Bank won't reimburse £30,000 stolen from couple's account via malware. UPDATED
'Parents' bank account hacked. £30,000 stolen, bank wont give money back'
Hello, I'm from the UK and went on a family holiday to Spain. While in Spain my parents bank account was hacked, across 2 days the money was taken in increments, the first increment was £10, then £100 then £500 then £1000 then in increments of £5000 all to what looked to be various mule accounts. My dad logins to his bank VIA fingerprint authentication.
Their bank has said they will not give the money back, because at the moment all the bank is saying is that my dad must have been the one who did it since he uses finger print identification.
We are very confused on how it was hacked but we have done quite a bit of research and there seems to be 2 probable causes: where we stayed in Spain its very common for there to be public Wi-Fi in different bars or our apartment. My dad did use various public WIFI's while in Spain, which upon research seem to be very unsecure.
So I'm guessing the hacking took place through a public Wi-Fi? I've researched things like 'Wi-Fi sniffers' and I've found out that apparently if an android phone (he has a Samsung s20) is compromised apparently your fingerprints are stored and can be stolen.
I'm just trying to get the bottom of how they got into my dads account and how to prove to the bank that this wasn't our fault and that our money has been robbed by a cyber criminal. I'm wondering if any of you guys have suggestions of what we can tell the bank and what next steps we should take, we are currently thinking about getting a no win no fee solicitor.
Thanks all.
additional info: The bank my parents use is a business account under 'metro bank'
I've just discovered based on your guys suggestions that on my dads phone there was an app installed on the day in happened at 5AM which was quick assistant (team viewer) my dad ofc didn't install this what has happened here ?
The OP later edited the post the same day with an update.
THEIR MONEY WAS GIVEN BACK BY THE BANK! Thank you to everyone that helped me and my parents in this very stressful situation. The information provided by the reddit community was absolutely essential in getting the money back.
It turns out there was a very serious malware on the phone that goes under the name Tea bot, its a trojan that is specifically designed to steal from peoples banks as well as crypto wallets and it has Remote access capabilities.
By the looks of it the malware had actually been downloaded months ago but it lay dormant, and as soon as a large sum of money entered my dads account that's when it struck.
Being in Spain had nothing to do with it, I was wrong to assume it did. Once the Tea bot is in your phone it can do pretty much anything. It can change permissions in your settings, turn off notifications, delete messages, at the time we were very confused why we were not sent confirmation codes by the bank.
But we found all the messages in the recycle bin as they had been deleted by the malware. his phone has been running slow for a long time now which was strange since his phone is quite modern, turns out that's a tell-tale sign of malware.
My dad also had no access to his phone settings for months too, when ever he went into settings it would instantly close down so he couldn't change permissions or anything himself back then we never questioned it but now it all makes sense.
What was discovered was all sent to the bank which then they finally agreed that this wasn't a case of gross negligence at all and that this was completely out of my parents control.
But it sickens me that if this happened to an OAP for example that haven't got people to help them the bank does next to nothing to help, they didn't suggest anything that it could have been.
They just simply hit home on the fact that it was accessed via finger print authentication and questioned if my parents had replied to any scam calls basically implying that my parents just gave out their information.
All of this information was basically given to me by very kind individuals from reddit that went out of their way to help me and my family out, for that I am eternally grateful.
Here were the top comments from readers:
No skivvy family, no cheating, no divorce. Just a nice and simple conclusion. A good BORU palate cleanser.
worked for IT: telltale signs for most malware: -lagging, crashing systems on known good apps(device settings, manufacturer browsers, etc) -slow startup of phone, apps, or pages -apps that ask for admin device permissions -apps you dont remember installing
Please dont assume that you just downloaded and forgot about an app. use known good apps with high star reviews. most phones automatically have qr scanners in the camera app itself—DONT SCAN ANY QR CODES YOU DONT KNOW. if a device asks for permissions like changing settings or accessing data, you most likely have the option to decline.
If you answer a phone call and they ask you to download an application, dont do it. if you see a web browser that tells you to call a number, don’t do it. you ALWAYS have to file a support claim with microsoft/samsung/apple/etc. they will NEVER come to you about anything
Well I'm not paranoid about malware now.
Really glad OP was able to get their parents money back. Thanks OP for sharing a drama free post!