Announcement

Collapse
No announcement yet.

Oh hell...

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Oh hell...

    This might also fit in MiM for mom's job. Very recently, the accounting system at her work was hacked. She works at a religious education community for a local college.

    The other night, she gets a voicemail on her cell phone from Voldemart asking about a large purchase She's never set foot in Voldemart and there isn't even one nearby. What little info she was able to glean was that the order was made using her name and phone number, different email and mailing address (but same state). I wish the rep could have given us all the information, but she wanted the credit card that was used which mom didn't have as she didn't place the order! Said order was put on hold, luckily. We should have recorded that call for our own records if nothing else.

    Following this, there were multiple random purchase attempts on everyone's "company" credit card before someone had the revelation to stop trying to dispute things and simply shut it down, but not before concerns arose that whoever got into the payroll system has everyone's info (SSN, etc).

    The office "manager" seemed quite unconcerned about the hack and the fact that someone had mom's cell number...she pawned it off as "gee maybe [boss] had to give contact information for anyone who had a card here." Mom never got any direct communications from the bank, just Voldemart. Communications from the bank were secondhand through the payroll manager (one of the few people there with a brain).

    State law requires any organization that holds consumers' personal information (this may also apply to payroll/accounting departments) must immediately report a data breach to the state AG's office. There was a milder occurrence of this last summer, and again nobody seemed particularly concerned and it was not reported to anyone.

    Now she's concerned that her personal cards are at risk, and by extension my information as we have a joint bank account for the household. My debit card was already ganked over Thanksgiving.

    I told her to put a fraud alert on her name immediately (and look into a credit freeze, she may not need a police report) and she's going to report it independently to the AG and police as she is now directly involved via the Voldemart order. We still don't know which card was used, but it had to be one that had her cell phone for a contact number and IIRC she did not have to give that to the bank that her work uses so that stands to reason that it was one of her personal cards. I'm going to re-up the fraud alert I had and file my taxes as soon as I possibly can just in case.

    I suspect that this is all tied to the Equifax breach; while there's no way to prove anything, it just seems to make sense.

    We did NOT need this right now
    "I am quite confident that I do exist."
    "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

  • #2
    That is always scary, and I am amazed that management seems to be so laissez-faire about it. How does the office 'manager' dismiss it as "Oh, somebody just needed contact info" when huge orders were being made?? (If I understood the story correctly ...)
    Customer service: More efficient than a Dementor's kiss
    ~ Mr Hero

    Comment


    • #3
      Since she works for a 'religious institution' they think they're exempt from a lot of things (like she's still classified as a 1099 employee even though labor law says otherwise)...I think the office manager was really clueless about what had happened and thought that the call mom got was from the bank. Even still, the contact phone would be the primary account holder (office or boss) and the bank would not have hers and has no reason to. Another failure of this place is that one card number is shared among all the staff--there have been occasions where mom has gone to buy food and the card was declined because one of the admin staff bought a plane ticket and someone else forgot to pay the bill.

      I told mom to file a report with the AG about the payroll breach (which the payroll manager confirmed so someone there knows about it) and the police regarding the fraudulent order that used her information.
      "I am quite confident that I do exist."
      "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

      Comment


      • #4
        Mom filed a police report as three more of her personal cards were compromised...one wasn't used per se, but there was one attempted Venmo charge followed quickly by two payments to the card from a BoA account that neither she nor the bank knows anything about. Further digging revealed that that BoA account may well be an OLD company credit card account that was closed because it got hacked but somehow is still open--either it was never closed, or whoever got into the system was able to reopen it. So the perps are using that card to pay down mom's card so they can use it...luckily she turned that company card in the very day she was told it had been compromised (a year ago) and no longer has dealings with any of the accounts there. My concern is that if they realize the old account still exists they may try to find a way to "prove" that since the payments were going to a personal card that she was the one making them.

        She's talking to the AG tomorrow, and I'm going to print off the email chain that she forwarded me (essentially proof that a breach occurred, even though the payroll manager now says nothing like that ever happened).

        Looks like we're well down this rabbit hole whether we wanted to or not...she wants to be very careful that any complaints against them can't be traced to her as the boss may be looking for a reason to let her go (woman in a Jesuit community who--unlike the two office ladies--is liked by the guys and doesn't like quietly going along with bullshit).
        "I am quite confident that I do exist."
        "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

        Comment


        • #5
          Credit cards at least give you some protection when stolen/compromised. My DH used our check card (ATM/debit card) to pay for an on-line purchase. Boy was I pissed, I couldn't believe I had to explain to him that if someone got a hold of the check card number they could steal all our money in the checking account and we'd be fracked. It's possible, I guess, to get your money back...if you don't mind waiting months on end.

          Got a fraud flag on one of the tech's credit cards at work, someone tried to order a Cricut machine on-line using his card. Techs don't do arts and crafts. Since the purchase didn't go through the bank didn't do much investigating, wish they'd have at least gotten the address or city/state the thief wanted the machine sent to. OMG talking to the woman in the fraud dept at the bank though accents are awesome unless you're trying to make a fraud report and you cannot understand the woman asking the questions.
          Last edited by Cia; 02-21-2018, 02:49 AM.
          Figers are vicious I tell ya. They crawl up your leg and steal your belly button lint.

          I'm a case study.

          Comment


          • #6
            Well, said tech could be on a joint account with a crafty type or be buying a gift.
            "Crazy may always be open for business, but on the full moon, it has buy one get one free specials." - WishfulSpirit

            "Sometimes customers remind me of zombies, but I'm pretty sure that zombies are smarter." - MelindaJoy77

            Comment

            Working...
            X