Episode #44 - Gone Phishing, Crypto Journal #2
When I thought I was at risk with a new $$ system, I got hit at my traditional bank
Intro:
The crypto journal spoke to many of you. A few of you have even opened up Coinbase accounts - congrats and please keep me posted on your journey. Even as new places to put money emerges, the “old haunts” for cash still contain the majority of my assets. One of the critiques levied at cryptocurrency work comes from those concerned about security and scams. Those are real, and I’ll share more of them in the background section, but the last two weeks I’ve been dealing with phishing of the more traditional kind and I want to share it with you as a reminder to protect your #Winnings.
Background:
If you don’t already follow me on Twitter, please do. But if you do, you know that the engagement on my account does not typically register in a significant way. A few likes here or there, but that’s basically it. Since I started tweeting just a wee-bit about crypto, especially when I have curiosities or questions, I’d start getting surprising responses:
As you can see, when MetaMask or crypto are mentioned, I get swarmed by folks posting Google forms asking for my secret passwords or suggestions for emailing “@gmail.com” emails for tech support regarding my wallet and accounts.
Before you go further, NEVER PUT YOUR INFO INTO THESE FORMS. Phishing scams date back to the early internet, and they’re here to stay with folks trying to lure unsuspecting people to put in their private login info that can give hackers access to private accounts. Our friends at Investopedia have a whole article about these scams.
I like to think of myself as pretty savvy and not likely to fall for a scam that asks for my “secret phrase,” but it was still shocking to see how many attempts were made when I dove into the crypto pool on Twitter. To their credit, Twitter does flag then hides then deletes these posts, and I got the images just so you could see them, but still it’s the wild west out there. With all this about phishing on my mind, I was even more shocked by the events of Saturday night January 15, 2022.
The Story:
That evening, I was scrolling through my Citibank account where I have my checking/savings accounts for the past 11+ years, I notice a five figure transaction to “PAYPA ADD MO.” As you might be able to tell from the premise of this story, I had not authorized a five figure transaction to what we’ll henceforth call PAM for any amount of money. The only reason I was checking my account in the first place was from a “secure message” notice in my email that I had not had a moment to check since I got it on Friday Jan 14.
I figured I was protected from someone stealing directly from my account, you know the FDIC insurance and all, but how to get back this money back…a totally different story.
First off, after my first phone call the folks at Citi kindly cancelled my debit card and reissued a new one that would arrive on Tuesday. From that point forward I wasn’t able to access my online portal, which was unfortunate because I couldn’t get in to access any of the other messages from the “secure message center.” To top it off, once I got the new debit card and I re-entered the message center, I discovered that the same hacker tried not one, but TWO more attempts at taking the same amount of money from my account and depositing it in PAM.
Unfortunately, after countless more minutes spent on the phone with the associates at Citi, I’ve still been unable to track down the cash. Most surprisingly, there was an additional confirmation phone number on my account too that I promptly deleted, but screenshotted for ya here too:
The story is still open, though I got a promising message from Citi that the situation has been “resolved” I have still not gotten my money back. On the flipside, when trying to speak with PayPal they’re just as confused as me and can’t find the transaction that someone put through on my account into their system.
This is a developing story and it is certainly a lot to digest on a Monday morning, but I think there is a point to this saga even before a poetic conclusion.
Takeaway:
Getting hacked is not something that only happens on the cutting edge of tech. While some might go through ice-phishing in the crypto-winter, unsuspecting folks like me can get just as bamboozled in a traditional checking account. What’s the solution? I am actually not quite sure. I am continuing to pound the pavement, with plans to go into a real Citibank this week to see if they’ll help, but it truly feels like its a need to leverage the luxury of time to get back the hard-earned money that I have so far lost to PAM. You’ve got to be diligent and review your accounts, better to review them more frequently than me, and you can hopefully cut these things off at the pass.
Interact:
Have you ever experienced a scam? How did you recover? Please share with me, if you’re feeling up to it, and/or comment below. Folks don’t share enough of their failures/foibles and then it just feels like we’re all alone when it happens.
Gratitude:
Thank you for the new comers - you’re so welcome here. Let me know what topics you’d love to see in a future issue, and please share the note with your friends and family who you think would benefit from hearing any of these stories or concepts!
What did you think of this note?
Awesome - Good - Solid - Eh - Bad
Check out my tweets about #Winnings and more @StartupRabbi
Please remember, I’m not providing professional advice about personal finance. I’ve got a lot of friends who do that and you can totally hit me up for an intro if you’d like - I don’t get any commission - just the happiness that my readers are taking their financial health seriously.