How I got robbed for $10,000 (see also: Wells Fargo has ZERO SECURITY)
So, last week my Wells Fargo checking account got robbed for nearly $10,000 because Wells Fargo has ZERO SECURITY.
Note: My account was not hacked. Rather the criminals used "social engineering" against Wells Fargo employees to rob my account.
Here's how it all happened:
1- At 12:57 PM a bad actor called up Wells Fargo Customer Service, and successfully had the phone number on my account changed. He simply told the worker that, "I lost my phone and got a new one." Which right there should have been suspect enough, because when you get a new phone, YOU TYPICALLY KEEP YOUR OLD PHONE NUMBER.
This was the point at which all security broke down.
2- Later that day, at two separate locations, someone went into a Wells Fargo bank with manufactured fake checks. One for $4900 and the other was for $4920. These were obviously fake checks. I've seen them. They look fake as hell.
The teller took the checks and "called the issuer" to verify I wrote these checks. Except see above. They had changed the phone number on my account, so the teller calls the fake number and the person answers saying, "Yes, I'm Brad Allison. I wrote those checks, please pay them." So the teller writes on the checks, "OK'ed by issuer" (or something like that), and hands over the cash from my account.
This happens twice. Once for $4900 and again for $4920. The person(s) knew what they were doing because the total is under $10,000 and they knew for under $10,000 no one would do anything (see below).
So that was the scam.
3- Now let's talk about Wells Fargo's COMPLETE LACK OF SECURITY. Wells Fargo does not support Multi-Factor Authentication via apps like Google Authenticator or Authy or something like that. Instead Wells Fargo online banking supports 2FA (two factor authentication) where they send a code to your cell phone number.
Problem is (see #1 above) anyone can just call customer support and have the phone number on your account changed, thus bypassing any 2FA security you have on your account.
Again, Wells Fargo has ZERO security.
Now let's talk about all the red flags that were ignored. Any of these red flags should have been enough to stop this from happening.
Red Flag #1
The check numbers on the manufactured checks matched checks I wrote in 2019 that has already been cashed. Why on Earth were they allowed to cash a check using a check number that had already been cashed? That should have been enough right there to flag these checks as frauds.
Red Flag #2
When the teller looked up my phone number to call and "validate" that I issued the checks why was there not a red flag on the account noting that the phone number had just been changed earlier that day? That should have been a HUGE red flag to let them know something was wrong.
Red Flag #3
These checks were cashed in San Diego, CA. I live in South Florida. BOTH checks were cashed in CA. That should have been a HUGE red flag something was wrong. Even the fake phone number was registered to Hialeah, FL. The teller could have looked that up and seen something was wrong here. Why would two checks be being cashed for cash, in San Diego, when the owner of the account lives in South Florida?
Now on to our next issue: No one gives a shit.
Here's all the evidence I have:
1- I have the fake phone number they used (the person lives in Hialeah, FL).
2- I have the images of the fake manufactured checks which were cashed.
3- I have the images of the original real checks from 2019 for contrast.
4- I have the exact branch numbers and locations (Wells Fargo Banks) for where the checks were cashed (you would think they could pull the videos)
5- I have the exact names of the people who cashed the checks.
After getting all this information working with the branch manager, I went to the police and gave them all this information the day after reporting it. A couple days later I came back to give them some additional information, and the clerk who was looking up the case says to me, "Oh this is an informational case." I said, "What does that mean?" She says, "It means we took this information but it's unlikely anyone will get assigned to the case." She then says, "Also, the crime took place in San Diego. We don't have jurisdiction to pull the video tapes there."
Then she says, "Plus the bank has a Fraud Department who handles all this. They will do the investigation."
So I'm just baffled. We have all the information on who did this, and the police don't care.
And as far as I can tell, the bank just put the money back in my account and that's that.
No one cares. The thieves just get away with it, and no one seems to care.