Normally we don’t hear from the institutions where we do our banking. Occasionally they will mail out an ad that promotes a ‘loan sale’ and we might even receive an email about the same purpose…but they never call on the telephone. So, when your phone rings and someone identifies themselves as being from your bank you just know there is a problem. The conversation usually goes something like “Hello Mr/Ms Smith…this is Bob Jones calling from (insert name) bank. There appears to be a problem with your credit card that we are checking up on and we have put a temporary hold on your account”. The caller then details the issue and asks if you have made a series of purchases out of state at (insert name of big box store) on the following dates…
Now, if you are aware of social engineering and weary of the caller….as you should be…you will politely thank them for the warning, offer no information whatsoever and advise them that you will contact your bank immediately. Do not call the number they provide or go to the website they suggest! It could easily be just as fake as the phone call. Once you have hung up on the caller, call your bank immediately! You can find a contact number in your previous statement, or if it is still readable and you have good eyes, on the back of your credit card. Tell the person you speak with (eventually) of the issue and of your previous call.
Now either of two things will happen. One, your banker will inform you that nothing is wrong with your account and that the call was probably a phishing expedition by a hacker. They will then promise to keep a close eye on your account and ask that you inform them if you plan to do any out of the ordinary shopping or travel. This is the lesser of the two evils. The second thing (and the one that will start your stomach churning) is that your banker will inform you that indeed your account is on hold due to suspicious activity. They will then tell you that the previous caller was legitimate and ask you if you made the purchases in question. Once you deny those purchases you will start the wheels of justice in motion and become involved in the bureaucracy of righting a wrong and making your account viable once again. First, the bank will inform you that your credit card is now cancelled and they will reissue you a new one and it will arrive to your mailing address in 7-10 days. They will also inform you that you will be hearing from their fraud department, paperwork will need to be filled out and you will be asked to testify against the hackers if and when they are caught.
At this point, as you await your shiny new cards, you will need to begin the tedious process of notifying all those organizations with which you do business and have access to your account…and don’t forget EZ-Pass. Each will have to be contacted and provided with your new account number…which of course you won’t know until you receive the new cards. Naturally, if you are in the middle of a pleasure or business trip, or leaving on one soon, you will need to make some alternative arrangements for charging. Yes, it is a major pain in the…neck.
Once you receive the new cards, it is time to reflect on lessons learned. First, you got hacked as do millions of other Americans, and it probably won’t be the last time. Find out if your bank monitors accounts for unusual activity and what their policy on fraud is. Use cash as often as possible. I know, it seems archaic, but it helps avoid problems. Keep a second charge card available for such emergencies. If you shop online, you multiply your potential problems so use a separate card for online purchases that has a very low charge limit such as $500. When you sign your name on the back of the new card also write “Ask for user ID”. This will require any cashier to demand the ID of the person presenting the card. Check you statement when you get it each month to catch any charges you didn’t make and the bank didn’t happen to catch. Hackers usually start out small like charging a small amount under $25 to see if the account is usable. Once the small charges go through, they will progressively charge more and more. Finally, if you use a debit card, be sure to use a strong password!
For more information on programs and courses in cybersecurity please visit: http://www.nationalcybersecurityinstitute.org/programs/