jeresig · August 7, 2008 05:37
diff --git a/How to get Free Credit Scores b/How to get Free Credit Scores
 How to get Free Credit Scores:

 Just after midnight on August 5th I got an email from, what appeared to be, 
 Bank of America telling me that there was a problem with my account - that
 some transactions had been flagged and that I needed to investigate them.

 I get these notifications from time-to-time but they're usually accompanied
 by a phone call - that did not occur in this case. Of course, I also get
 similar emails form phishers, I was quite skeptical. But not wanting to
 be affected by the real case I logged into Bank of America (never click
 the links in the email, never copy-paste the URLs - always type in fresh)
 and saw no alerts waiting for me. I was quite confused - either this was
 in error or it was a phishing attempt.

 I returned to the email and noticed it provided a number. I dialed in and
 while I navigated the menus (sounding quite legitimate) I searched online
 to see if the phone number was a genuine number, or not. I found a number
 of pages, written by concerned individuals, who were certain that the
 number was run by phishers and that their identity was already stolen. It
 was at this point in the phone call that they asked me to provide my 16-
 digit account number. I immediately hung up.

 Fast-forward to the next day. I'm flying across the country and I get a
 voicemail. I check it and it's the last 2/3rds of an automated message
 telling me that there were some bad transactions with my Bank of America
 account. I figured, at this point, there were one of two things going on:
 1) The phishers saved my phone number and were now calling back (the
    number was listed as being 'Unknown').
 2) This actually was Bank of America calling and something bad was
    happening to my account.

 Once I made it back on the ground, and to a computer, I logged into Bank
 of America - to find an actual alert waiting for me. I called the phone
 number that they provided and talked with a representative. Apparently
 they had been notified, by a third party, that my debit card number was
 found and that they were immediately closing my existing debit card and
 were issuing me a new one. I was fine with this - a reasonable course of
 action. They also recommended that I go back through my transactions to
 see if I could spot any that looked suspicious. However they could not
 give me a start date for when this theft may have occurred - only that
 it had.

 After this I decided that it was about time that I investigate my credit
 status more. I signed up for my free, annual, credit report that the
 government mandates (annualcreditreport.com) and started to poke around.
 Nothing was out of the ordinary, which was good. No credit score is
 provided, which is a bit of a downer.

 The next day I check my mail to find a letter from Wells Fargo. Puzzled,
 I opened it. I had tried to use them last year for an international
 transaction but, ultimately, was unable to. They were writing to notify
 me that:
  "a third party data provider had notified us that a Well Fargo
   access code was used to gain unauthorized access to your
   personal information."

 So now we know where the leak came from. But it continues:
  "This data may have included your name, address, date of birth
   social security number, driver's license number, and credit
   account information."

 I'm not concerned about the first three points - anyone can find those.
 And the credit account is obvious (since Bank of America contacted me).
 But the SSN and Driver's license parts worry me - I don't remember ever
 providing that information to Wells Fargo, but I will have to call them
 to find out for sure. Hopefully they will be able to give me a date for
 the exact breach, as well.

 Wells Fargo provided me with a free account
 "IDENTITY GUARD(R) CREDITPROTECTX3(SM)"
 account - which is something that I've been meaning to do for a while
 (get some sort of identity monitoring set up).

 On the plus side this service provides me with my credit scores. Huzzah
 for free credit scores!

 ----

 Just want to mention: As far as I know my debit card wasn't used
 maliciously, at all. It was just found "in the wild" and was reported as
 such. I am, however, worried about my Social Security Number being
 widely available. I'd like to avoid that whenever possible.
	How to get Free Credit Scores:

	Just after midnight on August 5th I got an email from, what appeared to be,
	Bank of America telling me that there was a problem with my account - that
	some transactions had been flagged and that I needed to investigate them.

	I get these notifications from time-to-time but they're usually accompanied
	by a phone call - that did not occur in this case. Of course, I also get
	similar emails form phishers, I was quite skeptical. But not wanting to
	be affected by the real case I logged into Bank of America (never click
	the links in the email, never copy-paste the URLs - always type in fresh)
	and saw no alerts waiting for me. I was quite confused - either this was
	in error or it was a phishing attempt.

	I returned to the email and noticed it provided a number. I dialed in and
	while I navigated the menus (sounding quite legitimate) I searched online
	to see if the phone number was a genuine number, or not. I found a number
	of pages, written by concerned individuals, who were certain that the
	number was run by phishers and that their identity was already stolen. It
	was at this point in the phone call that they asked me to provide my 16-
	digit account number. I immediately hung up.

	Fast-forward to the next day. I'm flying across the country and I get a
	voicemail. I check it and it's the last 2/3rds of an automated message
	telling me that there were some bad transactions with my Bank of America
	account. I figured, at this point, there were one of two things going on:
	1) The phishers saved my phone number and were now calling back (the
	number was listed as being 'Unknown').
	2) This actually was Bank of America calling and something bad was
	happening to my account.

	Once I made it back on the ground, and to a computer, I logged into Bank
	of America - to find an actual alert waiting for me. I called the phone
	number that they provided and talked with a representative. Apparently
	they had been notified, by a third party, that my debit card number was
	found and that they were immediately closing my existing debit card and
	were issuing me a new one. I was fine with this - a reasonable course of
	action. They also recommended that I go back through my transactions to
	see if I could spot any that looked suspicious. However they could not
	give me a start date for when this theft may have occurred - only that
	it had.

	After this I decided that it was about time that I investigate my credit
	status more. I signed up for my free, annual, credit report that the
	government mandates (annualcreditreport.com) and started to poke around.
	Nothing was out of the ordinary, which was good. No credit score is
	provided, which is a bit of a downer.

	The next day I check my mail to find a letter from Wells Fargo. Puzzled,
	I opened it. I had tried to use them last year for an international
	transaction but, ultimately, was unable to. They were writing to notify
	me that:
	"a third party data provider had notified us that a Well Fargo
	access code was used to gain unauthorized access to your
	personal information."

	So now we know where the leak came from. But it continues:
	"This data may have included your name, address, date of birth
	social security number, driver's license number, and credit
	account information."

	I'm not concerned about the first three points - anyone can find those.
	And the credit account is obvious (since Bank of America contacted me).
	But the SSN and Driver's license parts worry me - I don't remember ever
	providing that information to Wells Fargo, but I will have to call them
	to find out for sure. Hopefully they will be able to give me a date for
	the exact breach, as well.

	Wells Fargo provided me with a free account
	"IDENTITY GUARD(R) CREDITPROTECTX3(SM)"
	account - which is something that I've been meaning to do for a while
	(get some sort of identity monitoring set up).

	On the plus side this service provides me with my credit scores. Huzzah
	for free credit scores!

	----

	Just want to mention: As far as I know my debit card wasn't used
	maliciously, at all. It was just found "in the wild" and was reported as
	such. I am, however, worried about my Social Security Number being
	widely available. I'd like to avoid that whenever possible.