Kelleye Elmore got the alert on a Tuesday of fraudulent activity on her husband’s debit card. The call came from a phone number just one digit off from the one she always used when doing business with her bank. The caller knew her account numbers, her address and even asked the same questions she answered when the bank suspected fraud on her account two months earlier.

“They verified our information and did everything just like [bank representatives] had always done in the past. Everything seemed so official,” said the internal controls manager for the Defense Logistics Agency’s Audit Task Force.

The caller assured Elmore a new debit card would arrive at her home Friday. Her husband was there waiting for the card when he accessed the account online to make sure it had been mailed. It was indeed – but not to their address. And the $13,000-plus sitting in their checking and savings accounts? All but $2.53 gone after 17 withdrawals from an ATM in Hollywood, Florida.

“After the fact, we realized there were so many red flags we should’ve paid attention to. It was a great scam,” Elmore said. “With me being in internal control and my husband being in IT [information technology], it shows this could happen to anyone.”

The couple called their bank, a popular financial services group that caters to military members and their families, and confirmed that Tuesday’s caller was a scammer who used the information Elmore shared to change the account address and ATM withdrawal limits.

She’s sharing her story to warn other employees of the scam and offer advice.

“Don’t trust anyone when it comes to your money. Verify, verify, verify. If a person says they’re from your bank, take the information from them, then hang up and call your bank. Any representative there should be able to tell you if that information is true,” she said.

As an internal controls manager, Elmore said the she believes the bank should have had built-in systems to signal unusual activity in her accounts. In the 30 years she and her husband have been with the bank, they’ve never transferred money from savings to checking. They’ve also never changed the withdrawal limit, and always notified the bank when they planned to make out-of-state transactions. Still, Elmore said the blame is on them for not verifying the caller’s information with the bank.

Employees can protect themselves from fraudulent activity by being aware of scams that target bank accounts, such as emails or calls from someone claiming to be with the individual’s credit card company or bank. Victims may be asked to click on links or attachments or be given a callback number to initiate an investigation – all attempts to collect sensitive information.

“It’s not just the criminals are who are targeting your information. Foreign intelligence entities are also after sensitive personal information,” said Matthew Baker, manager of operations security for DLA Intelligence.

Baker recommends employees take steps to protect their information and monitor their credit reports at least once a year for suspicious activity. Social media sites like Facebook and Twitter also put users at greater risk for identify theft and other scams. For tips on using social media safely, traveling with personal electronic devices and more, visit the DLA Intelligence website.