Two phone calls today. I answered the second one. 302 area code. It was an automated system claiming to be the Bank of America fraud protection department. The automated system wanted me to verify my social security number and address. My eyebrow raised, I got the tinfoil hat out of my wallet, and I prepared to put it on. “Not quite yet,” I told myself. I hung up the phone.
I got my laptop out and checked my e-mail. Two e-mails, both claiming to be from Bank of America’s fraud protection folks. The URLs check out; not a phony URL, but a Bank of America subdomain. Hm, wierd, I thought.  They want to verify some transactions for an account number that doesn’t look familiar to me. There’s a phone number in the e-mail. I called. Big phone system, kept me on hold for like 9 minutes. Kept reminding me that my call is important to them. It felt like I was talking to a bank.
Nice-sounding guy answered the phone. He asked me to verify some information. I gave him some. Billing address; no big deal. I told him I was calling about an account number that didn’t look familiar to me. He said Bank of America is merging with MBNA and I’ll be getting a new credit card number. This was it. I hit the Google while we talked and verified that Bank of America is, in fact, merging with MBNA. Ok, this seemed legit. I told him I wanted him to verify for me that he’s actually Bank of America. He told me I could call the number on the back of my card if I was nervous. That allayed my suspicions. He asked for some more information. I gave it. Then he asked for the names of some of my closest relatives. Alarm bells went off. I dove for figurative cover, got my tinfoil hat out and put it on, and nervously said, “I, uh, don’t think I’ve ever given Bank of America that information. It shouldn’t be in my account record.” He said that Bank of America is a big organization with the capability of finding out such information. I hung up.
When I talked with the real Bank of America people (I actually called the number on the back of the card), they said the whole thing sounded fishy. I verified my last few transactions, with information flowing both ways. We determined together that I hadn’t given out enough information for anyone to access my accounts, so they’re not in any direct danger. But I was, and still am, scared.
These people are good. They got my personal cell phone and e-mail address, crafted some very convincing-looking e-mails, web sites, and phone calls, treated me professionally like a bank would, knew the latest in banking business news, and reminded me at all turns to keep my personal information safe. They even had a phone tree, for goodness sakes, that contantly reminded me that my call is important to them. If these people are setting up a fake banking operation, they’re doing a darn good job of it.
I thought I was the last person to fall victim to a scam like this. But the scams are getting better. Please be careful, friends. If you have any questions, initiate contact with your bank by making a phone call to a trusted number or by going DIRECTLY to the bank’s web site. That means not clicking on a link in an e-mail and not calling a number you’ve never seen before.
And don’t forget your tinfoil hats!