SAN JOSE, Calif. (KGO) -- Seven Citibank customers say a combined $600,000 disappeared from their bank accounts. For some, that money represents most of their life savings. 7 On Your Side looked into how it might have happened.
Chapman Ng of Daly City lost $80,000.
"I cannot even sleep to be honest," Ng said.
Stephen Lee of San Jose wants to know how someone stole $81,000 from him.
"I was being scammed. I did not know what happened," Lee said.
A total of $65,000 disappeared from the account of Kai Chin.
"Well, my heart was really pumping. So, I just, my hand was kind of shaking," Chin said.
Each has a different story about how their money vanished.
What's similar is that all the victims are Citibank customers. All of them lost their money via wire transfer. And all the victims happen to be Asian.
Chin says his trouble started when someone swapped the SIM card from his cell phone.
"Without proper ID, without my signature, somebody replaced my SIM card in Philadelphia. I'm in California," he said.
From there, the hackers appeared to take over his Citibank account and wired $65,000 from it.
"It's called a SIM swap attack. It's very common and has big consequences," said Mark Ostrowski of Checkpoint Software Technologies, an internet security firm.
Here's how it works: A scam artist purchases your personal identifiable information from the dark web, goes into a store and pretends he lost his phone. He gets a new SIM card and a new phone and connects it to your number.
Verizon says it is investigating.
"So it can have really dire effects when someone does a SIM swapping attack, because you lose that muti-factor authentification protection that you thought you had," said Ostrowski.
Lee's difficulties began when he had trouble logging into his Citibank account. A message popped up with what was supposedly a Citibank phone number and requested that he call.
The person who answered asked him for permission to remotely take over his computer.
Lee was then instructed to log in again to his Citibank account and then advised that if he waited two hours, his troubles would be over.
After he hung up, he became suspicious.
But it was too late. Citibank would later tell him $81,000 had been wired from his account. The person he originally talked to on the phone was an imposter.
"I was lead to believe I was working with a Citibank employee. I did the wrong thing," Lee said.
Ng checks his bank account daily to watch for possible overcharges.
"My money is not, you know, falling from the sky to me," he said.
Yet someone somehow managed to change the email address associated with his bank account. Within one hour, the hacker made three successive wire transfers of $50,000, $30,000 and $75,000.
Ng spotted the transfers and notified Citibank immediately.
All three victims that 7 On Your Side talked to blamed Citibank for not verifying the transactions with them by using two-factor authentication.
Ostrowski says he thinks he knows what might have happened.
"A sophisticated attacker would turn these notifications off if they have access to your account before they actually made the wire transfer," he said.
Citibank told 7 On Your Side: "We have a great deal of sympathy for those who fall victim to fraud. We take steps to recall the funds that were taken by fraudsters using a customer's personal and account information."
We learned Wednesday that Citibank has refunded all of Ng's money. The others we talked with have not been as fortunate.
Ostrowski suggests changing passwords frequently and to invest in a password vault to help keep track of them.
Citibank also says if a customer receives a suspicious unsolicited message, do not provide personal or account information. Instead, immediately contact Citibank directly via the Citibank app, website, or by calling only the customer service number listed on their website.
Additionally, here are some tips to help keep your accounts safe:
For more information about how you can protect yourself against fraud, and how Citi makes your security a priority, visit their fraud prevention website.
Take a look at more stories and videos by Michael Finney and 7 On Your Side.
7OYS's consumer hotline is a free consumer mediation service for those in the San Francisco Bay Area. We assist individuals with consumer-related issues; we cannot assist on cases between businesses, or cases involving family law, criminal matters, landlord/tenant disputes, labor issues, or medical issues. Please review our FAQ here. As a part of our process in assisting you, it is necessary that we contact the company / agency you are writing about. If you do not wish us to contact them, please let us know right away, as it will affect our ability to work on your case. Due to the high volume of emails we receive, please allow 3-5 business days for a response.
If you're on the ABC7 News app, click here to watch live