He thought he was helping his bank stop a thief – It was all a scam

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

Fraudsters steal $13K from Montreal man by posing as bank investigators.

A Montreal man says TD Bank did not do enough to protect him from a scam that cost him $13,000 after fraudsters made a cash advance on his credit card.

A few weeks ago, Shabetai Shattah said he got a call about suspicious activity on his credit card from someone posing as an employee with TD Visa.

After confirming he had not made the purchases, Shattah was told by the employee that his credit card would be cancelled and he’d get a new one in a few days.

It all sounded pretty routine.

“I didn’t suspect anything,” said Shattah, a retired school teacher.

The imposter then told him a bitcoin wallet had also been opened in his name and it was overdrawn by $13,000. The imposter told Shattah he was transferring him to TD’s investigation department. The fraudster told him the bank suspected an employee at Shattah’s branch was leaking information and stealing money. They asked for his help to catch them.

The “investigator” told Shattah they’d deposit $13,000 into his chequing account so he could bring the balance in the bitcoin wallet to zero.

“I opened up Easyweb and, lo and behold, there’s $13,000 in my account,” said Shattah, 72. “In my head, I figured, ‘well, this is totally legit.'”

The scammers asked Shattah to withdraw the money, which he did, at two different branches.

They asked Shattah to be discreet to avoid alerting the so-called “bad” employee.

At the first branch, the teller asked him what the money was for.

“I was coached to tell them it was to pay for the renovation I was having and these guys want cash,” said Shattah. The teller told him the money machine wasn’t working, but that he could withdraw $5,000 at the ATM machine.

He withdrew the remaining $8,000 at a second location.

He was then given the address for a nearby bitcoin machine, where he deposited the money.

From there, he was told the investigators would trace the money.

“In my mind and in my heart, I thought I was helping TD catch a thief,” he said. “Maybe I was just being naive, but you know, I thought I was really doing a good service for the bank.”

New credit card never arrived

When Shattah’s new credit card still hadn’t arrived the following week, he called TD Visa and was shocked there was no record of his card being cancelled.

“At that point, I turned white,” said Shattah, who rushed over to his branch to report the scam.

“The manager says, ‘Oh my God, not you too,'” Shattah recalls.

The bank manager told him another elderly customer had come into the bank the day before and had lost $10,000 to the same scam.

In Shattah’s case, he found out the fraudsters had taken out a cash advance on his VISA and then transferred it to his chequing account.

Usually, Shattah said he receives an alert if he does anything outside his normal banking habits, but he said TD Bank never notified him of a cash advance on his VISA. He also exceeded his normal monthly spending in April, but that didn’t appear to raise any red flags for the bank, said Shattah.

“They didn’t do their due diligence. They didn’t protect me,” said Shattah, who lives in Côte Saint-Luc, a city on the island of Montreal.

Although he filed a complaint with TD, his request for reimbursement was denied as was his appeal. He’ll have to pay back the $13,000 cash advance in full. The bank offered three months interest free, then it goes back up to 30 per cent interest.

“That’s half my (yearly) pension to live on,” said Shattah. “I can’t afford it.”

Nearly $7M lost in 2022

The Canadian Anti-Fraud Centre says it received more than 4,400 reports about the fraud, known as the “bank investigator scam,” in 2022. It says about 1,000 victims lost nearly $6.9 million dollars.

In the first three months of 2023, close to 400 victims lost more than $3.2 million.

“Unfortunately, on pace, we’ll probably lose more in 2023 to this scam than in 2022,” said Jeff Horncastle, the centre’s acting client and communications outreach officer.

Typically, the scammer claims to be from a bank or a major credit card provider. They say there are unauthorized charges on the account or the card is compromised.

In some cases, the scammer asks for the victim’s credit card information or personal identification number (PIN). The scammer then tells the victim to send money for reimbursement fees or as “bait money” to help catch a bad “employee.” The victim is directed to send the money in a variety of ways including by wire transfer, by purchasing gift cards or with bitcoin.

Earlier this week, Laval police warned the public about another variation on the scam after receiving nearly 10 complaints since June 2022. In that version of the scam, after obtaining the victims’ PINs by phone, the fraudster posed as a police officer and retrieved the victims’ credit cards at their homes.

When the fraudsters called him, Shattah recalls seeing a 1-877 number come up on his call display, which is commonly associated with banks.

But Horncastle says fraudsters often use caller ID spoofing, which allows them to disguise their phone number as a different one and trick people into picking up.

If people receive a call from someone claiming to be from their bank, he recommends hanging up and contacting the bank branch directly or calling the number on the back of your debit or credit card.

“We always advise people to wait a couple of minutes because we have received reports where the fraudsters can stay connected to your phone line,” said Horncastle.

Data breach or phishing attempt?

A few weeks after Shattah was defrauded, he got a letter telling him his name, address and social insurance number were part of a data breach at one of Canada’s largest investment firms.

But Claudiu Popa, a privacy and cybersecurity consultant, said people’s email addresses and phone numbers often end up on spam lists.

Fraudsters then send out phishing emails that look like they are from the person’s bank.

Popa advises people to install a robust filtering system, so spam emails go directly into their junk mail. If they are tempted to click on a link, it’s better to call the bank first and check with them directly.

If the victim clicks on the link, their computer or device can be infected with a spyware program that can give thieves remote access.

“They can see his screen as he logs himself into the TD access interface and at that point, what they do is they blank out his screen — a process that takes a couple of seconds, during which they change his amounts on his screen,” said Popa.

“As soon as the person says you should be seeing this number and they see that number, they no longer have any doubts that these people are legit because they can’t imagine that somebody could be logged in through their own computer, not to mention from the other side of the planet.”

Once the fraudster has access to the victim’s online banking, they can change the victim’s information, including the person’s cell phone number, so any alerts or codes get sent to an alternate phone number.

Bitcoin difficult to trace

Fraudsters are counting on some consumers being unfamiliar with certain technologies and systems.

In Shattah’s case, he says he knew next to nothing about cryptocurrencies, which can be hard to trace.

“It’s instantaneous and it’s largely irreversible,” said Popa.

But from the moment the fraudsters got Shattah on the phone, they walked him through every step and emailed him the QR codes he’d need to deposit money in the bitcoin machine.

“I did think it was weird there was no receipt,” said Shattah, but the fraudster reassured him that it was normal.

Each QR code Shattah received is linked to a specific bitcoin wallet or account. CBC Montreal found the wallets, which showed how much money went in and out on a specific day.

According to the transaction records, the three accounts received more than $18,000 on April 19, suggesting Shattah was not the only fraud victim that day. All of the money was withdrawn in the wee hours of April 20th.

TD warns customers to be wary

TD Bank declined to discuss the specifics of Shattah’s case but said details of the investigation were shared with him.

In a letter explaining the decision not to reimburse Shattah, the bank said its investigation showed a “one-time passcode was sent to your device with your Easyweb password being changed.”

Shattah said he never requested a password change and believes the scammers requested it. Typically, an alert is sent to a customer’s phone asking them if they asked for the change. Shattah never received one and believes the scammers may have redirected the alert.

The bank’s letter goes on to say that a branch representative asked due diligence questions when Shattah withdrew the money and their investigation concluded TD policy and procedures had been followed.

In an email to CBC Montreal, TD Bank encourages customers to be wary of any unsolicited calls, text messages or emails they receive, especially if they are asking for personal information.

Fraudsters make customers believe they’ve deposited money into their account, so the bank advises people to review all of their accounts for any transactions they didn’t do themselves.

To verify a customer’s identity, the bank will ask basic questions to ensure they are speaking to the right person, but they will never ask you to disclose your passwords or PIN.

TD told Shattah their decision is final. If he wants to take it higher, he’ll need to make a complaint with the ADR Chambers Banking Ombuds Office (ADRBO).

Shattah is disappointed in TD’s investigation and is now considering legal action.

He said the scam has left him feeling like he can’t trust anybody anymore. He’s filed a police report and flagged the fraud to Equifax and Transunion.

“It’s horrible,” said Shattah. “Somebody calls and I don’t know if it’s real or not.”

This article was originally sourced from www.CBCNews.ca