I Too Have been Invaded by Russia

There’s another reason I haven’t written of late — I’ve been dealing with a little identity theft fun.

Tuesday afternoon I signed into my Yodlee account to checka few things, and noticed that my bank accounts hadn’t updated.  For the uninitiated, Yodlee is an account aggregation service, essentially a cool little online app that tracks all of your accounts in one place.  Banking, brokerage, mortgage accounts, even rewards points.  At some point it merits its own post, but you can click here for a more detailed description.

But back to my bank accounts.  Yodlee was telling me that my bank accounts wouldn’t sync due to a password issue.  So I went to my bank website, attempted to sign on, and lo and behold, my password didn’t work.  In lieu of access to checking and savings, I saw a scary little screen pointing me towards a phone number, which I promptly called.

I was informed by Fraud Services that a logon to my account was performed from Eastern Europe, specifically Russia, and based on that they shut my access down entirely.  It’s a pretty scary thing to hear, if you haven’t had something like this happen to you.  Fortunately, all account balances were in order and no fraudulent transactions had occurred.  According to my bank, the typical process is for thieves to garner the information and sit on it for several months before acting, to make the trail a bit blurrier.

So on one hand, you feel vulnerable and insecure that there was a breach.  On the flipside, you recognize that your bank noticed it at the moment it occurred and took some degree of action.  After having my identity and background vetted better than some VP candidates, I was walked through the process of setting up entirely new accounts.  A few random and specific thoughts and pieces of advice:

  • I was told by my bank that this was most likely spyware-related.  I keep a pretty clean computer, but it is very much possible this is true.  I even found and removed a pretty nasty trojan several months ago, so it could have been related to this.  I swept my computer with multiple spyware programs and will do so more regularly than I had been.
  • On the whole I was rather impressed by the way my bank handled things, even getting capable and seemingly concerned humans on the phone to work with.  But, why hadn’t they made an attempt to call me?  Would that have been so hard?  Or shoot me an email.  I did receive a letter in the mail within a few days, but I would think that time is of the essence.
  • While all balances and Billpay setups transferred over to the new accounts, I do have to get new account numbers to the companies where I have direct deposits and auto-withdrawals set up.  They will continue to push these transactions from the old account numbers for 60 days.  Fair enough.
  • As a precaution, I have changed passwords to every frigging account I have online.  This, my friends, is a time-consuming process.  For starters, websites like to bury the place where you change your password.  Somewhat understandable.  Also, since I do use Yodlee, this means I have to change each password in two places.
  • I have an updated pen-and-paper list of all my new passwords, which I will keep in a secured location.  I will probably go about the trouble of changing the major user name/password combos twice a year.  Seems like a sane thing to do.

Another word about Yodlee, since one of the reasons some are afraid to use the service is that it puts all of your passwords in one location.  Yes, this is true, but keep in mind that I learned about this event through Yodlee.  Put simply, I had a security breach and learned about it faster than I ordinarily would have because of Yodlee.  Had the breach involved a website I don’t check as often, i.e. my mortgage or even a credit card account, it would have been even more helpful.

About these ads

3 Comments

Filed under finance, General

3 responses to “I Too Have been Invaded by Russia

  1. It’s always fantastic to see real-life examples of the Yodlee value to help people stay on top of fraud! Thanks for your support.

    ..Jordan, Yodlee, Inc.

  2. Wow– thats pretty scary. I too am a yodlee user, and this will serve as a notice to me to check my accounts more than once a week. Glad you resolved that without suffering any loss. (other than time and headaches :)

  3. SBR&R

    I do consider myself fortunate to have caught it within 24 hours. And boy, was it time-consuming. It probably took close to 4 hours to change all of those passwords, but that’s really something worth doing twice a year. It’s sort of the online equivalent of a yearly physical — so easy to not do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s