CLARKSVILLE, Tenn. (WTVF) — Here's something you're going to want to pay attention to. Scammers are wiping out the bank accounts of unsuspecting consumers across the country. They have figured out how to get into your bank accounts and then steal your savings. They do it by convincing you that they're with your bank.
It all starts with a text from what appears to be your bank, alerting you of possible fraud.
It was just another Saturday afternoon for Kizzy Broaden in her Clarksville salon when she got a text that appeared to be a fraud alert from her bank, only it wasn't.
Broaden had gotten texts like this before from her bank and this one seemed to come from the same Bank of America number as the others. It even included the last four digits of her account. So, she quickly replied, no, she had not just tried to make a purchase in Houston, Texas.
"Then, the next message came through from them and it says, 'Thank you. The transaction has been blocked. No money has been deducted from your account and one of our representatives will be reaching out to you shortly,'" Broaden recalled.
Soon after, her phone rang. Again, she said, nothing seemed out of the ordinary.
"The man identified himself as a David Singletary with Bank of America's Fraud Department and they actually called from the Bank of America number that is located on the back of my debit card," Broaden explained.
But, within minutes, the man had cleared out Broaden's personal savings and checking accounts as well as both of her salon's accounts with B of A.
Former FBI agent and cyber security expert Scott Augenbaum says no one is safe.
"If you get an email or a text message from your bank or your credit card company or anyone asking you to do something, pick up the phone and call the bank's telephone number. Don't call back to the number that sent you the text, but realize the cybercriminals are scamming us," he said.
Not only did the scammer have Broaden's name and phone number, they also had the last four digits of her social security number and debit card.
Broaden said the scammer had other information about her bank accounts that someone would only know if they had accessed those accounts.
Augenbaum says the scammer probably had accessed her accounts.
"The cybercriminals have almost 8 billion usernames and passwords," he explained.
Once the cybercriminals figure out yours, it's not hard to do because so many people use the same email address and password for all of their accounts.
"They're probably in her bank account. They're looking around. They see everything. And now they go and they cut and paste a legitimate bank text message, and then they spoof it which means they fake it," Augenbaum told NewsChannel 5 Investigates.
It was this spoofing technology that made it appear to Broaden that the texts and phone calls were coming from her bank.
Broaden says the caller told her they would need to set up a new account and then he transferred her money using Zelle, an online payment app.
"They were setting up a Zelle thing with a Chase account, and I had no idea that that's what they were doing and that's how the money was taken out from my account, and it looked like that I had Zelle'd money from myself to myself," Broaden said.
It wasn't until later that afternoon when she was done at the salon that she discovered her money was gone. Immediately, she called Bank of America to report what had happened.
"She said you're the second call that she has had personally that day, that the scammer had gotten them," Broaden recalled.
Broaden is now trying to warn others, after learning the hard way, that if your bank texts or calls you to move your money, it's probably not your bank.
Augenbaum is also trying to warn people, recommending if you get a text or call like Broaden's, "Stop. Hang up! The banks will not ask you to do that, because once you transfer that money out, it's just like you gave cash away to the bad guy. You are not going to see it again."
After we reached out to Bank of America, the bank generously or replenished Broaden's accounts. But they didn't have to.
Cyber security experts recommend that you have your bank's phone number in your contacts so you can call them immediately if you ever get one of these texts or calls.
Also do not use the same password for all of your accounts. Change your passwords often and do not pick passwords that someone could easily guess. Also, if it's available, use multifactor authentication when you can.