To set the stage , last Friday I had been expecting a phone call from a vendor needing to collect payment for some work on one of my properties and right about that time, I get two or three back to back missed calls and I decide to take it thinking it must be this vendor.
Turns out it's a woman with my primary bank's security team telling me there looked to be some fraudulent charges on my account from a Wal-Mart in Florida. She says the system blocked the charges but she wanted to confirm if I had made those charges and also to verify legitimate charges on my account. I log in to my account to get ready for verification of legit charges. We continued with the normal verification process , which included legitimate text messages coming from my bank with verification codes. After which she read to me the first five or six transactions on my account. She then continued to explain that it looked like the fraudulent charges had originated from compromised Apple Pay and something to do with my phone's IMEI. She said she would help me remove the rogue settings, and asked permission to remotely access my phone.
At that point I am full on suspicious and tell her that I was going to hang up and call back in to the bank to confirm. She proceeded to offer personal info to show her legitimacy, my SSN, birthdate, etc. The Woman spoke perfect English with an American accent.
I hang up and call my bank and while I'm waiting , my wife logs in to the account with her credentials and we discover 25K missing from the account. I also realize I can't log in to the account with my credentials anymore. Now I'm straight up panicked.
(to be continued) (sorry, it's along read and I'm still typing)