I like to use this thing called the Internet. I use it for almost all my daily activities. It’s a wonder it doesn’t brush my teeth for me. However, online banking is something I never want to do again. With a few illicit clicks of a mouse, my bank account was wiped out by thieves smarter than you and I (unless you are the Thief, in which case, stop reading, I don’t like you).
Robbing me seemed as easily done as picking my pocket. I got two “phishing” emails, one from my so-called bank (TD) and another claiming to be CIBC (not really them). They arrived separately, weeks apart. I promptly deleted one of them, however, the other one looked legit. Curiosity killed my kitty. I wanted to read this email.
Then, I made another mistake. I clicked “Reply.” No, I did not give them my PIN or confirm my birth date (I save such personal information for Nigerian princes only). All I did was write, “In light of Internet fraud, phone your customers, don’t email.” Oh, the irony.
The bank called on a Saturday morning to verify I had made a gigantic withdrawal in the middle of the night: $21,355.46. As they described the movement of money from one account to another, my heart raced. The bank froze my accounts as part of an ongoing investigation and I lived without money for 11 days. That’s not fun. Other things that aren’t fun: closing your accounts, starting new ones, getting an affidavit notarized, visiting the bank branch every day, spending hours on the phone every day, notifying automated insurance and RRSP contributions, notifying every automated bill (including wireless, cable, newspaper delivery), informing my employers, getting new cheques…I could go on.
There are so many ways an Internet attacker can rob you: viruses, spy ware, Trojan horses. Internet browsing windows that are exact replicas of your online banking website can pop up unbidden. In the frenzy of multitasking, you could just click over and enter all your information only for it to be stored by the bad guys. In short, never open an email from the bank. Just delete. Never respond to spam. Never click a link to a bank website. Type the address in directly.
Fraud investigators at the bank and with the police are still trying to figure this one out, and I’m sure I’ll never know enough about technological vulnerabilities that I will ever fully understand what happened to me. Mark, my software friend, told me he once had his laptop stolen at knifepoint while he sat in a darkened café in Montreal. He was there late at night, sitting in a corner alone, and in hindsight, thought, “Maybe I shouldn’t have been there late at night, sitting in a corner alone.”
I hear you. I won’t make my mistake again, either.
“Online Crime” has been edited for FLARE.com; the complete story appears in the November 2009 issue of FLARE.