Meet our writers

 







Money June 2013

Dollar Sense

My Cautionary Tale: How Thieves Cleaned out My Bank Account, and How You May Be Able to Avoid It

By Teresa Ambord

A few days earlier, my e-mail password had been hacked, and though I was annoyed, I failed to realize the seriousness of the situation. I quickly changed my e-mail passwords and restored my access, but if I’d understood how serious it was to have thieves in my e-mail, I would have done more, sooner.

“That’ll be $63,” said the cashier with a smile.

I swiped my debit card, entered my ID, and a moment later, the cashier’s smile vanished.

“Your card has been declined,” she said.

“Let me try again.” It was common for me to mess up my PIN, so I re-entered it.

“Sorry,” said the cashier, but she didn’t sound sorry. She sounded scornful. “The computer says your account doesn’t have enough funds to cover this,” she said, as though she was talking to a deadbeat.

Normally I wouldn’t have tolerated such an attitude, but suddenly I was scared. Just hours earlier, I’d checked my bank balance and knew there should be $2,600 in the account, and nobody else had access. At least… nobody had legal access. I knew it was possible for thieves to hack into a bank account and clean it out. Either there was a bank error, or I’d been robbed. I rushed out of the store, leaving the snotty cashier to put away my groceries herself.

Ten minutes later, I was in front of my computer, my hands shaking as I tried to log onto my bank. After a few tries, I finally got in and there it was… not only was my money gone, but I was overdrawn. Digging a little further, I saw there were three large, unauthorized withdrawals, and beside each one, a notation showing the withdrawals were made by someone with an Asian name, someone I didn’t know. To make it worse, when the money was gone, the thieves kept trying to take more, creating non-sufficient funds charges in the amount of $200.

 

Could this Happen to You?

Sorry to say, it very well could. I’m a former accountant, educated and experienced in detecting fraud. Plus my son the computer whiz had advised me not to use similar passwords, but I believed I had done enough to protect my online activities. I wouldn’t say I was cocky, but maybe because of the knowledge I had, I was living in a fool’s paradise.

 

Here’s What I Did Wrong

  1. As I said, I used similar – though not identical -- passwords for different accounts. I thought a minor variation would be good enough. In fact, I’d heard a news report which said changing from small letters to capital letters alone would make it much harder for thieves to capture similar passwords. I relied on this information, to my detriment.
  2. To make it worse, my e-mail password was similar to the password of an account which connected indirectly to my bank, PayPal, and through PayPal, a credit card.
  3. A few days earlier, my e-mail password had been hacked, and though I was annoyed, I failed to realize the seriousness of the situation. I quickly changed my e-mail passwords and restored my access, but if I’d understood how serious it was to have thieves in my e-mail, I would have done more, sooner.

 

Here’s What I Did Right

  1. I immediately called my bank, PayPal and my credit card issuers. All accounts were closed or frozen and the cards reissued.
  2. I changed all passwords and made them unique and complex. (See sidebar.)
  3. When websites gave me the opportunity to choose security questions, I used several, and gave them fake answers (which I keep a discreet list of).
  4. Even though I believe the computer I was using at the time of the theft is now secure, I have never again used it to log onto my bank or credit card. I use another computer which has higher security and has never been hacked. And I never, never, never access sensitive accounts away from home. If I need information, I call on the phone.

The good news is, my bank and PayPal restored every penny within a few days and the bank removed the overdraft charges. They were enormously helpful (they told me they see this happen at least once a week). In the end, other than temporarily shattered nerves and a serious case of paranoia, I lost nothing.

Note: I want it understood, PayPal was not at fault. I have used them for years and am using them again now, without problems. The fault was mine, for having improper passwords. To their credit, when thieves began requesting bogus withdrawals from my account, PayPal did as they had promised to do, which is send me e-mails notifying me of the requests and asking me to halt them if they were not real. Unfortunately because thieves had broken into my e-mail account, they had diverted those warnings, and I never got the warnings.

 

Password Security Tips from the Experts

Here are some highlights from a recent NBC News report on password security. Thieves run massive computer-generated programs, looking for passwords. Once they crack one of your passwords they try to use it to discover inroads to your other accounts, including banks and credit cards, and even social accounts like dating websites.

Many people use the same passwords again and again, or the same password with a minor variation, which is what I did. NBC says the three most commonly used passwords, in order, are: Password. 123456. Let me in.

Obviously if you are using any of these, change them immediately. The NBC report went on to tell of a technology specialist who had his e-mail account hacked. His password was 19 characters long, yet it was not safe enough. He recommends using multiple layers of ID authentication. In other words, when a site you visit, like your bank, asks you to answer security questions such as “What was the name of your first pet?” or “What was your high school mascot?” don’t bypass these, use them in multiples.

When you provide answers to the security questions, don’t tell the truth. True answers are easier for you to remember, but if they can be discovered, some patient thief may crack your code. Instead of answering correctly, make up unlikely answers (just be sure to record your answers in a journal only you can access). Finally the specialist advises, change your passwords every 60 to 90 days.

 

Teresa Ambord is a former accountant and Enrolled Agent with the IRS. Now she writes full time from her home, mostly for business, and about family when the inspiration strikes.

Meet Teresa