An Identity Theft Scam Stole Half My Net WorthโWhat I Learned & How to Prevent It
Listen & follow The Money with Katie Show: Apple Podcasts | Spotify | Google Podcasts
โMiss Gatti, are you traveling?โ was the phrase that began one of the most stressful financial sagas of my life. Because as I'd come to learn, Iโd become the victim of an elaborate โmiddlemanโ scam. Here's the play-by-play of what went down, and what I learned along the way. This weekโs episode is a fun jolt of schadenfreude at my expense, so listen if youโd like to laugh while you learn.
๐ฐ Get the 2024 Money with Katie Wealth Planner.
Our show is a production of Morning Brew and is produced by Henah Velez and Katie Gatti Tassin, with our audio engineering and sound design from Nick Torres. Devin Emery is our Chief Content Officer and additional fact checking comes from Kate Brandt.
โ
Mentioned in the Episode
Subscribe to the Money with Katie newsletter:
Transcript
Transcript
โThe Officeโ:
Identity theft is not a joke Jim.
Katie:
Getting my identity stolen in 2019 was my first moment as a breakout #internetstar. I posted about the experience in real time and I brought my couple thousand personal followers on my personal Instagram account along for the ride with me as I ran all over town to the credit union, to Chase Bank, to the police station, back to the credit union.
I wanted to talk about why I'm not going to post anything today. I always post new money blogs every Wednesday and ever since I started, I haven't really missed a day, so I wanted to address why I'm not posting something because it's actually kind of interesting and also money related. I'm sitting in the bank parking lot right now trying to figure out what I need to do now to get this money back, but it's kind of a mess, obviously, and the time that I was going to spend yesterday writing this blog about oil cleansing and moisturizing didn't happen. So I appreciate your patience and I might end up just writing a blog about this and what to do if someone gets your debit card information and steals almost 10 grand from you. I'll keep you guys posted. Again, thank you for your patience and yeah, it's been a day.
Today's going to be a fun little story time. I'll never forget it. It was April 1st, so the worst April Fool's joke in history, and I was running late to a 5:15 PM yoga sculpt class after work. So at 5:13 PM, I'm whipping my car through side streets. I'm trying desperately to make this class not to be late, and as I sped down Henderson Avenue in Dallas, my phone starts ringing over the Bluetooth in my car. So without really thinking about it, I see it's a 214 number, the Dallas area code. So I figured it might be a legitimate person trying to reach me and I picked up the phone. I was kind of irritated that someone was attempting to reach me at such a chaotic and high stress time as beating rush hour traffic on the way to a heated hip hop yoga class. But the person on the other line said...
Scammer:
Ms. Gatti, this is the Southwest Credit Union. Are you traveling?
Katie:
Oh, vibe switch. Panic. "No, I'm not traveling. Why? What's going on?" And she tells me.
Scammer:
Someone's using your debit card in a Walmart in California right now.
Katie:
And I'm like, "That's impossible. I have my debit card with me, but okay, can you cancel the card?" Now, I had had fraud conversations with my credit card issuers before, and so far this all seemed like fairly standard. As I turned into the CorePower parking lot, coming dangerously close to a Ford Escape and parked, I did the awkward bag lady dance with my purse under one arm, duffle bag of leggings and sports bra dangling precariously from my wrist, mat shoved under my other arm, squishing my greasy phone between my right cheek and shoulder. The time was now 5:16 PM and I had not yet changed for class. I was distracted, I was stressed and I was frustrated. She answers...
Scammer:
Well, yes, we can cancel the card, but first I need to ask you a few questions.
Katie:
So I hobble through the door, I mouth sorry to the instructor and I'm gesturing to the phone and I scream whispered to her, "Hey, someone has my debit card. I'll be right there." So did you catch the first red flag? Because if this all sounds standard, albeit a little stressful to you, you may have overlooked the first red flag in this story. I did too, considering I totally fell for it. But your bank will almost never call you. I learned this after the fact when both my credit union and Chase were like, "Uh, yeah, we don't really make outgoing phone calls like that." But I'm getting ahead of myself.
Welcome back to The Money with Katie Show rich people with identities worth stealing. Today, we're talking about the time I got my identity stolen. This episode will be partially a schadenfreude free for all where you can laugh at my pain, but it'll also teach a few key lessons for preventing this type of pain and chaos in your own financial life.
So yes, the first red flag was that the bank contacted me via telephone. That really just rarely happens if a bank suspects fraudulent activity, they're far more inclined to just block a purchase than to contact you and have a human being ask if you're traveling. I'm sure it happens, but 99% of us are never going to receive a legitimate phone call from our bank. Okay, so back to my personal narrative. I placed the phone on the bathroom counter. I'm ripping open the duffle bag, peeling off my jeans, jumping into the leggings one leg at a time. The woman on the phone is continuing to ask me questions.
Scammer:
Did you receive our text message alerts?
Katie:
She asked. I'm like, "Text message alerts?" So I hastily swipe up the call, I'm checking my messages and I reply, "No, no, I did not get any alerts." Now her tone becomes very encouraging.
Scammer:
Okay, ma'am, we're going to make sure you're receiving those. That's very important. That's why we called. We texted about the purchase, but we didn't hear from you. So let me resend a text and see if you get it. Can you stay on the line?
Katie:
Now at this point I'm super exasperated. I shove my stuff into a locker and I'm trying to explain to her, "Listen, I'm seven minutes late for a yoga class. I really need to go. Please just cancel the card. Can I call you later?" At this point, her voice raised an octave and she starts to kind of sound frantic herself.
Scammer:
Ma'am, it'll just take a second, but if you need to go, we'll call you. When should we call you? You don't need to call us. We'll call you.
Katie:
She kept emphasizing that she was going to call me back and that I should not call them back. Now I can't even count the red flags between the first one and this point in the story. First of all, the complexity and ridiculous back and forth about the text alerts should have raised my antenna. Unless a fraud department customer service rep was making 250K a year, I have no idea who would go to such lengths or want to act with such urgency like pressuring immediate action from me to ensure that my fraud texts were turned on. Secondly, the weird insistence on her calling me and not the other way around was bizarre, but unfortunately I was so distracted by how late I was and how unsuspecting of danger that I didn't pick up on it. I finally managed to get her off the phone after agreeing to check for fraud texts and voicemails after class. We'll continue the story after a quick break.
Sure enough, my Apple Watch buzzed and beeped throughout the entire 60-minute session of which I participated in 49 minutes, thanks to both my lateness and the caller and I couldn't focus. When I got out of class, I had a barrage of missed calls, voicemails, text messages. Some were from standard six-digit no reply text numbers listing codes for verification, and the voicemails kept repeating the same fraud alert script. I was like, "All right, cool. I guess it's working." As I got in my car after class, I figured I should be proactive and so I called the number back. It went to a prerecorded voicemail about standard credit union hours. "Hmm, that's weird," I thought, "They're not even open right now." Only mildly nervous that I couldn't get ahold of anyone, I checked my account as soon as I got home and to my surprise, everything looked normal. There weren't any Walmart charges, there was no nothing. Then my phone rang, "Hello?" I answered now slightly calmer and less agitated. I felt a little bit bad for being so short with her before. She was very polite.
Scammer:
Ms. Katie, did you get the text messages?
Katie:
"Yeah, I got them. I just checked my account. I don't see any charges from Walmart. I think everything's fine. You can just cancel the card." And she responds.
Scammer:
That's because I already removed them for you. Would it be okay if we tried one more fraud alert? I'm going to send one now.
Katie:
At this point, I figured I might as well humor her. She seemed insistent on making sure everything was working properly and the overload of texts and calls that came through during class was overwhelming, so I couldn't really make sense of any of it, but I chalked it up to system error. Like someone on the other end was trying to push through alert after alert after alert, and they all just came through at once, a little like when a printer jams and then starts again. So I agreed to let her try one more time.
Then she disappeared for a long time. I'm talking like 15 or 20 minutes. She said she was putting me on hold to work with the "system administrator" or something to that effect. Now I was making dinner and I had the phone on speaker on the counter, so I wasn't really aware of how much time was passing between her going back and forth. This is red flag number. I've lost count. This my friends, is the point at which the fraud actually occurred. I found out later by piecing together my end of the story with the actual fraud department story, that the person who had called me from the bank's phone number was also on the phone with the bank at the same time on the other line pretending to be me. Now keep in mind, at this point in the scam, I still didn't know that I wasn't actually speaking with my bank.
The long delays between conversation where the scammer on the phone with the real fraud department asking them to remove my ATM limit. The real fraud department would send me a text to confirm my identity and then the scammer would get back on the line with me and say, "Okay, I sent you the text. Can you read me the code?" If I had really thought about what was happening in earnest for a moment, I probably would've realized that something was amiss, but I was completely unsuspecting. Having never been the victim of an elaborate scam before, I was far too trusting. The codes that she was asking me to repeat to her weren't personally identifiable information, so I didn't think I was telling her anything unusual.
It's also worth noting that a few months after this happened to me, I heard from several other friends that someone had tried to do the same thing to them. I noticed that security fraud texts started to include the language, "We will never call you and ask you for this code." But at the time, there was no such language in verification texts. All in all, the scammer and I were probably on the phone for collectively close to two hours, and some other dicey shit happened that revealed she knew more about me.
She asked me to answer my security question, which was my mother's maiden name. She also read me a list of my other recent purchases to confirm that they were mine, including a few trips to Chick-fil-A and the stop at Kroger, which was freaky because it meant she did somehow have access to my account. I believe now that she had asked the bank to confirm my recent purchases and then just reiterated them to me as a ploy of believability. And perhaps the scariest revelation of all occurred when she said something that finally made me suspicious. Remember how she asked me if I wanted her to cancel my card? She offered to send me a new one in the mail. She read my address and asked if that's where I wanted it sent, which meant the scammer had my real address and then, and this is the frustrating part, she said...
Scammer:
Ma'am, it seems as though someone in California is trying to access the online account. I've booked all incoming logins, but do you want us to reset your password?
Katie:
I felt myself start to panic. Oh my God, someone's trying to log into my bank account. So I'm like, "Uh, yeah, sure, reset it. Just block any logins now." And she goes...
Scammer:
Yes, ma'am, I can, but first I need you to verify the old password. Can you spell it for me?
Katie:
Now, this is where alarm bells finally went off in my dumbass brain. I felt the way I feel when I watch scary movies and they realize the caller is inside the house suddenly exposed and in danger. So at this point, I pause and I recoil from the computer screen. I'm like, "Wait a second. Who are you? Can you tell me any details at all that confirm you work for the bank?"
Scammer:
Oh ma'am, I'm so sorry, of course.
Katie:
She proceeded to tell me her name and then drum roll please, my social security number. She goes...
Scammer:
I'm looking at your file right now. Your address is 1 Main Street and your social security number is 23 [inaudible 00:13:00].
Katie:
So while I, a moron was comforted by the fact that this stranger knew everything about me, I should have been panicking, which brings us to another embarrassingly humongous red flag. Your bank would never, ever, ever ask you or tell you these types of personal details over the phone. Anyone who calls you pretending to be from a bank and asking or telling you personal information about you does not work for your bank. I will ask for your grace though, as I was a 23-year old who knew nothing. Luckily, all the bleach from years of dying my hair blonde hadn't totally seeped into the soft part of my skull because I responded, "Well, I'm still not comfortable giving you the password. If you know it, you know it. Otherwise, I'll reset it myself. Other than that, is there anything left to do?" Now she was very quick on her feet.
Scammer:
That's totally fine, and don't worry, we're setting a trap on your account tonight to log the IP addresses of anyone who tries to log in, so don't try to log in, otherwise it'll catch yours.
Katie:
So she told me she'd follow up with me in the morning. Now, I can't decide what's worse that I believed that this fraud department employee was of the $250,000 per year variety or that I actually didn't look at my account. Come to find out later, over the next 12 hours, a fraud ring in Houston was withdrawing $8,000 from my checking account and $400 increments from ATMs all over Humble, Texas. But I didn't find this out until the next morning at 10:00 AM when I finally logged into my bank account to see that half of my life savings was gone. Now remember at this point, I still thought this woman actually worked for the bank. In my mind, she was just an overzealous employee who did not do her job correctly and allowed me to get robbed blind. When I say I sped to the credit union so fast, I practically teleported.
Luckily, it was just down the street from where I worked. So I asked to speak to the branch manager. I went full Karen mode, like square tipped, French manicured, jabbing one finger at a time onto the reception desk and instant haircut transformation. So I walk in and I said, "Hey, listen, someone from your fraud department last night told me that someone was using my card in California. They said they blocked it and yet my account has been bled dry. You have to help me." And at some point in rattling off my plea, my voice had cracked and I had started to cry. So the bank teller, she looks at me through squinted eyes and she asks...
Bank Teller:
What's your account number?
Katie:
And stared at the screen as she typed, she said covering her mouth with her hand...
Bank Teller:
I haven't seen an account get hit this hot in months.
Katie:
I choked out a small sob, "So what's happening? How do I get it back?"
Bank Teller:
Listen, you need to file a police report. This is a felony, and in order to get reimbursed, you're going to have to prove to Visa that you didn't withdraw this money yourself.
Katie:
"Hold the phone, you're telling me I've just been robbed of nearly 10 grand and now it's on me to convince Visa that this isn't some elaborate scheme?"
Bank Teller:
But first...
Katie:
She continued.
Bank Teller:
Can you show me the text you received?
Katie:
I threw my phone across the desk at her and she tapped through them. More squinting, she goes...
Bank Teller:
I mean, yeah, that's us.
Katie:
And I'm like, "Okay, so if your fraud department didn't catch this, sorry, but what the (beep)? At this point, my tears had subsided and I began to feel righteously indignant. What kind of operation were these people running?
Bank Teller:
I'm sorry. I really don't know what happened.
Katie:
She shrugged. "Am I going to get my money back?" I asked hopeful.
Bank Teller:
Honestly, ma'am, I don't know. You need to go file the police report.
Katie:
I took the paperwork, experienced another wave of stress tears and searched the closest police station in Google Maps. Filing a police report will put things in perspective real quick though, and the cop I worked with wanted me to know that badly. I couldn't really speak without my voice cracking as I tried to explain to him what was happening and I could tell he was kind of annoyed. He was like...
Cop:
Ma'am, the woman I helped before you was trying to get a restraining order because her boyfriend keeps attacking her. You're going to be fine. You're going to get this money back. Okay? Can you nod okay for me?
Katie:
I fervently nodded. Even though I could tell he thought I was a spoiled brat, I appreciated his assuredness after the bank teller basically shrugged off my question with an indifferent, I don't know.
The next five days were a blur of bank visits, frantic Google searches and firing off texts to older friends asking for advice. All of this went down on a Monday and by Friday I had my money back, but it was the longest five days of my life. The first afternoon in the aftermath of realizing I had been defrauded was when I began to realize the person who had called me did not work for the bank. I replayed the conversation in my head hundreds of times feeling increasingly violated that she knew so much about me. I felt dirty and exposed and vulnerable. It's hard to explain how it feels until it happens to you.
I was also angry at myself for being stupid and overly trusting. I was disgusted at the woman and her counterparts who had done this partially because she was so sweet and calculating in her approach. At the end of the day, I did feel like an idiot, but I was comforted in a twisted way that the actual fraud department had been fooled too. It took several visits to the local branch before the fraud manager and I realized fully what had happened. They called it a middleman scheme, but frustratingly for the first few days, the bank was convinced that I had malware installed on my phone and that that's how the fraudulent caller was reading the text messages. But after we cross-referenced the timestamps on my phone calls and the phone calls the scammer was placing to the real fraud department, we realized it was happening concurrently.
The person in the real fraud department who lifted the ATM limit had an interesting story to tell, confirming the long pauses and weird silences between text message verifications and the scammer's inability to correctly answer my security questions. And yet, despite the red flags raised on the real fraud department side, they eventually relented because the woman knew the text message codes that I had read to her. Eventually, Visa, not the bank, reimbursed me and I promptly withdrew the reimbursement and the remaining amount in the account and deposited it into my Chase account. "Sorry," I had to explain to the teller as I asked them to fully cash me out, "I just can't risk it again." I no longer trusted the fraud department at my credit union.
Now, this is a shame because credit unions are often a great local alternative to big banks and sometimes they offer great perks that big banks don't. I know mine did. But after my experience, I was convinced someone employed by Chase wouldn't have fallen for something like that because although I had fallen for it, the credit union themselves admitted that this woman could not answer my security questions and they still did what she asked them to do. Not to mention the fact that I could tell from her voice that she was a much older person. Our voices sounded very different, and I knew the bank at least had my age on file.
When the voice was coupled with all the other oddities about the caller like long pauses and shuffling papers and the inability to answer the questions, I believed it should have raised more of a red flag on their end. And you know what's even more frustrating? When I cashed out nearly $15,000 in a cashier's check, nobody even IDed me. I simply said, "My name is Katie Gatti and I need to empty my account." And a teller just wrote me the check for the balance. We'll be right back after a quick break.
And of course, we can't forget the part where I played Nancy Drew. Once I had my money back, I was determined to serve #justice to the fraud ring. The credit union told me that two other credit union members had been hit that same week by that same scam and they couldn't figure out what was going on. Either there was a breach in their database or they had an internal leak, but I did not want to stick around long enough to find out.
When it all went down, the credit union printed out a list of the fraudulent transactions to take to the police department. I noticed each one at an ATM had a unique code affixed and the beginning of an address. So you know I googled within an inch of my life and for the next 24 hours, my browser looked like a digital murder board of maps, notes and addresses. Once I was satisfied that I had found the place where all my money had been withdrawn, a Wells Fargo in Humble, Texas, I called the branch and it took a few tries to get someone on the phone, but then I launched into my story. I resumed Karen mode. "And so the point is, I finished, "someone stole thousands of dollars from me and they did it at your ATM and I have a police report and I want your ATM footage." The guy on the phone is like...
Customer Service Rep:
Ma'am, we really can't release that without a court order.
Katie:
I was so tired of being called ma'am. "Fine," I replied, "then I'll get one." But then I didn't mostly because I just wanted it to be over.
I figured with an amount close to $10,000 and a few other similar hits in approximate timeframe, Visa would give enough of a shit to look into it, but it turns out they're up to their ears and money and they don't really investigate this kind of stuff. The result, if you get defrauded, you'll probably get your money back, but whoever did it probably will not be caught. This makes fraud a pretty desirable arena of crime for people. You can do it from the comfort of your home with a few burner phones, and it's unlikely if you spread your theft out enough that anyone will ever come looking for you in earnest. Solid business model. You guys, maybe we should start a fraud ring. My lawyer and Henah have both reminded me to tell you that I am kidding.
So the unsatisfying end to this story is that to my knowledge, nobody ever got caught. They got my $8,000 and I got Visa's $8,000, and for that reason, I think they consider it a victimless crime, nevermind the fact that it shaved at least three good years off my life. So what should you do if this happens to you? While I felt like a clown when this happened to me, identity theft happens to a surprising number of people. Our friends at Experian, a.k.a, the folks who would know exactly how much this happens said that incidents of fraud and identity theft surged in 2020 and in the years since, especially with the increase in government or benefits fraud, we often saw headlines about throughout the pandemic. The FTC received nearly 6 million fraud reports in 2021, 1.4 million of which were about identity theft specifically, imposter scams were the second most common. Though I'd ventured to say what happened to me was kind of a mix of both.
Unless I think I was unique in my experience, phone calls were the top contact method for fraudulent scams followed by text messages. Together, these two methods brought in a million reports with losses totaling nearly a billion dollars. Now, this obviously isn't meant to scare you, but more to demonstrate the realities of how common this scamming can be. And in some ways, I felt kind of seen. Nearly four out of five victims reported negative emotional consequences after the fact, like feeling worried or anxious, angry and violated. I felt the same and it took quite an emotional toll. So the best thing we can do is be proactive, which we'll get to shortly. But first, what are the warning signs that this might be happening to you too?
According to USA.gov, you may not know that you've been a victim of identity theft right away. So here's what they recommend looking out for. Bills for items that you didn't buy, debt collection calls for accounts that you didn't open and information on your credit report for accounts you didn't open. This actually happened to Henah when she received a credit notification and a welcome letter for her Amazon credit card, which if you know Henah is alarmingly off brand. Other red flags include denials of loan applications that seem suspicious or if mail stops coming to you or is missing from your mailbox. But what about if we're sure something has now gone wrong? What happens when you lose a debit card or your information gets stolen? Here's what you should know if your debit card specifically is defrauded.
The following comes from the FTC's Consumer Advice site, "If your card itself was stolen and used, your losses will be limited depending on how quickly you report the loss or theft of the card. If you notify your bank within two business days of learning that your card has been lost or stolen, the most you can lose is $50 or the amount of unauthorized charges made before you call, whichever is less. If you notify the bank more than the two business days described above but less than 60 days after your statement is provided, you can lose up to $50 in charges made in the first two business days plus any subsequent unauthorized charges made before you report the loss up to a total maximum amount of $500. If you fail to report the fraud charges within 60 days after your bank statement is sent, there is no cap on your liability for unauthorized charges made after those 60 days. Within the first 60 days, your losses are capped as previously noted. You are not responsible for any unauthorized charges made after you notify the credit card company."
Now, if you're like me and retained possession of the card despite someone else somehow getting the number and copying the magnetic strip, things are a little bit different. "If your physical debit card itself is not lost or stolen, you are not liable for any fraud charges using your debit card number if you report the fraud within 60 days after your statement is sent, that is neither the $50 liability limit nor the $500 liability limit applies if your card was not lost or stolen. Now, if you take longer than 60 days after your statement was sent, you should still be able to get reimbursement for fraudulent charges made in the first 60 days, but you will not be able to recover later charges that could have been prevented if you had called within 60 days. In either event, you should act promptly."
So time is of the essence. Regardless, there are a few things that you can do to prevent this from happening to you. The first is to cut up your debit card. Just kidding. I know that's extreme, but you may want to stop using it. I'm still not really sure how mine got defrauded because I was always very careful with it. I only used it in places where I could see the point of sale system. I didn't use it for gas or other online purchases or places that are kind of notorious for being sketchy and sticking to relatively safe seeming businesses. I mean, shit what's more stable than a Fuzzy's tacos? Realistically, you'd be better off leaving your debit card at home and only paying for things with cash or a credit card.
Credit cards are far less scary to get defrauded because the credit card companies really just wave their magic wands and make the purchases disappear, so there's no physical transfer of your funds until you pay the bill, which you can personally vet for accuracy before you do so. Maybe the bigger thing, particularly when it comes to identity theft, is putting a freeze on your credit reports. Now, this part might actually be more important particularly when it comes to identity theft. Put a freeze on your credit with the three major bureaus, Equifax, Experian, and TransUnion. These three companies create your FICO credit score and they are the entities that lenders and credit companies contact before extending you a line of credit.
So if someone has all of your personal information like your address and your social and everything that this fraud group knew about me, they could theoretically buy a car or open a credit card in my name. Now, if someone opens a credit card in your name, runs up the charges and then never pays it off, your credit is affected and the delinquency hurts you. By placing a freeze on your credit with the major bureaus, you block all incoming requests for credit. This was a huge thing for me after the fact because I knew they knew everything about me and I was nervous that they were going to try to use my credit to open a credit card.
You can navigate to the sites for the bureaus and you can request a freeze. It's pretty straightforward. They'll give you a long pin that you need when you want to remove the freeze, so you want to make sure you hang onto that, but you'll use the pin to unfreeze the credit for the day or two when you are actually applying for credit yourself. You'll basically put a permanent freeze on the credit with all three bureaus and then only unfreeze it temporarily when you need to apply for more credit and then refreeze it. This is generally considered the safest best practice to avoid unwanted credit applications from fraudsters.
Another thing that you can do is sign up for bank push notifications and/or use a purchase aggregator app like Copilot that you can check daily. After this happened, I signed up to get push notifications from all my banks and credit card accounts when any transaction occurs that's over 1 cent. This serves a dual purpose in that it also shames you out of spending money on dumb shit because you're faced with a push notification that says, "A charge of $166.67 at Target on July 30th, 2023 is greater than the 1 cent limit in your alert settings. I wish I could program it to append, "Stop going there," but I actually did catch fraud on my Discover Card once this way. When my phone began lighting up one Friday morning with $200 at Old Navy and then $300 at Bass Pro Shops, I knew something had gone terribly wrong because if I was going to spend that much, it was going to be at Lululemon and not Bass Pro Shops. So I called Discover and within minutes the purchases were erased, the card had been canceled and it was just far less drama.
Another thing is don't answer phone calls from numbers you don't know and urge less tech-savvy family members not to either. The fraud ring that called me had faked the caller ID to appear as the bank's phone number. Even if you have your bank's phone number programmed into your phone, do not answer it. Let them leave you a voicemail and then call the number back after verifying it is correct. There's no way for them to rig it so that you call back their fake phone number. If you dial the bank's number, it will actually go to your bank, ร la, the way I actually heard the real bank's voicemail when I tried to call them back.
On that note, consider paring down your social media and hiding any public data that would help someone figure out your answers to security questions. Pictures of you with your first car, your high school, and therefore high school mascot linked to your profile. Even having your family members listed can be a dead giveaway for mother's maiden name. Hell deactivating your entire Facebook profile might actually be the best course of action if you don't use it anyway. You should also consider using different passwords for everything, especially financial information. Gone are the days of the scruffy 1234 for every password.
You don't have to use crazy long passwords for your New York Times subscription, but for banking, investing, insurance, those types of things, I would definitely recommend using a random password generator and creating different 16 digit passwords for every account. Why? Because think about what would've happened if the fraud ring who targeted me did get my password somehow. At the time, I used the same password for all of my bank accounts. They would've gotten access to everything. It wouldn't have taken long for them to bleed me dry. By using complicated and impossible to guess passwords and a different one for each, you build a pretty high firewall around yourself and your assets. Password managers like LastPass and 1Password tend to work well for this.
And then keep an eye on your mail. As USA.gov shared and how Henah noticed that she herself was being targeted, it's imperative to know what's being mailed to your address or the opposite, the lack thereof of financial statements or documents. If you're a millennial listening to this, maybe you're also thinking of your baby boomer or Gen X parents who might still request a lot of paper mail versus those electronic statements. So consider sharing this tip with them, and don't forget to place a hold on your mail if you know that you're going to be away from home. On that note, be cautious with public wifi networks. That is to say maybe don't log into your Bank of America account in a Starbucks on public wifi.
I have been notoriously pretty bad about this because in some ways it feels like overkill, but public networks do expose you to a lot more risk than your private home network. And some final takeaways. In the months that followed this incident, I received more DMs than I'd ever expected that squarely fell into two categories. The first was someone telling me that this had happened to them or someone they knew before, with grandparents being especially vulnerable. The scheme I heard about most was a fraudulent caller identifying someone's grandparent, and I mean, think about it, all they'd have to do is look you up on Facebook, read through a few comments to isolate sweet grandma or grandpa, calling them and then pretending to be the police. They would say that their grandchild was in jail or had gotten into a car accident, or that the kid had requested the police not to call their parents, and the bail would be something ridiculous like a thousand dollars cash or Best Buy gift cards, but often in the panic and terror of the situation, the grandparent would do it. Like really scary and really sad stuff.
The other group was people telling me they watched my Instagram story diatribe about what happened, and then received a similar sketchy call from someone pretending to be the bank in the coming months. My point is, it is scarily prevalent probably for the reasons that we addressed above. It very rarely gets investigated because little hits here and there happen constantly, and the giant companies don't really care. The most dramatic story I heard after the fact was a friend's mom getting taken for $150,000 in an elaborate wire fraud. Of course, Visa investigated that one, and the woman who defrauded her is in jail now. All in all, exercise extreme caution and skepticism. If I hadn't answered the phone, none of that would've happened, but the good news is now you have an entertaining account and a few hot takes out of it, so I guess all is not lost.
That's all for this week. I will see you next week, same time, same place on The Money with Katie Show. Our show is a production of Morning Brew and is produced by Henah Velez and me, Katie Gatti Tassin with our audio engineering and sound design from Nick Torres. Devin Emery is our chief content officer, and additional fact checking comes from Kate Brandt.