More of you are turning to fintech companies to manage your money from your cellphones, but one woman said a stranger gained access to her account and drained her savings.
Briana Bell from Dallas said she was home on the evening of December 15 when she began receiving alerts from her online banking provider, Chime.
“All of a sudden I get a text saying your phone number has been changed,” Bell told NBC Responds in Dallas.
Bell said it immediately received a second notice that the email linked to her account had been replaced with an email address she did not recognize.
“I’m looking at my email and my email has been replaced with an email with my name on it. I’m like, wait, it’s not mine, ”Bell said.
A stranger was on Bell’s account. Panicked, she said, she called Chime customer service and asked them about the status of her checking and savings accounts.
“What’s in my savings?” She said, zero, ”recalls Bell. “Madam, I have been hacked. Someone is doing this. I was hacked because I had $ 14,000 in my savings account.
Bell said she was told to dispute the charges and was transferred to another department as it closed overnight. Bell said there was money left in his checking account that night. The next morning, there were no more.
“I am a single parent. I worked a very long time to build this. I’m trying to save for a house, ”Bell said.
Bell filed a police report and disputed the charges with Chime.
Bell said two of the fraudulent transactions were unsuccessful and the money had returned to his account.
She said she also called Sears about a third pending transaction and learned that someone in Florida had ordered a mobile phone with money from Bell.
Bell said Sears stopped the transaction and provided him with the shipping information for the cell phone. Bell shared it with the police.
For nearly a month, Bell said she continued to dispute the other charges with Chime.
“I spoke to a lot of different supervisors who said they were going to do X, Y, Z. Then I called the next day and they told me something completely different,” Bell said.
Bell contacted NBC Responds on January 12.
Days after our Dallas station contacted Chime, Bell said he credited most of the missing money to his account. On January 19, Bell said Chime credited the remainder of the disputed transactions to his account.
In an email to NBC Responds in Dallas, Chime’s director of corporate communications wrote: “While we cannot disclose any information about individual member accounts, please rest assured Chime does take this stuff. very seriously and our member services team worked promptly to fully investigate and resolve this member’s issue.
Chime also said, “As reported across the industry, fraud has unfortunately increased throughout COVID-19 and our Member Services team is aware of this and is working diligently to provide a safe and secure online banking experience. secure to our members. We have also prepared the following resource that you may find helpful.
Chime has posted information on red flags for customers to watch out for to avoid cybercriminals. The website also provides examples of fake text messages and direct social media messages that cybercriminals can use to try to trick customers into providing personal information.
Right now you might be wondering how this happened to Bell and if she was targeted.
Bell would like to know too.
“Be careful, even after the theft and I have nothing left on my account, the person who is in my phone or who hacked the phone or the Chime app or whatever the situation, has done it twice. more, ”Bell mentioned. “They changed my email and phone number two more times.”
Alain Espinosa, cybersecurity expert and director of security operations at Online Business Systems, said victims of crimes like this are sometimes chosen at random.
“It could have been 100% automated when there is no particular targeting,” Espinosa explained.
While he doesn’t know what happened in Bell’s case, he said cybercriminals have a common method of operating.
In some cases, they use a phishing scam to send legitimate looking alerts to random phone numbers. The goal is to get people to log into a fake link and reset their password.
It is not always obvious that these alerts are false.
Criminals also buy email addresses, usernames, and passwords that have at some point been compromised on the internet.
Therefore, you should not use the same email address, user name, or password for multiple sites. If one site is hacked, it means that you are at risk on other sites that you use.
“Someone isn’t sitting there and trying to get to it one by one. It is done in an automated way and they will take that same username, password, email address and try to access accounts, ”Espinosa said.
Eventually, they can reach and navigate to the website you are banking on.
Espinosa recommended configuring multi-factor authentication. It’s not foolproof, Espinosa said, but it does require a hacker to take several steps to gain access to your account.
Also, don’t be fooled by messages that appear to come from your financial institution. If you receive an urgent text or email, do not respond. Instead, call the number on the back of your card to confirm that your financial institution is trying to reach you.
The same advice applies if someone calls you. Hang up and call the number on the back of your card.
If you believe you are a victim, you should contact your financial institution immediately. Let them know that there is an issue with your account and to freeze all activity.
Report the crime to the FBI as soon as possible, ideally within 24 hours.
The Texas Department of Banking explains that some banking services, like Chime, are financial technology companies that partner with banks. A customer can take a look at the back of their card to confirm which bank.
The Consumer Financial Protection Bureau is a resource for financial technology clients. If a client is having trouble connecting with their FinTech provider, the CFPB says clients can contact the agency online or call 855-411-2372.
The National Consumer Law Center has said that when a customer disputes an unauthorized debit to a bank or prepaid account, the financial institution is required to conduct a reasonable investigation.
If the investigation takes longer than 10 days, the financial institution must give the consumer an interim credit on the account – which can be canceled later if the investigation shows that the consumer has authorized the charge.
“The onus is on the business to show that the consumer has authorized the levy,” said Lauren Saunders, associate director of the National Consumer Law Center.
Bell said she was happy the ordeal was over. She said she took extra precautions to protect herself in the future.
“It kind of gives the impression that nothing is certain,” Bell said. “It really is.”