Crime rates are down across the country due to the fact that most major cities have declared a state of emergency because of coronavirus. And that’s great news! But it doesn’t mean that you don’t still have to be on alert for criminal activity. The United States Department of Justice says that it is “remaining vigilant in detecting, investigating, and prosecuting wrongdoing related to the crisis. In a memo to U.S. Attorneys, Attorney General Barr said, ‘The pandemic is dangerous enough without wrongdoers seeking to profit from public panic and this sort of conduct cannot be tolerated.'”
The DOJ website, meanwhile, goes on to say that criminals are attempting to exploit COVID-19 worldwide through a variety of scams and that there have been reports of:
- Individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud.
- Phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention.
- Malicious websites and apps that appear to share virus-related information to gain and lock access to your devices until payment is received.
- Social media scams and telephone calls seeking donations fraudulently for illegitimate or non-existent charitable organizations.
Further to this, phishing (a fraudulent attempt to get your personal information like online log-ins, passwords and credit card information by impersonating someone trustworthy) is quite alive and well. Just this past week, I almost fell victim to a phishing scam. So to help you stay safe, I’m sharing my experience and tips so you don’t find yourself in the same situation.
RELATED: Coronavirus Resource Guide
Upon reflection, there were some warning signs that I should have noted right away. I’ll get to those shortly. But first, here’s what happened:
I got a text from Bank of America saying that a purchase for over $200 had been made on my card and they wanted to confirm it was me. I simply had to text back YES or NO. I’ve gotten these texts before, often when I’m traveling out-of-state or out-of-country. When I confirm that I’m actually the person making the purchase, Bank of America opens up my account and allows the transaction to go through. However, this time, I had not made the purchase in question so I texted back NO.
I was just Googling Bank of America’s fraud department phone number when a call came in from a phone number that was one digit different from the fraud department number I’d found online.
Sure enough, the person I was speaking to claimed to be from Bank of America and said that they’d received my confirmation that I had not made the $200+ purchase. He confirmed some information with me (my name and my address) and then proceeded to list two transactions, neither of which I had made. He told me that my account had been compromised and was at high risk, so we needed to disable my online access immediately before my account was drained.
RELATED: How You Can Help During the Coronavirus Pandemic
All along, I was feeling suspicious but at the same time, if it were true, I was terrified of my account being drained and not having any recourse. That would suck under the best of circumstances but even more during these financially uncertain times.
The caller asked if I had changed by username and cited something bogus. No, I said, that’s not my username. “See?” he said. “They’ve already changed your username. Your account is at high risk. I just need your password to disable and protect your account. Once that’s done, you can set up a new log-in.”
Obviously, the fact that he’d asked for my password set off an alarm. I knew that Bank of America would never ask for my password but … I don’t know … I was nervous of the status of my account. I told him that I wasn’t sure about this so I would call Bank of America’s fraud department back myself and cite the case number that had been included in the text I’d gotten. “Ma’am, this is an urgent situation, your account is at risk, we need to do this now,” he said. Besides, he said, because of coronavirus, it would take forever for me to reach an agent.
RELATED: Coronavirus and Safe Shopping With Your Credit Card
Again, I knew something was wrong. A Bank of America agent would never pressure a customer this way and if you wanted to call back to confirm the phone number, they would be more than happy for you to do that. The fact that this guy was so insistent that we do this immediately was another warning sign. “Check the number on the back of your bank card, ma’am. You will see that it’s the same number that just called you.” (As I mentioned, the number was one digit different, but that didn’t seem unusual since I figured these 800 numbers have various extensions.)
Since the guy I was speaking to wasn’t making any headway with me, he asked if I wanted to speak to his supervisor. Honestly, I have no idea why I was still on the phone because my suspicions were very strong. But he was playing to my fear that someone would steal all my money. And … it worked, I guess.
He transferred me to his supervisor who continued more of the same thing, telling me he understands my hesitancy to share my information but that my account is high risk and that his job is to protect me. I held my ground and said I would call Bank of America’s fraud department back myself and he finally revealed his fraudulent motives when he yelled, ‘OK, b**ch,’ and slammed the phone down in my ear. His menacing tone left me shaken and very upset.
I immediately tried to call Bank of America’s real fraud department and also went online to check my accounts. There was no evidence of fraudulent purchases but I changed my passwords anyway. I was on hold for so long that I eventually gave up.
I was still shaken, mostly because the first person I’d spoken to had recited my address to me. That didn’t make me feel too good. Upon further reflection, I realized that there were some warning signs I should have caught right away:
- The text that I’d gotten came from an actual phone number. But when Bank of America texts me, the number is three digits dash two digits, like 739-81.
- Normally, when you text Bank of America back (either confirming or denying the purchase in question), you’ll get a response back immediately since it’s an automated system. I did not get a response back to my text.
- The phone number that called me back was one digit different from Bank of America’s fraud department number. But even if the number had been correct, it’s still not a sure sign since criminals can spoof any phone number so it looks like the incoming phone call is legitimate, even though it may not be.
- Their urgency was definitely a warning sign – and when I said I wanted to call the fraud department myself, they strongly discouraged me.
If you want to stay safe, here are a few tips:
- Never give out your sensitive information to anyone who calls you, since you can’t verify who you’re speaking to. Never give up your log-in, username, password, SSN, or anything else personal.
- Verify the call by calling back yourself. Since criminals can spoof phone numbers, it’s very difficult to trust incoming calls, regardless of what your caller ID says.
- Familiarize yourself with your bank’s protocols. I knew the bank would never ask for my password, they would simply send me a password reset link to change it myself. I also knew that the bank’s texting procedure should have resulted in an automated reply to me, which I never got.
- Trust your gut.
I consider myself pretty savvy but I wonder how many people might have given up their information in an uncertain and unguarded moment. Besides never sharing your personal information, always follow your gut. I’m glad I did or this situation could have ended quite differently.
Want even more travel tips? Sign up here for the Daily Travel Tip newsletter! Enter your email address and check “Daily Travel Tip” to receive Johnny’s best tips in your inbox each day!
If you already subscribe to our weekly newsletter, you can sign up on the same page. Just fill in your email and check “Daily Travel Tip” on the same page. You’ll receive an email with a link to update your JohnnyJet.com preferences. On that page, just click the Daily Travel Tip box and Update Profile.
Thank you so much for sharing this information. Even fraud and tech professionals can get snared by these scams. I’m always surprised (and not in a good way) at how quickly criminals pivot to circumvent protections so that the Money You Earned Stays With You…It’s so easy to get caught up because these crooks know just how to play on your fears. Your story shows that have you have to verify your account transactions personally before taking ANY action on your account. Another thing you can do is to pay with as many purchases as possible with a charge card, rather than with a debit card. At least with a charge card, (when, not if, it’s compromised) your money is not at risk –it’s the bank’s money. And the bank will have every incentive to investigate whether fraud has occurred. Of course, you then have to be extra vigilant about paying the balance before interest accrues. If a debit card must be used, then the purchase should be designated as a credit so you get a few additional protections. It used to be that “cash is king,” but in these coronavirus days, no one wants to touch cash!
That’s is very important and why I always tell people to use a credit card not a debit card.
Using a debit card can wipe you out in seconds. I know. I tell my children that if they ever use a debit card, I would disown them. Their accounts are tied to mine….. purposely.
Your “smeller” was working pretty well, but the connexion between that smeller and your brain was somewhat compromised.
Your past observation of the format of BofA’s sender number when they text you is CRITICAL…. this time it was different…….. yet you carried on. Now you know.
I’ve had a few similar attempts made on me, mostly via emails. Up at the head of every page of emails the action options always include “more options”. In there are two I use regularly when I smell a rat. One is VIEW HEADERS, the other is VIEW SOURCE. The email address of origin will always be a familiar one, the same as the firm uses for all their communication with me. When I see something different, I immediately close the email and tag it as spam. From Chase it will always have “chase.com in it. Anything else is a fraud. I”ve also noted that if there are any live links in an email, when I “cover” the link with the cursor I can read in the lower left margin of the window the URL the link that says “chase.com/security” in the body of the email will say something like makingyousafe.fr… sent from FRANCE…. NOT chase.
I have not given my mobil phone number to any banks, card cmpanies, etc. I insisst in ALL communicating via US Mail. Hard to fool me with that. I’ve even told them NO EMAILS for communication or advertising. US mail or I don’t want it.
I don;t see how using a debit card can wipe me out… no credit cards, so how else can I biuy stuff online, or over the phone? And how is a debit card more dangerous than a credit card? I’ve had less problems with the ATM/Debit card than with credit cards.
Debit cards are the same as cash. If it’s connected to your checking account, a thief can drain your whole balance, up to the bank’s daily limit, and you’ll never know it until you try to withdraw or spend some of that money. My deceased mother was actually robbed by the low life morons who were entrusted to come into her home and remove her body…saw that no one else was around, found her purse, took her cash, debit and credit cards, and as I found out later, started using them the SAME DAY. If that doesn’t take some low life nerve, I don’t know what does. They have since been terminated and now there’s a criminal investigation which will probably take awhile now, on top of my grief over her death. No one should ever have to go through this. My wish is that these low life scum are brought to justice swiftly and made to pay all available penalties in a court of law. You can’t be too careful with your money these days.
Ugh. That is terrible. I’m sorry
I usually don’t answer calls from unknown numbers but I received 3 calls from the same number +1 (800) 528-4800 over a period of 5 minutes so when the number came up for a 4th time about 10 minutes later I answered the phone.
The person on the other end of the line had a foreign-sounding accent (??Indian) and claimed to be with the fraud department of AMEX. The first question asked was whether the card ending in the 4 digits that represent my AMEX was currently in my possession. I answered in the affirmative.
He then asked was I currently in Wisconsin. Of course, without thinking I answered that I was currently in North Carolina. He then rolled out my complete street address and asked if I was currently at that location – which of course I confirmed.
He then asked me whether I had made a purchase for I think it was around $670 at Walmart in Milwaukee and another purchase of well over $2000 (I don’t recall the amount) at a BestBuy in the same area. Of course, I said no I had not made those purchases. At that point, the person on the other end of the line assured me that AMEX had denied those charges and then he said he needed to check on something and could he put me on hold.
For some reason (gut feel) I was kind of suspicious so I hung up and called AMEX directly using the number on the back of my card. They assured me that there had been no attempts to make any fraudulent charges to the card but as a precaution, we agreed that they would cancel both my and my wife’s cards and reissue with a new number, expiry date, etc. While I was on the phone with the real AMEX the spoofed number came up again and obviously I ignored it.
And then the next day there was another 3 attempts to contact me except the spoofed number came up as +1 80052848000 – note the additional zero at the end. I was advised by an FBI in the Charlotte office to submit a report to the FTC.