• Welcome to the FREE TUGBBS forums! The absolute best place for owners to get help and advice about their timeshares for more than 32 years!

    Join Tens of Thousands of other owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 32 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 32nd anniversary: Happy 32nd Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    All subscribers auto-entered to win all free TUG membership giveaways!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

I need advice about bank fraud

Talent312 said:
Last year, someone attempted to hack our credit union account.
They said, "We don't investigate attempts, it'd be way too much."
But he did have us change our log-in name and password.
Click to expand...

Yes, one should periodically change passwords and have two factor authentication for financial accounts
 
Brett said:
Yes, one should periodically change passwords and have two factor authentication for financial accounts
Click to expand...
It is now stated that one shouldn't periodically change passwords as this can lead to less security because people may tend to use weaker and more predictable passwords. Changing the password doesn't do anything to really increase security. Only change them when there is a known breach. High risk sites should always have their own unique, complex password. Best to never really use the same password on any two sites but it is probably okay for certain things. Like if you have the same password for TUG and for DISBoards. Who cares about those.
 
davidvel said:
I would run from that bank faster and further than Forrest Gump. How can a bank allow someone to just call in change a phone number on the account without verifying details known only to the customer?
Click to expand...
I totally agree with you.
 
Talent312 said:
Last year, someone attempted to hack our credit union account.
They said, "We don't investigate attempts, it'd be way too much."
But he did have us change our log-in name and password.
Click to expand...
What do you mean by "attempted to hack?" How was this determined?Most account thefts do not involve hacking at all. They use social engineering like phishing, etc.

In any event, I would likewise run fro a credit union that told me that. That is exactly what any good IT security team is trained to do, investigate any attempts to infiltrate their systems. They either have insufficient internal security resources or incompetent ones.
 
Must large corporations, companies, state and federal agencies have a Change Management Policy in place on passwords changes and only highly authorized employees can/could change passwords.
 
JudyH, did the bank fraud unit ever send you any information or email address? Did the bank fraud unit give you a point of contact or a direct telephone line to call?

What was the denomination of the gift cards or points gifts cards and their monetary value?
 
  • Like
Reactions: Tia
JudyH said:
I’m not naming the well known bank that is responsible for this because I’m trying not to put too much information on the web.
My husband and I had two hundred thousand rewards points stolen from our CCs.
In October my credit monitoring company notified me that there was a new address on my information and that address was sent to the bank. We called the bank to report this and request it be removed.
DH said he regularly checked the charges for anything unusual but not the points.
Last week we went to use the points and saw the balance on both our accounts was a few hundred. We never received emails or texts they did the transfers.
We got in touch with the bank and their fraud department and they started an investigation.
This morning they said they saw no fraud. They said the points were used to buy e-gift cards that were mailed to my email address.
I told them to escalate the investigation because I did not request this and I want more information.
I want copies of whatever emails they claim were sent to me.
I don’t know what to do next and I am looking for advice. Thanks.
Click to expand...
Sound liked someone submitted a change of address via text or email. That was totally wrong for the bank to change without asking a few questions. With that large number of credit cards reward points, someone should have come into the bank office physically, with a picture or a government ID to make a change lMHO..Or that the person in reward unit should have ask for persons name on the account, home address, city, state. And zip code number. Email Address, telephone number. via the text or email process. IMHO.
 
The bank should have that new email address on file with the name of person, their new address, telephone number and their new email address: that make that large reward cc changes. IMHO

The bank should look at their History Transaction File Account..IMHO.
 
  • Like
Reactions: Tia
davidvel said:
What do you mean by "attempted to hack?" How was this determined?...
Click to expand...
I received automated calls & text-msgs of three unsuccessful attempts to log-in at a time when we were not doing so (3AM). The CSR said, "Someone who knew you may have tried to guess your log-in."

We changed both our ID and password to something far more complex. At least that had to be done in person, not over the phone or online. But I think they should have an online mechanism for locking the account.
 
Last edited:
After three (3) attempts to login to most online accounts with the wrong login information or passwords; Most banks institutions would lock that account. IMHO

A telephone call to the bank or an in person visit to the institution to unlock that account would be necessary/needed; with proper identification and email information and the security answers/codes information…IMHO
 
Last edited:
Thanks for all the advice. I came up with a plan and called the bank back. I told them to escalate the case to their highest level of fraud investigation. I wanted copies of any emails, requests, or points transactions. I want to hear the voice transaction that requested the points. I sent them information from the credit monitoring company that alerted me of a false address that was on their report and sent to the bank.
If I didn’t get satisfaction I was prepared to file a police report and a report with the Consumer Finance Protection Agency (if it still exists).
The bank said I would hear in 12 days. Sunday night I logged in and saw the points were back.
Interesting that they have replaced the old “mother’s maiden name” with a different verbal code word for an inquiry. They should have always done that.
I am relieved but so worried it could happen again.

[Moderator Note: threads merged.] <-- SueDonJ
 
Last edited by a moderator:
I’m happy you follow up with all your actions.
Also, I’m please the bank restored all your loss points.
Please retain all the information from that bank fraud unit especially the names of the fraud investigators .
 
  • Like
Reactions: Tia
Stupid bank only uses two factor verification when I use a new, as in not used before, device to sign in.
 
I looked at my American Airlines points account and don't see even an option for 2 factor id, it's not associated with a bank tho is with a credit card.
 
Excellent job asserting yourself with the bank! Their security department likely just put the miles back vs. manpower to comply with your request. Just changed airline FF PW!
 
Last edited:
You must log in or register to reply here.
Top