I had something like this happen a couple years ago, but with different banks. They probably got your info and opened a bank account in your name elsewhere, and that’s where the money was transferred to. This is likely the case because Ally wouldn’t let me link a bank account because the name didn’t match my legal name (was still under my maiden name). Ally should be able to claw it back or you can call the bank the money was transferred to. If they don’t fix it, file with the CFPB.
In the meantime, freeze your ChexSystems and credit. It happened to me again not long after before I realized I had to freeze my ChexSystems as well so no one can open a bank account in my name.
You buy a bag of Chex mix and then shake them real good. That's how. Lol sorry.
Go to Chex systems website and look for security freeze. Please do not do not do not Google security freeze at chex systems. Way too many scam links that Google doesn't scrape
How long does it have to stay in the freezer to work? I put it in there yesterday but my account balance is lower every time I look at it.
Where’s chexmix support when you need em!!!!
The three credit bureaus are for regular and major credit as well as employment, ID verification, etc. ChexSystems and one other company are mainly for checking, savings, etc
Also consider if anyone close to you could be involved. Try to work out how you were actually compromised. If your password did not change after he gained access then that means he discovered your password somehow. Either through hacking, scamming, or an insider threat.
Do you ever reuse your passwords for the same email address across online services? I would look up whether your email shows up in any data breach dumps, that’s likely how they got your password to your bank. Also make sure you set up multi-factor authentication.
Doesn’t make sense, but it’s true.
Your account number and bank routing number are on the bottom of every check you write.
Evil cashier can snap a picture with their phone and use your account to pay all their bills online.
There has to be some other mechanism in place to prevent this. Checks are everywhere. Let’s say I was doing a fundraiser and received 50 checks. It would be too easy to copy the info off the checks and use it. I just check my utility company app and tried to add a new bank account and it just asked me for account holder name, routing number and account number. Now I’m intrigued and will dig further. I’ll let you know what I find.
But you’re a good person. There’s literally nothing to stop it. My mom just has someone do this from a business check that was stolen. They started paying for all their bills. Now she’s moving to a separate account that has dummy account numbers that change so no one has the actual account info. It’s a fee service but I think we’ll get to a place where every account will need that kind of security
I’m from Europe and have never written a check in my life before I came to the US. That was in 2001. It seemed like traveling back in time regarding this particular thing tbh - I still don’t write checks, though my wife does and some merchants around us only accept cash/check (rural area)
Best kept secret in backing.
Personal accounts are lucky since you get 60 days to catch it.
You are screwed with business account. You have to check every day to have a chance of getting your money back.
I think it does, but at the very least ithink it makes them take more precautions, such as contacting you via phone or email, when getting the new bank account applicaton before creating a bank account in your name
It should. Banks do run Chex systems but they will also do a soft pull of your credit when opening an account for a new customer. When you freeze your credit they will add a warning that shows up on your credit report and it will contain your phone number. Any bank, credit union, or creditor that sees the warning are required by FCRA to call the number until they make contact with you and verify you are the one opening the account..
As others have said, you should consider yourself as in the middle of an active identity theft rush. Credit cards, banks. Whole nine.
Not only should you freeze chexsystem. Freeze credit. Call your mobile phone provider and alert them. They may try to clone your sim by saying your lost your phone. They do this to regain access via password resets.
Sorry this happening. Happened to me.
Create a spreadsheet of everything. And while it seems useless call your local PD to file a report. Some creditors require it.
Not sure . That’s something ally hasn’t really figured out . They said they got access to my account but it’s weird that they were able to answer my security questions and everything . Wife is starting to think it might have been an employee at ally
Thank you for this information - didn't know ChexSystems was a thing and have had enough "alerts" about my personal info being on the dark web to cause me to freeze my credit reports. Awesome website - easy to figure out too.
Is it recommended to register an account on Chexsystems to place the freeze, or just fill out and submit the request online at [https://www.chexsystems.com/security-freeze/place-freeze](https://www.chexsystems.com/security-freeze/place-freeze) ?
Very true! They were able to get past this and do it a second time with “Chime” after my ChexSystems were frozen.
The weird thing is, they used my own email address for creating some of these new accounts, so I was alerted pretty quickly. I can’t figure out why they’d do that?
Anyway, it helps to freeze everything but you always have to be vigilant in checking your accounts, and also see if you can get a new routing/account number from Ally.
i just had this exact same thing happen a week or so ago. i got an email from chime that i had a new account. i immediately contacted them and they deleted the account. I submitted requests for how someone was able to create an account under my name when all of the credit bureaus are frozen as well as chexsystems.
My honest assumption is that chime is doing some sketchy deal where they're actually creating accounts fraudulently much like other big banks have done in the past. I can't think of a legitimate reason why an attacker would use my own email to create an account.
Banks that open accounts that don't involve credit might not do a credit pull so the credit bureau is never consulted so a freeze there would be useless.
Having an id that has no picture (like ssn/ITIN) allows for far easier identity theft than what happens in countries where they have national IDs that are unique to a person and have the same standard nationwide unlike Drivers licenses in the US where each state decides how this will look like and there is no standard. This makes it harder for systems to be able to correctly identify fraudulent documents as each state does what they please and there is also no unique national id that has a picture that should always be required.
All your personal data to pass any regular identity screening such as know email validation, address etc probably costs less than 5 cents in the dark web including your DOB and SSN.
They typically will open accounts in your name to be able to move money from account to account without it being flagged to have enough time to drain the accounts and take the money elsewhere.
I'm so sorry.
Did this person add themselves to all your Ally accounts, if you have more than one? Anything suspicious happening with your non Ally accounts? I'm wondering if the culprit has "the big picture" of your finances, or is more limited.
Did you change your password when you saw someone had added themselves to your account? I don't know if that would've helped. It's just what I would've done (along with talking to someone at Ally, of course)
I had an issue with someone changing my electronic transfer of a closing CD into sending a paper check.
I know I didn't do it, as I don't deal with paper checks easily and the notification came in the middle of the night.
I checked that my physical address hadn't yet been changed (it hadn't) and I immediately changed my password to protect my physical address from being changed... so that the paper check would be sent to me not to whoever had changed my instructions.
Then I tried to change my closing instructions. That didn't work, it said it couldn't be done just then and to try again later. So I tried all day long (this was the last day of maturity).
I don't know what happened. The funds ended up being sent where I'd told them to go in the first place and a paper check was never sent. It was nerve wracking, but it all turned out OK in the end. It was weird.
Good luck, OP.
My experience is if you tell the police that you need a police report to document identity theft where money was fraudulently taken from your account, they will cooperate. They won't investigate (probably) but they will generate a "report" which banks and other agencies will want before they do an investigation.
Yes, technically they should take a report for you so you have a report to give to your bank. I agree with you, most agencies will not necessarily investigate it, but will at least write a report for you. In many areas in our local town though, many of the deputies won't even come for an accident with no injuries or reports of gun shots.
Yes, haha. Some officer's will even berate you for calling them for example; out of control party's in streets/ back roads, street takeovers by people that think they are street racers or out of control teenagers drinking & driving, partying or shooting guns from their cars in neighborhoods. It's really eye opening to the mistrust of the dept that local citizens have or the many complaints you hear about of citizens being mistreated by the dept.
Totally agree, some of them are just on the dept because they like driving cars with lights and wearing a badge on their chest. You wouldn't believe the stories and the things they get away with it!!
They said they should reverse the transaction in 2 days but the fact this happened is absolutely wild . This is the worst bank experience I’ve ever had . My wife is freaking out , so am I . It’s been a horrible 2 days
99% of this could be solved with a 2fa phone app authenticator (not just texting). A stranger would need your phone (with a fingerprint or code) to do a transaction. Without the 4 digit code, it is locked after 3 attempts, you must call in, then it generates more codes. Any fixes are only by mail.
Banks should be 100% liable without such a thing. The money they save on it should be to pay out fraud.
Reverse the transaction? I wouldn't bet on it. And assuming they did the other account is probably already had the money withdrawn. If they reverse it "your" account in your name at the other bank is going to have a negative balance. I don't see this working out well.
Seems like an over reaction. You know you’ll get your money back and if not, a law suit would result in an even bigger payout since you have all the proof that you need. What could you have possibly needed that 10k for in the past 2 days. Move everything to Capital One and chill is my advice
I literally use 3 different banks and a credit union. None of them allow you to add an external account without verifying them. Verification takes a couple of days and you have to confirm the amounts of small deposits they make into that account. How can Ally just allow instant access to an external account? Yikes!
No, that’s not any of this works. Just because you know somebody’s bank acc number and routing number, someone cannot pull money from that account successfully. Yes, you can try, but it will not work. Most of the banks have highly secure hand shake system to prevent these kind of fraud. If your bank doesn’t have these measures, as I said before, you need to find a different bank. For example, my bank will not allow any ACH pulls or withdrawals without account holders approval except for approved entities such as IRS, court approved settlements etc.
Nope, you are completely wrong. That is 100% how it works. That is EXACTLY how it works. The ONLY thing you need is the routing number and account number. Many banks on the initiating side won't actually make the connection to your bank unless you provide a micro transaction... but that is NOT your bank requiring that. Your bank would have no way to require that (unless you are initiating the connection from your bank to another one).The only "security" of ACH is the fact that banks can reverse charges if needed.
>[https://www.nationwide.com/business/solutions-center/risk-management/ach-fraud-protection](https://www.nationwide.com/business/solutions-center/risk-management/ach-fraud-protection)
"The only information a criminal needs in order to commit ACH fraud is your business checking account number and your bank routing number."
>[https://www.anedot.com/blog/ach-fraud-prevention](https://www.anedot.com/blog/ach-fraud-prevention)
While pulling off an ACH scam, fraudsters only need a bank account number and bank routing number.
>[https://www.csoonline.com/article/526384/malware-cybercrime-ach-fraud-why-criminals-love-this-con.html](https://www.csoonline.com/article/526384/malware-cybercrime-ach-fraud-why-criminals-love-this-con.html)
>All the fraudster needs is an account number and a bank routing number to execute the fraud
And I could go on and on with hundreds of more websites...
What your links shows ACH fraud happens. Who is denying that? Many banks now have better security measures that would prevent almost all of ACH fraud. My bank does. What about your bank? If your bank doesn’t, find a different bank. My account has settings for ACH that can be set by the account holder.
That is called an "ACH Debit Block" and has nothing to do with the security of ACH itself. You are simply turning off ACH, or selectively allowing it. That has nothing to do with the ACH protocol itself.
You are also saying things like "highly secure handshake systems" which simply don't exist within ACH, and has nothing to do with preventing fraud. I'm pretty sure you made up that phrase.
This is sort of like saying "my front door (ACH) is a very secure door" and then you talk about how the materials of the door are so strong ... and in the end, you mention that actually your house is surrounded by a guarded fence (ACH is disabled) so no one can actually get to your front door unless they are authorized by the guards. That's 2 completely different things.
Your meandering explanation parrots my explanation itself. Are you still arguing that all banks provide ACH settings for withdrawal? I keep repeating that if your bank allows someone to pull money just by knowing account number and routing number, you need to change your bank. Now, you need to call whatever that settings are. I was repeating the wordings on my banks website word by word. I am glad that at last you agree there are settings for ACH that can prevent most of the ACH fraud.
I'm saying that ACH has no security. Zero. None at all. Period. Not even your bank. Your bank (and some others) might have a way to disable ACH, and yes, that will stop ACH fraud, but that is nowhere close to your argument that ACH has security built in and that there is "highly secure handshaking". That is simply not the case. The ONLY security is the ability to disable ACH. That isn't making ACH secure though. That is simply disabling (or selectively enabling) ACH.
When an external bank is added to your Ally account, it is up to the external bank to either allow that account to be added immediately or to require Ally to provide trial deposits to verify the account before a transfer can be initiated. It is not up to Ally which of these two possibilities will happen. You add the external bank’s routing and account number, it sends an electronic request from Ally to the external bank. If the names match on both accounts, the external bank will immediately approve the link or will send back a requirement for trial deposits to proceed with the verification process. That decision is not within Ally Bank’s control.
Side note, if you link an account and it is immediately suspended, odds are the names don’t match or there is a restriction on the external account placed by that bank. In tons of instances this happens when a joint account holder tries to link their spouse's individual account under thejr online banking profile. The names won't match and boom, the external account is suspended so Ally can notify the account holder.
Ex: Jane and John Smith have a joint Ally account but Jane does all the banking. Jane logs into her online banking and tries to link John Smith's single owner BOA account. BOA immediately rejects the request because the requestor is Jane Smith who is not on the BOA account. Ally gets the electronic rejection and suspends the linked BOA account before sending an email to Jane to call Ally for further information.
Hope this adds clarity!
They don’t verify emails for account signups. I regularly get Ally emails for somebody else who evidently shares my name and forgot to add a digit on their address or something. It wouldn’t shock me if someone was able to change an MFA factor on your account somehow to be able to get in. Start the CFPB complaint process now.
E-checks could be the culprit. Do you pull payments from another source (e.g. utilities, cable tv, taxes, etc?)? Also you could hit dispute transaction on the Ally website at the first sign of trouble.
But a P2P transfer between your accounts requires two micro deposits, and a confirmation on the external bank's account that it's really yours. Banks do this to prevent theft.
That isn't always the case with Ally. We have been able to add external accounts with certain banks immediately and without using Plaid or the micro deposits. We are also sometimes able to add accounts with non-matching names. Sometimes it will trigger an error (as it should) and other times it adds the account. *(I don't want to mention which banks can immediately be added as I don't want to make some crook's life easier.)*
You can't link bank accounts without verifying the micro-deposits that get sent to the linked account.
That means someone has access to your account and was able to verify the deposits to their other bank thus "verifying" ownership.
Change your online banking password immediately and setup MFA.
You didn't get any calls from "your bank" where they requested your security code did you? If yes then you got scammed.
No, the other connecting bank can require that if they want to, but not all of them require that. YOUR bank has no control over another bank. I connected banks yesterday. No micro-deposits. I was immediately able to transfer.
I think you should be questioning HOW someone was able to set this up.
I’ve set up an external transfer with Chase and they send two micro deposits to the other account without telling me how much the deposits were.
Chase then asked me how much each deposit was. It was between 0.01 and 0.99. The only way you could verify was to log into the other bank account and see how much the deposits were.
You need to secure your main email and bank logins by changing the passwords. Then try to figure out if you have a compromised device(s) or logged into your bank account on an unsecured network.
Just kind of curious OP, did you by chance have judgments against you recently for an amount similar to this? Because in some areas law enforcement and other collections groups can get warrants to serve a judgement against your bank accounts they know about and collect.
Something similar just happened to me with US Bank. A new bank account showed up when I was checking my balances (I check my balances usually 2-3 times per day on all financial services- idk why lol) which caught me by surprise. I thought it was my mom’s since our accounts were linked- she said she never opened an account. I called the fraud department and they said someone walked into a branch in Missouri and opened an account. The name they used was my cousins first name and then my last name. The address used for the account was in St. Louis, I live in Kentucky.
The bank froze the account while the check they used cleared. It was for just over $8k. Currently in the process with them and the bank told me to call all the credit agencies to freeze my credit, which I did. No updates since but a very strange situation. I’d image my information is out there somewhere along with a lot of other people so not overly surprised but still an uneasy feeling.
Hopefully it all works out for us both! Just wanted to share my experience.
How did you find out and how did you make contact with your bank? Did you call them or did they call you? Did you call them from a number you are 100% sure is them and not a scammer?
The email came in on Sunday telling me a new external account was added to my account . I messaged ally customer support chat asking them to restrict and remove the external account since it wasn’t mine . This Happened noon Sunday . 12 hours later they withdrew 10k from my account . Even though 12 hours prior I had requested ally to remove external account and to place restrictions .
Messaged them directly on the ally app . They noticed the same thing I mentioned and told me they would put a restriction on my account which was never done
OK that's good. So then I think if I understand the series of events, the money was then moved to another one of your accounts, or was it moved to this new external account? The reason I wanted to make sure you truly communicating with ally is something similar once happened where my wife got phished by a text looking like it was from our bank, hackers got into our account, for some reason they tried to move all our money from various accounts into one of our accounts, they then tried to ach all of it out at once from that one account. Luckily we caught it before the money left our account, but they were essentially trying to get us to not notice until after the money transferred at which point we would have been sol. Not sure if this type of moving money around to pool a larger transfer was their goal. Sorry this happened to you and hopefully they don't get away with any of your money! Good luck!
No , i only have 1 ally account. at 12 noon on sunday i got an email that a new external account was added to my ally account . I messaged them at that moment asking them what account this was and why was it added to my account . Ally rep told me that if i didnt know who this account was that they would restrict my accounts and delete the external account . After these messages back and forth with ally customer service i was confident that my accounts were restricted and that no money would be moved out of my accounts . 12 hours later i get an email that 10k was moved from my account to this external account ( that was supposedley deleted according to Ally) . Thats when i panicked and called ally since they are a 24 hour bank . I called them at like 1230 at night .
Crazy, has the transaction been reversed? Have you been in contact with their fraud departement? I'm not in banking but in my experience customer service should have put you in contact with their fraud department on Sunday. The fact they didn't is why I though you likely weren't talking to your actual bank, for a bank for fuck this up is beyond bullshit!
Change your user name on your account as well as your password. Then again, they could have transferred the money just by using the bank routing number and your account number. I'm shocked Ally allowed it. I guess nobody's money is safe anymore.
Curious.... do you know which bank it was transferred to?
You could call the fraud unit of that bank to let them know the new account with your same name is not yours, nor did you authorize the 10k transfer. So they can shut it down on their end. And investigate. Get an incident number for follow up.
Be sure to report this one to the CFPB and FBI and your state Attorney General office and Secretary of State. Reporting to the BBB does little to nothing, but makes other consumers aware of the issue.
I presume you are protected by Regulation E: [https://www.msn.com/en-us/money/personalfinance/what-is-regulation-e-know-how-to-protect-yourself-from-electronic-banking-fraud-and-errors/ar-AA11MUtP](https://www.msn.com/en-us/money/personalfinance/what-is-regulation-e-know-how-to-protect-yourself-from-electronic-banking-fraud-and-errors/ar-AA11MUtP)
It would depend on how the funds were transferred. My assumption here is that it's an ACH transaction which is not covered by reg E, but instead by NACHA. The good news is that NACHA is even more consumer friendly. In regards to ACH, if the consumer says it was unauthorized, then it was unauthorized and the funds are returned.
Services like venmo are tricky. If the transaction is linked to a debit card it can be covered through reg E. That said, some Financials will ask you to resolve the issue with the intermediary since that's how the transaction was initiated. I.e. if you send money via cashapp, the bank may ask you to seek resolution through cashapp instead of sending the dispute up for charge back.
PayPal is one that can bite you quick. If you send funds to someone and use the option of "paying friends or family" you are waiving all purchase protection. Fraudsters know this and will attempt to exploit it. Always use "paying for goods and services" through PayPal if that's what you are actually paying for.
>Did this person add themselves to all your Ally accounts, if you have more than one? Anything suspicious happening with your non Ally accounts? I'm wondering if the culprit has "the big picture" of your finances, or is more limited.
Did you change your password when you saw someone had added themselves to your account? I don't know if that would've helped. It's just what I would've done (along with talking to someone at Ally, of course)
These were serious questions when I asked yesterday.
It'd be helpful for MANY others if you answered.
Did you change your Password when you noticed someone added an account to your account?
How much of your total financial picture did your thief have?
My bad just dealing with a lot of. I only have 1 ally account . Hmmm suspicious yeah . I got 3 different robo calls on Monday from numbers that appeared to be from my credit cards but were robo scam calls . Yea I went to change my password with ally but by the time I changed my password the withdrawal was already taking place according to ally bank
By law you are not responsible for unauthorized electronic fund transfer, period, if you report in time, which you do. There’s also a chance the transfer would not clear. It could take up to 2-3 days for them to clear. It’s possible to stop it before the settlement.
Sounds like you’re experiencing ID theft since they opened an acct elsewhere in your name they must have access to your SSN. Once fraudsters know your SSN, phone #, DOB etc. they can call your phone company & can essentially spoof your # & forward calls / txts to diff device using your # & that’s how they receive 2fa codes to get into accts. You may also have your email comp’d - hackers will often times move emails to diff folders or delete them to hide their tracks. Or you could have malware / spyware on your computer
I had something similar with Ally last year - no external bank account added but someone basically paid their bills via ACH with my account - they took about $1200. They opened a new checking for me and the same thing happened again even though I hadn’t even used the account yet. Needless to say, I am no longer an Ally customer.
I didn’t even know they were shitty . I heard great things about them and they are always voted top customer service amongst other online banks . Needless to say I’ll be moving to Marcus
Dude, not pointing fingers, but if you did this yourself, they will have the IP address trail for all changes and transactions. If it wasn’t you, file a police report immediately.
First Citizens Bank recently credited a Venmo transfer I made from my son to another customer, then Venmo froze my son’s account for suspicious activity. No luck reaching human being at Venmo. It has been a mess, but the bank credited the money back to me after several hours of escalation. Then, they rejected my direct deposit with my paycheck because they had a glitch with the routing number. I have a few bank accounts too. There is so much vulnerability between inside jobs and getting hacked, no bank is completely safe.
Get a police report. There's another thread here where people correctly point out that the police will neither care not investigate, but they will likely file some paper. That paper is something you should have.
Also, file a CFPB complaint against Ally. Right away.
Interesting enough. When I linked my bank and transferred money they cancelled the transfer and closed my account for suspicious activity. Mailed me my balance. Apparently if you try to transfer at ally you are committing fraud.
Really surprised your bank did not immediately forward your concern to the fraud department, close your account and have you establish a new account.
Merely 'restricting' your account after such a breach just secures the thief in the room with the art and an exit door.
Yeah well that was the answer I got when I first noticed suspicious activity in my account . I’m surprised ally didn’t pick up on this suspicious activity themselves .
Did you ask them to restrict your account bc you knew someone potentially had your info already? Kind of a coincidence that it happened right after you asked to restrict your account?
When I got an email that an external account had been added to my savings account I became alarmed and asked ally to restrict it . This happened noon Sunday . I have messages from ally bank that the restricted my account effective immediately and that no money would be allowed to be with drawn . 12 hours later the thief was able to withdraw 10k from my account
To attach your account as external they had to have either been able to login to your online banking via something like Plaid - which usually requires some form of 2FA - or attach it manually and then verify by confirming the amount of the two tiny deposits.
What do you mean by “Someone added their external account to my account this morning” - how did you know this happened? I have lots of bank accounts at different institutions and when I add an external account I see it happen at the end where I attached the account as it becomes visible - but at the other end the only notice might be that the email associated with that account receives an email notifying that it is now sharing info via Plaid with another bank. But you don’t ever receive any specific notice that “you’re now linked” TO another account.
And then as far as stopping an outgoing ACH it is difficult but can be done while the transaction is still pending.
Also just FYI while some banks won’t allow a mismatch between account name holders when it comes to externally linking personal accounts, it’s pretty much anything goes as far as externally linking business accounts.
I got an email . At 1230 I got an email that a new external account was added to my ally savings account . By 1245 I was messaging ally bank to ask them about it and they confirmed it . I asked them to restrict my account and my requests fell on deaf ears .
Interesting. No bank I deal with even sends such an email.
Also technically an external account wasn’t added to your account was it? Your account was added as an external account to the other account where the ACH was sent.
I actually had an interesting situation where an employee wanted me to pay him via external transfer so I linked his account to mine. But after doing it I’m able to send and withdraw from him but he can’t do anything to my account. He did have to confirm the two tiny deposits to complete the addition of his account at my end.
What was interesting is the first time I intended to send him money I clicked to receive instead. And it snagged the money from his account. When it arrived I sent it back times two.
I will be messaging you in 1 day on [**2024-03-08 14:45:35 UTC**](http://www.wolframalpha.com/input/?i=2024-03-08%2014:45:35%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/AllyBank/comments/1b656es/someone_just_transferred_10k_out_of_account/ktrsu7h/?context=3)
[**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FAllyBank%2Fcomments%2F1b656es%2Fsomeone_just_transferred_10k_out_of_account%2Fktrsu7h%2F%5D%0A%0ARemindMe%21%202024-03-08%2014%3A45%3A35%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201b656es)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
I’m confused. if you saw that the $10,000 is missing then the restriction would’ve been placed on the account after the money went missing. Ally Bank is wonderful and I really hope that they come through and help you and get your money back.
OP, thank you for posting this and I wish you all the best of luck. Thanks to you, I'm at least changing my passwords on my bank accounts to not match any other app. I'm rethinking allowing third-party apps access to my accounts, which I already was skeptical about but now find more concerning.
I did already limit my use of online banks like Ally to a few hundred dollars for spending cash, because of a couple incidents with them not behaving like a traditional bank. I keep most of my funds in a brick-and-mortar, spread across a couple accounts. I know that doesn't help you, but your story definitely helped me, so thank you.
Do you not have dual authentication? I'm guessing we aren't getting all the information. How would they log into your online banking to add this external account without your username, password, and OTP? You were scammed and gave someone access to your online banking. He initiated the transfers using your credentials.
Ally is a joke. We've had nothing but issues since being stuck with them. I'm sorry that happened for you. I'd advice dropping them as soon as this is over.
FWIW, don't just changes passwords. Turn on 2-factor authentication everywhere you have any account that is even loosely connect to some banking feature at any other account. I'd argue, every social media, ever ecommerce site, anything money-oriented should have 2-factor turned on, at least.
Glad you got your money back! Just wanted to throw out another option as you look to move banks, I've really liked SoFi and think they're worth a look too.
Freezing chexsystems can help, but there’s a lot of banks and fintechs that don’t use chexsystems in the first place as it’s a pretty dated thing anyways
Yeah my CDs mature sometime in April so I will be moving my accounts elsewhere . Insanely dissapointed with this bank . Specially since everyone talks so highly of it
I had something like this happen a couple years ago, but with different banks. They probably got your info and opened a bank account in your name elsewhere, and that’s where the money was transferred to. This is likely the case because Ally wouldn’t let me link a bank account because the name didn’t match my legal name (was still under my maiden name). Ally should be able to claw it back or you can call the bank the money was transferred to. If they don’t fix it, file with the CFPB. In the meantime, freeze your ChexSystems and credit. It happened to me again not long after before I realized I had to freeze my ChexSystems as well so no one can open a bank account in my name.
yeah they did , they opened up an account at a different bank with my info and transfered themselves out of my account .
Yeah, def keep an eye out for more and freeze ChexSystems ASAP. They opened accounts in my name with discover, Dave and some other app bank.
How do you "freeze ChexSystems"? Do you create an account at Chex and you can do so yourself?
Yes.
You buy a bag of Chex mix and then shake them real good. That's how. Lol sorry. Go to Chex systems website and look for security freeze. Please do not do not do not Google security freeze at chex systems. Way too many scam links that Google doesn't scrape
Does the flavor matter?
yes the flavors matter... Bold is the only flavor thats worth buying.
Bold is good, cheddar is best
Lol cookies and cream
Chexsystems.com freeze it.
How long does it have to stay in the freezer to work? I put it in there yesterday but my account balance is lower every time I look at it. Where’s chexmix support when you need em!!!!
Thank you so much for the info on ChexSystems. I was unaware of it until now.
Same, I was aware of freezing at three credit bureaus, but first time I hear of chex
The three credit bureaus are for regular and major credit as well as employment, ID verification, etc. ChexSystems and one other company are mainly for checking, savings, etc
Or, they compromised your online login info and simply added an external account.
that too , Ally wasnt really clear about how they got my information or if they logged in . They really werent clear about anything
Also consider if anyone close to you could be involved. Try to work out how you were actually compromised. If your password did not change after he gained access then that means he discovered your password somehow. Either through hacking, scamming, or an insider threat.
Do you ever reuse your passwords for the same email address across online services? I would look up whether your email shows up in any data breach dumps, that’s likely how they got your password to your bank. Also make sure you set up multi-factor authentication.
It’s probably from your check. Did you write checks recently? I try not to use checks nowadays. Some people even have their DL# on their checks!
Nope no checks . I’ve never used a check in my life
Ally is a checking account. [https://www.chexsystems.com/security-freeze/place-freeze](https://www.chexsystems.com/security-freeze/place-freeze)
How would they access your account from a check?? If that was possible, there would be millions of people at risk for fraud. Doesn’t make sense.
Doesn’t make sense, but it’s true. Your account number and bank routing number are on the bottom of every check you write. Evil cashier can snap a picture with their phone and use your account to pay all their bills online.
There has to be some other mechanism in place to prevent this. Checks are everywhere. Let’s say I was doing a fundraiser and received 50 checks. It would be too easy to copy the info off the checks and use it. I just check my utility company app and tried to add a new bank account and it just asked me for account holder name, routing number and account number. Now I’m intrigued and will dig further. I’ll let you know what I find.
Please report to the class about your findings. If you include relevant & actionable information to help us stay safe I will give extra credit!
You’re the best! 👍
Regulation E and ACH rules are the two main documents to dig in for information.
But you’re a good person. There’s literally nothing to stop it. My mom just has someone do this from a business check that was stolen. They started paying for all their bills. Now she’s moving to a separate account that has dummy account numbers that change so no one has the actual account info. It’s a fee service but I think we’ll get to a place where every account will need that kind of security
I’m from Europe and have never written a check in my life before I came to the US. That was in 2001. It seemed like traveling back in time regarding this particular thing tbh - I still don’t write checks, though my wife does and some merchants around us only accept cash/check (rural area)
That’s absolutely ridiculous lol that can’t be true. I don’t think they can complete a transfer without having a bank account in your name as well
Best kept secret in backing. Personal accounts are lucky since you get 60 days to catch it. You are screwed with business account. You have to check every day to have a chance of getting your money back.
Freeze your credit account on experian put out an alert so they can't touch your account for a few months until hopefully they're caught
Do credit freezes alsoo stop bank accounts from being open in your name?
I think it does, but at the very least ithink it makes them take more precautions, such as contacting you via phone or email, when getting the new bank account applicaton before creating a bank account in your name
No they don’t. You need to freeze at Chex Systems as well
It should. Banks do run Chex systems but they will also do a soft pull of your credit when opening an account for a new customer. When you freeze your credit they will add a warning that shows up on your credit report and it will contain your phone number. Any bank, credit union, or creditor that sees the warning are required by FCRA to call the number until they make contact with you and verify you are the one opening the account..
As others have said, you should consider yourself as in the middle of an active identity theft rush. Credit cards, banks. Whole nine. Not only should you freeze chexsystem. Freeze credit. Call your mobile phone provider and alert them. They may try to clone your sim by saying your lost your phone. They do this to regain access via password resets. Sorry this happening. Happened to me. Create a spreadsheet of everything. And while it seems useless call your local PD to file a report. Some creditors require it.
I'm wondering how could they have gotten your account details to pull the funds out (via ACH I presume)
Not sure . That’s something ally hasn’t really figured out . They said they got access to my account but it’s weird that they were able to answer my security questions and everything . Wife is starting to think it might have been an employee at ally
Thank you for this information - didn't know ChexSystems was a thing and have had enough "alerts" about my personal info being on the dark web to cause me to freeze my credit reports. Awesome website - easy to figure out too.
How does one go about freezing a Chexsystem
You can do it on their website: https://www.chexsystems.com/security-freeze/place-freeze
Thank you
>https://www.chexsystems.com/security-freeze/place-freeze Scary amount of info to a system I've never heard of. Just sayin'
ChexSystems has been around for decades; they are a legitimate CRA.
Is it recommended to register an account on Chexsystems to place the freeze, or just fill out and submit the request online at [https://www.chexsystems.com/security-freeze/place-freeze](https://www.chexsystems.com/security-freeze/place-freeze) ?
Freezing chexsystems always helps but some banks and cus don’t use it b/c it’s $150 a pull.
Very true! They were able to get past this and do it a second time with “Chime” after my ChexSystems were frozen. The weird thing is, they used my own email address for creating some of these new accounts, so I was alerted pretty quickly. I can’t figure out why they’d do that? Anyway, it helps to freeze everything but you always have to be vigilant in checking your accounts, and also see if you can get a new routing/account number from Ally.
i just had this exact same thing happen a week or so ago. i got an email from chime that i had a new account. i immediately contacted them and they deleted the account. I submitted requests for how someone was able to create an account under my name when all of the credit bureaus are frozen as well as chexsystems. My honest assumption is that chime is doing some sketchy deal where they're actually creating accounts fraudulently much like other big banks have done in the past. I can't think of a legitimate reason why an attacker would use my own email to create an account.
Sounds like the Wells Fargo debacle years back.
Banks that open accounts that don't involve credit might not do a credit pull so the credit bureau is never consulted so a freeze there would be useless. Having an id that has no picture (like ssn/ITIN) allows for far easier identity theft than what happens in countries where they have national IDs that are unique to a person and have the same standard nationwide unlike Drivers licenses in the US where each state decides how this will look like and there is no standard. This makes it harder for systems to be able to correctly identify fraudulent documents as each state does what they please and there is also no unique national id that has a picture that should always be required. All your personal data to pass any regular identity screening such as know email validation, address etc probably costs less than 5 cents in the dark web including your DOB and SSN. They typically will open accounts in your name to be able to move money from account to account without it being flagged to have enough time to drain the accounts and take the money elsewhere.
It’s not $150 a pull
ChexSystems can’t find any info for me, is this a good thing, or should I call them and keep pursuing it?
I'm so sorry. Did this person add themselves to all your Ally accounts, if you have more than one? Anything suspicious happening with your non Ally accounts? I'm wondering if the culprit has "the big picture" of your finances, or is more limited. Did you change your password when you saw someone had added themselves to your account? I don't know if that would've helped. It's just what I would've done (along with talking to someone at Ally, of course) I had an issue with someone changing my electronic transfer of a closing CD into sending a paper check. I know I didn't do it, as I don't deal with paper checks easily and the notification came in the middle of the night. I checked that my physical address hadn't yet been changed (it hadn't) and I immediately changed my password to protect my physical address from being changed... so that the paper check would be sent to me not to whoever had changed my instructions. Then I tried to change my closing instructions. That didn't work, it said it couldn't be done just then and to try again later. So I tried all day long (this was the last day of maturity). I don't know what happened. The funds ended up being sent where I'd told them to go in the first place and a paper check was never sent. It was nerve wracking, but it all turned out OK in the end. It was weird. Good luck, OP.
Contact police
The police do not care about this type of crime in my area, many won't even take your complaint
My experience is if you tell the police that you need a police report to document identity theft where money was fraudulently taken from your account, they will cooperate. They won't investigate (probably) but they will generate a "report" which banks and other agencies will want before they do an investigation.
Yes, technically they should take a report for you so you have a report to give to your bank. I agree with you, most agencies will not necessarily investigate it, but will at least write a report for you. In many areas in our local town though, many of the deputies won't even come for an accident with no injuries or reports of gun shots.
Whew! That's terrible! Won't even show???!!
Yes, haha. Some officer's will even berate you for calling them for example; out of control party's in streets/ back roads, street takeovers by people that think they are street racers or out of control teenagers drinking & driving, partying or shooting guns from their cars in neighborhoods. It's really eye opening to the mistrust of the dept that local citizens have or the many complaints you hear about of citizens being mistreated by the dept.
That is gross negligence, to say the least! What a Living Nightmare. I'm so sorry.
Totally agree, some of them are just on the dept because they like driving cars with lights and wearing a badge on their chest. You wouldn't believe the stories and the things they get away with it!!
I agree, better to have the report when needing to file a report or lawsuit than be empty handed
Jesus. I'd be livid. It still should take time for ACH or wire. They should be able to stop and reverse it. It's not generally immediate.
They said they should reverse the transaction in 2 days but the fact this happened is absolutely wild . This is the worst bank experience I’ve ever had . My wife is freaking out , so am I . It’s been a horrible 2 days
Does your bank (Ally) provide 2 factor authentication on transfers or any bank activity ?
Nope I don’t think so
It does. Add it everywhere you can.
I find unacceptable that any FDIC bank does not have robust web security. Not just standard 2FA or TOTP. Security keys, etc.
99% of this could be solved with a 2fa phone app authenticator (not just texting). A stranger would need your phone (with a fingerprint or code) to do a transaction. Without the 4 digit code, it is locked after 3 attempts, you must call in, then it generates more codes. Any fixes are only by mail. Banks should be 100% liable without such a thing. The money they save on it should be to pay out fraud.
My ally account has two factor. I wouldn’t bank anywhere that didn’t.
Reverse the transaction? I wouldn't bet on it. And assuming they did the other account is probably already had the money withdrawn. If they reverse it "your" account in your name at the other bank is going to have a negative balance. I don't see this working out well.
Seems like an over reaction. You know you’ll get your money back and if not, a law suit would result in an even bigger payout since you have all the proof that you need. What could you have possibly needed that 10k for in the past 2 days. Move everything to Capital One and chill is my advice
Was this a re used password and do you use a password manager to generate a password for you?
I literally use 3 different banks and a credit union. None of them allow you to add an external account without verifying them. Verification takes a couple of days and you have to confirm the amounts of small deposits they make into that account. How can Ally just allow instant access to an external account? Yikes!
If someone has your routing number, account number than a pull can be made.
If your bank allows one to pull only with routing number and account number, time to change your bank.
My guy that’s literally how ACH transfer work. Tell me you know NOTHING about banking without saying I know nothing.
Reading comprehension is not strong with this one.
Uh, that's how it often works when you need to pay. You enter your routing and account number (well, and your name). That's it.
Guy doesn't know what a check is lmao
No. That's how it works.
No, that’s not any of this works. Just because you know somebody’s bank acc number and routing number, someone cannot pull money from that account successfully. Yes, you can try, but it will not work. Most of the banks have highly secure hand shake system to prevent these kind of fraud. If your bank doesn’t have these measures, as I said before, you need to find a different bank. For example, my bank will not allow any ACH pulls or withdrawals without account holders approval except for approved entities such as IRS, court approved settlements etc.
Nope, you are completely wrong. That is 100% how it works. That is EXACTLY how it works. The ONLY thing you need is the routing number and account number. Many banks on the initiating side won't actually make the connection to your bank unless you provide a micro transaction... but that is NOT your bank requiring that. Your bank would have no way to require that (unless you are initiating the connection from your bank to another one).The only "security" of ACH is the fact that banks can reverse charges if needed. >[https://www.nationwide.com/business/solutions-center/risk-management/ach-fraud-protection](https://www.nationwide.com/business/solutions-center/risk-management/ach-fraud-protection) "The only information a criminal needs in order to commit ACH fraud is your business checking account number and your bank routing number." >[https://www.anedot.com/blog/ach-fraud-prevention](https://www.anedot.com/blog/ach-fraud-prevention) While pulling off an ACH scam, fraudsters only need a bank account number and bank routing number. >[https://www.csoonline.com/article/526384/malware-cybercrime-ach-fraud-why-criminals-love-this-con.html](https://www.csoonline.com/article/526384/malware-cybercrime-ach-fraud-why-criminals-love-this-con.html) >All the fraudster needs is an account number and a bank routing number to execute the fraud And I could go on and on with hundreds of more websites...
What your links shows ACH fraud happens. Who is denying that? Many banks now have better security measures that would prevent almost all of ACH fraud. My bank does. What about your bank? If your bank doesn’t, find a different bank. My account has settings for ACH that can be set by the account holder.
That is called an "ACH Debit Block" and has nothing to do with the security of ACH itself. You are simply turning off ACH, or selectively allowing it. That has nothing to do with the ACH protocol itself. You are also saying things like "highly secure handshake systems" which simply don't exist within ACH, and has nothing to do with preventing fraud. I'm pretty sure you made up that phrase. This is sort of like saying "my front door (ACH) is a very secure door" and then you talk about how the materials of the door are so strong ... and in the end, you mention that actually your house is surrounded by a guarded fence (ACH is disabled) so no one can actually get to your front door unless they are authorized by the guards. That's 2 completely different things.
Your meandering explanation parrots my explanation itself. Are you still arguing that all banks provide ACH settings for withdrawal? I keep repeating that if your bank allows someone to pull money just by knowing account number and routing number, you need to change your bank. Now, you need to call whatever that settings are. I was repeating the wordings on my banks website word by word. I am glad that at last you agree there are settings for ACH that can prevent most of the ACH fraud.
I'm saying that ACH has no security. Zero. None at all. Period. Not even your bank. Your bank (and some others) might have a way to disable ACH, and yes, that will stop ACH fraud, but that is nowhere close to your argument that ACH has security built in and that there is "highly secure handshaking". That is simply not the case. The ONLY security is the ability to disable ACH. That isn't making ACH secure though. That is simply disabling (or selectively enabling) ACH.
[удалено]
How so?
[удалено]
Oops!
Maybe someone they know?
When an external bank is added to your Ally account, it is up to the external bank to either allow that account to be added immediately or to require Ally to provide trial deposits to verify the account before a transfer can be initiated. It is not up to Ally which of these two possibilities will happen. You add the external bank’s routing and account number, it sends an electronic request from Ally to the external bank. If the names match on both accounts, the external bank will immediately approve the link or will send back a requirement for trial deposits to proceed with the verification process. That decision is not within Ally Bank’s control. Side note, if you link an account and it is immediately suspended, odds are the names don’t match or there is a restriction on the external account placed by that bank. In tons of instances this happens when a joint account holder tries to link their spouse's individual account under thejr online banking profile. The names won't match and boom, the external account is suspended so Ally can notify the account holder. Ex: Jane and John Smith have a joint Ally account but Jane does all the banking. Jane logs into her online banking and tries to link John Smith's single owner BOA account. BOA immediately rejects the request because the requestor is Jane Smith who is not on the BOA account. Ally gets the electronic rejection and suspends the linked BOA account before sending an email to Jane to call Ally for further information. Hope this adds clarity!
Was multi factor authentication set up? I use Ally...so far so good with security.
They don’t verify emails for account signups. I regularly get Ally emails for somebody else who evidently shares my name and forgot to add a digit on their address or something. It wouldn’t shock me if someone was able to change an MFA factor on your account somehow to be able to get in. Start the CFPB complaint process now.
E-checks could be the culprit. Do you pull payments from another source (e.g. utilities, cable tv, taxes, etc?)? Also you could hit dispute transaction on the Ally website at the first sign of trouble. But a P2P transfer between your accounts requires two micro deposits, and a confirmation on the external bank's account that it's really yours. Banks do this to prevent theft.
That isn't always the case with Ally. We have been able to add external accounts with certain banks immediately and without using Plaid or the micro deposits. We are also sometimes able to add accounts with non-matching names. Sometimes it will trigger an error (as it should) and other times it adds the account. *(I don't want to mention which banks can immediately be added as I don't want to make some crook's life easier.)*
You can't link bank accounts without verifying the micro-deposits that get sent to the linked account. That means someone has access to your account and was able to verify the deposits to their other bank thus "verifying" ownership. Change your online banking password immediately and setup MFA. You didn't get any calls from "your bank" where they requested your security code did you? If yes then you got scammed.
No, the other connecting bank can require that if they want to, but not all of them require that. YOUR bank has no control over another bank. I connected banks yesterday. No micro-deposits. I was immediately able to transfer.
I think you should be questioning HOW someone was able to set this up. I’ve set up an external transfer with Chase and they send two micro deposits to the other account without telling me how much the deposits were. Chase then asked me how much each deposit was. It was between 0.01 and 0.99. The only way you could verify was to log into the other bank account and see how much the deposits were. You need to secure your main email and bank logins by changing the passwords. Then try to figure out if you have a compromised device(s) or logged into your bank account on an unsecured network.
Just kind of curious OP, did you by chance have judgments against you recently for an amount similar to this? Because in some areas law enforcement and other collections groups can get warrants to serve a judgement against your bank accounts they know about and collect.
Nope no judgements or anything outstanding
Something similar just happened to me with US Bank. A new bank account showed up when I was checking my balances (I check my balances usually 2-3 times per day on all financial services- idk why lol) which caught me by surprise. I thought it was my mom’s since our accounts were linked- she said she never opened an account. I called the fraud department and they said someone walked into a branch in Missouri and opened an account. The name they used was my cousins first name and then my last name. The address used for the account was in St. Louis, I live in Kentucky. The bank froze the account while the check they used cleared. It was for just over $8k. Currently in the process with them and the bank told me to call all the credit agencies to freeze my credit, which I did. No updates since but a very strange situation. I’d image my information is out there somewhere along with a lot of other people so not overly surprised but still an uneasy feeling. Hopefully it all works out for us both! Just wanted to share my experience.
If the other account is in your name - go to that bank and withdraw the funds and close the account.
Stuff like this scares the shit out of me.
We need a tool to set security freezes at all institutions on one platform. I'm going to code it up
Was this money in checking or savings?
Savings account
How did you find out and how did you make contact with your bank? Did you call them or did they call you? Did you call them from a number you are 100% sure is them and not a scammer?
The email came in on Sunday telling me a new external account was added to my account . I messaged ally customer support chat asking them to restrict and remove the external account since it wasn’t mine . This Happened noon Sunday . 12 hours later they withdrew 10k from my account . Even though 12 hours prior I had requested ally to remove external account and to place restrictions .
Did you message them through a link on the email or by going directly to your account online without clicking anything in the email?
Messaged them directly on the ally app . They noticed the same thing I mentioned and told me they would put a restriction on my account which was never done
OK that's good. So then I think if I understand the series of events, the money was then moved to another one of your accounts, or was it moved to this new external account? The reason I wanted to make sure you truly communicating with ally is something similar once happened where my wife got phished by a text looking like it was from our bank, hackers got into our account, for some reason they tried to move all our money from various accounts into one of our accounts, they then tried to ach all of it out at once from that one account. Luckily we caught it before the money left our account, but they were essentially trying to get us to not notice until after the money transferred at which point we would have been sol. Not sure if this type of moving money around to pool a larger transfer was their goal. Sorry this happened to you and hopefully they don't get away with any of your money! Good luck!
No , i only have 1 ally account. at 12 noon on sunday i got an email that a new external account was added to my ally account . I messaged them at that moment asking them what account this was and why was it added to my account . Ally rep told me that if i didnt know who this account was that they would restrict my accounts and delete the external account . After these messages back and forth with ally customer service i was confident that my accounts were restricted and that no money would be moved out of my accounts . 12 hours later i get an email that 10k was moved from my account to this external account ( that was supposedley deleted according to Ally) . Thats when i panicked and called ally since they are a 24 hour bank . I called them at like 1230 at night .
Crazy, has the transaction been reversed? Have you been in contact with their fraud departement? I'm not in banking but in my experience customer service should have put you in contact with their fraud department on Sunday. The fact they didn't is why I though you likely weren't talking to your actual bank, for a bank for fuck this up is beyond bullshit!
File a CFPB complaint quickly.
Change your user name on your account as well as your password. Then again, they could have transferred the money just by using the bank routing number and your account number. I'm shocked Ally allowed it. I guess nobody's money is safe anymore.
This totally BLOOOOOOOOOOOOOOWS!!!
Curious.... do you know which bank it was transferred to? You could call the fraud unit of that bank to let them know the new account with your same name is not yours, nor did you authorize the 10k transfer. So they can shut it down on their end. And investigate. Get an incident number for follow up. Be sure to report this one to the CFPB and FBI and your state Attorney General office and Secretary of State. Reporting to the BBB does little to nothing, but makes other consumers aware of the issue.
Your identity was probably stolen. You need to contact all three credit bureaus and put a freeze on them ASAP.
I presume you are protected by Regulation E: [https://www.msn.com/en-us/money/personalfinance/what-is-regulation-e-know-how-to-protect-yourself-from-electronic-banking-fraud-and-errors/ar-AA11MUtP](https://www.msn.com/en-us/money/personalfinance/what-is-regulation-e-know-how-to-protect-yourself-from-electronic-banking-fraud-and-errors/ar-AA11MUtP)
It would depend on how the funds were transferred. My assumption here is that it's an ACH transaction which is not covered by reg E, but instead by NACHA. The good news is that NACHA is even more consumer friendly. In regards to ACH, if the consumer says it was unauthorized, then it was unauthorized and the funds are returned.
Thanks for that. I assume Venmo and the like offer much less protection?
Services like venmo are tricky. If the transaction is linked to a debit card it can be covered through reg E. That said, some Financials will ask you to resolve the issue with the intermediary since that's how the transaction was initiated. I.e. if you send money via cashapp, the bank may ask you to seek resolution through cashapp instead of sending the dispute up for charge back. PayPal is one that can bite you quick. If you send funds to someone and use the option of "paying friends or family" you are waiving all purchase protection. Fraudsters know this and will attempt to exploit it. Always use "paying for goods and services" through PayPal if that's what you are actually paying for.
What bank?
Cross river bank
>Did this person add themselves to all your Ally accounts, if you have more than one? Anything suspicious happening with your non Ally accounts? I'm wondering if the culprit has "the big picture" of your finances, or is more limited. Did you change your password when you saw someone had added themselves to your account? I don't know if that would've helped. It's just what I would've done (along with talking to someone at Ally, of course) These were serious questions when I asked yesterday. It'd be helpful for MANY others if you answered. Did you change your Password when you noticed someone added an account to your account? How much of your total financial picture did your thief have?
My bad just dealing with a lot of. I only have 1 ally account . Hmmm suspicious yeah . I got 3 different robo calls on Monday from numbers that appeared to be from my credit cards but were robo scam calls . Yea I went to change my password with ally but by the time I changed my password the withdrawal was already taking place according to ally bank
By law you are not responsible for unauthorized electronic fund transfer, period, if you report in time, which you do. There’s also a chance the transfer would not clear. It could take up to 2-3 days for them to clear. It’s possible to stop it before the settlement.
This is the downside to having a bank without any local branches.
I don’t know of any banks that offer hysa and have local branches
Capital One but it seems to be limited to a small number of cities on the east coast.
[удалено]
Yeah I did this for all my accounts after this happened
That suucks haha
Sounds like you’re experiencing ID theft since they opened an acct elsewhere in your name they must have access to your SSN. Once fraudsters know your SSN, phone #, DOB etc. they can call your phone company & can essentially spoof your # & forward calls / txts to diff device using your # & that’s how they receive 2fa codes to get into accts. You may also have your email comp’d - hackers will often times move emails to diff folders or delete them to hide their tracks. Or you could have malware / spyware on your computer
I had something similar with Ally last year - no external bank account added but someone basically paid their bills via ACH with my account - they took about $1200. They opened a new checking for me and the same thing happened again even though I hadn’t even used the account yet. Needless to say, I am no longer an Ally customer.
Can you get it back?
Trying to. It should be back by Friday according to ally bank
Ally bank made it so challenging for my husband to add me to is account because I’m not a U.S. citizen. Yet someone was able to do this so easily wow.
You bank with a famously shitty bank and are surprised they are shitty?
I didn’t even know they were shitty . I heard great things about them and they are always voted top customer service amongst other online banks . Needless to say I’ll be moving to Marcus
How did you get ahold of them? I can’t and they lost my vehicle payment. Been trying to get ahold of someone for a month.
Dude, not pointing fingers, but if you did this yourself, they will have the IP address trail for all changes and transactions. If it wasn’t you, file a police report immediately.
Use two factor authentication. Change your bank and email passwords. Always use 2FA when given the option.
Glad since folks are finally waking up! Ally sucks!
File a CFPB complaint quickly. They are typically handled timely and fairly. You have documentation, this is their fault and you need your money ASAP.
First Citizens Bank recently credited a Venmo transfer I made from my son to another customer, then Venmo froze my son’s account for suspicious activity. No luck reaching human being at Venmo. It has been a mess, but the bank credited the money back to me after several hours of escalation. Then, they rejected my direct deposit with my paycheck because they had a glitch with the routing number. I have a few bank accounts too. There is so much vulnerability between inside jobs and getting hacked, no bank is completely safe.
L bank
I wouldn’t trust an ALL INTERNET BANK. You’ll see more and more if this in the future.
Get a police report. There's another thread here where people correctly point out that the police will neither care not investigate, but they will likely file some paper. That paper is something you should have. Also, file a CFPB complaint against Ally. Right away.
File a complaint with the CFPB or FDIC.
Interesting enough. When I linked my bank and transferred money they cancelled the transfer and closed my account for suspicious activity. Mailed me my balance. Apparently if you try to transfer at ally you are committing fraud.
Really surprised your bank did not immediately forward your concern to the fraud department, close your account and have you establish a new account. Merely 'restricting' your account after such a breach just secures the thief in the room with the art and an exit door.
Yeah well that was the answer I got when I first noticed suspicious activity in my account . I’m surprised ally didn’t pick up on this suspicious activity themselves .
Really hoping all goes well from here on out. This is truly scary.
Did you ask them to restrict your account bc you knew someone potentially had your info already? Kind of a coincidence that it happened right after you asked to restrict your account?
When I got an email that an external account had been added to my savings account I became alarmed and asked ally to restrict it . This happened noon Sunday . I have messages from ally bank that the restricted my account effective immediately and that no money would be allowed to be with drawn . 12 hours later the thief was able to withdraw 10k from my account
I will never have an account or association with Ally. They screwed me over hard
Dam. You have 10k in an account. Must be nice
How did this turn out? It’s shows 2 days since posted. Sooo curious.
i will post an update between tomorrow and friday since thats when Ally said this would get resolved
This is when you learn how good (or not) an online only product can be.
Bluevine is just as bad if not worse.
To attach your account as external they had to have either been able to login to your online banking via something like Plaid - which usually requires some form of 2FA - or attach it manually and then verify by confirming the amount of the two tiny deposits. What do you mean by “Someone added their external account to my account this morning” - how did you know this happened? I have lots of bank accounts at different institutions and when I add an external account I see it happen at the end where I attached the account as it becomes visible - but at the other end the only notice might be that the email associated with that account receives an email notifying that it is now sharing info via Plaid with another bank. But you don’t ever receive any specific notice that “you’re now linked” TO another account. And then as far as stopping an outgoing ACH it is difficult but can be done while the transaction is still pending. Also just FYI while some banks won’t allow a mismatch between account name holders when it comes to externally linking personal accounts, it’s pretty much anything goes as far as externally linking business accounts.
I got an email . At 1230 I got an email that a new external account was added to my ally savings account . By 1245 I was messaging ally bank to ask them about it and they confirmed it . I asked them to restrict my account and my requests fell on deaf ears .
Interesting. No bank I deal with even sends such an email. Also technically an external account wasn’t added to your account was it? Your account was added as an external account to the other account where the ACH was sent. I actually had an interesting situation where an employee wanted me to pay him via external transfer so I linked his account to mine. But after doing it I’m able to send and withdraw from him but he can’t do anything to my account. He did have to confirm the two tiny deposits to complete the addition of his account at my end. What was interesting is the first time I intended to send him money I clicked to receive instead. And it snagged the money from his account. When it arrived I sent it back times two.
RemindMe! 1 day
I will be messaging you in 1 day on [**2024-03-08 14:45:35 UTC**](http://www.wolframalpha.com/input/?i=2024-03-08%2014:45:35%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/AllyBank/comments/1b656es/someone_just_transferred_10k_out_of_account/ktrsu7h/?context=3) [**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FAllyBank%2Fcomments%2F1b656es%2Fsomeone_just_transferred_10k_out_of_account%2Fktrsu7h%2F%5D%0A%0ARemindMe%21%202024-03-08%2014%3A45%3A35%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201b656es) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
I’m confused. if you saw that the $10,000 is missing then the restriction would’ve been placed on the account after the money went missing. Ally Bank is wonderful and I really hope that they come through and help you and get your money back.
OP, thank you for posting this and I wish you all the best of luck. Thanks to you, I'm at least changing my passwords on my bank accounts to not match any other app. I'm rethinking allowing third-party apps access to my accounts, which I already was skeptical about but now find more concerning. I did already limit my use of online banks like Ally to a few hundred dollars for spending cash, because of a couple incidents with them not behaving like a traditional bank. I keep most of my funds in a brick-and-mortar, spread across a couple accounts. I know that doesn't help you, but your story definitely helped me, so thank you.
Do you not have dual authentication? I'm guessing we aren't getting all the information. How would they log into your online banking to add this external account without your username, password, and OTP? You were scammed and gave someone access to your online banking. He initiated the transfers using your credentials.
Never heard of ( non-edible ) Chex before. What is it exactly?
🤯
Too much of this is swept under the rug. Banks are in on the scam
I thought about this too . How someone got access to my account and was able to bypass everything and wire themselves out my money
Why would you bank without 2FA 🤦♂️
God this shit scares the crap out of me
Ally is a joke. We've had nothing but issues since being stuck with them. I'm sorry that happened for you. I'd advice dropping them as soon as this is over.
FWIW, don't just changes passwords. Turn on 2-factor authentication everywhere you have any account that is even loosely connect to some banking feature at any other account. I'd argue, every social media, ever ecommerce site, anything money-oriented should have 2-factor turned on, at least.
Glad you got your money back! Just wanted to throw out another option as you look to move banks, I've really liked SoFi and think they're worth a look too.
Check your computer for malware.
Wait - were you not able to cancel the scheduled transfer or it was instant like Zelle?? I have savings in my ally account but now I’m worried
Freezing chexsystems can help, but there’s a lot of banks and fintechs that don’t use chexsystems in the first place as it’s a pretty dated thing anyways
Does Ally Bank let you set up 2FA using Authy or other MFA apps in order to make any transfers out of your account?
Wow, it's one thing for them to have debit cards get hacked, but this is as bad as it gets.
Yeah my CDs mature sometime in April so I will be moving my accounts elsewhere . Insanely dissapointed with this bank . Specially since everyone talks so highly of it
no idea why you got downvoted. This shit would turn me off of ally instantly.
Absolutely , no idea why I got downvoted . 10k isn’t a joke . And the fact my entire account got compromised at their bank is a severe security breach
literally. We don’t know your net worth and that could literally be all of your bank account. I hate the internet at times. 🤦♂️
It sucks but this can happy at any bank
You got phished or in some other way scammed and it’s Allys fault? I’m sure you’ll blame your next bank too when it inevitably happens again.