Bank phishing scam- how did scammers get account details?
August 14, 2024 11:41 AM Subscribe
Mrs LDS and our son (a minor, just barely) recently opened new savings and checking accounts at a national bank. About a week later, we received notices in the (postal) mail stating that the accounts were opened in error, & would automatically be closed due Mrs LDS's chexsystems credit report being frozen.
We eventually figured out (with the help of the bank)that the notices we received were fake, although the bank employees names/numbers listed in it were legit. The actual phishing scam was an attached form requesting additional info (ssn etc)
Our credit at the three major credit unions and Chexsystems is indeed frozen. How might have the phishers known that we had recently opened new accounts and the last four digits of the account numbers of both the savings and checking accounts? (The partial acct #s and account starting dates were included on the postal phishing documents)
We eventually figured out (with the help of the bank)that the notices we received were fake, although the bank employees names/numbers listed in it were legit. The actual phishing scam was an attached form requesting additional info (ssn etc)
Our credit at the three major credit unions and Chexsystems is indeed frozen. How might have the phishers known that we had recently opened new accounts and the last four digits of the account numbers of both the savings and checking accounts? (The partial acct #s and account starting dates were included on the postal phishing documents)
If I were you, and the bank could not explain this to me in the next twenty-four hours, I would be doing business with a different bank.
posted by John Borrowman at 1:15 PM on August 14 [15 favorites]
posted by John Borrowman at 1:15 PM on August 14 [15 favorites]
Seconding John Borrowman, this could easily be a matter of poor operational security at the bank.
posted by Aleyn at 1:19 PM on August 14 [1 favorite]
posted by Aleyn at 1:19 PM on August 14 [1 favorite]
I'd wonder if it's possible the bank representative who told you the notices were fake might have been mistaken, or if what they really meant to say was that the initial notices were sent in error (by the bank, since Mrs. LDS had presumably taken whatever steps were necessary to bypass the credit freeze?), not send fraudulently (by scammers).
posted by nobody at 1:46 PM on August 14 [2 favorites]
posted by nobody at 1:46 PM on August 14 [2 favorites]
Response by poster: Thanks to all who have answered so far- more info: after looking over the notices we received with a critical eye, they are slightly off. The phrasing, formatting and spelling are perfect, but they appear to be grey scale/monochrome prints of what were originally either color documents or documents that were supposed to be printed on color letterhead. After some research, my wife called the the named bank contacts on each notice (one notice on each account) and the people who answered the numbers were legit representatives of the bank, but both were utterly perplexed as to why their names were on the notices.
It seems unlikely but not impossible that the account info came from mail stolen out of our mailbox as the accounts are brand new and are set up for paperless statements.
We are somewhat suspicious that the "call is coming from inside the house" and that the bank has either a bent employee or some sort of compromised database, so it's good to hear that other folks are thinking along similar lines.
posted by Larry David Syndrome at 3:58 PM on August 14 [2 favorites]
It seems unlikely but not impossible that the account info came from mail stolen out of our mailbox as the accounts are brand new and are set up for paperless statements.
We are somewhat suspicious that the "call is coming from inside the house" and that the bank has either a bent employee or some sort of compromised database, so it's good to hear that other folks are thinking along similar lines.
posted by Larry David Syndrome at 3:58 PM on August 14 [2 favorites]
Where would the SSN, etc. on the attached form have been sent, if you had fallen for it? To someone in the bank itself?
I feel excessively paranoid to suggest this, but I've read multiple news reports over the past several years of bank employees in Canada (and I feel like I've seen reports of similar in the U.S. too but can't remember) fraudulently opening "extra" accounts, lines of credit, credit cards, etc. in the names of actual existing customers, the motive being to boost their own personal stats for "product sales" under intense performance pressure from management. The big Canadian banks have been dragged before Parliament for this behaviour but apparently it's still happening. It could be that the person who opened your accounts is doing this on the regular, got stymied by your spouse's credit freeze, and attempted a workaround from their home printer.
(My strategy for avoiding these shenanigans is to bank with a credit union.)
posted by heatherlogan at 6:11 PM on August 14 [2 favorites]
I feel excessively paranoid to suggest this, but I've read multiple news reports over the past several years of bank employees in Canada (and I feel like I've seen reports of similar in the U.S. too but can't remember) fraudulently opening "extra" accounts, lines of credit, credit cards, etc. in the names of actual existing customers, the motive being to boost their own personal stats for "product sales" under intense performance pressure from management. The big Canadian banks have been dragged before Parliament for this behaviour but apparently it's still happening. It could be that the person who opened your accounts is doing this on the regular, got stymied by your spouse's credit freeze, and attempted a workaround from their home printer.
(My strategy for avoiding these shenanigans is to bank with a credit union.)
posted by heatherlogan at 6:11 PM on August 14 [2 favorites]
Makes me wonder, could one of your Equifax/Experian/TransUnion accounts be compromised?
posted by oxisos at 6:14 PM on August 14
posted by oxisos at 6:14 PM on August 14
Mrs LDS [...] recently opened new [...] accounts at a national bank. About a week later, we received notices [...] the accounts were opened in error, & would automatically be closed due Mrs LDS's chexsystems credit report being frozen. [...] Our credit at [...] Chexsystems is indeed frozen.
I did some editing there, and this is going to sound exceedingly obvious, and I apologize if I've missed something, but is it possible that the notice from the bank that the accounts were opened in error and then closed due to the Chexsystems report being frozen was... just due to her Chexsystems report being frozen? Maybe you need to unfreeze it for the bank, or they really need you to provide more information? I'd just call back into the bank via publicly available numbers and escalate if the first-level rep doesn't seem to understand the issue. If they can't resolve it, I agree with others, choose another bank.
posted by I EAT TAPAS at 6:45 PM on August 14 [2 favorites]
I did some editing there, and this is going to sound exceedingly obvious, and I apologize if I've missed something, but is it possible that the notice from the bank that the accounts were opened in error and then closed due to the Chexsystems report being frozen was... just due to her Chexsystems report being frozen? Maybe you need to unfreeze it for the bank, or they really need you to provide more information? I'd just call back into the bank via publicly available numbers and escalate if the first-level rep doesn't seem to understand the issue. If they can't resolve it, I agree with others, choose another bank.
posted by I EAT TAPAS at 6:45 PM on August 14 [2 favorites]
Have you used online banking for these new accounts? Is it possible there's spyware or malware on your computer? Are you 100% sure neither Mrs LDS nor your son clicked on any kind of popup ad or fell for a tech support scam?
posted by needs more cowbell at 7:45 PM on August 14
posted by needs more cowbell at 7:45 PM on August 14
Businesses sell a lot of information, banking information is shared with credit agencies, and they are not your ally. I'd talk to your state's Banking Agency, it will be part of the Atty General's office/ website. They are likely to be familiar with types of fraud and know if it's stolen mail, which would almost certainly generate action from the USPS, or data theft/misuse. People are often shrug, scams, what can you do? but bank fraud should get serious attention.
posted by theora55 at 10:13 PM on August 14
posted by theora55 at 10:13 PM on August 14
Maybe you're already on top of this and have already gleaned what you can from it, but just in case not: heatherlogan's first question ("Where would the SSN, etc. on the attached form have been sent, if you had fallen for it?") seems like the most promising avenue for figuring this out.
posted by nobody at 5:21 PM on August 15 [3 favorites]
posted by nobody at 5:21 PM on August 15 [3 favorites]
Response by poster: Update: this was a case of spectacular internal ineptitude/lack of communication on the part of the bank.
At the time we received the warning notices, multiple employees at two local branches assured us that the account was in good standing with no flags, no actions were required.
After verifying that the names and numbers of employees listed on the notice were valid (said people are actual employees of the bank) my wife called the listed employees. Both employees had no idea why the notices were issued and thought the notices were fraudulent.
The banks own fraud department took a fraud report about the notices and considered them fraudulent.
As of this morning, the account was spontaneously closed (this was on the date referenced in the initial notice)
A fresh round of calls to the bank revealed that the accounts were indeed opened in error and that we'd have to unfreeze our credit and apply again to open new accounts. My wife began the process but the bank rep gave her incorrect info about which credit bureaus needed to be unfrozen which resulted in a wasted trip to the bank branch. I think at this point we're done and will just take our money elsewhere.
I guess I EAT TAPAS ultimately had the correct answer.
posted by Larry David Syndrome at 11:55 AM on September 6 [1 favorite]
At the time we received the warning notices, multiple employees at two local branches assured us that the account was in good standing with no flags, no actions were required.
After verifying that the names and numbers of employees listed on the notice were valid (said people are actual employees of the bank) my wife called the listed employees. Both employees had no idea why the notices were issued and thought the notices were fraudulent.
The banks own fraud department took a fraud report about the notices and considered them fraudulent.
As of this morning, the account was spontaneously closed (this was on the date referenced in the initial notice)
A fresh round of calls to the bank revealed that the accounts were indeed opened in error and that we'd have to unfreeze our credit and apply again to open new accounts. My wife began the process but the bank rep gave her incorrect info about which credit bureaus needed to be unfrozen which resulted in a wasted trip to the bank branch. I think at this point we're done and will just take our money elsewhere.
I guess I EAT TAPAS ultimately had the correct answer.
posted by Larry David Syndrome at 11:55 AM on September 6 [1 favorite]
Thank you for updating, and wow yeah that is pretty bad and I would go elsewhere too.
posted by needs more cowbell at 5:06 PM on September 6 [1 favorite]
posted by needs more cowbell at 5:06 PM on September 6 [1 favorite]
You are not logged in, either login or create an account to post comments
posted by TheRaven at 12:13 PM on August 14