Security expert on $12k stolen from Pennsylvania man’s account: ‘A human should have called and verified’

Seth Kaplan

December 7, 2023 at 8:39 PM·5 min read

HARRISBURG, Pa. (WHTM) — Scott Zeiders thought his problems were solved when his cell phone started working again almost as quickly as it mysteriously stopped working.

Instead, the worst — by far — was yet to come.

“I drove home. My phone was working,” said Zeiders, who lives in Highspire. “Next day, I wake up, I see $12,000 wired out of my bank account at Wells Fargo.”

The longer version of what happened to his phone, Zeiders said, is someone logged into his Xfinity Mobile account using his username and password — he said he guesses someone got the information on the “dark web” of stolen information from other data breaches, although abc27 News couldn’t independently verify that.

How much of Pennsylvania is covered in woods and farmland?

Once in the account, he says that person changed his SIM card number — essentially, the number that associates a phone with a phone number — to a different number; they took control of his phone so his calls and texts went to them.

Then, he says, someone logged into his Wells Fargo account and initiated an $11,975 wire transfer. He says the bank sent a text message with a numeric code to his cell phone — a practice called multi-factor authentication, or MFA — and that code had to be entered to proceed with the wire transfer. The problem was, the code went not to Zeiders but to the person who stole the cell phone number, who — he says — entered it, and then the money was gone.

Zeiders said — and showed a message from the bank confirming — the bank tried to claw back the money to return it to Zeiders, but it couldn’t get the money (which had already been withdrawn from the destination bank) and thus couldn’t return it to him, which he says shocked him: The point of a bank, he says, is to keep money safe.

“I had no idea that I wouldn’t get the money back,” he said.

Zeiders blames Xfinity, whose parent company is Comcast, for not doing more to prevent the SIM card number from being switched and Wells Fargo for not doing more to prevent the wire transfer.

Based on Zeiders’s account of what happened, Jonathan S. Weissman, a security expert and principal lecturer at the Rochester Institute of Technology Department of Cybersecurity, agrees.

He says multi-factor authentication should be a requirement, not an option.

“The fact that companies today are not requiring multi-factor authentication for accounts allows attacks like this to happen by simply stealing a password or getting a password from a previous data breach,” Weissman said. “For a major configuration change like a SIM card, there have got to be multiple layers of protection to verify that the account user is the legitimate account user.”

“Our teams are investigating, and we’ve reached out to Mr. Zeiders to discuss this matter as well as safety measures to protect his account from ‘bad actors,'” a Comcast spokesperson said in a statement.

Did you know Pennsylvania is spelled ‘wrong’ on the Liberty Bell and Constitution?

The company doesn’t require MFA but encourages it with a series of security tips. Many companies have struggled to strike an optimal balance between making online accounts easy for legitimate users — but difficult for criminals — to access.

Wells Fargo did require an extra layer — the code sent to Zeiders’s cell phone number — but that wasn’t enough, because the phone number had been stolen. Zeiders, a retired truck driver, says the transaction was highly unusual and should have raised a red flag; Weissman agreed, based on Zeiders’s account.

“Even with verification through multi-factor authentication in text messages, for something of this magnitude, a human should have called and verified because this was anomalous behavior,” Weissman said.

Zeiders said Wells Fargo told him it is attempting to set up a conference call with him and Comcast to learn more about how his phone was compromised before the bank makes a final decision.

“We are continuing to work with the customer on this issue,” Wells Fargo said in a statement. “When a customer files a fraud claim, we conduct a thorough review. In some instances, such as this specific claim, additional information may be required for us to complete our investigation.

“Scams are an industry-wide concern,” the statement continued, “and we never want to see anyone become a victim. We are actively working to raise awareness of common scams to help prevent these heartbreaking incidents through various resources, including ongoing education efforts.”

The bank said bank customers bear some responsibility for preventing fraud. An example of when a customer — according to the bank — could be out the money permanently?

“We want everyone to know that if you provide someone remote access to your computer or mobile device that enables them to access your bank account and remove funds, you may be responsible for those transactions,” the statement said.

The precise tactic used by the fraudster to access Zeiders’s account remains unconfirmed. More tips from the bank are below.

Toddler hit, killed by train in Cumberland County

Zeiders had another source of hope: $15,000 of identity-theft protection under his Farmers homeowner’s insurance policy. But he said the company denied his claim, before later paying him $250.

“After a thorough review of the facts of this loss, we have issued payment to our customer for the portion of their claim that is covered by their policy,” Farmers said in a statement.

The company didn’t elaborate, but insurance companies generally have strict definitions regarding what constitutes identity theft, as opposed to other monetary crimes.

Zeiders is holding out hope the bank will restore his losses after it learns more about the case. Otherwise, his last hope is Pennsylvania’s Victims Compensation Assistance Program, or VCAP.

Wells Fargo provided these additional tips:

Be wary of unexpected calls, texts, social media posts, or emails from scammers impersonating tech support companies, financial institutions, and government agencies.
Don’t trust caller ID. Scammers can “spoof” legitimate numbers.
Never give control of your computer to anyone who contacts you.
Don’t share personal information. Never give out passwords, PINs, or access codes.
Don’t be afraid to end communication with the person who contacted you and take time to research what that person is telling you.
If you’re concerned about your computer, call your security software company directly using the number on the company’s website.

For the latest news, weather, sports, and streaming video, head to ABC27.

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Six quarterback situations to worry about & three that are on the precipice | Zero Blitz
Jason Fitz, Charles Robinson and Frank Schwab talk about which quarterback rooms concern them and which they find interesting heading into the 2024 NFL season.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Golf’s moment of truth is here, and the sport is badly flailing
Nonexistent negotiations and missed opportunities for reconciliation between the PGA Tour and LIV Golf have the sport stuck in place.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
The Cheap Seats: Fantasy baseball mailbag (with one key fantasy football question)
Fantasy baseball analyst Scott Pianowski answers your pressing questions in his latest mailbag as we head toward the end of Week 6.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Finance
Recession-proof stocks are leading the market's latest leg higher
The Utilities and Consumer Staples sectors have popped since mid-April as investors search for value.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Security expert on $12k stolen from Pennsylvania man’s account: ‘A human should have called and verified’

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Six quarterback situations to worry about & three that are on the precipice | Zero Blitz

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

Golf’s moment of truth is here, and the sport is badly flailing

2024 Fantasy Football Mock Draft, 1.0

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

The Cheap Seats: Fantasy baseball mailbag (with one key fantasy football question)

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Recession-proof stocks are leading the market's latest leg higher

These 3 stocks are poised to benefit from the massive energy transition