SAN DIEGO (KGTV) — A woman from San Diego is explaining how she fell for an elaborate bank scam in hopes of warning others.
San Diego native Tara Cornett is a small business owner and runs Flame Decon, a company focused on soaps and body wash to remove carcinogens from firefighters after a fire.
“They all have ingredients in them that are working with the activated charcoal,” Cornett told ABC 10News in January.
For Cornett, every dollar is important. She said the scam started with a text from her bank.
“It was asking me if I had made this $1,000 transaction,” Cornett said.
Right after she typed “no,” she received a call from what she thought was her bank. The supposed bank representative said over the phone that someone attempted to use her credit card and also take out a loan on her account.
Cornett said the man told her they were going to cancel her card and get a new one sent. “Let me check your account and get this resecured,” Cornett recalled the man telling her.
He said he would send her push alerts to verify her account. Cornett received and accepted them, but then she started to see red flags.
“I get these notifications through to my email that he was talking about,” Cornett said. “It's a few different email. One of them says someone's been added to your account and another one says that your loan has been approved. Suddenly I was like, this isn't adding up.”
Cornett eventually hung up and called her bank directly. It turns out that a loan was taken out in her name for $6,000.
“It's terrifying, absolutely terrifying. As a small business owner, who truly cares about the community that I serve, I don't pay myself a whole lot. I don't have the money to take on a $6,000 loan right now,” Cornett said.
Nikolas Behar, a professor of cybersecurity at the University of San Diego, listened to Cornett’'s interview with ABC 10News and assessed how he thinks this happened.
“She’s most likely been a victim of identity theft. It sounds like they had a lot of information on her and they were able to call her on the phone, they were able to log into her account, [and] they were able to take out a loan,” Behar said.
He explained some of her private information was likely already available, probably through some type of previous data breach. Behar believed the scammers already had access to her account and needed her to accept the bank’s push alert to complete the transaction.
Cornett thought she did her due diligence and searched the phone number she got the call from to make sure it was the bank.
Behar said you can’t rely on that.
“It's relatively easy to go out and either spoof a number or get an 800 number and add… the caller as a bank’s name,” Behar said.
His best advice if you ever receive a call is to “hang up and call the bank the number on the back of your card.”
Behar also suggests a physical password manager to add an extra layer of security for your online accounts.
Fortunately, a few days after Cornett’s interview with ABC 10News, Cornett said her real bank’s fraud department was able to refund her money.
She has made changes since this happened including freezing her credit.
“The fact that this happened to me, I feel like it can happen to anybody because they [are] just getting too good,” Cornett said.
Cybersecurity experts said you should still sign up for your bank’s push alerts because it will let you know if there is suspected fraud, but call the bank directly if you have any concerns.
