Before I get to today's topic I wanted to say thank you to everyone for your lovely comments on my last post. A special thank you to Julie Dyson, who mentioned a poem called October's Bright Blue Weather. I looked the poem up and it was lovely. And Marie asked about our dogs. She was confused because she thought we only had one. We actually have two dogs, and they are sort of "his and her" pets. I'm the person who belongs to Fergus the Westie, and my husband is the person owned by Jenny the wiener dog. Fergus gets very jealous if I mention Jenny on my blog, so that could be why you hadn't heard about her before.
Now for the serious stuff. If you aren't interested in the details surrounding what happened with the breach of my online banking please feel free to scroll down, and there will be a few pictures that have nothing whatsoever to do with crime.
My online banking was broken into early in August. The bank caught the fraud while it was happening, immediately stopped online access to my accounts, and phoned me. This was all good. They also immediately deposited back the amount that had been stolen. That was also good. But this is where the good stopped and the bad started, at least in terms of the bank and their response.
In that initial phone call alerting me to the fraud I was told my account was accessed on the very first try of the password, and that meant I had to have malware on my computer. They told me I needed to take it in to a professional to have the computer completely wiped. Several phone calls with the fraud department later they reluctantly agreed that it would probably be okay if my son-in-law wiped it rather than someone at a big box store, but they weren't very happy about it. They wanted a receipt proving it had been done. And here's the scary part. I was told that if I didn't wipe my computer and the fraud happened again I would be on the hook for any funds stolen. Gulp.
I took my computer into Anton, and he had a very good look at it. His verdict was there was almost no chance it had malware. Also, he said the malware that would be required to do what the bank claimed had happened would have to be very sophisticated. Probably not the kind of thing you pick up downloading knitting and sewing patterns.
While he had my computer, and about two weeks after the original bank fraud, we got a phone call late one night from an RCMP officer in a nearby community. He had recovered a stolen car that day, and in it was a cell phone. And on the cell phone were pictures of my driver's licence, bank debit card, and my two charge cards. He said the person who stole the car was definitely the person who broke into my car that day back in July when I was at Teapot Hill. It was a drug addict, well known to the police, and it was the second car he had stolen in the past week.
When an addict breaks into your vehicle they are after one thing. Cash. They have two ways of getting that cash. One is taking whatever money you happened to have in your purse. The other is by selling the stuff they find when they break in. And one of the things they sell is your ID. They get a couple hundred dollars, and someone who knows how to use your ID hits the jackpot.
Yes, I had immediately cancelled my bank cards and my driver's licence. But unbeknownst to me, when the bank reissued my client card they gave me a card with the same number. It never occurred to me to check. It never occurred to me they would be stupid enough to do something like that, especially since I told them I needed it replaced because it had been stolen. And here's the thing. That client card number is the user name for signing into online banking at my bank. I might have noticed when I next logged into my account, but I wasn't logging in from my computer since I didn't have it. I had downloaded the banking app onto my phone and since it was new had to enter the number. I didn't have anything to compare it to.
So the thief had my user name for my account. They also had all kinds of information about me. They had my address, birth date, my husband's full name, all from what they stole that day at Teapot. And here's where it gets really icky. Anton told me that what they then do is Google you. And, of course, the first thing that would come up would be my blog. Which meant they also now had my email address. The bank theft was connected to the theft that day at Teapot!
In an attempt to keep this post from becoming book length, I'll shorten the next part and just say this. After multiple calls with the fraud department, and several visits in person to the bank, this is where things stand. It turns out that after reviewing the sequence of events (the bank keeps a record of every call, every time you log in, where you log in from, etc.), what I was told in that very first phone call was not even true. They had not got in on the first attempt. They actually tried to log in eight times, no doubt trying passwords they thought were obvious using information they got off my blog (I'm sure Fergus was one of the tries!). They did not succeed.
Then they phoned the bank. And this is where I get a little mad. Well, actually quite mad. They managed to impersonate me and get the email address to my account changed. Within a minute they then changed the password, and they were into my banking. Seriously. The bank apparently let them change my email address over the phone. Yet they had placed the blame squarely on me and my computer, saying it had to be malware. And told me if I couldn't prove I had dealt with it and my account got hacked again I would be held responsible. Just typing this out makes my blood boil.
I have asked for a written statement from the bank saying it was not my fault. What I would really like is a statement from them saying it was all their fault. They reissued a card with the same client card number. They let someone change my email over the phone, knowing that all one needs is an email address to change a password. They never sent a notification to my old email saying the email address had been changed. And this is from one of Canada's largest banks. Which is why there's no point in asking them to admit wrongdoing. It's a David and Goliath story, only this time I'm afraid there's no way of slaying the giant. I'll be happy just to have something in writing absolving me of any responsibility, so if my account gets broken into again I won't be out the money.
If sharing this story saves even one other person from going through what I have it will have been worth typing it all out. If you have ID or banking cards stolen, don't let your guard down just because you've cancelled them all. And don't expect that a bank will do even the basic steps necessary to protect you, in spite of the fact that they have billions of dollars and a whole team of security experts. I'll let you know if and when I get the letter from them stating that what happened with my account was not my fault. Now, on to more pleasant topics.
Here's Lucy heading off to her first day of preschool. She suddenly looks very grown up.
Here's sweet little Oliver, modelling the Gingersnap sweater I knit for him. Ravelry details can be found here.
And Ella with her Granny's Favourite sweater, which was a late birthday present. I can see why there are over 1200 of these little sweaters posted on Ravelry. It was fast and easy to knit, and looks very cute when worn. Ravelry details here.
I'm headed to Victoria this weekend for a knitting adventure. Details will be in my next post. I'll sign off for now with this picture of the light on a spider's web, taken today on Teapot Hill. Light, nature, crafting, friends and family. These are the things I want to focus on.