# Attempted hack



## Dan O (Feb 7, 2021)

I got an email this afternoon from AGR saying someone had tried to change my AGR password. Apparently they weren't successful because the one I use worked. I called the phone number about it but it was too late as I didn't notice the email until after the Super Bowl.

About a half hour after the AGR email I got an email from Bank of America saying I had changed my address on a BofA card that was not the Amtrak one. I logged into B of A and sure enough the address was in a town about 20 miles from us. I printed that out and changed the address back to mine. Like AGR, I was too late in the day to call to report it although now that I think of it I will try the fraud number, not the number that was given to call.


----------



## John Santos (Feb 8, 2021)

Report it to BoA and change your passwords. It normally would require two forms of authentication to change your address or anything else relating to a credit card. Make sure if you have an email address or telephone number associated with the card, they are correct. Someone may have guessed the answers to your "security questions", so change those. ("Security questions", such as what street did you live on as a child or what was your mother's maiden name, are of very questionable security because they are easily researched.) Someone may have smooth-talked someone at BoA into allowing them into your account. This is called "social engineering" in is how most hackers actually work; it's not mad computer skilz, but being a good conman. It's how Kevin Mitnick usually hacked systems. Good luck!


----------



## PaTrainFan (Feb 8, 2021)

Dan O said:


> I got an email this afternoon from AGR saying someone had tried to change my AGR password. Apparently they weren't successful because the one I use worked. I called the phone number about it but it was too late as I didn't notice the email until after the Super Bowl.
> 
> About a half hour after the AGR email I got an email from Bank of America saying I had changed my address on a BofA card that was not the Amtrak one. I logged into B of A and sure enough the address was in a town about 20 miles from us. I printed that out and changed the address back to mine. Like AGR, I was too late in the day to call to report it although now that I think of it I will try the fraud number, not the number that was given to call.



When available, always use two factor authentication to log into accounts. Sure, it's a slight pain to have to enter a secon code, but easier than being hacked.


----------



## Dan O (Feb 8, 2021)

PaTrainFan said:


> When available, always use two factor authentication to log into accounts. Sure, it's a slight pain to have to enter a second code, but easier than being hacked.


Thanks. I did.
I called and reported the change. They said it was done through their automated system and even though some information (CVV code) didn't match, they went ahead with the change. I'd think if something didn't match, they'd either email one to say an attempt was made but not completed or they'd make you talk to someone. 
It's ironic because Bank of America is the card that I used to get the most possible fraud alerts, turning down attempted charges that were okay. But when my wife's purse was stolen with 3 credit cards, BofA was the only one that allowed charged to go through (at Walmart).


----------

