Submitted by kchang07 t3_10pv79m in personalfinance

So on 1/28, I got a call from a legit chase fraud prevention number saying they’d like to verify some transfer activities. They asked to verify my identity. The rep mentioned I could also call back using the number on the back of my card.

I gave it a brief thought and kindly rejected, how stupid of me. Anyway, they said they will sent an OTP to my phone, I got it from the number that chase uses. They went ahead and asked a couple more security questions that I’ve never heard of before from any bank or credit agency. They were questions like which of the following professional licenses do you have. I just answered none of the above for both. That was all I gave, no account number or SSN.

Then what’s weird is, they told me there’s a zelle transfer that they want to confirm. It’s to someone I’ve never heard of, definitely did not make the transfer. They then said I transferred to that person on 1/24. Which I did not, also confirmed on my account. So I asked which account was the transfer going out from, they said the last four of an account that I do not have.

After I mentioned that I don’t have that account, they paused a while and said this person of the same name was born in the 1950s. And after I confirmed that I wasn’t born in the 50s, they told me they probably called the wrong person with the same name, and hung up.

I got a little worried and called the number on the back of my card. The rep confirmed that no other reps had access my account. I changed my password and just put it all behind me.

But today something happened that got me worried again. My online shopping portal (MyPoints.com) account had unauthorized redemptions of $100 in paypal and $100 in footlocker gift card. Both PayPal and GC were sent to my account though. I dug back and found out that the redemption was on 1/28 too. The call was around 11am, and points redemption was 9:30pm.

I am just very paranoid now. I don’t know if I am actually getting hacked or not. If it’s just the shopping portal I get it. I used an easy password for that and no 2FA etc. I just hope my bank account is safe.

2

Comments

You must log in or register to comment.

Coronator t1_j6mcfhq wrote

It’s possible you got fished for answers to security questions that a bad actor could use to access your accounts. That’s the problem with those security questions - you can change your passwords, but you can’t change your mothers maiden name.

It is weird they were able to verify your account activity though - I don’t get that.

I would definitely report this incident up through chase, and monitor your account activities.

4

classthree1 t1_j6mdgzs wrote

Yeah, sounds likely it was a scam. Scammers use phone number spooofing which is a service they can make whatever phone number show up on your caller id they want. Having the actual Chase Bank phone number show on your phone is part of the scam. Its such a common scam that most banks have a warning about them. See Chase Bank link here

https://www.chase.com/digital/resources/privacy-security/questions/fraud

Call Chase and tell them what happened. Ask if it was them that called. If it wasn't, change your password and pin number immediately. Subscribe to an identity and credit monitoring service like Experian that would notify you if someone applies for credit or uses your personal identification. Also change your Chase notifications to notify you of all transactions. You may get a lot of notifications but you can change it back when you're confortable that you don't see any fraudulent transactions.

2

kchang07 OP t1_j6o8zi1 wrote

Yea the weird thing is, those security questions weren’t even mine. It was something like which professional association are you associated with, and which professional license do you have. Never set up any of those or have those in my credit security questions.

1

chriberg t1_j6n459m wrote

Caller ID has been trivial to spoof for a very long time. Anyone can make any call seem like it's coming from any number. It's not secure or encrypted or anything else. Just because the number that popped up on your phone is associated with Chase, doesn't mean the call actually came from Chase. This is common knowledge.

3

VictorChristian t1_j6mkmid wrote

Do you still get paper bank statements mailed, OP?

1

kchang07 OP t1_j6o98ah wrote

No I don’t.

0

VictorChristian t1_j6pdro4 wrote

Ok, that’s good. A lot of these bad actors can glean a ton of info by just “dumpster diving”. Someone with an old statement in hand can rattle off transactions and sound very convincing .

1

eatingyourmomsass t1_j6mp7at wrote

Total scam. Somebody phished you for a dual authentication and account security questions.

Report to Chase, change your account passwords, security questions, setup transaction monitoring and or credit monitoring depending on what else you gave them.

1