A Bank of America customer says he lost tens of thousands of dollars after bad actors found a way to hijack his account.
California resident Jeff Drobman says the theft started when his phone abruptly came to life with multiple notifications from his Bank of America app, NBC Los Angeles reports.
“I was getting notifications that someone was trying to log into my account, that my password had been changed.”
Jeff says he tried to call the bank to stop the criminal from looting his account, but his phone suddenly went dead. By the time he was able to contact Bank of America, it was too late.
The thief had already withdrawn $21,000 from his account.
“They say, ‘They’ve already taken $21,000 out of your account.’ Are you joking? That is half of my bank account.”
Jeff says he fell victim to a SIM swap attack, a scheme in which criminals tricked Jeff’s carrier, Spectrum, into linking his phone number to another SIM card. Once in possession of the phone number, the thieves received the bank’s SMS backcodes that allowed them to change Jeff’s password and steal his money.
“So the text message did not go to my phone, but to their phone. So by hijacking my phone, they intercept my SMS backcodes.”
The American Bankers Association believes that text message return codes help secure trillions of dollars in the banking system. But Jeff says it’s clear they aren’t secure, and he’s pushing the industry to start using facial recognition or authentication apps.
“I want to make it clear that SMS backcodes are not secure.”
NBC 4 reached out to Bank of America for more information about Jeff’s case. After hearing from NBC, the banking giant immediately credited Jeff’s account with $21,000, saying the lender takes cases of identity theft seriously.
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
follow us on TweetFacebook and Telegram
Surf to the Daily Hodl mix
Generated image: Midjourney
