ID Theft Recovery: Banks Play Key RoleMass. ID Theft Victim Says Local Branch 'Really Helped Us Out'
Identity theft strikes thousands of people every day, but victims' stories are rarely told. Tom Wilkinson, a 52 year-old Massachusetts man who had his identity compromised, shares his story about financial losses and recovery. "I never realized how big a problem this was," Wilkinson says. "I think that if more and more businesses were aware of this, they could stop this."
Wilkinson says his wife fell victim to a phishing attack, and several months passed before the couple noticed their online banking transactions were not going through. Automatic bill payments were turned down for insufficient funds, and checks were ordered and mailed to locations the Wilkinsons did not recognize. At one point, the fraudsters tried to wire a $40,000 line of credit from the Wilkinsons' account. "We had no idea how we did it," Wilkinson says. "It was just a nightmare for us. It puts you in a terrible place, and you don't know what to do."
In this interview, Wilkinson explains:
- The role his bank and the Identity Theft Assistance Center played in his identity theft recovery;
- The personal impact of the experience; and
- Ways the financial industry could do more to help consumers.
Thomas and Cheryl Wilkinson, both 52, live in Pembroke, Mass. Thomas is disabled and has been unable to work since 2008. He formerly worked as an institutional stock-trader in Boston. His wife Cheryl is a homemaker.
Phishing: The Route of ID TheftTRACY KITTEN: ID theft: It's something we talk about quite a bit in the financial-services space, but we rarely get to hear the other side of the story, the consumer's side of the story. Today, we hear Tom Wilkinson, a 54-year-old Massachusetts man, who had his bank account compromised after a phishing scam.
KITTEN: Tom, could you give our audience a little background about what happened, and how your identity was actually stolen?
WILKINSON:Well, we do quite a bit on the computer, we do billpay, etc., and my wife noticed that some bills weren't getting paid. They came back saying - I don't know the exact scope of it; but we had a bounced check, and there were some issues when she did go online. The account wasn't correct; it wouldn't let her sign in, and that's when we found out that (our) identities had been compromised. And we had no idea how we did it. We even had a computer expert come in, and we thought something was wrong with our computer. We were doing something wrong. It was just a nightmare for us.
ID Theft Takes Months to Clean Up
KITTEN: How long ago, Tom, was this? When did this happen?
WILKINSON: I want to say around four months ago.
KITTEN: And do you know now when the account was actually compromised?
WILKINSON:Yes. I think it was the beginning of the summer. And I believe that somebody got my information by posing as our bank online. I guess the term you use is "phishing," and it asked that my wife update her account information; it asked her for sensitive information, her Social Security number, her passwords, etc.
KITTEN: So, you think it may have been a couple of months after the breach occurred before you actually identified the fact that your information may have been compromised?
WILKINSON: Oh, no doubt. Because, actually, the people involved had checks sent out, believe it or not, to Hawaii, and we live in Massachusetts. It was only found out when they asked for the second batch of checks. So, I still don't know the full impact of just how much or how far ahead they were until they were caught.
ID Theft Affects 'Every Part of Your Life'
KITTEN: When and how were your bank accounts breached, and what was the overall impact on your identities?
WILKINSON: Well, it was terrible, because you hear about these things and you don't pay that much attention. But you just feel violated, and it affects every part of your life. I'm disabled, so it's hard for me to get out and go down to the bank. I'm kind of physically limited to the home. And then you find out that someone can go into your account and move money around, and try to get checks and have checks sent out -- I did actually physically see a check cashed for $2,900. They traced my name, so they had copies online to look at the way I sign my name. It was a place in Indiana. It was terrible. And then I have one credit card and it's tied in to the bank, so I couldn't use my credit card. I couldn't pay. I have monthly billpay electronic deductions that I couldn't use. And as I said, I'm disabled, so I have electronic money coming from my Social Security, and that account had to frozen and stopped. So, it just really sets your whole life back and makes you really look at just how vulnerable you are, if you don't have proper protection.
KITTEN: Now, you mentioned your bank accounts were shut down. Were new accounts open, such as credit cards?
WILKINSON: Yes. The new accounts were shut down, and the new credit cards. And the best thing we had was this identity-theft recovery, and it was a blessing. They walked us through everything, as far as putting alerts on accounts, etc. I don't know what we would have done without them. Because this had never happened to us before. I didn't know what to do and how to go there. And then, also, how do you live without access to your money? And how far does it go? We had no idea how they got in. It took us about a month before they finally figured out it was the phishing. The you say, "What about other accounts? What about brokerage accounts? What about savings accounts?" And you just don't know where to go. We had some work done on the house, and we wondered, "Was it workers?" And it puts you in a terrible place. You really need help.
ID Theft Recovery: Bank Played Key Role
KITTEN: Once you identified that there was a problem with your bank account, I'm assuming that you notified your financial institution. What steps did your financial institution take to help you combat the problem, or to put you in touch with entities that could help?
WILKINSON: Well, they were great. They immediately told us not to worry. They put a team together of dedicated people who called us all the time. The people down the street, at our local branch, really helped us out. Anything we needed, we could come today, to override everything. And they put us in touch with this Identity Theft Recovery Group (Identity Theft Assistance Center), which got us on our credit cards to block any new things. They told us about passwords, the things to watch out for, and they really started educating us. I never realized how big a problem this was. And I think that if more and more businesses were aware of this, they could stop this before it happens. And so I can't say enough about this identity theft group that really walked us through, and really got us going and mitigated the damage to us. They just gave us more peace of mind, in knowing that eventually we are going to get this straightened out.
Businesses, Merchants Should Play Role in ID Theft Alerts, Consumer Protection
KITTEN: Now, you mentioned businesses, Tom. Were the accounts that you had, were they business accounts, or were they personal accounts that you had breached?
WILKINSON: They were personal accounts, but I guess my point is that if, and I'm not an expert, but if the business we ordered checks through had a little better system in place, we might have been able to catch this a little sooner. And I'll give you a quick example. We never ordered checks directly from our institution; we ordered them elsewhere. But, we haven't ordered checks in four years, and then somebody out of the blue calls up and orders the checks, and then, "Oh, by the way, don't send them to our address of record in Massachusetts, send them to Hawaii." So, I think that the businesses can do better, either by having somebody more dedicated who reviews the accounts or farming it out or doing something, because that would have been a huge red flag. All that would have taken was one phone call or one e-mail, and we would have said, "No, we didn't do that."
Life After ID Theft
KITTEN: So, has that changed some of your habits? Are you now going to be ordering checks just from your financial institution?
WILKINSON: Yes, we are. And, actually, we're not going to even have checks mailed. I would never have anything, such as checks, sent to through the mail to my mailbox. I would go pick them up. So, we are changing a lot of our things. We are really protecting our passwords. We are keeping on top of things -- we check our credit score more often and we see if there are any moves. So, we have definitely been educated by the identity theft recovery people.
ID Theft Prevention and Consumer Education
KITTEN: Now, you mentioned that your financial institution helped you quite a bit, and then of course, I know that you have worked with the Identity Theft Assistance Center, which also you have noted as being very helpful. But, where or how could either one of those entities have done more?
WILKINSON: I think the whole thing is just that you want to educate consumers about prevention and the red flags. The same can be said about the businesses. They could be more proactive in making sure that they are doing everything that they can to protect their customers and catch this sort of thing before it happens, or before it gets this big. In my case, they caught it just in time. The thieves actually tried to move $40,000 from a credit line into my checking account, and they had the checks. If they could have cashed it, or gotten access to that, that could have been a huge issue. So, I think that businesses could align themselves with somebody that would be more proactive and preventive.
ID Theft: Cleaning Up the Mess
KITTEN: Now, you noted that the compromise occurred sometime at the beginning of the summer, and then you didn't identify the compromise until about four months ago. Are you still recovering from the losses and cleaning up the messes that you suffered from this breach?
WILKINSON: Actually, we are just about are all set on that. A lot of it has to do with not realizing how dependent you are on your accounts. And then having to go to the bank and change your account number, and go down to Social Security and say, "This is my new card, so you can't send this money here anymore, you have to send it here instead." Paying bills online, you have to go in and change all that. You have to change your brokerage accounts, your stocks, your savings, your 401(k), everything. We are finally digging out of it, but it's a tremendous amount of work you have to do, if you are so dependent on just one account.
KITTEN: You've noted that it actually has changed some of the ways that you interact with your financial institution, and, in some ways, the way you handle your personal accounts. What about your lifestyle? How has the incident impacted your lifestyle?
WILKINSON: Well, we're very careful. We used to just believe everything that you receive. Someone has your e-mail, it must be your institution. It must be someone you trust. Now we are very wary of anything we receive on the e-mail. We are wary, I hate to say it, of people coming in to work on our house. Our credit cards -- we have taken pictures of all of them. We've opened up a safety deposit box, to store things so we don't just have things lying around. We have definitely changed our whole lifestyle and the way we look at things. I never realized identity theft was such a problem until this happened to us. And if it happened to us, then it could happen to anybody. I never realized that this was such a big problem. And I would imagine it's an even bigger problem for businesses, because I would assume that they would be targeted more.
KITTEN: Before we close, Tom, what advice could you offer to financial institutions, when it comes to dealing with consumers like yourself who have had their identities stolen and their accounts breached?
WILKINSON: My best advice is I would go to your financial institution, and directly ask them, "What is the best that I should do to protect my identity? What red flags should I be looking for?" And I would get educated and just know how vulnerable you are." Have they done anything to protect you?