7 Bay Area Citibank customers say $600K combined drained from accounts by online scammers

SAN JOSE, Calif. (KGO) -- Seven Citibank customers say a combined $600,000 disappeared from their bank accounts. For some, that money represents most of their life savings. 7 On Your Side looked into how it might have happened.

Chapman Ng of Daly City lost $80,000.

"I cannot even sleep to be honest," Ng said.

Stephen Lee of San Jose wants to know how someone stole $81,000 from him.

"I was being scammed. I did not know what happened," Lee said.

RELATED: Owner of SF Chinatown's Wok Shop defrauded with unauthorized Zelle transactions

A total of $65,000 disappeared from the account of Kai Chin.

"Well, my heart was really pumping. So, I just, my hand was kind of shaking," Chin said.

Each has a different story about how their money vanished.

What's similar is that all the victims are Citibank customers. All of them lost their money via wire transfer. And all the victims happen to be Asian.

Chin says his trouble started when someone swapped the SIM card from his cell phone.

RELATED: PG&E imposters use Zelle to steal thousands from Bay Area Wells Fargo customer

"Without proper ID, without my signature, somebody replaced my SIM card in Philadelphia. I'm in California," he said.

From there, the hackers appeared to take over his Citibank account and wired $65,000 from it.

"It's called a SIM swap attack. It's very common and has big consequences," said Mark Ostrowski of Checkpoint Software Technologies, an internet security firm.

Here's how it works: A scam artist purchases your personal identifiable information from the dark web, goes into a store and pretends he lost his phone. He gets a new SIM card and a new phone and connects it to your number.

Verizon says it is investigating.

RELATED: Fraudsters steal $15,000 from Bay Area man's EDD card, Bank of America says 'no error occurred'

"So it can have really dire effects when someone does a SIM swapping attack, because you lose that muti-factor authentification protection that you thought you had," said Ostrowski.

Lee's difficulties began when he had trouble logging into his Citibank account. A message popped up with what was supposedly a Citibank phone number and requested that he call.

The person who answered asked him for permission to remotely take over his computer.

Lee was then instructed to log in again to his Citibank account and then advised that if he waited two hours, his troubles would be over.

After he hung up, he became suspicious.

RELATED: Student loan forgiveness scams increase in light of Biden plan to cancel up to $20,000 per person

But it was too late. Citibank would later tell him $81,000 had been wired from his account. The person he originally talked to on the phone was an imposter.

"I was lead to believe I was working with a Citibank employee. I did the wrong thing," Lee said.

Ng checks his bank account daily to watch for possible overcharges.

"My money is not, you know, falling from the sky to me," he said.

Yet someone somehow managed to change the email address associated with his bank account. Within one hour, the hacker made three successive wire transfers of $50,000, $30,000 and $75,000.

RELATED: Credit card skimming devices found across Bay Area; at least 6 agencies issue warning to cardholders

Ng spotted the transfers and notified Citibank immediately.

All three victims that 7 On Your Side talked to blamed Citibank for not verifying the transactions with them by using two-factor authentication.

Ostrowski says he thinks he knows what might have happened.

"A sophisticated attacker would turn these notifications off if they have access to your account before they actually made the wire transfer," he said.

Citibank told 7 On Your Side: "We have a great deal of sympathy for those who fall victim to fraud. We take steps to recall the funds that were taken by fraudsters using a customer's personal and account information."

RELATED: Bay Area software developer loses $1.3M in cash and retirement in popular crypto scam

We learned Wednesday that Citibank has refunded all of Ng's money. The others we talked with have not been as fortunate.

Ostrowski suggests changing passwords frequently and to invest in a password vault to help keep track of them.

Citibank also says if a customer receives a suspicious unsolicited message, do not provide personal or account information. Instead, immediately contact Citibank directly via the Citibank app, website, or by calling only the customer service number listed on their website.

Additionally, here are some tips to help keep your accounts safe:

• If you receive a one-time passcode you didn't request, don't give the code to anyone who contacts you for it.
• Use only known links to access businesses online.
• Verify that any phone, text or email contacts are legitimate before sharing information such as your account number, security word, PIN, user ID or password.
• Be leery of requests to download apps to fix issues or that allow access to your device.

For more information about how you can protect yourself against fraud, and how Citi makes your security a priority, visit their fraud prevention website.

Take a look at more stories and videos by Michael Finney and 7 On Your Side.

7OYS's consumer hotline is a free consumer mediation service for those in the San Francisco Bay Area. We assist individuals with consumer-related issues; we cannot assist on cases between businesses, or cases involving family law, criminal matters, landlord/tenant disputes, labor issues, or medical issues. Please review our FAQ here. As a part of our process in assisting you, it is necessary that we contact the company / agency you are writing about. If you do not wish us to contact them, please let us know right away, as it will affect our ability to work on your case. Due to the high volume of emails we receive, please allow 3-5 business days for a response.

If you're on the ABC7 News app, click here to watch live