A Bank of America customer says he lost tens of thousands of dollars after bad actors found a way to hijack his account.
California resident Jeff Drobman says the theft began when his phone abruptly came alive with multiple notifications from his Bank of America app, reports NBC Los Angeles.
“I started to get notifications that someone tried to log into my account, that my password had been changed.”
Jeff says he tried to call the bank to stop the criminal from looting his account, but his phone suddenly lost service. By the time he was able to get in touch with Bank of America, it was too late.
The thief had already siphoned $21,000 from his account.
“They go, ‘They’ve already withdrawn $21,000 from your account.’ Are you kidding me? That’s half of my bank account.”
Jeff says he was a victim of a SIM-swap attack – a scheme where criminals tricked Spectrum, Jeff’s carrier, into connecting his phone number to a different SIM card. Once in possession of the phone number, the thieves received the text back codes from the bank that allowed them to change Jeff’s password and steal his money.
“So the text message went not to my phone, but their phone. So by hijacking my phone, they intercept my text back codes.”
The American Bankers Association believes that text back codes help secure trillions of dollars in the banking system. But Jeff says it’s clear they are not secure, and he’s urging the industry to begin using facial recognition or authentication apps.
“I want to get the word out that text back codes are not safe.”
NBC 4 contacted Bank of America to learn more about Jeff’s case. After hearing from NBC, the banking giant promptly credited Jeff’s account with $21,000, saying that the lender takes cases of identity theft seriously.
