Another Case of Not Paranoid Enough
Long story short, I had a keylogger trojan on one of my computers that logged the password for my online banking account. Through that, some nice evildoers were able to change my account email to something that looked like my email but was not my email. (This is the point where I am grateful for my 20/20 eyesight--caught it in time.) I changed the email back to me. 20 minutes later (and all during lunch, I might add--had I not been eating at my desk, things would be different) I received an email confirming the addition of an outside bank account to my online banking profile. Had I not caught the first breach, I would not have received this email. I called my bank and had my online banking turned off. The evildoers had not begun transfering funds yet. I'm very glad I was not on vacation.
Then began the pain in the butt part of it: All new accounts. This right before direct deposit coming in and automated payments going out. Month end. Brilliant.
I asked tech support at work how I could have prevented it. "You can't," he said, "unless you want to unplug from the internet and email. It's the risk of being online." I asked if I got it through web browsing or email. He said it can arrive either way.
I didn't lose any money (I don't think, at least not yet) but I did lose several hours of my time and probably got some new gray hair in the process. I've learned my lesson. Change old password often. Especially before long periods away from computers. Not foolproof, but helpful. Thought I'd share.