Select Page

Banking Scam That Wiped My Bank Account, Yes They Got ME!

by | Jan 24, 2024 | Focus Blog

Categories

 

why would anyone rent a websitea

After nearly two decades in the tech industry, I’ve seen most scams come and go, and I’ve NEVER been caught by one, until now. My banking setup is simple yet super effective. I maintain an account specifically for outbound expenditures, limiting its balance to no more than $5,500 – more on this strategy later. Additionally, I have an inbound account where all invoiced revenue lands; this account is exclusively for incoming funds and allows no outbound transactions. Lastly, there’s a third account, which I refer to as ‘air-gapped.’ This account doesn’t have a linked card and has never been involved in any direct transactions. It’s where I keep the majority of my money, and moving funds in or out of this account requires manual intervention from my end.

The reason I limit the expense account to $5,500 is that this is close to the amount at which a bank will correct any issues without much fuss. Over that, and the process becomes more involved, as I’ve been told by my banker.

Micro-Transaction Wiped My Bank Account

Micro-Transaction Wiped My Bank Account

While I’m quite vigilant about account infrastructure, I tend to be a bit slack in monitoring. I know how much is in the expense account, and I receive a daily notification of the balance, so as long as that daily notification matches what I expect, I don’t dive any deeper. This is where I messed up. Back on November 16, 2023, when I went to pay for a service online, my card was denied. Knowing there was $4,300 available on that card, I tried again, unsuccessfully. So, I checked my bank balance and found that the account was empty – all $4,300 had gone overnight. Scrolling through transactions, I saw hundreds from Google, YouTube, and TikTok for $3.70, 7.40, and 14.80 – just pages of these transactions. While I run a very large volume of Google ads for clients, these charges are on credit cards. So, Google and YouTube should only ever hit that expense account for a few dollars for YouTube Premium and a few apps I pay for – literally less than $25 a month. And TikTok has never had a dime spent on it, so it’s never even had a card number. So how did they do this?

Well, it’s actually quite clever. I was pissed but also impressed. I went back to October 14th, nearly a month earlier, and found 10 transactions for those amounts, then 10 refunds. The next day, there were 15 transactions and 15 refunds. That pattern continued until the end; they literally trained my bank to recognize these as accepted charges over a month’s time. All the while, they were refunding me, so as I watched the daily balances, nothing seemed off at all.

Upon discovering the fraudulent transactions, I immediately accessed my banking app. However, it wasn’t equipped to handle disputes over hundreds of charges, so I had to resort to calling customer support. This turned into an hour-long ordeal with offshore support staff, who initially struggled to grasp the sheer volume of fraudulent transactions, but eventually, the representative had an ‘aha’ moment, understood the situation, and initiated the correction process. They issued a new card, canceled the old one, and restored my funds. Aside from the minor inconvenience of updating payment information for some services, everything was resolved.

After this incident, I added another layer of precaution: I set up a fourth bank account with a very small amount of money and designated this for transactions involving custom software and services that use less reliable payment gateways, the transactions that I feel are a bit riskier, keeping the original expense account, now with a new card, reserved for transactions with more reputable entities like Amazon and Duke Power.

Just to clarify, at this point, I had figured out what they did and even had a good grasp of the technology stack they used to execute this banking fraud, but I still had no idea how they acquired my card info.

So, fast forward to January 11th, when I started to daily check those accounts for anything weird. Let me be clear: the primary expense account literally had 5-6 entities billing it. Most I moved to a credit card, and any questionable ones to the new account. So, the main expense account had not been used anywhere in person at all and had been entered into just a select few websites.

Then, on January 11th, it started to happen again. Suddenly, I had some random YouTube, TikTok, and Google charges and then immediate refunds. Now, I was curious, so I didn’t do anything; I just wanted to watch. Over the next week, they initiated charges and, in the same minute, refunded them. Literally, in the same minute of time, so it couldn’t be human. After a week, I canceled the

card. I had seen enough to understand the cycle, so I assumed that calling the card company would stop it. It didn’t! The next day, with no card reissued yet, it continued, so they somehow had my actual banking credentials, which is super weird. Not once have I entered banking details directly; I never, ever pay anything with an account number.

So, I immediately dumped the money into a savings account, and since I have overdraft turned off, it just denied the transactions the next day. Then it stopped. I still have the account active right now, and I keep the minimum in it to stay active, just to monitor and try to understand a bit better.

Here’s the issue: you might assume they hacked my computer and installed a keylogger to get my banking credentials. If they had, they would have quite a few other accounts at the same bank that they could exploit, and that hasn’t happened. Plus, over Christmas, I upgraded to the latest and greatest GPU and upgraded the computer to Windows 11, so the computer was wiped entirely between these two events.

I have no idea how they got banking credentials for a single account that has never been entered anywhere, it’s never had a paper check written on it; literally, I have not entered that banking info anywhere. It doesn’t even receive deposits.

Whatever it is, the thieves are getting smarter. I mean, training my account for nearly a month to be able to siphon off hundreds of transactions is totally new to me. As a tech guy, I kind of appreciate their ingenuity; I just wish they were putting it to better use.

So, the moral of this story is: check your transactions daily and do not assume that canceling a card will correct the issue if one ever arises.”

Recent Posts

 

Maximizing Social Shares: Mastering Website OpenGraph Settings

Maximizing Social Shares: Mastering Website OpenGraph Settings

What Are Website OpenGraph Settings? OpenGraph settings, a preview for social media interaction, comprise HTML tags that turn a simple URL share into an improved media experience. When you share a webpage on social platforms like Facebook, these tags dictate how the...

How a Simple Text Can Dramatically Increase Your Google Reviews

How a Simple Text Can Dramatically Increase Your Google Reviews

I recently had a spark of an idea that I thought I’d share, thanks to a chat with a current client. Let me share a bit of the backstory: our team's main focus is helping businesses grow. While that is a simple statement, it's often not a single item that we address....

Ride the Wave or Get Wiped Out: The Generative AI Revolution

Ride the Wave or Get Wiped Out: The Generative AI Revolution

Seems like every time you scroll through the news, there's another article on generative AI. Some are sounding the alarm, worried about jobs and the future of creativity, many are calling for an all-out war against it. But here's the deal: if you're one of those...

A Grumpy Mechanic’s Remark Changed Everything

A Grumpy Mechanic’s Remark Changed Everything

Sometimes, a single moment defines your entire future...Over the past 23 years, I've witnessed countless website and marketing trends come and go. But there's one idea that initially seemed too silly to work, yet it's turned out to be one of the most pivotal concepts...