After nearly two decades in the tech industry, I’ve seen most scams come and go, and I’ve NEVER been caught by one, until now. My banking setup is simple yet super effective. I maintain an account specifically for outbound expenditures, limiting its balance to no more than $5,500 – more on this strategy later. Additionally, I have an inbound account where all invoiced revenue lands; this account is exclusively for incoming funds and allows no outbound transactions. Lastly, there’s a third account, which I refer to as ‘air-gapped.’ This account doesn’t have a linked card and has never been involved in any direct transactions. It’s where I keep the majority of my money, and moving funds in or out of this account requires manual intervention from my end.
The reason I limit the expense account to $5,500 is that this is close to the amount at which a bank will correct any issues without much fuss. Over that, and the process becomes more involved, as I’ve been told by my banker.
While I’m quite vigilant about account infrastructure, I tend to be a bit slack in monitoring. I know how much is in the expense account, and I receive a daily notification of the balance, so as long as that daily notification matches what I expect, I don’t dive any deeper. This is where I messed up. Back on November 16, 2023, when I went to pay for a service online, my card was denied. Knowing there was $4,300 available on that card, I tried again, unsuccessfully. So, I checked my bank balance and found that the account was empty – all $4,300 had gone overnight. Scrolling through transactions, I saw hundreds from Google, YouTube, and TikTok for $3.70, 7.40, and 14.80 – just pages of these transactions. While I run a very large volume of Google ads for clients, these charges are on credit cards. So, Google and YouTube should only ever hit that expense account for a few dollars for YouTube Premium and a few apps I pay for – literally less than $25 a month. And TikTok has never had a dime spent on it, so it’s never even had a card number. So how did they do this?
Well, it’s actually quite clever. I was pissed but also impressed. I went back to October 14th, nearly a month earlier, and found 10 transactions for those amounts, then 10 refunds. The next day, there were 15 transactions and 15 refunds. That pattern continued until the end; they literally trained my bank to recognize these as accepted charges over a month’s time. All the while, they were refunding me, so as I watched the daily balances, nothing seemed off at all.
Upon discovering the fraudulent transactions, I immediately accessed my banking app. However, it wasn’t equipped to handle disputes over hundreds of charges, so I had to resort to calling customer support. This turned into an hour-long ordeal with offshore support staff, who initially struggled to grasp the sheer volume of fraudulent transactions, but eventually, the representative had an ‘aha’ moment, understood the situation, and initiated the correction process. They issued a new card, canceled the old one, and restored my funds. Aside from the minor inconvenience of updating payment information for some services, everything was resolved.
After this incident, I added another layer of precaution: I set up a fourth bank account with a very small amount of money and designated this for transactions involving custom software and services that use less reliable payment gateways, the transactions that I feel are a bit riskier, keeping the original expense account, now with a new card, reserved for transactions with more reputable entities like Amazon and Duke Power.
Just to clarify, at this point, I had figured out what they did and even had a good grasp of the technology stack they used to execute this banking fraud, but I still had no idea how they acquired my card info.
So, fast forward to January 11th, when I started to daily check those accounts for anything weird. Let me be clear: the primary expense account literally had 5-6 entities billing it. Most I moved to a credit card, and any questionable ones to the new account. So, the main expense account had not been used anywhere in person at all and had been entered into just a select few websites.
Then, on January 11th, it started to happen again. Suddenly, I had some random YouTube, TikTok, and Google charges and then immediate refunds. Now, I was curious, so I didn’t do anything; I just wanted to watch. Over the next week, they initiated charges and, in the same minute, refunded them. Literally, in the same minute of time, so it couldn’t be human. After a week, I canceled the
card. I had seen enough to understand the cycle, so I assumed that calling the card company would stop it. It didn’t! The next day, with no card reissued yet, it continued, so they somehow had my actual banking credentials, which is super weird. Not once have I entered banking details directly; I never, ever pay anything with an account number.
So, I immediately dumped the money into a savings account, and since I have overdraft turned off, it just denied the transactions the next day. Then it stopped. I still have the account active right now, and I keep the minimum in it to stay active, just to monitor and try to understand a bit better.
Here’s the issue: you might assume they hacked my computer and installed a keylogger to get my banking credentials. If they had, they would have quite a few other accounts at the same bank that they could exploit, and that hasn’t happened. Plus, over Christmas, I upgraded to the latest and greatest GPU and upgraded the computer to Windows 11, so the computer was wiped entirely between these two events.
I have no idea how they got banking credentials for a single account that has never been entered anywhere, it’s never had a paper check written on it; literally, I have not entered that banking info anywhere. It doesn’t even receive deposits.
Whatever it is, the thieves are getting smarter. I mean, training my account for nearly a month to be able to siphon off hundreds of transactions is totally new to me. As a tech guy, I kind of appreciate their ingenuity; I just wish they were putting it to better use.
So, the moral of this story is: check your transactions daily and do not assume that canceling a card will correct the issue if one ever arises.”