Victim loses $40K in bank scam

By Greg Collier

A man from the Central Valley region of California recently lost close to $40,000 in a bank scam. As far as we can tell, Zelle wasn’t even used, which is a rarity these days. The man received a phone call from someone claiming to be from the fraud department at Bank of America. The caller is said to have told the man that there were fraudulent transactions on his account. But before the ‘fraud department’ could help him, they said they needed the man to give them a six-digit code they were sending to him, so he could verify his identity.

The man gave the caller the code, and we’ll get to the importance of that in just a bit. The caller then told the man that since there was fraudulent activity on his account, they needed to shut down the online banking option on his account. The caller was actually a scammer who drained the man’s account of nearly $40,000 with several transactions.

The most disturbing part of this scam is that the scammer already had the victim’s personal information. The victim didn’t have to give the caller any information, as the scammer was able to give the man’s personal information to him. The scammer even disabled the notifications the man should have received when the scammer started taking large amounts out of the man’s account.

So how was the scammer able to access the man’s bank account? The news article doesn’t go into detail about that. However, if we were to hazard a guess, it seems like the scammer already had all the information needed to access the man’s account. The information could have been obtained through any number of data breaches that have happened in the past few years.

The only thing the scammer really needed to access the account was the authorization code. Many banks require their customers secure their account using a two-factor authentication code. So even if someone tries to log in to a bank account with the username and password, they’ll still need the 2FA code that’s typically sent to the customer’s text messages. Once the scammer was able to obtain that code, they had complete access to the man’s bank account.

Anytime you receive a phone call from your bank, especially about fraudulent activity, hang up and call the bank back using the number on the back of your debit card. Scammers almost always spoof the number they’re calling from. Also, never give anyone any authorization code over the phone. These codes aren’t just used for banking, either, as many online accounts can be hijacked if someone were to give this number out.