A work colleague had her bank account emptied over the past weekend, 10-thousand bucks gone in six separate transfers of about €1,600 each into the scammer’s account.
For my account in Canada, all I have to do is log on to the site, enter my password, and transfer away. I’d often thought the Canadian bank should make their site safer by setting up the system they have in Germany.
In Germany, you not only have to first log onto the site via password, but every time you do a payment or transfer you must first receive a text message on your cellphone with a 6-digit code number. You then key in that code number on the site to OK the transaction.
I’d always thought that extra hoop to jump through meant that my German account was pretty well bomb-proof, but it seems there’s a huge flaw in that system, and no - it’s not phishing.
In my colleague’s case, the criminals set up an account at the same bank as hers, I suppose to speed up the transaction time.
To transfer the funds they used the same forms we used to fill out with a pen all the time when we actually had to get up off our butts and walk in a building to do our banking. They took the forms off a pile at the bank, filled them out in her name and bank details, faked a signature, and dropped them into a slot to be processed later. Just like cheque fraud in days of old, only they didn’t even have to get their hands on any of her cheques.
They must have opened their account in a fake name, which is another thing I find quite unbelievable. How could the bank be so lax?
I also hear that, in contrast with days of old, those forms are nowadays mostly machine-read. That’s another bank failure to ensure proper handling of customer funds.
By the time my colleague noticed the fat hole in her bank balance the money had already been transferred.
She called her bank right away and they immediately stopped payment, so she’ll get her money back, but what if she’d been on holiday or leave of absence for a few weeks or months and never noticed? Would she have had to have eaten the loss?
And what about all those strangers who have access to our full name and account numbers? You have to give them away if you’ve ever bought or sold anything on eBay without using PayPig. Not to mention the thousands of supposedly honest bank and store employees who have access to your account details.
Oh, and a bonus if you haven’t heard yet: should anyone in Germany receive a transfer of funds in the amount of one cent from an unknown party, contact your bank and the police. Scammers have been known to shoot off computer-generated transfers to thousands of randomly generated account numbers in the amount of one cent. Should they fail to receive notice their transfer did not go through, they know they’ve hit on a real account and can let the plundering begin.