I apologize for this being a little raw—it’s less than 12 hours old. I feel terrible, violated and a victim, and honestly a bit stupid, but I hope sharing this very real experience might help someone else.
Last night, I sat down on the couch with Cara to unwind after a long day. The girls were downstairs roughhousing with their older brother. I checked my personal email and saw a “Low Balance Warning” from PNC, our bank. That’s odd. I opened the app and saw our checking account balance at… $6?!
I looked at the recent activity and found a flurry of charges to Apple—about $1,000 just from that day. Holy moly. I jumped up, headed to the office, pulled out my wallet, and immediately turned off the card in the app.
I called the number on the back of my debit card and was greeted by the dreaded automated voice menu: “Say or press 1 for English…” You know the one. “What’s your user ID?” I shouted “I DON’T KNOW!” trying to reach a human as fast as possible. “I’m sorry, I didn’t understand.” “I DON’T KNOW!” Again: “I’m sorry…” I tried “CUSTOMER SERVICE REPRESENTATIVE!” The system responded with something ridiculous like “Cappuccino with extra whip?” Maddening. I pounded zero repeatedly. Eventually it said, “It seems you want to speak to a representative. What is your username?” The cycle started again. More zeros. More frustration. Finally, after what felt like forever, I was put on hold for a real person.
The PNC representative was excellent—patient, thorough, and clearly experienced with fraud cases. Still, the process took about 90 minutes: identifying every fraudulent transaction, filing a report, and getting provisional credit (which can take 60–90 days to finalize). She even caught one I missed.
The first charge appeared on December 15: a small one under $5 to “APPLECOM”—not Apple.com/billing. A quick Google search shows pages of results warning that APPLECOM is not legitimate Apple. PSA: if you see this, act immediately—get new cards, new numbers, and turn off Visa’s account updater feature (it automatically notifies vendors of new card numbers, which unfortunately includes fraudsters).
Why didn’t we catch it on December 15? It looked like a typical small Apple charge—iCloud storage or something similar—so it blended in. The thieves waited 10–15 days before ramping up activity, starting cautiously and then hitting hard yesterday. If they hadn’t gotten greedy, it might have gone unnoticed longer.
A few reasons I’m sharing this:
1. In today’s world, this will eventually happen to most of us—whether it’s a bank account, credit card, or another financial service. The dark web exists.
2. Fraud spikes during the holidays because our spending patterns change. The representative noted the December 15 charge followed a Walmart.compurchase (likely a Christmas toy). She said PNC has seen many cases tied specifically to Walmart.com—not the stores, but the website. Even major retailers can have vulnerabilities.
I was relieved it didn’t happen during our recent vacation—another common time for card skimming when people are less vigilant.
In total, they got nearly $2,000. Here’s what helped us catch it quickly:
• We keep only limited funds in the checking account linked to debit cards. Transferring money as needed is easy via the app and adds a layer of safety.
• Transaction notifications. They can be annoying, but they create awareness. I might have noticed earlier if I hadn’t silenced my phone during work.
• We use dedicated credit cards for most online spending (e.g., an Amazon-only card that stays in the safe).
• Apple Wallet is excellent for in-person purchases. It requires Face ID or a passcode and generates one-time virtual numbers. I now use it almost exclusively at gas pumps, which are notorious for skimmers.
Going forward, I plan to replace cards with new numbers every year or so, since data leaks happen in countless ways.
We still don’t know how they got the number. Out of caution, we replaced Cara’s debit card too. Today’s thieves don’t need guns or knives—the internet is their weapon.
A few extra warnings:
• Beware texts claiming you’re running out of cloud storage (with a link).
• Beware texts saying your email service is about to stop.
• Frankly, treat any unsolicited text with a hyperlink as suspicious unless you’re certain of the source.
Consider adding intermediaries between you and your money. Apple Wallet and PayPal both offer strong buyer protections—I’ve had great experiences using PayPal with new online merchants.