This is 100% true. I got a bounced e-mail (the original of which I did not send) that had the entire account information of a gentleman in Arizona.
I suspect it is a hacked account and the e-mail is bouncing around to networks of thieves.
The text of the e-mail included a name, address SSN and all online info for the man in AZ. Since I am suspect of all these scam mails, I decided to see if any of the info was good. Since I am a bank of America online user, I know their interface.
Short story: I was able to log into this man’s bank account and look at his checking records (I could have easily transferred his balance to me).
I found a recent deposit form his employer, looked them up on Google and called the office in AZ, asking for him by name. I was transferred to him and told him about it. He was grateful, and got online immediately to change his passcode.
If you use Bank of America’s online services, I highly recommend you go online to BofA online now and change your password. Who knows how many accounts are compromised. The only reason this guy wasn’t cleaned out is because thieves had not gotten to his account yet. That, and the fact that the one person who tried accessing his account was honest.
I am not making this up. I was in his account.