Lucas Casimir appropriated my bank account! I don't know him. I don't know if this is his real name, or even if he is a male. But whomever he/she is, I'll never forget the name of Cybercriminal Lucas Casimir. The best part is, I don't even know how the account was hijacked.
How would you feel if you woke up one morning and received a message that your checking account was overdrawn by more than $1,700?
Not knowing if this was a scam phishing attempt or a legitimate message, I logged into the account to discover two eCheck transfers to PayPal accounts for fraudulent purchases totaling over $2,800.
Navigating through the bank’s convoluted IVR system was daunting, but I finally reached a live person who helped freeze the account. Within an hour, a temporary credit was applied to the account effectively counteracting the cleared transaction. The bank promised to make me whole if the second transaction cleared.
Checking PayPal, there was no evidence that these transactions originated from my accounts.
Reaching a live person at PayPal is an unbelievably difficult task. An automated message said there would be at least a 3-hour wait before a real person is available. I followed the prompts to request a call back when someone breathing could talk to me.
PayPal's fraud investigator searched their database by bank account number. The investigation revealed that someone by the name of Lucas Casimir was using my bank account to make these transactions through his PayPal account. It's unknown if this is a real person, a false identity, or a stolen identity.
A deep scan of my laptop uncovered no malware, keyloggers, any other kind of suspicious software. How Lucas got my bank account details remains a mystery although he may have purchased it on the dark web from either the JP Morgan Chase or OPM breaches.
What to if your account is hijacked
- First, contact your bank or credit card company
- File a complaint with the FBI's Internet Crime Complaint Center
- Contact the company or companies from whom the fraudulent purchases were made
- If the fraud was perpetrated through an online service like PayPal, contact the service and do what you can to have the transaction stopped
- Check haveibeenpwned.com to determine if your account has been compromised through a known breach
- Close the compromised account
- Enroll with a credit monitoring service
If it happens to someone who is highly Cybersecurity aware, it can happen to anyone. Be careful and learn everything you can to protect yourself, your business, and your loved ones.
To learn more, download our free Cybersecurity eBook.