Drink spiked, phone hacked, savings cleared and need advice

Rob5446

The title says it all really although this post is on behalf of my son...

 A few weeks ago he was out after work with colleagues, on leaving and after saying goodbye to his friends, and on the way to the station he started to feel weird and basically, after about 20 minutes or so, lost control and couldn't move. His recollection is somewhat sketchy here but he remembers a guy appearing to help him but also knowing that he was not nice and was arguing with him.

 We receive a call in the morning from him on his work phone to let us know he thinks he had been mugged although he still had his wallet but he has lost his phone.

 About an hour later we have another call from our son, now in distress, as he had noticed his bank account and all his savings gone!

 It transpires that between the hours of 3am and 9am, all his money had moved from his savings to his current account, and from his current account out to 6 newly created but different account numbers, and via Google pay and Apple pay.

 What must have happened is they took my son's phone, used his face to open it, and then changed the credentials to theirs to complete the theft.

 Firstly please take note and tell everyone that if access can be gained to your entire financial life through one gateway then it is all at risk if that gateway is compromised.

 Secondly, I want to know what to do and what to expect from the bank. At the moment it is going through due process but they have not declared what that is, they are asking questions of a semi-accusing nature and he has had a CIFAS marker placed against his name. I guess this is their due process.

 We believe that 60% of his entire account is at risk, with 40% blocked when a rat was eventually suspected.

 The police certainly did not help when they told the bank they had closed the case because they could not get hold of my son - we believe they tried once at 11pm one night from a withheld number and leaving no message - this is now rectified and the case reopened.

 Any help on any of the above would be gratefully appreciated from what to ask the bank, how to remove the CIFAS marker, is there anything else that might have been hacked that has not been checked - any similar experience?

 

Thank you

 (and I should say that luckily he was not harmed in any other way)

[Deleted User]

You probably don't want to remove the CIFAS marker if he's been a victim. It's there for his protection and asking to have it removed makes him look more dodgy. Which marker does he have?

His face might be sufficient to unlock his phone, but not for his banking apps. How did they access those? Fingerprints? Or password?

He should check his other accounts and update his security if he doesn't know what happened.

y3sitsm3

Which bank?

Daliah

Deleted_User said:

His face might be sufficient to unlock his phone, but not for his banking apps. How did they access those? Fingerprints? Or password?

Some phones only support face ID, not touch ID. I have a number of banking apps, all working with face ID.

To narrow things down, it would be helpful to know which bank we are talking about. Though it's unlikely anyone can offer more than educated guesses.

Rob5446 said:

 It transpires that between the hours of 3am and 9am, all his money had moved from his savings to his current account, and from his current account out to 6 newly created but different account numbers, and via Google pay and Apple pay.

How do you know that the 6 accounts were newly created? Are these accounts in your son's name?

How did they use both, Google Pay and Apple Pay? How, physically, were either of them used? What did the fraudsters buy with Google Pay / Apple Pay? Were their deliveries of goods to one or more addresses, or was it food / booze etc that was bought?

Rob5446 said:

 We believe that 60% of his entire account is at risk, with 40% blocked when a rat was eventually suspected.

Do you mean the bank stopped some transactions, for 40% of your son's money? Did you not say all his money had been transferred or spent? 

Rob5446

Deleted_User said:

You probably don't want to remove the CIFAS marker if he's been a victim. It's there for his protection and asking to have it removed makes him look more dodgy. Which marker does he have?

His face might be sufficient to unlock his phone, but not for his banking apps. How did they access those? Fingerprints? Or password?

He should check his other accounts and update his security if he doesn't know what happened.

There is another passcode which we believe they would have got somehow, but how we know not!

And we have cleared up the marker it is there to protect him so thanks

Rob5446

Daliah, I've tried and failed to answer your questions under the quotes. so will answer them without

The 6 accounts - are accounts where the money ended up - so they were created by them to receive his money.

Googlepay / Applepay - luckily I have neither so am not an authority but they did change his apple id and I think it was only Apple pay that was used - And yeah they had a merry old time on my son's uber account driving around stopping off at costcutters, they also bought an Apple mac for collection but that would have been stopped.

60%/40% - all of his savings from his savings account were transferred to his current account (same bank), from his current account money was transferred using the 6 accounts above. When we reported to the bank, online access was cut so all we have in respect of the transactions are screen prints I took at the time it was reported - so I do not have a full picture on what and when.

And whilst the investigation is ongoing I shall not be revealing the name of the bank in case it is detrimental to his case.

Thank you

AstonSmith

Is it an Apple phone, or a non-Apple (Android/Windows/etc) phone?

I only ask because both Apple Pay and Google Pay are mentioned, but only one phone seems to be involved. Apple Pay is exclusive to Apple devices.

If it was an Apple phone, the perpetrators must have obtained his passcode at some point. You can can unlock the phone with Touch ID or Face ID, but you can't change the passcode without knowing the existing passcode. That's important because you can't use Apple Pay to buy things without Face ID/Touch ID or a passcode.

Knowing the passcode means that the banks might assume he did it himself, at least to begin with.

Some banking apps will let you use Face ID/Touch ID to log in, but if that fails, they want a PIN. It won't (necessarily) be the same number as the passcode that's used to unlock the phone. The perpetrators would either need your son to be present at the time of the money transfers so that they could use his face/finger to log in, or they'd need to get the banking app PIN off him.

Lastly, (if it was an iPhone,) has your son used the Find My... app to mark it as lost or stolen? It might also reveal its last known location.