Jump to content

Unusual Fraud on Ally Debit Card


Recommended Posts

I received a text message today saying my Ally Bank debit card had a potentially fraudulent charge at some jewelry store for $389. At first, I thought this text message was a scam, but it had the last 4 digits of the card number in it. I verified in the Ally app that it was correct number. I responded it was fraud and they called me immediately.

 

Anyway, here’s the strange part. I have not used this debit card EVER. Not in person or online. I’ve never entered it into any website. What’s also strange is that I have had this card for around 6 months. It just lives in my credit card binder for sock drawered cards. So the hackers have either infiltrated the Ally bank website or they skimmed the info when I was originally mailed the card, then sat on it for 6 months. It’s just wild, IMO. 

Edited by RehabbingANDBlabbing
Link to comment
Share on other sites


Tell me you called Ally and not just replied via their text...the current generation of phishers are fairly sophisticated.  I don't care if the text or email matches what is on the website...the spoofing has become easier.  I ALWAYS call the bank directly when that stuff occurs on an actual account I possess...

Link to comment
Share on other sites

Not long after I opened a Chase bank account, someone charged $100 on the debit card. I also had never used or carried the debit card. I found out by just checking my account online. There was no fraud notification. Called chase and closed the card and ordered an ATM only card.

 

Turned out someone had just made up a debit card number and expy date using knowledge of the sequence of card numbers/dates Chase had used. Didn't even have my name. Just used the card number. It was for an overnight camping stay so manual charge. This was over 10 years ago and I haven't seen any CC or debit card fraud since.

Link to comment
Share on other sites

7 hours ago, centex said:

Tell me you called Ally and not just replied via their text...the current generation of phishers are fairly sophisticated.  I don't care if the text or email matches what is on the website...the spoofing has become easier.  I ALWAYS call the bank directly when that stuff occurs on an actual account I possess...

 

Agreed.  Here is an example, which mentions some recent phishing incidents in addition to the reporter's own.

 

https://arstechnica.com/information-technology/2022/08/im-a-security-reporter-and-got-fooled-by-a-blatant-phish/

 

Hackers tend to have all kinds of information one wouldn't think they would have.

Edited by nemo
Link to comment
Share on other sites

54 minutes ago, nemo said:

 

Agreed.  Here is an example, which mentions some recent phishing incidents in addition to the reporter's own.

 

https://arstechnica.com/information-technology/2022/08/im-a-security-reporter-and-got-fooled-by-a-blatant-phish/

 

Hackers tend to have all kinds of information one wouldn't think they would have.


So when I replied to the text they called me. I obviously was suspicious. But they didn’t ask me for any of my information, except for my name. They just asked if the charge was fraudulent or not. If they had asked for anything, I wouldn’t have given them the info, but this seems like a pretty cool way of doing it now. They already know who they are talking to and what it’s about when they call, which I appreciate.

Link to comment
Share on other sites

Any chance you added it to PayPal or Cashapp or Venmo, etc? I've definitely had fraud where my card was only added to PayPal. I'm certain they have some deep backdoor issues that they won't spend the money to address because they have plausible deniability.

Link to comment
Share on other sites

2 hours ago, shifter said:

Any chance you added it to PayPal or Cashapp or Venmo, etc? I've definitely had fraud where my card was only added to PayPal. I'm certain they have some deep backdoor issues that they won't spend the money to address because they have plausible deniability.

Nah, I literally just activated it when I got it and never used it. I only use ACH transfers and Zelle to move money back and forth to and from Ally, so there's never been any reason to add it to any websites or use it.

Link to comment
Share on other sites

On 8/13/2022 at 9:33 PM, RehabbingANDBlabbing said:

Nah, I literally just activated it when I got it and never used it. I only use ACH transfers and Zelle to move money back and forth to and from Ally, so there's never been any reason to add it to any websites or use it.

I would call the actual number on your card or statement and speak to the people in the fraud department. 

Link to comment
Share on other sites

7 hours ago, RehabbingANDBlabbing said:

Well the new card arrived in the mail today. It was Ally who called. 

You were fortunate.  You played Russian Roulette and found a chamber without the bullet. 

 

For the sake of OTHERS who come along, don't answer to a text.  ALWAYS call the number of the lender after confirming it by looking at a card or statement.  This becomes even MORE of a truism with a sucky debit card. 

Link to comment
Share on other sites

On 8/19/2022 at 3:22 PM, nemo said:

It seems OP may have been hit by part of a wave of fraud against Ally debit card holders.

 

https://arstechnica.com/information-technology/2022/08/wave-of-debit-card-fraud-hits-ally-bank-customers-hacked-vendors/

That's crazy. But it definitely might explain why my card was hacked even though I have NEVER used it, not even one time. The charge on my card was for something like $350 at some kind of jewelry merchant. I don't recall seeing if it was related to Shopify or not, but I think there's something going on at Ally that is allowing hackers to get these card numbers. I guess I am also lucky mine happened before Ally Bank was consumed by other customers calling in because I was able to get someone on the phone right away.

Link to comment
Share on other sites

  • 4 weeks later...
On 8/22/2022 at 10:33 PM, shifter said:

I had other issues last week with Ally and sat on hold for over an hour both times. Had no idea this is why the wait was so long. 

Welp, today my DH had the same issue with his Ally debit card. Again, we have never used it, it has just sat in the sock drawer. They tried to charge $19.xx at some kind of online software service. I could t remember the name, but the URL ended in .pw. If you have an Ally debit card, I would strongly advise locking it, at a minimum. To their credit, they did catch these charges before they went through and they overnighted both replacement cards for free without me asking. But that’s not really the issue….

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share




  • Member Statistics

    • Total Members
      185006
    • Most Online
      2046

    Newest Member
    Taxcoach
    Joined
×
×
  • Create New...

Important Information

Guidelines