Title: Understanding and Responding to Unauthorized Access on Your Citizen’s Bank Account
Introduction:
Discovering that someone has gained unauthorized access to your Citizen’s bank account can be a devastating experience. With the loss of a substantial sum, it is crucial to take immediate action to secure your account, investigate the incident, and protect yourself from future breaches. In this comprehensive guide, we will explore the steps you need to take to address and resolve this unfortunate situation while providing practical tips to prevent future security breaches.
I. Identifying Unauthorized Access:
1. Recognizing unauthorized transactions: Reviewing your bank statements regularly is crucial to identify any suspicious activities or unauthorized transactions. If you notice any unexpected withdrawals or transfers, make a note of them immediately.
2. Contacting your bank: As soon as you suspect unauthorized access, contact Citizen’s Bank’s customer support or visit your local branch to report the incident. Provide them with details of the unauthorized transactions and any supporting evidence you may have.
II. Securing Your Account:
1. Changing your login credentials: To prevent further unauthorized access, change your online banking password, PIN, and any other security question answers associated with your account. Ensure the new passwords are strong, unique, and not easily guessable.
2. Enable two-factor authentication (2FA): Implementing additional layers of security, such as 2FA, adds an extra step for account verification, significantly reducing the risk of unauthorized access. This typically involves receiving a verification code through a registered phone number or email address.
3. Monitoring account activity: Take advantage of Citizen’s Bank’s online banking tools to regularly monitor your account activity. Keep an eye out for any suspicious transactions and report them promptly.
III. Reporting the Incident:
1. Filing a police report: Contact your local law enforcement agency and report the unauthorized access to your Citizen’s bank account. Provide them with a detailed account of the incident and any evidence you have, such as transaction records or unusual account behavior.
2. Reporting to the bank: Provide Citizen’s Bank with a written account of the incident, including dates, times, and transaction details. Attach any supporting evidence to strengthen your case. Ensure that you follow their specific procedures for reporting unauthorized access.
IV. Investigating the Incident:
1. Bank’s investigation process: Citizen’s Bank will likely conduct an internal investigation to determine the source and nature of the unauthorized access. They may collaborate with law enforcement agencies to gather additional evidence and take appropriate action.
2. Coordinating with the bank’s fraud department: Stay in touch with Citizen’s Bank’s fraud department throughout the investigation. Ask for regular updates, and provide them with any additional information they may need to expedite the investigation process.
3. Working with law enforcement: If your case is pursued legally, cooperate fully with law enforcement agencies. Provide them with any requested documents and attend meetings or court hearings to support their investigation.
V. Recovering Stolen Funds:
1. Refund process: Once Citizen’s Bank confirms the unauthorized transactions and completes their investigation, you may be eligible for a refund. However, this process may take time, depending on the complexity and availability of evidence. Follow up regularly with the bank to ensure progress is being made.
2. Insurance coverage: If you have additional insurance coverage for your bank account, such as identity theft protection, verify the coverage details and initiate a claim if applicable.
3. Legal recourse: Consult with an attorney who specializes in banking and finance law to explore your options for legal action against the perpetrator and any associated entities involved in the unauthorized access. They can guide you through the necessary steps and provide advice tailored to your situation.
VI. Preventing Future Breaches:
1. Strengthening password management: Utilize password managers to create and store strong, unique passwords for each online account. Regularly update passwords and avoid reusing them across different platforms.
2. Enhancing online security measures: Keep your devices and software up to date with the latest security patches. Install reputable antivirus software and firewalls to protect against malware and phishing attacks.
3. Educating yourself and practicing caution: Stay informed about common cyber threats and scams, such as phishing emails or fraudulent websites. Be cautious when sharing personal information online and only provide it on secure platforms.
4. Regularly monitoring financial accounts: Maintain a proactive approach to monitor your financial accounts diligently. Regularly review bank statements, credit reports, and online transactions to detect any suspicious activity promptly.
Conclusion:
Unauthorized access to your Citizen’s bank account is a distressing occurrence, but taking swift and appropriate action can help alleviate the associated stress and minimize potential losses. By reporting the incident to Citizen’s Bank, following their investigation process, and safeguarding your account with enhanced security measures, you will be on the right track toward preventing future breaches. Remember to remain vigilant, prioritize regular account monitoring, and stay updated on essential cybersecurity measures to protect your personal finances effectively.
Why are you nervous? You’re protected by Reg E
In regards to how it happened, likely they have your bank account credentials. To link your bank account to PayPal, they either needed to have used something like Plaid where you enter your Citizens Bank credentials or they use two micro-deposits to verify.
If you haven’t already done so, I would recommend changing both your bank account and email password and make sure to use two different passwords. If you were re-using your credentials on other websites that got hacked, the hacker could have re-used those credentials elsewhere and got lucky with your bank.
In any case, if Citzens bank allows this, after changing your password, I would change any security questions, enabled email and text alerts for any transactions (I set mine to $.01 or the lowest denomination possible). I would also enable MFA if possible. If your bank has the option to sign out of all signed in devices or trusted devices, i would do that too. I would also verify all contact info with your bank and make sure it’s correct and remove any that are wrong (eg. email, phone, mailing address)
Then repeat the above steps with your email account and any other sensitive account.
In any case, I would make it part of your routine to audit your financial accounts at least once a month. By law, you’re only given like 60 days to report fraudulent activity.
Some advice: set up a completely different email address that you use only for bank logins (checking/savings/credit cards), nothing else.
What very often happens is an innocuous website is hacked or compromised, and a scammer gets your email and password from it. They then try that email and password on every other site they can think of — Domino’s, ebay, Amazon, Gmail, GrubHub, Chase, Bank of America… They’re just hoping they can get into one or more of those sites with your info, at which point they’re going to go shopping or try to scam your email contacts or try to reroute your money. If you you have a completely different email that you use for banking, there’s no chance they’ll get in, since even if they guess the password, they don’t have the right email to log in.
As others said, you should be protected. But a good lesson in financial security & hygiene.
* Use 2FA on every bank account, no exceptions. Don’t use a bank that does not offer it. SMS 2FA is the worst option, but still better than nothing.
* Don’t reuse any passwords for banks. Check your email/password history in https://haveibeenpwned.com/ before using. Could also use a separate email just for your bank accounts to avoid situations where your primary email gets hacked.
* Check transactions at least weekly. This is where budging apps come in use. I have quite a few bank/CC accounts but its easy to check all of them because they are all connected via Monarch app.
2 Factor Authentication people, put it on anything important that has a login…. Email and text notifications on allllll my financial institutions. Everything. If a CC is not being used, i lock it in the app. Credit freezes and you unlock them with a swipe in your credit bureau app or site. Ive had to deal with too much identity theft, I’m done with that. Lock it all down for me please. I don’t care if i have to take extra steps to get in.
For the future, most bank have a feature you can enable to email and/or text you when theres a transaction over an amount you set.
I work in banking fraud. This will be covered by reg E. Provisional (temporary) credit is given within 10 business days if they will need to take longer to research it. Usually they would not wait 10 days to return your funds to you once approved, so I’m going to assume you heard them mention the provisional credit (if they did approve it then congrats!). First things first, I’d highly recommend you contact PayPal about this as well, as the bank probably won’t.
1. This is an Account Takeover (ATO). The bank will/have asked you questions, such as if you’ve given your account info to anyone or if anyone else has access to your devices. Answering yes to either of these will make them deny your claim and you’ll be told to go to the police. They will also tell you to check your credit, which you probably should as this might be identity theft.
2. The bank will check the device used along with the IP address of every login during this ATO time to determine if you’re being honest about what your saying, and if anyone in a location that would be unlikely for you to be logged into the account.
3. Once they find evidence showing it wasn’t you, and that you didn’t log into your account during that time, they will begin the process of refunding you. You will be covered for every transaction during and 60 days after the statement transmittal for the month of the first unauthorized transaction. If it all happened within the last month or so, it should be all of it.
Again, I highly recommend you reach out to PayPal. If they can give you any details on what happened for you to provide to your bank, that would help immensely. I’m not sure what their privacy policy is, and yes even fraudsters get privacy protection. You also have a right to documentation on the investigation of your dispute that you can request after it’s completion. Also, I don’t know if I would blame the bank on this. Most ATOs are done by family members or people who have scammed you into giving them access to your account. The bank doesn’t just give out your login info. Like I said, check your credit report. Good luck!
Consider your billing schedule, NOW. If there are going to be conflicts in meeting payment schedules, contact that company’s billing office and explain, like they are ELI5. Most often they will be glad to put a deferred billing note on your account.
And RELAX. They got systems in place for events like this.
You should have MFA and notifications for every financial institution. I have mine set to notify above 0.01.
so, what did you do wrong which caused your money to be easily stolen?
Change all your passwords and don’t share them with anyone. And don’t click any links. Maybe reset your CPU and phone as well. Run a credit report too.
I’m not understanding why you’d move your money if there isn’t some sort of incompetency on their end. There is a lot that banks can do to prevent fraud, but in these instances it is hard for them to do a lot of prevention. What, are they going to stop you from linking your account to PayPal and transferring money out? They could make it into a big hassle, but that would be ripe for lambasting.
One suggestion that I haven’t seen mentioned here is to setup transactions notifications. With some banks you have to set an amount, in which case you set a penny. It may be a bit annoying to get a text every time there is a transaction, but its more annoying dealing with fraud and potential money loss. It also helps to be on the lookout for those small transactions.
As side piece of advice is to be careful with VPNs. I helped a customer on a fraud case and their claim was denied because the customer never had a consistent IP or location. They are typically going to look at the logs, compare your typical activity to the activity when you were frauded, but there is nothing consistent to compare to, then they may have no way to establish who was using the account at any given time. Part of this links to a common fraud scheme where you “commit” fraud on yourself, file the claim and get a refund. Not saying that is a great scheme or anything, but its also not like the banks always recover the money after a fraud incident occurred.
We had a problem with fraud at Citizen’s Bank (Uber and Lyft charges). They did nothing to help and so we changed banks.
Heard people affected by the mgm casino hack are getting hit like this
I work in banking. Since these transactions appear to be within 60 days old my bank could dispute and report for fraud and/or identity theft.
This happened to me with this same bank. Instead they added the cash to Robinhood. While the first claim was open, they were able to take out more money.
Each time I called the bank, I gave an incorrect security answer and they still gave me access to my account. I could imagine security wasn’t the best.
I did get my funds back in about a week or two.
We had the same problem this year with Citizens. They took 19k from us. We closed our accounts and went to a credit union. We heard too many stories about Citizens Bank.
I might be wrong but from what I have heard filing a complaint at this link helps:
https://www.ic3.gov/Home/ComplaintChoice
IIRC, **they have the ability to claw back funds that were stolen.** Please consider making a complaint here.
I would not trust just my bank with this.
Just had this with a credit union with zelle. The scammers created a fake pass through website that showed up in a Google search and my wife accidentally used it. She had 2FA and all kinds of security, and they were basically able to spoof her IP address and log in as soon as she logged out and then transfer a bunch of money out. We got our money back but had to rebuild our bank accounts at that bank, which took half a day because we had three separate accounts all accessed through the web portal. It was terrible. Fortunately I have a cash management account at my brokerage that I was able to use to pay bills, because all of our accounts were completely frozen and I couldn’t divert our paycheck ACH in time. I now have my pay split between the credit union and my Fidelity account so there is no link between them.
My friend’s dad almost lost money in his account but the bank caught it and froze the payment. They got into his AOL email (probably phished) created a folder, then created a rule to send all mail into that folder so that he wouldn’t see any new mail from the bank come in.
Someone did this to me through Zelle but with BOA, was only $2k though so my anxiety was likely not as high as yours may be now.
Basically it took BOA like a month to complete their investigation and refund me. It was a new account so I never fully setup Zelle on the account and complete MFA. Because of that they were able to setup their devices for MFA and login.
Immediately closed BOA account and just added s checking to my existing bank.
Someone probably stated this already, it’s probably someone that works at the bank that did this. After you switch banks, file a police report asap of the fraud and let them know you think it is someone that works at the bank in their IT Department that has code access on the password entries and account data files. They are probably doing this to other stagnant accounts.
I just scrolled through a little bit but some more advice would be to monitor your account frequently, set up text service if they have the capability, and do not keep that much money in your checking account. I use to work for First Citizens a while ago and people who had these issues always had thousands of dollars in their checking account. The thieves would pull small amounts and they would never notice. I always keep my checking at $0. I would keep my bill money in my savings account and pull it over when bills are due. I have even had one bank remove my savings account from my debit card so if that got stolen they could not pull money from my savings. There are all different types of ways to protect yourself.
Sounds like someone got ahold of your username & password and you use the same combo on every website…
You need to start using a password manager like [BitWarden](https://bitwarden.com/) and make all your passwords unique randomly generated strings (like “nK58MMN%6uJJbkrS”), unique per website. Save them in your password manager and give that a long ass unique password that you can remember (like “YellowPencilScubaDiver16” or something) for unlocking said password manager.
I know it sucks going through all your logins to change passwords, took me all morning one day to do this (I have ~100 logins saved in BitWarden currently) but jesus it is worth it to save yourself from headaches like this.