I received an email from my bank stating someone used the online service to recover my username. Well, it was not me. A few minutes later I received a message with a code from the bank saying to provide the code to customer service. Again, not me.
I quickly called the bank and reported that someone was attempting to access my account. They made a note on my account and told me to call back during the week to speak to the security team. After two days of calling and being put on hold, I finally spoke to someone. He confirmed that someone from Florida had attempted to log in to my account and had called them to reset my password. When the caller was unable to provide the number the bank sent me, the caller hung up. The bank is closing my account and opening a new one.
Luckily, I have two-factor authentication setup and am aware of the various ways hackers attempt to access accounts. Had my bank not been vigilant, this attacker may have been able to gain access to my account and my money.
Some tips for everyone to help protect you in these situations:
1) If you get an email like this, never click on the links in the email. Also, do not call the number in the email. Instead, manually go to the bank's website and get the contact information there. Sometimes, these emails are fake and they are trying to redirect you to a spoofed website to get you to enter your information.
2) If you receive a call from someone claiming to be your bank, do not give them information. Instead, hang up, go get the bank’s phone number, and call that number. That ensures you are really talking to the bank and not someone trying to get your personal information.
4) Use strong passwords on all your accounts. Do not repeat passwords. Use a password manager like LastPass, Dashlane, or 1Password to store your passwords so you do not have to remember them all. Also, use them to generate long, secure, random passwords.
5) There is a thing called SIM swap, which allows hackers to take over your phone number. They can use that to get the text message for two-factor authentication, and you would never see it. If your phone ever reports a SIM card issue, get down to your service provider’s store (AT&T, Verizon, T-Mobile, etc.) immediately. Someone may be trying to compromise your accounts.
6) Set up a pin for you mobile phone account. This will make it harder for hackers to take over your phone number and add some protection against SIM swap attacks.
7) Set up a fraud alert with one of the major credit agencies (Experian, TransUnion, Equifax—if you set up an alert with one agency, they will forward your alert to the other two). A fraud alert does not freeze your credit. Instead, if someone tries to open an account or get credit in your name, the company must call the number you provide to verify your identify and get your authorization. Again, it may not protect you against SIM cloning, but it will help.