More of you are turning to financial tech companies to manage your money from your mobile phones, but a North Texas woman says a stranger got access to her account and drained her life savings. She turned to NBC 5 Responds for help. Here’s what we learned.
First signs of trouble
Briana Bell of Dallas said she was home on the evening of Dec. 15 when she started getting alerts from her online banking provider, Chime.
The latest news from around North Texas.
“All of a sudden I get a text that says your phone number has been changed,” Bell told NBC 5 Responds.
Right away, Bell received a second notice that the email tied to her account changed to an email address she didn’t recognize.
“I look at my email and my email has been changed to an email that included my name in it. I’m like, wait, this isn't mine,” said Bell.
A stranger was in Bell’s account. Panicked, she said she called Chime customer service and asked about the status of her checking and savings accounts.
“What's in my savings? She said, zero,” recalled Bell. “Ma'am, I've been hacked. Somebody is doing this. I've been hacked because I had $14,000 in my savings account.”
Bell said she was told to dispute the charges and was transferred to another department as it was closing for the night. Bell said there was some money left in her checking account that night. By the next morning, it was gone.
“I'm a single parent. I've been working for a really long time to build that up. I'm trying to save for a home, a down payment on a home for me and my child,” Bell said.
The fight to get her money back
Bell filed a police report and disputed the charges with Chime.
Bell said two of the fraudulent transactions didn’t go through and the money was back in Bell’s account.
Bell said she called Sears about a third pending transaction and learned someone in Florida ordered a mobile phone with Bell’s money.
Sears stopped the transaction and provided Bell with the shipping information for the cell phone. Bell shared it with police.
And for nearly a month, Bell said she continued disputing the other charges with Chime that totaled $13,101.39.
“I spoke to a lot of different supervisors who said they were going to do X, Y, Z. Then, I called the next day and they told me something completely different,” Bell said.
Bell contacted NBC 5 Responds on Jan. 12.
A few days after NBC 5 reached out to Chime, Bell said it credited most of the missing money to her account. By Jan. 19, Bell said Chime credited the rest of the disputed transactions to her account.
Information from Chime
In an email to NBC 5 Responds, Chime’s director of corporate communications writes, “While we can’t disclose information about individual member accounts, please be assured Chime takes matters like this very seriously and our Member Services team has worked quickly to investigate and fully resolve this member’s issue.”
Chime also said, “As reported across the industry, fraud has unfortunately been on the rise throughout COVID-19 and our member services team is aware of this and working diligently to provide a safe and secure online banking experience for our members. We’ve also prepared the following resource that you may find helpful.”
Chime published information about red flags customers should watch for to avoid cybercriminals. The website also provides samples of phony text messages and social media direct messages that cybercriminals may use to try to trick customers into giving out personal information.
How did this happen?
By now, you may be wondering how this happened to Bell and if she was targeted.
Bell would like to know too.
“Mind you, even after the theft and I'm down to nothing in my account, the person who is in my phone or had hacked the phone or the Chime app or whatever the situation was, had done it two more times,” said Bell. “They changed my email and the phone number two additional times.”
NBC 5 Responds asked cybersecurity expert Alain Espinosa what could have happened.
Espinosa, director of security operations at Online Business Systems, said victims of crimes like this are sometimes picked at random.
“It could have been 100% automated where there is no particular targeting,” explained Espinosa.
Though he doesn’t know what happened in Bell’s case, he said cybercriminals have a common method of operation.
In some cases, they use a phishing scam to send legitimate-looking alerts to random phone numbers. The goal is to get people to sign into a fake link and turn over their password.
It’s not always obvious those alerts are fake.
Criminals also buy up email addresses, usernames and passwords that have, at some point, been compromised on the internet.
This is why you shouldn’t use the same email address, user name or password for multiple sites. If one site is hacked, that means you’re at risk on other sites you use.
“Someone doesn't sit there and try to access them one-by-one. It is done an automated fashion and they'll take that same username, that password, the email address and try to access accounts,” said Espinosa.
Eventually, they may hit on the website where you bank and gain access.
How to protect yourself
Espinosa said, set up multi-factor authentication. It’s not fool-proof, said Espinosa, but it requires a hacker take multiple steps to get into your account.
Also, don’t trust messages that look like they’re from your financial institution. If you get an urgent text or email, don’t respond. Instead, call the number on the back of your card to confirm your financial institution is trying to reach you.
The same advice applies if someone calls you. Hang up and call the number on the back of your card.
It happened to me, what now?
If you believe you’re a victim, you need to contact your financial institution immediately. Let them know there’s a problem with your account and to freeze any activity.
Report the crime to the FBI as soon as possible, ideally within 24 hours.
The Texas Department of Banking explains some banking services, like Chime, are financial technology companies that partner with banks. For example, Chime partners with Bancorp Bank or Stride Bank, N.A.
A customer can glance at the back of their card to confirm which bank.
The Consumer Financial Protection Bureau is a resource for financial tech customers. If a customer has trouble connecting with their financial tech provider, the CFPB says customers can contact the agency online or call 855-411-2372.
The National Consumer Law Center said when a customer disputes an unauthorized charge on a bank or prepaid account, the financial institution is required to conduct a reasonable investigation.
If the investigation takes longer than 10 days, the financial institution must give the consumer a provisional credit to the account – which can be reversed later if the investigation shows the consumer authorized the charge.
National Consumer Law Center Associate Director Lauren Saunders said, "The burden is on the company to show that the consumer authorized the charge.”
Bell told NBC 5 she is glad the ordeal is over. She said she’s taken extra precautions to protect herself in the future.
“It kind of makes you feel like nothing is safe,” said Bell. “It really does.”
NBC 5 Responds is committed to researching your concerns and recovering your money. Our goal is to get you answers and, if possible, solutions and resolution. Call us at 844-5RESPND (844-573-7763) or fill out our Customer Complaint form.