A woman from Hamilton, UK, received an email, allegedly from Butterfield Bank, asking her to update her online banking information. After she completed the process, she found that $4,000 (€3,000) were transferred from her account to one from a bank in South Africa.
Oddly, the wire transfer report revealed that her home address was the Post Office Box of the bank.
According to the Royal Gazette, as soon as she realized that she had fallen for a scam, the victim, Ms Phillips, went to her bank to try to sort things out.
“When I got there they basically shrugged their shoulders and said ‘you shouldn’t have done that, we can’t help you’. I felt helpless,” she said.
Butterfield representatives contacted ABSA Bank, the African institution, but because the online banking agreement protected them from any liability in case of loses that were a result of user account breaches, the victim felt that she needed to do something herself if she ever wanted to recover the money.
So she started contacting the ABSA Bank, whose employees managed to aid her in getting the lost funds back. However, she became displeased with the fact that during all this time, Butterfield didn’t reply to any of the emails she sent, at least not until everything was sorted out.
Eventually, Ms Phillips managed to get the money returned, but only after numerous emails and phone calls to both Butterfield and ABSA Bank, the South African financial institution.
Now, on one side we have the financial institution whose representatives claim that when they learn of a fraud case they take immediate action to recover the funds. They make awareness raising campaigns to inform their customers regarding phishing attempts and they use public-key encryption tokens to verify transactions.
On the other side of the fence we have the victim, who admits she is responsible for the incident, but believes that there are only a few internal controls to prevent fraudulent transactions, which are clearly not enough.
Two conclusions must be drawn from this story. First, if you fall for a scam and you put some pressure on the involved financial institutions, there’s a chance that you can get your money back.
Secondly, it’s very important to remember that banks never request sensitive information via phone or email. They may occasionally require mother maiden name or birth dates, but they will never ask for credit card numbers, PINs, or passwords.