Retired consumer targeted in text message scam
Key Lesson:
Everyone is a potential victim of fraud and should take steps to protect themselves and their loved ones. Every day, fraudsters target consumers with elaborate scams that exploit familiar technology such as text and email. They use reasonable-sounding scenarios such as password resets, fraud alerts or prize draws to trick consumers into clicking links or disclosing personal information and passwords. Consumers should never provide banking or personal information to anyone who has contacted them requesting it, and they should immediately contact their bank if they suspect fraud or think their account has been compromised.
When a consumer contacts their bank to report concerns about fraud, banks have the responsibility to take steps to prevent further harm, for example, by putting a hold on an account. Every fraud-related call that the bank receives is also an opportunity to educate the consumer about the importance of secure banking practices and how to avoid falling prey to common scams.
Text message worries consumer
In November 2019, Mrs. V received a text message on her mobile phone from what appeared to be one of her monthly service providers. The message preview said that Mrs. V had been refunded a credit. For more details, she opened the message and clicked on the link provided. Mrs. V was then asked to click on the icon for her financial institution to continue with the refund process and deposit the amount into her bank account.
After Mrs. V clicked on the icon for Bank ABC, her financial institution, the screen of her mobile phone glitched for a moment. Mrs. V felt uneasy. Mrs. V’s bank account also offered access to her line of credit and credit card. Mrs. V and her husband were retired and not completely confident in the online banking capabilities of their phone apps. Mr. V advised Mrs. V to report the incident to Bank ABC as soon as possible and find out if any of their accounts with the bank had been compromised.
Consumer notifies bank of potential fraud
Mrs. V immediately phoned Bank ABC’s telephone banking department to report suspicions that she may be a victim of fraud. The bank representative asked Mrs. V if she had entered her banking information on the redirected page. Mrs. V said that she had not.
While speaking with Bank ABC, Mrs. V accessed her bank account online using an iPad and checked the balance. The bank representative noted that there had been no refund and no current activity on any of Mrs. V’s accounts. The bank then reassured Mrs. V that there was nothing to worry about and concluded the phone call.
That same evening, Mrs. V received a notification from Bank ABC confirming that an e-transfer of $3,000 – her daily e-transfer limit – had been accepted by someone she did not know.
Bank holds consumer responsible
Mrs. V immediately notified Bank ABC that an e-transfer of $3,000 had been fraudulently withdrawn from her bank account and requested reimbursement for the full amount. The bank responded by initiating its own investigation.
Bank ABC concluded that Mrs. V:
- did not exercise reasonable security practices, according to her obligations under the bank agreement, when she clicked on the text message link and the bank icon;
- was deemed to have contributed to the unauthorized transaction as a result of her own actions according to the bank agreement; and
- was responsible for the $3,000 e-transfer.
The bank’s decision took into consideration that Mrs. V had saved her banking information and password on her mobile phone, which made it possible for fraudsters to locate her log in credentials and access her account. However, the bank’s main reason for refusing to compensate Mrs. V was that they said she did not practice reasonable security measures with her mobile device.
Mrs. V thought she had done everything she could to warn the bank before the fraud had happened. Unsatisfied with Bank ABC’s decision, Mrs. V came to OBSI for help.
Our findings
During our investigation, we listened to a recording of the initial phone call between Mrs. V and Bank ABC. We also reviewed Mrs. V’s account agreement and the bank’s policies and procedures. We concluded that:
- Mrs. V did not follow secure banking practices when she clicked on the link in the text message and saved her banking information and password on her mobile phone.
- Mrs. V had, however, respected the terms of her account agreement by notifying Bank ABC of potential fraudulent account activity before it happened.
- When Mrs. V called to report the suspected fraud, the bank representative should have offered to put a hold on Mrs. V’s account in compliance with the bank’s policies and procedures.
- The bank representative missed the opportunity to better assist Mrs. V by initiating a broader conversation with her about keeping her account information secure, using reasonable precautions when receiving unexpected text messages and being aware of common scams.
- While Mrs. V’s actions may have allowed the fraudster to access her account, Bank ABC had a responsibility to help prevent fraudulent activity from happening after Mrs. V warned the bank that her account may have been compromised.
Based on our findings, we recommended that Bank ABC reimburse Mrs. V $3,000 for the fraudulent e-transfer.
The outcome
Bank ABC agreed with our recommendation. Mrs. V accepted the bank’s offer and the dispute was resolved.