Table of Contents
DEAR SALLY:
My son, who is in his 20s, had his iPhone stolen on the way home earlier this year by two guys, one of whom told him he had a knife.
At 8:30 a.m. someone had hacked into his phone and asked for a loan.
with Halifax for £25,000. The loan was approved and issued at 11am and the money was transferred from my son’s account to someone else’s.
At 3pm, my son managed to get a new phone and SIM card, although he discovered that he couldn’t access his iCloud storage. When he finally logged into his Halifax account, he discovered what had happened.
After two hours on the Halifax helpline, she was told the loan application was legitimate and she owed the money.
How could such a loan be obtained without an application form and proof of income?
The man on the phone said it was because it was an “online loan.” The case was closed and my son was told that he had to make the payments.
Then
Sally Hamilton responds: Some aspects of this case are likely to surprise and worry readers, as they did to me.
Reading your letter, I was alarmed to learn of your son’s ordeal. It appeared to be an example of a growing type of phone crime, in which gangs not only steal devices in the hope of selling them for a few pounds, but see them as a source of greater wealth.
Our phones are full of personal information that can give criminals the keys they need to get into the owner’s online banking, which could allow them to raid your accounts.
He told me that after reporting the incident to Halifax he alerted the police and within an hour an officer was at the door.
When his son logged into his account the next day, he found a message from his bank stating he had to pay more than £600 a month for 72 months to repay the loan.
Together they called Halifax. You said an operator explained to you that because the loan had passed the security steps of your son’s phone and her ID, the bank considered the request legitimate. It was learned that someone had called the bank at 8:32 and 11:05 that day to approve the transactions made from the account.
It baffled me how his son’s phone could have provided such easy access to his bank account, especially since it required a PIN or facial recognition to operate it. One possible explanation was that, since his son said he had been on his phone at the time of the incident, the thieves could have retrieved useful data and acted before it was blocked.
To better establish how thieves could have hijacked her son’s phone and find out why Halifax had rejected her claim, I asked the bank to reopen her case. To my surprise, I discovered that his son had suffered fraud through another mobile phone, this time stolen while he was on a train last year. Apparently, a “third party” managed to log into his banking app from Saudi Arabia and make a payment from his account.
Just like the last time, the scammer had apparently used the bank login and password information stored in the Notes app on the phone. After this first incident, Halifax refunded his son (£260, he told me) and arranged for her login details to be changed.
Halifax explained that he had rejected his son’s second claim based on the information he received when he first reported the problem and the “evidence” contained in his systems. Until this moment she had not been informed about the police presence at his home. Her son later updated Halifax and confirmed that his banking passwords were once again stored in the Notes app.
This offered a partial explanation for how a criminal could have deceived Halifax, but the mystery remains as the loan application required additional financial information that was apparently not stored on the phone.
Halifax also says his son was unable to provide details of the police who interviewed him, nor was he able to validate the crime reference numbers provided. He does not believe he did anything wrong by initially rejecting his son’s claim, but upon reviewing the case he believes he could have intervened before the money was lost, due to the unusual pattern of activity in the account.
Therefore, you have decided to cancel the loan and remove it from your child’s history.
Hours after thieves stole mobile phone, hackers applied for £25,000 loan
I was left scratching my head, as I find it hard to believe that anyone could be so careless as to be mugged like this twice, and Halifax obviously had its doubts too. If I had known about the first incident from the beginning, I might have hesitated to pursue this case.
Halifax has told his son that storing login details on his phone is not a secure way to manage his security information, and if he experiences a similar incident in the future, he says he may consider this gross negligence and refuse to refund him. .
A Halifax spokesperson says: ‘We have great sympathy for our client as a robbery victim. It is important that customers inform us as soon as possible if their data has been compromised and provide us with accurate information when filing a fraud claim.
“We strongly recommend not storing online banking login details on a phone.”
I hope this case prompts all readers to be careful about what can be accessed on their phones.
Straight to the point
I had to cancel my British Airways holiday to Italy because my husband is having heart surgery. We paid a non-refundable deposit of £150 and a flight upgrade of £68. My refund request was rejected and we do not have travel insurance.
AD, Pinner.
BA apologizes for your experience. He has issued you a refund.
I dropped my tanzanite and diamond ring and the tanzanite broke. A jeweler quoted me £5,510 for a similar stone.
But Lloyds Bank, which dealt with Saga’s insurance claim, said it would pay just £2,268 for a repair. I asked to pay in cash but Lloyds said they would only give me £1,452 less an excess of £250.
SS, via email.
Lloyds Bank apologizes and says it offered to repair the ring or settle cash. You have chosen a cash settlement and in these cases the amount is equal to the amount that the repairs would cost the supplier.
MY partner bought a car from an online dealership and the hood lever didn’t work. We reported it to the dealership, but soon the outlet stopped working and a fault light appeared. After three months, repairs still have not been made.
DP, Somerset.
The dealer apologizes and has already repaired the car. His partner has also been refunded his initial administration fee.
Last August I booked an Ambassador Cruise Line trip through Reader Offer LTD (ROL). I paid a deposit of £485 in May, but in the following weeks my wife passed away. I asked ROL if I could cancel the cruise, but they said they would not refund my money.
RW, via email.
ROL offers his condolences. Although she paid a non-refundable deposit and did not purchase travel insurance, ROL and Ambassador Cruise Line agreed to return her deposit as a gesture of goodwill.
scam surveillance
Households should be wary of scam emails offering finance for solar panels, warns Action Fraud.
Recipients are asked to verify their eligibility to receive financing to cover the initial cost of installing solar panels.
But the links in the email ask for personal and financial information that scammers can use. Clicking on links can also download malware to a device.
Action Fraud has received 971 reports of fraudulent emails in just two weeks.
If you receive the email, do not click on the links. Forward it to report@phishing.gov.uk instead.
Some links in this article may be affiliate links. If you click on them, we may earn a small commission. That helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.