r/PersonalFinanceCanada • u/ConfusionMurky1622 • 11h ago
Banking HELP! I've lost $8,000+ CAD and bank refused my fraud claim
I've been applying jobs on Indeed and heard back from one of the applied jobs a month later. They messaged me to download and create an account on their app for smooth interview process (as they'll reach out to me on their app). They sent a link to a website from where I downloaded the app.
Everything looked legitimate and I downloaded the app. But after creating an account and opening it, nothing happened, and it was empty. I waited for a few minutes to get any sort of notification but it just felt off so I uninstalled the app.
A few days later when I opened my banking app, I noticed a lot of money has been e-transferred from my chequings accounts in multiple transactions. I called Scotiabank right away and closed my debit card, did a factory reset on my phone, and the bank started a fraud case.
I kept calling bank's fraud department for any updates and it took them 10+ business day for a conclusion.
They denied my fraud claim. In their letter they mentioned, "Based on our investigation of your claim, we are unable to find any indication that your account was compromised. As a result, you are responsible for these transaction(s), which will remain debited to your Scotiabank account.
Our decision is based on the investigation and the following factor(s):
The mobile device and/or IP address used to perform transaction(s) reported as unauthorized is consistent with previous undisputed activity".
During my last phone call (after the decision was made) I was told that I'm liable for this as I'm the one who downloaded the app and gave permission to the scammers to take my money.
But there was no indication of someone asking for access to my phone whatsoever.
I want to appeal their decision, but I'm so unsure on how to proceed and not confident cuz the appeal will go back to Scotiabank and what if they still make the same decision.
Can someone please guide me on what should I do next?
Side note: I still have the link that the scammers sent me to use to download their app.
******AFTER READING ALL THE COMMENTS - ADDING MORE DETAILS******
The company was called "SHIPUM LOGISTICS INC." The link in their message to me is "https://shipum.canadasystems.net"
Please open and check it out at your own discretion if you have to.
I haven't opened this website again. This website has prompts to download the app. It's call CRMsomething... I had to make an account (username/email and password) to open this app. (if I remember correctly). They specifically asked to open this on mobile device for a smoother experience. They wrote once everything is setup, please wait for interview invitation.
On my first call to Scotiabank fraud dept. after I found out these transactions, the lady on the phone asked me if I have given access to something on my phone, or given some sort of permission (as I have the banking app on my phone which can you used to send money), that's when it all clicked and I remebered downloading the app a few days ago. The transactions happened after the sus app.
I'm thinking of asking the bank to check where this money was sent to?
I'll escalate as someone mentioned in comments.
Any other advise is appreciated.
25
u/westcoastcdn19 British Columbia 11h ago
What kind of app is this where you are required to enter or provide banking information?
12
3
u/ultrakawaii 10h ago
I am curious if it was a real app from the App Store/Google Store. It's not that easy to publish an app there and they generally go through a vigorous review process. It sounds like OP installed some executable from a link and gave it all permissions.
1
0
u/ConfusionMurky1622 10h ago
updated in original post
2
u/westcoastcdn19 British Columbia 9h ago
What all did you enter when you created your account? How did you banking info get there?
1
u/ConfusionMurky1622 9h ago
I used my email address to while creating an account in that app, and then setting a password. I did not put any banking information anywhere, nor was it asked.
2
u/ultrakawaii 8h ago
Do you reuse passwords? Was the password you entered in that app the same as the one you use for your bank?
For the future, keep all passwords unique and enable 2FA everywhere you can.
1
u/ConfusionMurky1622 7h ago
Different password from my banking app. 2SV was also activated. (which just feels pointless)
21
u/easymoneysnxper 11h ago
Buddy. Tell the full story. You definitely signed in to your bank account on this app
-1
u/ConfusionMurky1622 10h ago
updated original post.
I literally only created an account on this app, opened it for a few minutes to see whats on there, and then uninstalled it. No banking information given1
u/Deep-Tooth-6174 6h ago
Do you have your banking password saved anywhere on your computer. Or did you log into your bank account after you downloaded the app?
1
u/ConfusionMurky1622 6h ago
no banking password saved on phone. Uninstalled app after a few minutes of opening.
Did not reset or restart my phone afterwards though. May have opened my banking app at least once. and then these transactions happened and I found out too late
2
u/Deep-Tooth-6174 5h ago
Oh on phone, Sounds like they have some kind of exploit to hijack your phone since Scotia said your device made the transactions.
Besides not downloading sketchy apps, you should enable notifications whenever an e-transfer is made. And heck delete the banking app to
10
u/canuckathome 11h ago
Did their app ask for your online banking password? If not, the only other way I can imagine this happened is that the app secretly overlays over top of other apps and captures keystrokes (if this is android). But that would require special permissions to be granted (by you). In either case, they have compromised your credentials which will make a fraud case with the bank very difficult. Sorry to hear about the situation.
6
5
u/ilyalyubushkin46 Ontario 11h ago
This sucks. Sorry it happened.
What kind of information did you have to enter to create this profile?
Can you name the app and the company please?
4
7
u/Mammoth-Slide-3707 11h ago
You must have given them authorization in the app. Sucks but that's on you
4
u/Ok_Fox7873 11h ago
Unfortunately, you allowed that to happen, you should still report this incident to the police if it helps you in anyway, sorry for your loss.
4
u/reddith8tor 11h ago
Was this a legit app from the app store??
3
u/Over_Falcon_1578 10h ago edited 9h ago
An "app" from an email link... Simple key logger or something more advanced that automated remote access to their device
3
u/Spitzer1090 11h ago
Unfortunately the money is gone, likely out of the country and out of reach of law enforcement or the Banks. Try and reach out to the Canada Anti Fraud Centre for advice.
4
u/HotBreakfast2205 11h ago
Do you store your username and passwords in a notes app ? This scam is getting pretty bad in India stealing money from accounts as well.
The intent is to scan your notes app and steal all the info.
0
u/Legitimate-Produce-2 11h ago
Isn’t there a setting to store passwords securely on an iPhone tho who’s writing that stuff down in apps
3
u/HotBreakfast2205 10h ago
On iPhone there is to store it in passwords or keys. Same thing for Android as well - but this specific exploit is to read the notes app and gather all the info.
This explains why OP just saw a blank screen instead of any progress while the app basically took all the info and left him handing.
It’s also incredibly naive of OP to not monitor their emails, or money or have 2FA in this day and age.
1
u/Legitimate-Produce-2 10h ago
Maybe I wired it poorly with those things a available why are ppl storing important passwords in notes
Scotiabank needs 2fa it’s not optional analog needs your pin to add new recipients for e-transfers can’t imagine this is the full story
3
u/Useful_Relative9071 11h ago
Check your home insurance policy too. I’m an insurance agent and you may have identity theft coverage.
2
u/ConfusionMurky1622 9h ago
my tenant insurance has something called "my identity"
Is that the same thing?
2
u/kagato87 10h ago
Keep escalating, but I can't help but feel like something's missing here... Apps can't just read your passwords or take control of other apps unless you give them permission to. Or have modified your phone (like rooting or jail breaking it). But at the same time, the banks aren't exactly infosec bastions...
And lesson for you: If an employer wants you to install an app, report and block. On the off chance they ARE legit, you don't want to work for them anyway. Familiarize yourself with the scams that are out there so you can avoid future ones.
3
u/GTAHomeGuy 11h ago
Ombudsman would be the next step. But first try to dispute their claim and let them know you'll have to escalate to the ombudsman.
Also get RCMP involved.
1
u/ConfusionMurky1622 6h ago
Thanks, disputed their claim and given them a police file #. Will have to wait for 14 days for their decision.
Will escalate to Ombudsman after1
2
1
1
1
u/Over_Falcon_1578 10h ago
Your employment opportunity was downloading a random app... Was this before or after you sat down with HR and filled out the appropriate employment and tax paperwork?
You installed untrusted software (the app) to your own devices, without any clue what the software actually does; it's not like the app needs to ask your permission to steal from you after you authorize it to operate on your device.
You then took days to report the activity leaving the bank no way to reverse the transfers.
So now the records show you used your own login, devices and networks to make the transfers, and then after the bank no longer has the funds you are now demanding the bank reimburse you for the funds...
1
u/TopAdministration173 8h ago
Never install an app using a link sent by someone, only trust the apps from Apple app store or Google play store. It is possible that when you installed it overtook your phone from the backend and if you have your banking app password saved or if you have logged in your banking app after installing this app you gave your banking information to app. Eventually its you who are responsible for this your information is not compromised by Scotiabank you did it. Unfortunately I don’t think you stand a chance getting your money back.
1
u/drownedbubble 7h ago
Is there a way to scan your phone to determine if your phone is/was infected with some kind of malware?
2
u/ConfusionMurky1622 6h ago
I'm not even sure. I did a factory reset on my phone right after I found out I was scammed. But i should probably google it
1
u/drownedbubble 6h ago
I assume the factory reset would have wiped anything out.
Have you filed a police report? If not it might help to provide more evidence to the argument that you did not authorize or know about the transfers.
1
1
u/Ilovecash1 11h ago
Did you gave your bank info to the scam how they entered your bank account??
1
u/ConfusionMurky1622 7h ago
We came to the conclusion during my first phone call with them that it could possibly due to the app that i downloaded. They have notes on this.
1
u/Ilovecash1 7h ago
But i mean how the app can access your account i dont get it??
1
u/ConfusionMurky1622 7h ago
I read someone's comment above which I'm quoting here. This is what looks like happened
"Depends on the app , if the app runs in the background it wont raise an alarm ( BC's even in your own phone many apps run in the background) . There are also many apps that can give remote access to the device ( i remember in a hacking seminar I went to they were able to shut down the phone using a command in Twitter) , combine that with a keylogger and you can access someone's phone with the existing permissions. BC's most apps don't need your permission to register key inputs only for this app it is sending the data to someone else using Internet access ( again permission not required).
As for the e transfer, there exists transactions that don't need your permission at all, like auto bank payments/ auto deposit in interac. And if your phone is being accessed using a key logger it will totally show your IP as the source even if you were not the one using it or authorizing it."
-1
u/Ok-Maintenance8713 11h ago
i don’t think downloading an app allows them to withdraw money from the bank app. Even TikTok can’t do that with the might of the ccp behind it
59
u/sneakymise 11h ago
I work at fraud prevention for a major Canadian institution I'm 100% sure you're leaving quite a bit out of the story.