# BoI account emptied via a text scam



## knockshe (19 Jun 2020)

My daughter fell for lookalike BoI phishing text recently and had her account emptied, via a debit card transaction; the bank (Bank of Ireland) were informed within 10 minutes of it happening and after some initial assurances that they would take care of it, they later just said it was her own fault and she is at the full loss of it. Why cant the Bank follow the money trail? Do other banks have an upper limit for a single debit card transaction? As this fraudulent transaction was for 98% of the total amount in the account and was totally out of character to all previous transactions on the account, should they not have done more security checks or even stopped the transaction? Do VISA have any kind of insurance cover for this? The name of the fraudster had Revolut in it, REVO* AaronIsiramen.  We have asked the bank all these questions but got no answers. Inputs welcome. We have also pursued Revolut but not much luck there either.


----------



## Brendan Burgess (19 Jun 2020)

How much was taken?

If she emptied her account into someone else's, it's a bit much to expect the bank to be responsible.

I don't see what it has to do with Revolut?  Someone was clearly impersonating them. You can't blame Revolut for that.

Brendan


----------



## LS400 (19 Jun 2020)

I don`t  have many nice things to say about our banks here, but they cant be held responsible for the, lack of responsibility, on the part of the customer.

Phishing, Fraud Scamming ect are so sophisticated these days, the elderly and young are probably more at risk of falling to them. 

There should definitely be more awareness of above scams, and I think it should start in school.

Id rather see kids educated in the modern world at a young age, which will help develop suspicious awareness on financial transactions.


----------



## knockshe (19 Jun 2020)

Brendan Burgess said:


> How much was taken?
> 
> If she emptied her account into someone else's, it's a bit much to expect the bank to be responsible.
> 
> ...


€2890 was taken (account balance was €2958). She got a text, looking like from BoI, saying there was suspicious activity on her account and to click "this link" to accept or reject the transaction. She clicked! She then got a screen asking her to accept/reject the transaction for amount €2890. She selected reject (or cancel) and it then asked her to input her card details ... and so on. When completed, she felt uncomfortable so called the bank; they confirmed she was scammed and cancelled her card, changed pw, etc.


----------



## Brendan Burgess (19 Jun 2020)

I have great sympathy but it's not the bank's fault. 

If I withdraw €500 from the bank and then a thief takes it from my pocket on the street, I don't claim it back from the bank. 

There was a huge consumer led movement to make bank transactions instant. It might be no harm to reinstate a one day delay, as many people seem to realise they have been scammed within a few minutes of sending away the money.

Brendan


----------



## Boyd (19 Jun 2020)

I absolutely feel for the victim, scams like that make you feel rotten. However as above, the person unfortunately did the equivalent of leaving their ATM card on the bus with a note saying "To whomever finds this, here is my PIN as well in case you need it". I'm not trying to be funny or judging (we all get flustered which is what the scammer wants here, to induce panic), im just trying to separate the technology aspect from the scam so it's comparable in the physical world. 
If you've basically given away your cars details it will be very hard to get a refund I would think. It's very tough, but if that were the scenario, you'd have people doing that daily and asking for refunds in an organised manner.
Incidentally, I think this highlights a new issue of people keeping (which I also do) a couple of thousand in a current account to avoid fees. If these minimum amounts were not a thing, I'd say floating current account balances would be much less.

You could try to initiate a charge back. I did this recently for a much smaller amount and was successful (it wasn't a smishing scam as it is here though, the merchant simply charged me twice). You need to specifically say you want to open a charge back request as I found the bank were reticent to do so only for I knew it was an option.


----------



## RichInSpirit (19 Jun 2020)

knockshe said:


> €2890 was taken (account balance was €2958). She got a text, looking like from BoI, saying there was suspicious activity on her account and to click "this link" to accept or reject the transaction. She clicked! She then got a screen asking her to accept/reject the transaction for amount €2890. She selected reject (or cancel) and it then asked her to input her card details ... and so on. When completed, she felt uncomfortable so called the bank; they confirmed she was scammed and cancelled her card, changed pw, etc.


Had the scammers prior knowledge of how much was in her bank account? Seems an unlikely coincidence that they looked for a little bit more than was actually in her bank account? 
Also the amount taken would have put her account in an overdraft situation. Small but still an overdraft. Had she an overdraft facility or was it an unauthorised overdraft? 
It might be worth challenging the bank on these points.


----------



## NewEdition (19 Jun 2020)

RichInSpirit said:


> Seems an unlikely coincidence that they looked for a little bit more than was actually in her bank account?


??


----------



## Drakon (20 Jun 2020)

knockshe said:


> Why cant the Bank follow the money trail?



This is what I don’t understand about such crimes. When this is reported to the authorities, why does the money trail not lead to the culprits?
I realise the money (usually) bounces around a number of countries but can it not be treated? Or does it eventually enter the dark web where privacy is centre stage?


----------



## knockshe (20 Jun 2020)

RichInSpirit said:


> Had the scammers prior knowledge of how much was in her bank account? Seems an unlikely coincidence that they looked for a little bit more than was actually in her bank account?
> Also the amount taken would have put her account in an overdraft situation. Small but still an overdraft. Had she an overdraft facility or was it an unauthorised overdraft?
> It might be worth challenging the bank on these points.


Actually the amount taken was a little bit LESS than the balance, €2890 taken vs a balance of €2959 and they did indeed highlight this amount BEFORE account/card credentials were provided so we did ask the bank how was it that it seemed the fraudster knew the balance in the account.


----------



## knockshe (20 Jun 2020)

Boyd said:


> I absolutely feel for the victim, scams like that make you feel rotten. However as above, the person unfortunately did the equivalent of leaving their ATM card on the bus with a note saying "To whomever finds this, here is my PIN as well in case you need it". I'm not trying to be funny or judging (we all get flustered which is what the scammer wants here, to induce panic), im just trying to separate the technology aspect from the scam so it's comparable in the physical world.
> If you've basically given away your cars details it will be very hard to get a refund I would think. It's very tough, but if that were the scenario, you'd have people doing that daily and asking for refunds in an organised manner.
> Incidentally, I think this highlights a new issue of people keeping (which I also do) a couple of thousand in a current account to avoid fees. If these minimum amounts were not a thing, I'd say floating current account balances would be much less.
> 
> You could try to initiate a charge back. I did this recently for a much smaller amount and was successful (it wasn't a smishing scam as it is here though, the merchant simply charged me twice). You need to specifically say you want to open a charge back request as I found the bank were reticent to do so only for I knew it was an option.


Actually we do have a CHARGEBACK dialogue ongoing with the Bank but it is in a bit of a cul de sac as the other party (the "Merchant") is not identifiable. We didnt initiate this - we just received a letter from BoI Chargeback.


----------



## PMU (20 Jun 2020)

Does BoI operate Strong Customer Authentication? In post 11 you say the other party is identified as a 'Merchant', in which case your daughter is a 'customer' and should have had her identity and the transaction authenticated by SCA. If not I would think BoI has a case to answer.  Was e.g. your daughter asked for certain digits of her PIN to authenticate the transaction?


----------



## Gordon Gekko (20 Jun 2020)

It is very sad to hear what happened. It’s obviously the individual’s fault, but I wouldn’t be too quick to let it go. There’s the chargeback angle to pursue, but also the fact that the scammers seem to have had knowledge of the account balance; how else were they able to put through a transaction that cleaned out the account almost completely?


----------



## RedOnion (20 Jun 2020)

These are generally carefully done as 'cash' transactions, so chargeback is almost impossible. Could be through gambling sites, Revolut transfers, etc. They're generally cross border, or use a recipient bank / payment provider with imperfect AML controls in place.

As @Gordon Gekko said, it's strange that the amount was almost exactly the balance. Something else was already compromised. Was this a salary amount? Had she any sent or received any emails or social media posts about that amount of money? These scams are most successful when they use multiple data sources, so it's not inconceivable that her email / social media accounts have been compromised.


----------

