We all hear stories of identity theft and getting bank and credit card accounts hacked.

Unfortunately, in our online world it happens.

And it may seem like it can’t happen to you, that if you take all the precautions necessary it won’t happen…

I was like that, thinking it wasn’t going to happen. That I’ve done everything right. And unfortunately, it did happen to me. It wasn’t severe – my identity wasn’t stolen, but a good amount of money was on the line.

I think I got a little lucky, I didn’t lose anything and was able to get everything back to normal.

I’m going to share my story of what happened – how I knew it happened, what I did to stop it, and if there’s anything I could have done differently.

There’s lessons to be learned here, and hopefully there’s something that can be taken away.

How I knew I was being frauded

Data hacks do happen, heck it even happened a couple of years ago to Equifax, one of the credit report bureaus. Smaller ones happen on the individual level as well.

I found that out the hard way.

But how did I know something was going on? Well, I was at work on a Thursday afternoon, when I got this text message from Fido:

Text message alert from Fido
Ok then. That was definitely not me. I called the number right away.

After being on hold for about 10 minutes, I finally talked to someone at Fido and explained what was going on. He put me on hold as he tried to figure it out.

Unfortunately, my call got dropped – the fraud phone number transfer had gone through. I did get one last text from Fido just before – with a reference number to use when I call back.

Now without a phone, I tried to find a suitable number to call Fido back using Google Hangouts (the number in the text wouldn’t work without entering in an account number). While on hold again, I decided to check my personal email, and then I saw this:

TD account email alert
Now things were getting really scary.

Related: 12 Credit Card Mistakes You Can’t Afford To Make

The steps I took to stop the thieves

So how did I stop what was happening?

Well, forget about Fido, I’ve got bigger fish to fry – money is now at stake.

I called TD at the number listed in the email instead. What do I have with TD? A few things actually:

  • my primary chequing account,
  • a credit card, and
  • some investments.

While on hold (again), I decided to try logging into my online banking. I was unsuccessful but was able to get my account locked out while on hold:

TD email account was locked
Shortly after, I got through and the TD representative told me to head to the nearest TD branch and bring 2 pieces of photo id.

So off I went.

A visit to the local TD branch

Once there, I talked to a teller, told her what was happening and handed over my driver’s license and passport.

She entered some info on her computer, took a look at her screen, and headed to a phone in the back to make a call.

After a short while, I was put on the phone with a representative from TD security. Here’s what happened to my bank account:

  • They were able to add an Interac e-transfer recipient and attempted to send $2,997 out of my chequing account (almost the daily limit), and
  • 4 attempts were made to purchase an online order at Canadian Tire for about $950 using my .

Luckily for me, that’s where it ends. No other accounts of mine were compromised.

Once I got back home, I went and changed every password that has financials in it just to be safe. I even went as far as things like my Amazon account, which has a credit card stored on file.

Speed was key so no real harm was done

I acted fast enough that TD was able to stop the Interac e-transfer and the funds were returned to my account the next day. The attempted purchases didn’t go through either, so no harm was done there (as they likely wouldn’t have had the 3 digit csv).

I did have to get a new bank card (which I was able to do right at the branch), and my credit card had to be replaced. However, they mailed my replacement card to the branch, and I had to go pick it up there. I was also given a temporary phone and online bank codes for signing in.

TD also set me up with a verbal password that I have to use when making any transaction at a branch or when using telephone banking. Finally, my account was not able to send Interac e-transfers anymore but the next time I called into telephone banking I could get them activated again.

Related: Banking Packages With Free Premium Credit Cards

As for my phone? After I returned home, I called Fido back. After discussing things for a few minutes, I was told I had to go get a new SIM card. Once I had a new one, I had to call back and get everything switched over again (this call was almost an hour in duration).

During this call (I was on hold a decent amount of it), I reviewed every account in detail, and I saw no suspicious transactions.

At the end of the day, all I lost was some time. I feel like I was lucky though, this had the potential to be much worse.

What I could have done differently to avoid being frauded

So after all that, is there anything I could have done differently, looking back at everything that happened?

Honestly, I don’t think so. My passwords are all slightly different, and I made initial phone calls as fast as I could.

Is there something Fido could have done differently? I think so. When I got that text message, they could have an option to reply with a “1” for yes this is authorized or “2” for no. That could have saved a lot of problems right there.

As for TD, having that verbal password already in place would have prevented my account getting unlocked in the first place.

4 lessons learned from my fraud tale

There are some lessons to be learned.

1. There are benefits to brick-and-mortar banks

While online banks are very popular – as they charge no fees, and/or don’t have minimum balances to maintain – being a part of a brick and mortar bank was incredibly helpful, as it made identifying myself easier.

2. Ask more questions so you can learn from your mistakes

I never did ask the TD security rep how this could’ve happened and learning how my account got unlocked.

This may have helped me better secure my accounts in the future, since I could have a better idea of where my weak points were. I know I was quite relieved at the time and didn’t take a minute to think of everything I should’ve asked.

3. Storing money across multiple institutions diversifies your risk

I also have different banks for chequing and savings accounts, and this possibly prevented me from losing money (or having more money transferred out), as there was only one account for someone to try and send money away.

If, worst case scenario, they had managed to take out every last cent in my account, I still would’ve had some breathing room until I was able to get everything settled.

4. Keeping up-to-date with my transaction is a good defense

I also use mint.com to track all of my spending. Every couple of days, I can log in to Mint, and they can download all of my transactions on all of my bank accounts and credit cards, and I can see if there’s anything suspicious.

While I was waiting at the bank, I was looking it over to see if there were any unauthorized charges made to my account (there weren’t any, and haven’t been since the incident).

Now I switched bank accounts

One last thing I did? I’ve switched to the Scotiabank Ultimate Banking Package for my primary chequing account. I still have the other products with TD, but this will help spread the money around.

But the big reason I made the switch to Scotiabank? They offer free credit score monitoring from Transunion. I asked the TD security rep if it was at all possible that my SIN number could have been viewed by the thief. I was assured that it wasn’t viewable and there was no way they could have gotten it.

Now, I have a direct link to Transunion, and once a month I can check my credit score and file to see if anything suspicious is happening. This is yet another precaution I can take to sleep a little sounder at night.

Related: Debit vs. Credit: Which Card Is Better?

Your stories

There are lots of other stories, mine is just one example.

Have any of your accounts been compromised?