Scary stories to tell in ALCO: The scam
The following is based on true events.
It was a dark and stormy night. The Bank of America customer stood in her kitchen humming to herself as she washed that evening’s dishes. All was quiet save the living room’s ticking grandfather clock and the gentle purr of the family’s slight pudgy Siamese.
Bling bling! The screen of her phone lit. There was a message…from her bank. She’d been a loyal customer for decades, but this was the first time she’d ever received a text from them nor did she remember ever having received a text at all – it was a feature she’d not ever taken advantage of and one she further did not understand.
“Text 1 of 2: Free MSG – Bank of America Fraud Alert. Did you attempt a Zelle transactions in the amount of $3,500 Zelle. Text 2 of 2: Reply YES or NO or 1 to decline fraud alerts.”
The woman furrowed her brow. No, absolutely I did not. I don’t even know what Zelle is, she thought, holding the phone in puzzlement. She pulled up the text and fumbled a bit before typing in “N, O” then tapped the reply arrow. Then the phone began to ring.
Startled, she answered. Lightning from the storm outside lit her parlor. “Hello?” she stumbled. There was silence on the other line. “Hello?” she repeated.
“Good evening. I am sorry to bother you but this is Chip with Bank of America. We received a request for more information regarding suspected fraud in your account.”
“Yes, thank you for calling actually I was quite worried,” she said.
“I understand, ma’am. To understand better, you did not conduct a transaction using Zelle in the amount of $3,500 on Tuesday the 14th, is that correct?” the man said. She detected an indecipherable accent but dismissed it.
“No, I certainly did not.” She did not know how to check her balance online (she’d only ever used phone banking or stopped by a branch, but the account in question was reserved for Christmas shopping and treats for her grandkids). The account held exactly $3,302.23. This, at least, she knew.
“Ok. Ma’am. While we work to arrest this activity, I strongly recommend you transfer that money to a safe place so we can at least guarantee it is not at further risk,” said Chip. “Go ahead and transfer the money into your Zelle account so we can transfer it to a safe place.” The woman didn’t even know what Zelle was but it made sense. After all, she trusted her bank and Chip was very friendly. He instructed her to download the app, walking her through each step. After a few minutes of back and forth, she successfully transferred the $3,302.23 into what she was told was a “safe place.”
“Ok, I think we are all set, Chip,” she said, smiling, thinking of her grandkids.
“Thank you for your patience. Please hold while I note this in your account.” Then, oddly enough, the line disconnected.
“Hello?” she said, not unlike she’d said when she first answered. There was silence. Then came the unsettling sound of a few beeps and then a dial tone. “Oh, dear,” she whispered.
She quickly found and dialed the number that had first contacted her. An automated response directed her to an impolite representative at one of the many main customer-service centers of Bank of America. The man sternly explained that the only recent transaction that had been made on the account was moments ago in the amount of $3,302.23 to a Zelle account and that the balance was now zero.
The woman’s heart sank.
She quickly hunted through her phone to the odd app that Chip had helped her set up but could no longer locate her $3,302.23. It was gone.
The representative could do nothing further for the woman because she’d “authorized the transaction” and that unfortunately they’d been seeing a rise in spoofing numbers and complex social engineering. The woman had no idea what either of these terms meant, but she was too upset by the realization that her money had been stolen.
While both the woman and her story are just spooky words to scare you, something eerily similar is happening to folks all over the world and at this very moment. From ransomware to data breeches, the value of our personal data on the Dark Web now outranks the GNI of most small countries. Vigilance in protecting the people who rely on us with their financial well-being is tantamount, perhaps more than it ever has been, as the ne’er-do-wells of the world continue crafting such unsettling traps.
In response, we of course are seeing an uptick in digital platforms and alternative solutions to better defend our members and customers. But at the end of the day, the best defense is vigilance. Teaching our members and sharing our knowledge and experience is key – knowing the people who trust us, monitoring their behaviors, tracking unusual transactions, and being weary of those stories too good to be true.
And while the scary stories will likely not go away any time soon, we must also find comfort in the credit union system and its philosophy in not for profit, but for service. As the movement continues to live its dream, so too must we take note of the dreams of our members, and so too must we protect those dreams by using not just our hearts, but more importantly, our minds.