Bank Fraud scams utilising your phone

Rips

My OH had his current account cleaned out today. :mad:

His phone stopped working at about lunchtime today, and even though he had full coverage, it said there was 'network error'. Didn't worry about it. Tried turning phone on and off again, the usual, no joy.

He went out this evening, went to an ATM on the way into town and found that his bank account was empty. Came straight home, logged onto internet banking, current account cleaned out.

The thieves were not only able to access his account, but they added themselves as a payee (usually set up using activation codes sent to your mobile) and transferred the money once authorised. The details are all there, the money was transferred into a Bank of Ireland Account under a Romanian name. They also seem to have managed to circumvent the daily transfer limit, cleaning the account out in two lots in the space of an hour.

And they did it on a Friday afternoon, so we won't hear anything more from the bank until Monday. Not to mention the difficulty in trying to get in contact with the bank/mobile network, when your phone is not working....

Any one any experience of this?

Or even cases of bank fraud scams, how successful were you in getting your money back?

Its really quite scary how elaborate this was, it feels like identity theft. OH has had to cancel his phone, credit card etc Change all his passwords everywhere (as so many sites use phone authorisation)

Meteor unhelpful as usual, couldn't give us any details, about calls made/texts received, network settings being changed etc

steveone

Now I'm not going to sleep.. how did they do that?

Rips

Its really bloody scary right?

The only thing we didn't twig, a small thing really. When I was out, I rang him and his phone went straight to voicemail. I actually left a message because its so unusual to actually get his voicemail.

Came home and discovered he hadn't been able to make/receive calls all day. Should have twigged that if there really was a network error the phone would have just made that dead beep sound, it does.

I don't know how cloning a phone works, but its seems that way. Otherwise he would have received the pin activation etc

His credit card is on the same account, but they didn't bother with it - would have been flagged up quicker I'd say, where, this would have gone unnoticed probably until he tried to take out cash. Thank god it was today, still hoping the transfer hasn't cleared

Rips

I was also under the impression that the daily limit for money transfers worked on a 12hr basis, apparently not.

Banks says they count their business day until 3.30pm, and the clock resets. They waited until just before half 3 to take the first lot, and then took the second after 3.30. In and out as quick as possible.

wmpdd3

Report to guards asap,

Get onto a laptop and get screen shot s of as much as you can from internet banking.

Gather as much evidence.

Rips

Yep, screenshot was the first thing, its a wonder they didn't remove the payee details. Surely the guards must be able to track the person who owns the BOI account, I mean they would have had to present ID to start it up etc, same as the rest of us.

Many phonecalls, OH's phone works with my sim, but still can't get it back on the network on his contract. That could just be Meteor though.

steveone

Thats unreal-

murphaph

Terrible stuff. Scum of the earth. Please keep us posted about how the scam works please. As others have said...straight to the guards today.

Rips

The only thing we can think of at this point, is that a few weeks back, he had a problem with the speaker on his phone. He brought it to Carphone Warehouse initially, but they advised him to buy the part and bring it to local 'phone-fixer' shop, you know the ones ... can unlock phones/sim cards, that stuff ....

Even still, there would have been no sensitive information stored on phone etc

Have called guards and have incident number etc

murphaph

Did you make a statement to them? This is the sort of crime the guards should be extremely interested in. These guys will offend again. Did the guards ask you to come in?

SamAK

What kind of phone was it?

pm1977x

Rips wrote: »

The only thing we can think of at this point, is that a few weeks back, he had a problem with the speaker on his phone. He brought it to Carphone Warehouse initially, but they advised him to buy the part and bring it to local 'phone-fixer' shop, you know the ones ... can unlock phones/sim cards, that stuff ....

Even still, there would have been no sensitive information stored on phone etc

Have called guards and have incident number etc

Maybe they installed some form of keylogger on his phone and got his account login/passcode that way?

If it's a case of identity theft, then it's not impossible that they obtained a replacement SIM card (hence why your husband's phone was deactivated) and used that to log into the banking. However they would have needed a lot of information to do this (name, address, DOB, as well as the logon credentials for the internet banking). Also, Meteor would have a record of the SIM being replaced.

It's frightening though, I wish you both all the best.

Rips

murphaph wrote: »

Did you make a statement to them? This is the sort of crime the guards should be extremely interested in. These guys will offend again. Did the guards ask you to come in?

No, they did talk for a long time on the phone, but not asked to come in.

SamAK wrote: »

What kind of phone was it?

Samsung, S2 I think.

pm1977x wrote: »

Maybe they installed some form of keylogger on his phone and got his account login/passcode that way?

You know I just looked that up and its scary the apps available for this :eek:

Looking for a way to keep close tabs on the cell phone activity of an out-of-control teen, unfaithful spouse, or suspicious employee with a company issued phone? Online key logging software resource Key-Logging-Software.com is now featuring Mobile Spy - a cell phone keylogger program which secretly records all emails, chats, and text messages on a compatible smartphone and uploads it for you to view remotely, 24/7.

Karsini wrote: »

If it's a case of identity theft, then it's not impossible that they obtained a replacement SIM card (hence why your husband's phone was deactivated) and used that to log into the banking. However they would have needed a lot of information to do this (name, address, DOB, as well as the logon credentials for the internet banking). Also, Meteor would have a record of the SIM being replaced.

It's frightening though, I wish you both all the best.

Meteor were entirely useless, said he could look up the records on his billing details online, which we had already tried and once his phone was deactivated, which we needed to do pronto, the option to log in is gone. Still no joy in getting active on a new sim :mad:

If you were a new customer, there'd be no problem, I'm sure.

Rips

On his third call to them today, the guy on the other end got shirty and said 'he rang the wrong number for billpay services' ... er yeah, duh, because the bill phone is not working and you can't ring it from a prepay :rolleyes:

Patrickheg

Are you sure the bank can't recall the payment? I believe they can. It's not like ATM skimming or credit card fraud, they actually know where the money has gone to.

It will likely take at least 1day to reach the other account(while it may leave your account today it may not arrive in the other account same day) and then on the other end assuming its a fraudulent account they will want to move it out ASAP so it will take another day there.

Banks are next to impossible to fraudulently set up these days. Even Romanian banks have to abide by eu laws

Rips

Patrickheg wrote: »

Are you sure the bank can't recall the payment? I believe they can. It's not like ATM skimming or credit card fraud, they actually know where the money has gone to.

It will likely take at least 1day to reach the other account(while it may leave your account today it may not arrive in the other account same day) and then on the other end assuming its a fraudulent account they will want to move it out ASAP so it will take another day there.

Banks are next to impossible to fraudulently set up these days. Even Romanian banks have to abide by eu laws

Bank said that most likely it would have been bounced straight out into an offshore account. We were hoping the transfer wouldn't have been completed though and could be stopped, as it does take time even when the funds are shown as gone.

What was annoying was that they can view the account (ours) same as us, see the transaction, see the payee, but they would not tell us if the receiving account was activated online, or if the funds were received.

No word til Monday though they said. We were onto them again this morning with more questions, but still no update.

Patrickheg

Rips wrote: »

Bank said that most likely it would have been bounced straight out into an offshore account. We were hoping the transfer wouldn't have been completed though and could be stopped, as it does take time even when the funds are shown as gone.

What was annoying was that they can view the account (ours) same as us, see the transaction, see the payee, but they would not tell us if the receiving account was activated online, or if the funds were received.

No word til Monday though they said. We were onto them again this morning with more questions, but still no update.

Hope you get sorted

steveone

So should we avoid using the smartphone for bank transactions,eBay and the like?

elfy4eva

Very sorry to hear this OP you have my sympathies. These type of stories have me so paranoid when using online banking and ATM's.

Rips

I'll keep you updated on the outcome.

There is still a big '''?'' I think, because with the pin system, you never type your full password etc, so even with something like the keylogger, how they could log in at all, is baffling.

Also, why they didn't do certain things ... like why not shut the account down, remove the beneficiary details, remove the evidence etc

Its just quite startling what they were able to do with his phone, shut it down effectively, so he couldn't make/receive calls, or receive the notification that a payee had been added to his account etc

murphaph

Did the guards say they'll actually investigate this crime?

B00MSTICK

Hi OP, sounds to me like your OH has been the target of "SIM swapping" and has some malware installed on their PC/laptop.

Typically the fraudster will use the banking malware on PC to get access to the user's account details. Once this is done they'll attempt to add a new payee which will require them to access the users One Time Code (OTC) which is sent to their mobile as a text message.
To do this the fraudster will often use Social engineering to trick the Meteor/Voda/3/CPW agent to give them a new SIM with the targets number. Once this is done they activate the SIM (which caused your OH's phone to lose network connectivity, in essence the fraudster was in control of his number) and they could then receive the SMS with the OTC.

I'd be very wary of using your/OH's computer at this point.

I'm not familiar with how the BOI app/online portal operates so the above may/may not be applicable (you can fill me in if its different!) but I do know I've seen some phishing mail around banking 365 which you may have seen?

If anyone wants further info you can google Eurograbber - pretty much the same idea and the reason why the use of OTC's via SMS has been completely ruled out by a number of financial institutions.

Rips

B00MSTICK wrote: »

Hi OP, sounds to me like your OH has been the target of "SIM swapping" and has some malware installed on their PC/laptop.

Typically the fraudster will use the banking malware on PC to get access to the user's account details. Once this is done they'll attempt to add a new payee which will require them to access the users One Time Code (OTC) which is sent to their mobile as a text message.
To do this the fraudster will often use Social engineering to trick the Meteor/Voda/3/CPW agent to give them a new SIM with the targets number. Once this is done they activate the SIM (which caused your OH's phone to lose network connectivity, in essence the fraudster was in control of his number) and they could then receive the SMS with the OTC.

I'd be very wary of using your/OH's computer at this point.

I'm not familiar with how the BOI app/online portal operates so the above may/may not be applicable (you can fill me in if its different!) but I do know I've seen some phishing mail around banking 365 which you may have seen?

If anyone wants further info you can google Eurograbber - pretty much the same idea and the reason why the use of OTC's via SMS has been completely ruled out by a number of financial institutions.

I saw the phishing scam post on this board when I searched here first for fraud of this nature, but he never received any texts. We would be fairly savvy about not letting our phone/email go out to third party - although having said that, I won a million £ this week :rolleyes: according to a text.

He's removed everything now, closed all accounts etc trying to get set up on a new number, I best tell him to see if he can run an antivirus on his phone. PC's been done, but we won't be using the same again. He also would have accessed the account from a tablet.

He was however using the account a lot in the previous weeks, which by the sounds of that Eurograbber scam, could have made it easier, adding payee's and receiving OTC's another reason why there was also so much money in the account.

Yes, have an incident number from the guards to follow the progress of the investigation. I suspect inevitably it will land with the guards to investigate the person who started the 'fraudulent' BOI account.

I think there will have to be a few more insistent calls to Meteor to discover how this happened :mad:

Atlantic Dawn

It would be my belief that if the phone provider handed out a new sim to the scammer that they would be responsible for any loss as it would be their incompetence that caused it.

wmpdd3

Not sure about that but a quick mail to comreg may clarify.

I have experienced the hoops people have to go through for a sim replacement with the networks, this may be why.

Fred Swanson

This post has been deleted.

uck51js9zml2yt

steveone wrote: »

So should we avoid using the smartphone for bank transactions,eBay and the like?

In short.. Yes.
Phones are insecure and should not be used for payment services.
You are sending this information over an unsecured wireless service.

rovoagho

Please define what you mean by "unsecured".

Please detail which devices you're referring to: android, ios, how about feature phones?

Please explain how your opinion applies in this particular case.

uck51js9zml2yt

rovoagho wrote: »

Please define what you mean by "unsecured".

Please detail which devices you're referring to: android, ios, how about feature phones?

Please explain how your opinion applies in this particular case.

It's not encrypted and is therefore the data is transmitted over an unsecured connection.
The same with people sending passwords or credit card details by email. It's very easy once you know how to capture the data and see what it contains.

28064212

Marleigh Tasty Spittoon wrote: »

In short.. Yes.
Phones are insecure and should not be used for payment services.
You are sending this information over an unsecured wireless service.

? Using eBay or internet banking from your phone is no more or less secure than using it from your laptop