This should also be a lesson about having $9k in an account tied to a debit card and not following up on suspicious transactions. If the thieves had done an ATM balance check and seen a combined balance of a number of hundreds of dollars that could be counted on one hand they likely would have settled for withdrawing that and wouldn't have bothered hitting Mitch with the advanced scam to gain the bank info needed for a wire transfer. If Mitch had noticed the test withdrawals he could have called his bank and stopped the fraud there.
For how often you need that kind of cash readily accessible it's simply not worth the risk for the overwhelming majority of people.
This was a really sophisticated attack and fooled even a security conscious person but defense in depth (not having the big bucks accessible from your general use card and/or following up on unknown transactions) would have stymied it. With a good security protocol breaking one rule (not hanging up and calling back) shouldn't screw you.
For how often you need that kind of cash readily accessible it's simply not worth the risk for the overwhelming majority of people.
This was a really sophisticated attack and fooled even a security conscious person but defense in depth (not having the big bucks accessible from your general use card and/or following up on unknown transactions) would have stymied it. With a good security protocol breaking one rule (not hanging up and calling back) shouldn't screw you.