How my Chase was hacked, and Money was Withdrawn in Minutes
Earlier this week I was heading to lunch, when all of a sudden I was slammed directly at noon with calls originating from my own cell number. Though I thought it was odd, I ignored them. After the 4th attempt, I noticed my Voicemail password was reset. At the same time I got a notification that my Chase online password for one of my business accounts was reset. Instantly I stopped eating, and called Chase.
Chase told me there was in fact a password reset, but no activity. She said the password reset token was sent to my phone! As the woman began to transfer me over to the fraud department, she noticed a new wire template, and a wire had not only been requested, but approved. FUCK. I instantly wrapped up lunch, and went straight to my branch.
By this time, there were two pending wires. My banker looked it up, and spent 45 minutes on the phone. I left hoping it would be resolved — it was about an hour until cut-off time (2:30 PST, 5:30 EST) so I figured it could be stopped.
Around 3PM I receive the following email: (redacted account number, and MTCN number)
SHIT! They processed 4 wires for nearly $1200.
My banker tells me there is nothing they can do at this point, but file a report. It’s not been a few days, and I was told it could be a while before the funds are back in my account — great, but what if I had more money in there? This is a business account, and sometimes I carry much larger balances — what then? Short answer — S.O.L.
What I care about more at this point is figuring out how they hacked my account. What I’ve been able to piece together is maybe it had something to do with my phone — it was an iPhone 5, with bluetooth turned off, and I was running iOS 8.0.1 at the time. My email attached to that account was a Google Apps account, but the account was always online, I never saw a password reset.
I use a Mac, which at the time ran a developer version of Yosemite.
My bankers at Chase have said they have never seen this before.
Also — Who is Ripan Kumar? I’m sure this poor guy had his account hacked too, and he was just a pawn in the grand scheme of things.
I invite others out there to help me solve this — ultimately our money is secured up to $250,000 by the FDIC, but what a headache, and why should these guys be able to do this?
