These case studies have been modified so as not to identify any actual cases at FIDReC. They are provided for purposes of learning and are not necessarily indicative of outcomes at FIDReC.
Jenny saw an advertisement on social media offering discounts on travel packages. As she was planning a family trip, Jenny clicked on the link to find out more. After clicking, a chat opened in WhatsApp. Jenny asked about holiday packages and discounts. The scammer told Jenny to download an application onto her phone to pay a nominal deposit. This would make Jenny eligible for discounts. Jenny followed the scammer’s instructions and logged into her banking app to make a $5 deposit.
Unknown to Jenny, she had downloaded malware onto her mobile device. This compromised her personal and banking information, including login passwords stored on the device. The scammer was able to perform banking transactions using Jenny’s credentials. The scammer also led Jenny to provide the One Time Passwords for the transactions to him.
The Bank detected the suspicious activity and suspended the account. Unfortunately, two transactions had already gone through. The Bank called Jenny to alert her. Jenny then realised that she may have introduced malware into her phone. She also realised that she had several sideloaded applications but was not sure if these were malware. When Jenny shared that she wanted to replace her mobile device just to be safe, the Bank advised her to uninstall the suspicious apps containing malware before transferring her data to a new phone.
Jenny replaced her mobile phone, but did not follow the Bank’s advice. She ported all the back-up data from her old phone to the new phone. Unfortunately, this introduced the malware to her new phone!
Subsequently, more fraudulent transactions occurred. Jenny’s loss totalled $30,000. She sought help from FIDReC after failing to come to any agreement with the Bank.
During mediation, Jenny admitted that she had fallen prey to the travel advertisement scam and downloaded the malware unknowingly. She also admitted that she did not understand the Bank’s advice to uninstall the suspicious apps. She thought changing her phone would solve the problem.
Considering all the circumstances, the Bank made a goodwill offer of 20%. Jenny accepted the offer as she realised that she was at fault for downloading the app. She also acknowledged that the Bank had tried to block the suspicious activity and warn her.
Key Learning Points
- Consumers’ duties under the E-Payments User Protection Guidelines include the following:
- a. To monitor transaction notifications;
- b. To protect access codes and access to their account;
- c. To report unauthorised transactions as soon as practicable after receiving any notification alert; and
- d. To provide information on the unauthorised transactions.
- The financial institution’s duties under the Guidelines include the following:
- a. To inform account holders of the user protection duties;
- b. To provide outgoing and incoming transaction notifications;
- c. To provide a reporting channel; and
- d. To assess claims and complete claims investigation.
- If any party does not carry out the required duties, that party should expect to bear some responsibility.
- To protect yourself from malware scams, consider putting your money in a Money Lock. This type of account does not allow outgoing online transfers. Outgoing transfers must be done in person at the bank branch or ATM. Please check with your bank to find out more.
- If you suspect you may be a victim of a malware scam, do the following:
- a. Switch your device to flight mode to prevent scammers from further accessing your device;
- b. Immediately report the incident to your bank and then the authorities;
- c. Run an anti-virus scan on your device to identify and remove malware; and
- d. Make sure the malware is removed before you transfer data from your old phone to a new phone.
- Please ensure you only download applications from official app stores. Do not disable the protection features on your phone.
Click here to access more case studies.