simply send me a password reset link to change it myself. I also knew that the bank’s texting procedure should have resulted in an automated reply to me, which I never got.
- Trust your gut.
I consider myself pretty savvy but I wonder how many people might have given up their information in an uncertain and unguarded moment. Besides never sharing your personal information, always follow your gut. I’m glad I did or this situation could have ended quite differently.
Want even more travel tips? Sign up here for the Daily Travel Tip newsletter! Enter your email address and check “Daily Travel Tip” to receive Johnny’s best tips in your inbox each day!
If you already subscribe to our weekly newsletter, you can sign up on the same page. Just fill in your email and check “Daily Travel Tip” on the same page. You’ll receive an email with a link to update your JohnnyJet.com preferences. On that page, just click the Daily Travel Tip box and Update Profile.