I am new to Bitwarden in the past few weeks. I put my debit card number in the vault. This morning I got a call that there was fraudulent activity on my account and I had to cancel the debit card, get a new one, and change all the details where it’s used for automatic payments.
I’m guessing this is a coincidence but is there a way to be sure? I’m not sure how anyone could have gotten my debit card number without my knowledge. It just seems so suspicious that it happened close to when I started with Bitwarden.
I am convinced that this is a coincidence, if …
- you protect your Bitwarden account with a decent password (=12+x common upper & lower case and special characters and some numbers)
- you do use 2FA for your Bitwarden account
I would also just double-check that the call you received was, in fact, genuine. It sounds very scam-like!
I was concerned about that, but they did not ask for any information they could use to scam me, and they patched me through to my bank at the end of the call.
How can you be sure that you were actually talking to your bank ? From my point of view you can only be sure if you call them by using a phone number from a document that has been in your possession since a long time.
Isn’t in usual circumstances that you are required to report to the bank about any fraudulent activity on your card and not the other way round.
Maybe you could check your statement if infact there was a fraudulent charge or not.
If it was the case , possible reasons could also be due to a data breach on a merchant website you entered your credentials into. Though they are not supposed to save your cvv no.
As a good practice be cautious of where you enter your credentials (is the website/merchant reputed)
And also keep your bitwarden 2FA always on.
How would a fraudulent actor be able to review my account activity with me? How would they know what other transactions I’ve made recently?
I will call my bank directly today just to be sure.
Yes I saw the fraudulent charge on my account activity in an unprocessed state.
I am adding 2FA to Bitwarden today as everyone recommends! Of course like many typical naive users I find 2FA a nuisance I’d prefer to annoy, but I am listening you good people looking out for my best interests! And yes I already have strong password for Bitwarden.
Hey @Kevin_Thomas! Just wanted to upvote the comment above about always contacting your bank/service provider directly to avoid malicious acts.
If you find 2FA annoying, you can grab a hardware key (such as YubiKey, Nitrokey or Solokeys which are usually purchased in pairs and is a compliment to your authenticator app) then you just tap and go.
You can read more in the Two-step Login Methods Help Center article, including the differences between 2FA options in a free and paid Bitwarden account.
Good decision! Just some more hints to complete the package:
Do NOT store the recovery code for the 2FA-method for Bitwarden inside Bitwarden. Make a print-out and store it in a secure place.
Make sure to have at least 2 different methods of 2FA for Bitwarden just in case that one does not work (anymore) for whatever reason. I use DUO (my favorite), TOTP (Authy) and YubiKey.
Create backups of your data on a regular basis and store them in a secure place which is different from the one for your recovery code.
Once you have fully switched over to Bitwarden you will only have to remember the password for Bitwarden so in the upcoming days think about which 3, 4 or 5 credentials are the most important ones for you. Change their passwords using the password generator inside Bitwarden to create long (12+x), complicated (upper & lower case, special characters and numbers) and unique passwords. If possible activate 2FA for those items too.
Do not try to immediately create new passwords for all your items. This would just become too annoying. Instead change them whenever you are about to use them if they still have the old, simple and perhaps even ordinary password.
For those following the story, I did talk to my bank yesterday and the call was from the company they use for fraud protection. The bank rep recommended in the future if I get a call like that, just thank them for the information, don’t verify anything, and then call my own bank and have them patch me through to them so I know I’m talking to the right people. I thought that was good advice!