Welcome to NerdWallet’s Smart Money podcast, where we answer your real-world money questions. In this episode:
Explore how to protect yourself from identity fraud, understand its emotional toll and learn fraud recovery steps.
How can you protect yourself from identity theft and fraud?
What steps should you take if you become a victim of financial fraud?
Hosts Sean Pyles and Sara Rathner delve into the unsettling world of identity theft and fraud prevention to help listeners safeguard their finances and wellbeing. They begin with a discussion on the various facets of identity theft, with tips and tricks on identifying fraudulent activity, enhancing personal banking security and dealing with the aftermath of having your identity compromised. Then, they discuss the differences between identity fraud and scams, the importance of good cyber hygiene, and the steps to take immediately if your personal information is breached.
Sean also speaks with John Breyault, Vice President of Public Policy, Telecommunications and Fraud at the National Consumers League, about the current trends in identity theft and the forms of fraud that are on the rise in 2024. They cover topics such as new account fraud, the impact of zero-day vulnerabilities on personal data security and the necessity for consumers to stay vigilant with software updates and report incidents promptly.
They also explore how victims can navigate the process of recovering from fraud, including freezing credit reports, changing passwords, and engaging with financial institutions and law enforcement to document the crime and seek restitution.
Check out this episode on your favorite podcast platform, including:
NerdWallet stories related to this episode:
Episode transcript
This transcript was generated from podcast audio by an AI tool.
So there you are just going along with your life, running errands, finishing work projects, walking the dog, making lunch, paying bills, and then you realize, something is very, very wrong. Someone has gotten into your accounts and stolen your money.
August 28th was a normal day. I took my cat to the vet, went and got groceries. That morning, I checked my online banking just to make sure I had enough money to do everything. It just seemed like a normal day and then everything changed that evening when I got that email.
Welcome to NerdWallet’s Smart Money podcast. I’m Sean Pyles.
We’re back with our Nerdy deep dive into identity theft, fraud, and scams, and their potentially devastating effects on your finances if you become a victim. As we said last episode, and we’ll continue to reiterate over and over, these crimes do not discriminate. Absolutely anyone can find themselves in deep water with their money situation because these financial criminals have so very many tools and options at their disposal.
Yeah. And, Sean, I think we also want to repeat the message that this doesn’t just happen to you because you’re ignorant or careless. It happens because as our guest last week said, “We have to be 100% right all the time.” We have to be watching our accounts and changing our passwords, realizing we’re talking to someone who’s pretending to be from a bank, etc., etc. And the criminal only has to be right once to get what they’re after. So if they catch you in a moment where you’re tired or hangry, they might just do that.
So the last thing that you should feel is embarrassed or ashamed if you do become a victim of ID theft or a scam. Angry and upset, yes, ashamed, no. The more we all talk about it, the more educated we become and the harder we make it for the thieves and scammers.
Yes. Let’s take our power back.
Yes. So last week we talked about identity theft, how it happens, what to be on the lookout for, and how to protect yourself as much as possible. Today we’re going to look at the next step in that process, which is the identity fraud that happens after the theft.
It’s the credit card opened in your name. It’s the tax return that isn’t really yours. It’s the healthcare account that also isn’t yours that gets the thief medical care on your dime. Listener, we’re going to help you understand what it looks like, how to avoid it, and what to do if it happens to you.
All right, well, we want to hear what you think too, listeners. Tell us your stories of identity theft or share how you’re working to fight it or recover from it. Leave us a voicemail or text the Nerd hotline at (901) 730-6373. That’s (901) 730-NERD, or email a voice memo to [email protected].
So, Sean, where do we start today?
Well, we’re going to start today with a real world tale of identity fraud. We’re hearing from Charlene MacNeil, a mom from Alberta, Canada. She’s got a story about what happened when someone was able to get into her account at BMO Bank, a subsidiary of the Bank of Montreal. Then after Charlene, we’re going to talk with an expert in ID fraud, who’s seen it all in his capacity at the National Consumers Union. Charlene MacNeil, welcome to Smart Money.
Hello. Thanks for having me.
Charlene, you experienced a form of bank account fraud. When did you first realize that something was wrong?
On August 28th, I had just put my kids to bed and I got an email pop up on my cell phone saying that I had a credit limit alert from BMO and it told me that I had $33 left in my account.
And so that was an indication that you didn’t have sufficient funds or maybe your credit was run up. What were you thinking when you first saw that?
I panicked when I saw the $33. It just didn’t make sense. So I immediately went onto my online banking and noticed that my line of credit was maxed to the $15,000 mark.
And what steps did you take once you realized that something was very wrong with your account?
I immediately called BMO and just told them the email that I got and she told me that she would cancel my card right away and my account and to go to the branch immediately the next day to file a report of what had happened.
So the next day, did you go in and talk with them about that?
Yeah, I went in the next morning and I told her what had happened and she had told me that there was a text message that was sent to me like a one-time passcode, and I tried to think back to the day before because I do get text messages or calls from scammers sometimes, but that summer I felt like I had gotten quite a few, but I just kind of always ignored them, so I didn’t really think much of it. And then when she was looking at my account, she asked me if I knew the company Wise, because she noticed that’s where the money had been sent and I Googled Wise right away because I didn’t know what she was talking about.
And when I Googled it, it said international money sending. So she was, “Oh, that’s a red flag. That’s crazy.” She made me feel like we should be able to get the money back, that she would fill out this report and send it off and it should be okay. What had happened was they took my line of credit money, transferred it to my checking account, and they set up a bill payment to the company Wise, and then they sent out the money that way through a bill payment.
So a slightly convoluted way to get the money that you had from your line of credit over to them essentially?
And so it seems like things are maybe going, okay, this was a frustrating experience, but you thought you were going to be able to get your money back?
Yeah, I went back to work and I felt relieved. “Okay, that’s done. It should be fine.”
But that’s not what ended up happening.
No. Two days later, the teller that had helped me, she called me and started the conversation with, “I have some very unfortunate news. They will not refund that money to your line of credit.” And my heart fell because I was just, “What do you mean?”
And this was $15,000 they said they weren’t going to refund?
I had a balance on there before. So really they just took whatever I had left in my line of credit and sent it out, so it was like $9,700.
And what reason did they give you for why you wouldn’t be able to get this money back?
They had told me that they tried reaching out to Wise, but the money had already been transferred. So whoever the bill was made out to through the company, they had the money and that’s it. They couldn’t get the money back, but she did say, “If you want, we could escalate this and see if there’s something else that they could do.”
Because there have to be some kind of protections. This was an instance of fraud. You didn’t authorize this transfer of money?
No, but as this continued on, they kept saying that I had gotten this one time passcode sent to me August 28th at 4:20 p.m., but I don’t recall entering this six digit code that they’re telling me that I entered. But from their records, it shows I entered the code and that it was all good.
It’s also possible that someone could have somehow gained access to your phone number or gotten that code themselves. Correct?
That’s what I am trying to explain to them. I just know that I didn’t enter this code.
So did you end up escalating this then?
I did. I escalated it three times and then I finally got a final response just saying that it’s really unfortunate, but we can’t get that money back. And they just kept telling me it’s the one-time passcode and that’s the reason why the money was sent out that I pretty much authorized it to be sent out.
I’m really sorry to hear that. Do you know how the people were able to get into your account?
I don’t know. I just have a lot of people just giving me different ideas of how maybe it could have happened. I had a conference in Vegas at the beginning of August and it was on the news that Vegas was having issues with scammers.
Was it an issue with people getting on public Wi-Fi and logging into their bank accounts?
That or people also told me that maybe somebody walked by my purse and scanned my purse, but people have told me that too, thinking it’s because of the Wi-Fi.
So I’m wondering, Charlene, how has this experience made you feel about the safety of your money? Have you thought about switching banks, anything like that?
I’m very nervous because it blows my mind to think that somebody can get onto your online banking and then move money like that without a signature or maybe voice recognition or something. I shut down my line of credit now and I’m kind of waiting to hear what’s going to happen, but I am really considering moving banks. I wish this almost happened on a credit card because I feel like credit card companies have your back more than the bank.
Yeah. Your story brings me back to a theme which is that fraud, scams, anyone can experience these things and it’s not like you followed a typical playbook of seeing a text message come through on your phone or clicking a link in email and entering your login credentials. You don’t know how someone got your information. It just exemplifies that you could be doing everything right and somehow people could still get your information and still get into your bank.
Yeah, exactly. August 28th was a normal day. I took my cat to the vet, went and got groceries. That morning, I checked my online banking just to make sure I had enough money to do everything. It just seemed like a normal day and then everything changed that evening when I got that email.
What do you think your next steps will be?
I’m not very hopeful, to be honest. It’s something that I just have to accept. And I mean, I’ve done better the last couple months, but in the beginning it was very difficult. I lost lots of sleep, missed some work. It was very stressful. And you feel like you’re the one that did something wrong.
Well, I’m sorry that you experienced this. I’m wondering if there’s anything that you would like listeners to keep in mind as they try to protect themselves and their finances online?
Yeah, I mean it’s so important to be checking your banking probably daily just to make sure everything is going as you think. Be very careful, I guess, on public Wi-Fi. I was actually just on a trip with my family to Mexico and so many people use public Wi-Fi. And I did in Vegas just to load my boarding passes.
I did not check my online banking. I know a lot of people when they hear me say that I was on public Wi-Fi in Vegas. I did not check my online banking, but I was on public Wi-Fi and I guess people can be sitting in that room and gain all of your information. So I don’t know. I don’t want people to be paranoid, but I kind of feel paranoid.
It might not be a bad idea in the year 2024 when if you’re on a public Wi-Fi network, someone who’s also on that can get into your device very easily. That’s the truth of where we are right now.
Yes, and I heard once they’re in, then they can be in there for a while. If I would’ve checked my online banking a day or two later, they could have seen me enter my codes. Yeah, it’s very invasive.
Well, Charlene, thank you for sharing your story with us today.
Well, thank you for hearing me.
Sean, this just makes me so sad and angry that anybody has to deal with this because it’s just not fair. It’s not a fair fight against these really savvy identity thieves.
It’s really not. And what’s so worrisome to me about Charlene’s story is that she still can’t pinpoint exactly how these criminals got into her account. Again, it just shows that this kind of fraud can happen to anyone, but as tempting as it might be to just throw up your hands and yell, “I give up,” that just feeds the beast and doesn’t do us any good.
Well, I’m looking forward to some advice on how to avoid all of this and anything that we could do to keep it from happening to us, to me, to my loved ones, and of course to our listeners.
Well, our next guest will walk us through some of what happens when you’re the victim of identity fraud and give advice on how to avoid it and recover from it if it does happen to you. John Breyault is Vice President of Public Policy Telecommunications and Fraud at the National Consumers League. That’s coming up. Stay with us.
John, thanks so much for joining us on Smart Money.
Hey, thanks for having me on the show. I really appreciate it.
So last week we spent some time explaining identity theft and the various ways that bad actors can steal our IDs from us. And today, we’re going to explore what they do with all that information once they’ve got it. So I’d like to start by asking you to explain maybe the difference between ID fraud and scams. We’re going to talk about scams in our next episode, but what differentiates the two?
Both scams and ID theft, we call fraud, right? It’s a crime where it involves typically a scammer trying to acquire information or funds that they can use for their own purposes. So identity fraud is definitely a subset of fraud overall, but it is certainly one of the biggest subsets.
So we know that, for example, the Federal Trade Commission every year puts out their Consumer Sentinel Data Book. It’s a compilation of millions of fraud complaints that they get from agencies and organizations like mine all over the country. And in 2022, which is their most recent data, they received 5.2 million fraud reports and the number one category that they heard about was identity theft. And so clearly this continues to be a major problem that the biggest enforcement agency out there is hearing about. Definitely identity theft is one of the biggest types of fraud, and one I think we continue to see consumers of every age level, every education level, every demographic be victimized by.
And when you think about specific ways that ID fraud and scams can manifest, what makes them distinct?
I think what makes each scam distinct is often, number one, what is the entry point for the scammer? Is it one where they have to interact with the victim, say by sending them a link that the consumer clicks on and then provides the data to the identity for the scammer that’s then used to commit fraud? Or is this something where the scammers can commit identity fraud really with no interaction with the victim at all?
We know, for example, that due to data breaches, that’s practically limitless information about almost every American out there on criminal forums on the dark web that can be used to basically commit identity theft as a service. With a few hundred dollars in Bitcoin, you too can hire an identity thief to do things like start bogus credit card accounts in your name or try and get healthcare benefits or unemployment insurance. These are all very common types of identity theft that’s out there, and that doesn’t require any of us to do anything.
So you touched on this a little bit, but John, can you give us a sense of what you’re seeing out there right now? What are some of the most prevalent forms of identity fraud in 2024?
Yeah, I would say some of the fastest growing types of identity theft is new account fraud. It’s not necessarily a new type of identity theft. We’ve seen scammers using information to create new credit card accounts for decades at this point, but certainly it is returning to its previous position as one of the top types of identity fraud. And it’s happening because the resources that identity thieves were devoting to government benefits fraud is going down. As those pandemic relief programs start to wind down, there’s less money for the identity thieves to steal. And so they’ve gone back to some of the tried and true types of identity fraud.
Is there anything that’s relatively new that consumers should know about that maybe they haven’t really heard about?
What we have seen over the past year has been a staggering increase in the number of data breaches attributable to what are called zero-day vulnerabilities. And if you’ve never heard of a zero-day vulnerability, that’s okay. Basically what it means is it’s a vulnerability that nobody else has identified. Think of it as having a key to a vault that nobody else has, and until the people who own that vault figure out that you have that key, they have no reason to try and solve the problem or change the lock.
So this could be something like a weakness in our phones’ operating systems that allows a bad actor to get into our phones.
Yes, exactly. It’s operating systems like Windows. It is browsers that can be hacked. It could be Microsoft Office. Really any software program can have a zero-day vulnerability. And so what’s concerning to us is just the increase in breaches that were attributable to zero days. It’s gone up. I believe the number that the ITRC cited was by more than 100% over the past 12 months.
Do we know why this might be? Is it that software developers are maybe pushing out code a bit faster than they should and they aren’t combing through for vulnerabilities? Or is it that hackers are really zeroing in on these vulnerabilities and trying to exploit them?
Well, I think that’s the $64,000 question, as they say. We have theories on how that is. One of the more worrying ones is that the scammers have learned how to automate their search for zero-day vulnerabilities using artificial intelligence. And if they’re able to search for these zero days at scale, a very low cost, that is scary because I think AI has revolutionized so many other facets of our economy and businesses and government over the past several years.
It definitely has the potential to do the same thing when it comes to fraud. I think many of us who work on fraud and identity theft on a daily basis, we are thinking of the potential of this as the same kind of potential for supercharging fraud and scams that we saw when the internet sort of became a technology that everybody was using. That’s the kind of scale of the threat that’s out there.
And so when people get notifications on their phone saying, “Oh, you have a new software update to patch a security vulnerability,” this might be something that is being addressed. Correct? And it’s important for people to actually update their phones regularly so that they are having the most secure software possible?
Yes. Cyber hygiene is definitely one of the lowest cost and easiest ways for consumers to reduce their risk of falling victim to identity fraud because once they are detected, the operating systems and browser makers are usually pretty quick to plug the hole. But that is often dependent on consumers paying attention to those little pop-up boxes that say, “Do you want to update your browser? Do you want to update windows?” And actually taking action. Definitely don’t wait to update. Make sure you do that because it really is one of the easiest ways to reduce your risk.
So, John, walk us through some of the ways that listeners can protect themselves from identity fraud. We heard last week about protections from identity theft. So let’s assume that the theft has already happened and now we have to react to prevent the fraud. What are some first steps here?
Well, number one, I would say act quickly. We know that identity theft is a crime that often relies on consumers doing nothing. If you know that your information has been compromised, take steps to reduce your risk. For many people, that’s going to start with freezing their credit report. All of the major credit reporting bureaus offer consumers the ability to freeze credit.
Number two, I would say try and limit the damage to the extent you can. For example, particularly if your primary email address has been compromised, that can be the entry point for scammers to take over lots of other accounts, your bank accounts, your social media accounts. So definitely change the password on your primary email account right away and turn on two-factor authentication as well to add an additional layer that the scammers have to get through. They’re going to try and use that entry point.
I would do the same for any financial accounts that you may have linked to that email account. In addition, call the banks and let them know what’s going on so that they can place fraud alerts on your accounts. And then finally, make sure and get a police report. Identity theft is a crime in all 50 states, but consumers, I think particularly if you start to see activity related to identity theft, having that report is often documentation that will be needed to get the kind of help from not just law enforcement, but also from banks and other entities that you’ll need.
I think, unfortunately, we know that local police departments aren’t always super excited to create those reports, so you may have to be persistent to do that, but definitely local police departments is the place I would start. And then work your way up to the State Attorney General and ultimately the Federal Trade Commission.
Related to what you were just discussing, let’s go a step further. So let’s say someone took your information and then fraud happened before you could get to it. Who should you really go to for help? Let’s talk about reporting it and starting to deal with the fallout of fraud.
Yeah. Once fraud has occurred, typically you still have rights. For example, an identity thief created a credit card in your name and started running a bunch of charges. You aren’t liable for that, but you’re going to need to take steps like have that identity theft affidavit and a police report ready to show to creditors who may wonder why you haven’t been paying your credit card bill that you just opened weeks ago. So definitely I would say getting those reports is going to be one key piece of information to have.
Also, call and talk to the entities who the identity thief is using in your name. Let them know who you are, what’s been going on, and see what you can do to address the fraud. Most of us don’t spend all day every day recovering from identity theft, but most of the financial institutions do have people who are devoted to helping you through that journey. But you’ve gotta keep records of that. Grab a notebook, create a little Word document on your computer, and start logging every communication that you have with those entities so that you can create a paper trail because you can’t just depend on them to know where you are in the process and to ensure that in one place they’re going to quickly try and use that information to commit identity theft in other places as well.
Earlier in this episode, I spoke with a woman who experienced a form of bank fraud. A fraudster got access to her line of credit, and her bank didn’t offer much in the way of resolving the issue. She didn’t get her money back. And I’ve heard other similar stories before. What sort of recourse do people in that situation have to try to recoup their losses?
Generally, if the consumer victim is not the one who is actually hitting send on the money transfer, whether it’s through a payment app or through a wire transfer from your bank, then you have protections under federal law as well as many state laws. So I think it’s important that if in a case like that where it sounds like the scammer got in because they were able to hack this woman’s credentials that she should have rights. Certainly if the bank seems unwilling to work with her, I would say your next stop should be the State Attorney General as well as groups like the Identity Theft Resource Center, which have great resources and help coach victims through recovering from these identity theft schemes.
Yeah. And your advice just there brings up the idea of jurisdiction. The woman that I spoke with was based in Canada, where they have different rules and regulations than we do in the U.S. So I think it’s important for anyone to be familiar with what laws protect them where they’re living, whether it’s in a different country or a specific state.
Yeah, absolutely. And I would say a great place to start that journey of learning what your rights are and what laws may apply is the FTC has a great website at identitytheft.gov where you can start to go through their checklist and create an identity theft recovery plan.
Well, one final question. I’m asking this of all the experts that we’re talking with for this series, so I’ll ask you too. Have you ever fallen victim to a scam or identity theft or fraud?
I definitely have. Fortunately for me, it wasn’t sort of life altering, but what got me interested in working on fraud was a trip I took to Jamaica on vacation where I was in a bar, which probably tells you the first thing that I wasn’t thinking very clearly, but one of the locals came up to me and said, “Hey, if you give me $20, I can get you cheaper drinks at the bar.” And I said, “Great.” And so I gave him the $20 and he turned around, bought some beers for him and his friends and just ignored me.
And I wasn’t about to start a fight with a bunch of guys in a bar in Jamaica. So I just said, “Okay, lesson learned.” Don’t always take what people say to you at face value and listen to your gut before you hand over your money. Unfortunately, in this country we have, when it comes to identity theft and being a victim of fraud, we often have this tendency to blame the victim.
And there’s a real stigma attached to being a victim of fraud. And we often use terms like, “You fell for a scam.” Or people say, “I can’t believe I was so stupid.” Or we use terms like, “pig butchering scams,” which suggest that somehow the victim is the one who’s culpable. I think that that is wrong. If I could have one additional message for listeners of this podcast, it’s show a little compassion the next time somebody tells you their fraud story and recognize that these are people who are victims of organized, multinational, very savvy criminals, and help them work through sort of this crime they’ve been a victim of and encourage them to report it.
Well, John, thank you again for talking with us.
Sara, one thing that I really want listeners to remember is that the cost of experiencing identity fraud can go well beyond the money loss, which of course can be significant. People who are victimized in this way often suffer mental health consequences. Many feel ashamed or like they brought this upon themselves. So like John said, if you’ve experienced a loss like this, get help. Yes, contact the FTC and your local police, but also think about talking with a loved one or a therapist who can help you process your emotions around this.
Yeah, know that you are not alone. You probably know people who have gone through something like this and you could commiserate with each other. The important thing is to receive nonjudgmental help from people who are on your side and will help you wrap your head around everything that’s happened to you, and you can come out the other side stronger and more determined to protect yourself in the future. Okay, Sean, tell us what’s coming up in Episode 3 of this series. I assume there are more horrors on the way.
Unfortunately, yes. Next week we’re going to walk into the lion’s den of the scammiest people on earth. Imposter scams, romance scams, phishing, vishing, all in the name of parting you from your money.
That’s what these scammers try to do. They try to rush you into making a decision by telling you something’s urgent or an emergency like the family emergency scam, where they’ll say, “Oh, this is your grandchild and I’m overseas, and I need you to wire money fast because I’m jail or in the hospital.”
Yikes. Well, for now at least, that’s all we have for this episode. Do you have a money question of your own? Turn to the Nerds and call or text us your questions at (901) 730-6373. That’s (901) 730-NERD. You could also email us at [email protected]. Also visit nerdwallet.com/podcast for more info on this episode. And remember to follow, rate and review us wherever you’re getting this podcast.
This episode was produced by Tess Vigeland. I helped with editing, Kevin Berry helped with fact checking, Sara Brink mixed our audio.
And here’s our brief disclaimer. We’re not financial or investment advisors. This nerdy info is provided for general educational and entertainment purposes and may not apply to your specific circumstances.
And with that said, until next time, turn to the Nerds.