Bank Fraud scams utilising your phone

Rips

My OH had his current account cleaned out today. :mad:

His phone stopped working at about lunchtime today, and even though he had full coverage, it said there was 'network error'. Didn't worry about it. Tried turning phone on and off again, the usual, no joy.

He went out this evening, went to an ATM on the way into town and found that his bank account was empty. Came straight home, logged onto internet banking, current account cleaned out.

The thieves were not only able to access his account, but they added themselves as a payee (usually set up using activation codes sent to your mobile) and transferred the money once authorised. The details are all there, the money was transferred into a Bank of Ireland Account under a Romanian name. They also seem to have managed to circumvent the daily transfer limit, cleaning the account out in two lots in the space of an hour.

And they did it on a Friday afternoon, so we won't hear anything more from the bank until Monday. Not to mention the difficulty in trying to get in contact with the bank/mobile network, when your phone is not working....

Any one any experience of this?

Or even cases of bank fraud scams, how successful were you in getting your money back?

Its really quite scary how elaborate this was, it feels like identity theft. OH has had to cancel his phone, credit card etc Change all his passwords everywhere (as so many sites use phone authorisation)

Meteor unhelpful as usual, couldn't give us any details, about calls made/texts received, network settings being changed etc

steveone

Now I'm not going to sleep.. how did they do that?

Rips

Its really bloody scary right?

The only thing we didn't twig, a small thing really. When I was out, I rang him and his phone went straight to voicemail. I actually left a message because its so unusual to actually get his voicemail.

Came home and discovered he hadn't been able to make/receive calls all day. Should have twigged that if there really was a network error the phone would have just made that dead beep sound, it does.

I don't know how cloning a phone works, but its seems that way. Otherwise he would have received the pin activation etc

His credit card is on the same account, but they didn't bother with it - would have been flagged up quicker I'd say, where, this would have gone unnoticed probably until he tried to take out cash. Thank god it was today, still hoping the transfer hasn't cleared

Rips

I was also under the impression that the daily limit for money transfers worked on a 12hr basis, apparently not.

Banks says they count their business day until 3.30pm, and the clock resets. They waited until just before half 3 to take the first lot, and then took the second after 3.30. In and out as quick as possible.

wmpdd3

Report to guards asap,

Get onto a laptop and get screen shot s of as much as you can from internet banking.

Gather as much evidence.

Rips

Yep, screenshot was the first thing, its a wonder they didn't remove the payee details. Surely the guards must be able to track the person who owns the BOI account, I mean they would have had to present ID to start it up etc, same as the rest of us.

Many phonecalls, OH's phone works with my sim, but still can't get it back on the network on his contract. That could just be Meteor though.

steveone

Thats unreal-

murphaph

Terrible stuff. Scum of the earth. Please keep us posted about how the scam works please. As others have said...straight to the guards today.

Rips

The only thing we can think of at this point, is that a few weeks back, he had a problem with the speaker on his phone. He brought it to Carphone Warehouse initially, but they advised him to buy the part and bring it to local 'phone-fixer' shop, you know the ones ... can unlock phones/sim cards, that stuff ....

Even still, there would have been no sensitive information stored on phone etc

Have called guards and have incident number etc

murphaph

Did you make a statement to them? This is the sort of crime the guards should be extremely interested in. These guys will offend again. Did the guards ask you to come in?

SamAK

What kind of phone was it?

pm1977x

Rips wrote: »

The only thing we can think of at this point, is that a few weeks back, he had a problem with the speaker on his phone. He brought it to Carphone Warehouse initially, but they advised him to buy the part and bring it to local 'phone-fixer' shop, you know the ones ... can unlock phones/sim cards, that stuff ....

Even still, there would have been no sensitive information stored on phone etc

Have called guards and have incident number etc

Maybe they installed some form of keylogger on his phone and got his account login/passcode that way?

If it's a case of identity theft, then it's not impossible that they obtained a replacement SIM card (hence why your husband's phone was deactivated) and used that to log into the banking. However they would have needed a lot of information to do this (name, address, DOB, as well as the logon credentials for the internet banking). Also, Meteor would have a record of the SIM being replaced.

It's frightening though, I wish you both all the best.

Rips

murphaph wrote: »

Did you make a statement to them? This is the sort of crime the guards should be extremely interested in. These guys will offend again. Did the guards ask you to come in?

No, they did talk for a long time on the phone, but not asked to come in.

SamAK wrote: »

What kind of phone was it?

Samsung, S2 I think.

pm1977x wrote: »

Maybe they installed some form of keylogger on his phone and got his account login/passcode that way?

You know I just looked that up and its scary the apps available for this :eek:

Looking for a way to keep close tabs on the cell phone activity of an out-of-control teen, unfaithful spouse, or suspicious employee with a company issued phone? Online key logging software resource Key-Logging-Software.com is now featuring Mobile Spy - a cell phone keylogger program which secretly records all emails, chats, and text messages on a compatible smartphone and uploads it for you to view remotely, 24/7.

Karsini wrote: »

If it's a case of identity theft, then it's not impossible that they obtained a replacement SIM card (hence why your husband's phone was deactivated) and used that to log into the banking. However they would have needed a lot of information to do this (name, address, DOB, as well as the logon credentials for the internet banking). Also, Meteor would have a record of the SIM being replaced.

It's frightening though, I wish you both all the best.

Meteor were entirely useless, said he could look up the records on his billing details online, which we had already tried and once his phone was deactivated, which we needed to do pronto, the option to log in is gone. Still no joy in getting active on a new sim :mad:

If you were a new customer, there'd be no problem, I'm sure.

Rips

On his third call to them today, the guy on the other end got shirty and said 'he rang the wrong number for billpay services' ... er yeah, duh, because the bill phone is not working and you can't ring it from a prepay :rolleyes:

Patrickheg

Are you sure the bank can't recall the payment? I believe they can. It's not like ATM skimming or credit card fraud, they actually know where the money has gone to.

It will likely take at least 1day to reach the other account(while it may leave your account today it may not arrive in the other account same day) and then on the other end assuming its a fraudulent account they will want to move it out ASAP so it will take another day there.

Banks are next to impossible to fraudulently set up these days. Even Romanian banks have to abide by eu laws

Rips

Patrickheg wrote: »

Are you sure the bank can't recall the payment? I believe they can. It's not like ATM skimming or credit card fraud, they actually know where the money has gone to.

It will likely take at least 1day to reach the other account(while it may leave your account today it may not arrive in the other account same day) and then on the other end assuming its a fraudulent account they will want to move it out ASAP so it will take another day there.

Banks are next to impossible to fraudulently set up these days. Even Romanian banks have to abide by eu laws

Bank said that most likely it would have been bounced straight out into an offshore account. We were hoping the transfer wouldn't have been completed though and could be stopped, as it does take time even when the funds are shown as gone.

What was annoying was that they can view the account (ours) same as us, see the transaction, see the payee, but they would not tell us if the receiving account was activated online, or if the funds were received.

No word til Monday though they said. We were onto them again this morning with more questions, but still no update.

Patrickheg

Rips wrote: »

Bank said that most likely it would have been bounced straight out into an offshore account. We were hoping the transfer wouldn't have been completed though and could be stopped, as it does take time even when the funds are shown as gone.

What was annoying was that they can view the account (ours) same as us, see the transaction, see the payee, but they would not tell us if the receiving account was activated online, or if the funds were received.

No word til Monday though they said. We were onto them again this morning with more questions, but still no update.

Hope you get sorted

steveone

So should we avoid using the smartphone for bank transactions,eBay and the like?

elfy4eva

Very sorry to hear this OP you have my sympathies. These type of stories have me so paranoid when using online banking and ATM's.

Rips

I'll keep you updated on the outcome.

There is still a big '''?'' I think, because with the pin system, you never type your full password etc, so even with something like the keylogger, how they could log in at all, is baffling.

Also, why they didn't do certain things ... like why not shut the account down, remove the beneficiary details, remove the evidence etc

Its just quite startling what they were able to do with his phone, shut it down effectively, so he couldn't make/receive calls, or receive the notification that a payee had been added to his account etc

murphaph

Did the guards say they'll actually investigate this crime?

B00MSTICK

Hi OP, sounds to me like your OH has been the target of "SIM swapping" and has some malware installed on their PC/laptop.

Typically the fraudster will use the banking malware on PC to get access to the user's account details. Once this is done they'll attempt to add a new payee which will require them to access the users One Time Code (OTC) which is sent to their mobile as a text message.
To do this the fraudster will often use Social engineering to trick the Meteor/Voda/3/CPW agent to give them a new SIM with the targets number. Once this is done they activate the SIM (which caused your OH's phone to lose network connectivity, in essence the fraudster was in control of his number) and they could then receive the SMS with the OTC.

I'd be very wary of using your/OH's computer at this point.

I'm not familiar with how the BOI app/online portal operates so the above may/may not be applicable (you can fill me in if its different!) but I do know I've seen some phishing mail around banking 365 which you may have seen?

If anyone wants further info you can google Eurograbber - pretty much the same idea and the reason why the use of OTC's via SMS has been completely ruled out by a number of financial institutions.

Rips

B00MSTICK wrote: »

Hi OP, sounds to me like your OH has been the target of "SIM swapping" and has some malware installed on their PC/laptop.

Typically the fraudster will use the banking malware on PC to get access to the user's account details. Once this is done they'll attempt to add a new payee which will require them to access the users One Time Code (OTC) which is sent to their mobile as a text message.
To do this the fraudster will often use Social engineering to trick the Meteor/Voda/3/CPW agent to give them a new SIM with the targets number. Once this is done they activate the SIM (which caused your OH's phone to lose network connectivity, in essence the fraudster was in control of his number) and they could then receive the SMS with the OTC.

I'd be very wary of using your/OH's computer at this point.

I'm not familiar with how the BOI app/online portal operates so the above may/may not be applicable (you can fill me in if its different!) but I do know I've seen some phishing mail around banking 365 which you may have seen?

If anyone wants further info you can google Eurograbber - pretty much the same idea and the reason why the use of OTC's via SMS has been completely ruled out by a number of financial institutions.

I saw the phishing scam post on this board when I searched here first for fraud of this nature, but he never received any texts. We would be fairly savvy about not letting our phone/email go out to third party - although having said that, I won a million £ this week :rolleyes: according to a text.

He's removed everything now, closed all accounts etc trying to get set up on a new number, I best tell him to see if he can run an antivirus on his phone. PC's been done, but we won't be using the same again. He also would have accessed the account from a tablet.

He was however using the account a lot in the previous weeks, which by the sounds of that Eurograbber scam, could have made it easier, adding payee's and receiving OTC's another reason why there was also so much money in the account.

Yes, have an incident number from the guards to follow the progress of the investigation. I suspect inevitably it will land with the guards to investigate the person who started the 'fraudulent' BOI account.

I think there will have to be a few more insistent calls to Meteor to discover how this happened :mad:

Atlantic Dawn

It would be my belief that if the phone provider handed out a new sim to the scammer that they would be responsible for any loss as it would be their incompetence that caused it.

wmpdd3

Not sure about that but a quick mail to comreg may clarify.

I have experienced the hoops people have to go through for a sim replacement with the networks, this may be why.

Fred Swanson

This post has been deleted.

uck51js9zml2yt

steveone wrote: »

So should we avoid using the smartphone for bank transactions,eBay and the like?

In short.. Yes.
Phones are insecure and should not be used for payment services.
You are sending this information over an unsecured wireless service.

rovoagho

Please define what you mean by "unsecured".

Please detail which devices you're referring to: android, ios, how about feature phones?

Please explain how your opinion applies in this particular case.

uck51js9zml2yt

rovoagho wrote: »

Please define what you mean by "unsecured".

Please detail which devices you're referring to: android, ios, how about feature phones?

Please explain how your opinion applies in this particular case.

It's not encrypted and is therefore the data is transmitted over an unsecured connection.
The same with people sending passwords or credit card details by email. It's very easy once you know how to capture the data and see what it contains.

28064212

Marleigh Tasty Spittoon wrote: »

In short.. Yes.
Phones are insecure and should not be used for payment services.
You are sending this information over an unsecured wireless service.

? Using eBay or internet banking from your phone is no more or less secure than using it from your laptop

Spocker

Marleigh Tasty Spittoon wrote: »

It's not encrypted and is therefore the data is transmitted over an unsecured connection.
The same with people sending passwords or credit card details by email. It's very easy once you know how to capture the data and see what it contains.

Actually this is not correct. The carrier may not encrypt their traffic, but I'd be very surprised if any financial service that uses mobile application does not use https or other security for their traffic.

I work for a mobile application development company, and all our traffic is using https for traffic.

wmpdd3

I though this too, I just think there is an easier less sophisticated way the money was taken.

Op, go back over every transaction over the last month and see if anything rings a bell.

The bank or the police may never give a reason the money was taken.

all we can be sure of is the thief knew their phone number and that they banked with boi. (or any bank that uses a text code to set up payees).

Where did they get the phone connection? Online?

rovoagho

Marleigh Tasty Spittoon wrote: »

It's not encrypted and is therefore the data is transmitted over an unsecured connection.

How do you know this?

In this particular case phone encryption doesn't even appear to be relevant, since it looks like the attack vector was actually a computer. We don't have the details yet, but it looks like the mobile was simply used for two-factor authentication, and the SIM was either cloned or a copy acquired from the carrier; both of which are social engineering problems.

You would know this if you had read the thread fully. And if this is actually the case then by your logic you should be advising people not to use computers for transactions. Which wouldn't be correct either.

murphaph

OP: was the phone used to access the online banking as well as receive codes for transactions?

uck51js9zml2yt

the experts seem to think mobile apps aren't secure. http://www.icttf.org/blogs/2/449/10-reasons-not-to-use-a-banking.

28064212

Marleigh Tasty Spittoon wrote: »

the experts seem to think mobile apps aren't secure. http://www.icttf.org/blogs/2/449/10-reasons-not-to-use-a-banking.

Expert. And going by this article, that's a stretch.

1. So the bank gave a perfectly legitimate explanation? Not to mention the bizarre contrast of him fully trusting them with his money, but not his smartphone pics
2. There's exactly the same amount of legislation for a smartphone as there is for laptop/PC banking
3. It's not "easy" to sniff an SSL connection, which all Irish banks use, and again, it's exactly the same for laptops
4. "Most" users? Most users I know do have a passcode. And all Irish banking apps require you to login using the same details you would use on your laptop
5. Because PCs never get infected by malware. If anything, the permissions system on smartphones is stronger than the PC one
6. See 5
7. The rare valid point. But has little to do with Online Banking.
8. [Citation needed]
9. High percentage rises don't mean much when starting from a low level. I can guarantee the percentage of PCs with infections is far, far higher than the percentage of smartphones infected
10. Again, the permissions system is stronger on smartphones than it is on PCs.

28064212

And none of it has anything to do with your assertion that smartphones are insecure because "You are sending this information over an unsecured wireless service"

Metroid diorteM

Which Irish banks do validation for adding a new payee by text instead of by code card?

If my bank does this I want to request that text validation is blocked.

Fred Swanson

This post has been deleted.

dobsdave

Fred Swanson wrote: »

This post has been deleted.

As do BOI.

GarIT

This is why you absolutely need a good security product like Norton on your phone if you are going to let it connect to the internet.

28064212

GarIT wrote: »

This is why you absolutely need a good security product like Norton on your phone if you are going to let it connect to the internet.

What part of the OP's story would having a security product on their phone have prevented?

GarIT

28064212 wrote: »

What part of the OP's story would having a security product on their phone have prevented?

If it was malware on the phone it would have stopped it.

murphaph

28064212 wrote: »

And all Irish banking apps require you to login using the same details you would use on your laptop

The BoI Android app does not require the user ID which is required any time you log in to 365online.

I still generally believe that a smartphone is every bit as secure as a phone for online banking as long as you follow common sense precautions. I'm really interested to find out how the OP was actually scammed but the fact the guards don't appear to want to even take a statement from them doesn't inspire confidence in me that it'll ever be solved.

B00MSTICK

28064212 wrote:

Expert. And going by this article, that's a stretch.

QFT - I'd question the majority of that list too.

Has your OH installed any apps recently OP?

Just in case there was some apps with shady permissions, but my bet is still on it being PC malware with dynamic web injects and then SIM swapping/cloning.

We haven't seen an explosion of true mobile banking malware because the fraudsters are having success with the online banking arm.
That and the ability to add new payees via a mobile banking app is still a rarity - but watch this space...

Rips

Well the good news is the money was refunded. We got a courtesy call from the bank on Monday to say this had been processed, and we received it today. Phew.

On the other aspect, it appears it will not be investigated by the guards :mad:
I say this because we also managed to get the details of the phone bill (eventually - the bill phone is still not working, not connected to a network, we'll be cancelling the contract and looking for a refund)
We rang the guards immediately to give them the details, there were a number of phone numbers, which are all answering. Guards didn't bother to take the details, said the case handler would be on to us, no word since.

As far as the other questions:
-No dodgy apps, we always read permissions etc
- BOI App was installed on the phone but not used.
- AIB use a code card system instead of mobile authorisation (you have a card with a load of different number sequences, and it requests two of these to authorise transfers/payments)

murphaph

Rips wrote: »

We rang the guards immediately to give them the details, there were a number of phone numbers, which are all answering. Guards didn't bother to take the details, said the case handler would be on to us, no word since.

Sad to say but I'm not surprised. I don't rate AGS as a police force at all. I think they're more like Keystone Cops than real ones. This is a crime waiting to be solved and they simply aren't that bothered.

Fred Swanson

This post has been deleted.

Nonoperational

Fred Swanson wrote: »

This post has been deleted.

No you won't.

paulfosters

Rips wrote: »

Well the good news is the money was refunded. We got a courtesy call from the bank on Monday to say this had been processed, and we received it today. Phew.

On the other aspect, it appears it will not be investigated by the guards :mad:
I say this because we also managed to get the details of the phone bill (eventually - the bill phone is still not working, not connected to a network, we'll be cancelling the contract and looking for a refund)
We rang the guards immediately to give them the details, there were a number of phone numbers, which are all answering. Guards didn't bother to take the details, said the case handler would be on to us, no word since.

As far as the other questions:
-No dodgy apps, we always read permissions etc
- BOI App was installed on the phone but not used.
- AIB use a code card system instead of mobile authorisation (you have a card with a load of different number sequences, and it requests two of these to authorise transfers/payments)

great to hear it. all too often we dont hear the end of the situation. glad you got sorted must be a big relief.