New scam/theft system?

sphexx · 7 Sep 2022

I did see news reports of this happening to a woman whose phone & card was stolen from a gym locker but the story didn’t make sense but now the system has been exposed and is a new one to me.

Steal phone & card, register card on a (burner?) phone and get the bank security sms from the Lock Screen on the stolen phone.

How is a thief taking thousands from London gym-goers?

A serial thief is targeting well-off young women across London's gyms. How is she doing it?

www.bbc.co.uk

On iOS at least the lock screen Message notifications are OFF by default.

woof woof · 7 Sep 2022

sphexx said:
I did see news reports of this happening to a woman whose phone & card was stolen from a gym locker but the story didn’t make sense but now the system has been exposed and is a new one to me.

Steal phone & card, register card on a (burner?) phone and get the bank security sms from the Lock Screen on the stolen phone.

How is a thief taking thousands from London gym-goers?

A serial thief is targeting well-off young women across London's gyms. How is she doing it?

www.bbc.co.uk

On iOS at least the lock screen Message notifications are OFF by default.

It must be possible to get spot the offender on cctv, if the police can be bothered.

Perhaps it'd help to get a response from the police if a victim reported the thefts and that the thief had misgendered them?

PS.
A little story. My nephews wife does her banking on her phone and leaves apps open. It was picked from her bag whilst walking around Morrisons. Luckily the thief answered when my nephew range them and unbelievably they returned the phone when he told the thief (a woman) that the phone was being tracked and if she didn't return it he'd call he police. Unbelievably the thief thought the police would actually do something.

Box Brownie · 7 Sep 2022

sphexx said:
I did see news reports of this happening to a woman whose phone & card was stolen from a gym locker but the story didn’t make sense but now the system has been exposed and is a new one to me.

Steal phone & card, register card on a (burner?) phone and get the bank security sms from the Lock Screen on the stolen phone.

How is a thief taking thousands from London gym-goers?

A serial thief is targeting well-off young women across London's gyms. How is she doing it?

www.bbc.co.uk

On iOS at least the lock screen Message notifications are OFF by default.

And another good reason not to have a banking app! If I read this issue correctly.....................no app means all(?) you have lost is your phone and bank card..............with a banking app you are in for a heap of misery :thinking:

Or is there a way for the thieves to still access ones online banking in some other manner???

srichards · 7 Sep 2022

I've never had my phone set to display anything much on Lock Screen. It's annoying to have to keep going through settings to turn things off.

I'd hope face or Touch ID cuts down theft potential as well.

sphexx · 7 Sep 2022

Box Brownie said:
And another good reason not to have a banking app! If I read this issue correctly.....................no app means all(?) you have lost is your phone and bank card..............with a banking app you are in for a heap of misery Or is there a way for the thieves to still access ones online banking in some other manner???

I don’t think a banking app is essential. On iOS Apple Wallet works the same way sometimes — ie with an sms — however the ‘burner’ phone would need to be an iPhone which would make it more difficult. It’s possible bank browser page might be vulnerable to this.

Pound Coin · 7 Sep 2022

(my) Banking App Settings:

Log out:
Immediately after exiting the app
After 1 minute of inactivity
After 2 minutes of inactivity
After 5 minutes of inactivity
After 10 minutes of inactivity

I imagine most bank apps are similar.

It also relies on having access to the phone, which should be locked down by face or touch ID?

That looks more secure to me than losing your Contactless Card?

dolina · 8 Sep 2022

sphexx said:
I did see news reports of this happening to a woman whose phone & card was stolen from a gym locker but the story didn’t make sense but now the system has been exposed and is a new one to me.

Steal phone & card, register card on a (burner?) phone and get the bank security sms from the Lock Screen on the stolen phone.

How is a thief taking thousands from London gym-goers?

A serial thief is targeting well-off young women across London's gyms. How is she doing it?

www.bbc.co.uk

On iOS at least the lock screen Message notifications are OFF by default.

One-TIme PIN (OTP) attack.

This is happening in the Philippines as well.

Philippines 'SIM SWAP' Scam. When Mobile OTP won't cut it.

What happens when your Mobile Phone that is linked to your emails that you use for your online banking activities gets ‘taken over’? TARGETTED ATTACK A ‘Targetted’ hack (attack in which a specific victim has been singled-out/zeroed-in and was thoroughly cased or researched/studied) happened to an un

www.linkedin.com

Some swap your SIM physically or by requesting a SIM replacement at the offices or stores of the telco.

Deleted member 95743 · 8 Sep 2022

Once they have the phone and the card, they register the card on the relevant bank's app on their own phone or computer. Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded.

Surely you would need more that just a passcode to register a bank card to to a banking app? To start with the account details of the stolen card will be different to the account details of the thief's.

sphexx · 8 Sep 2022

L320Rio said:
Surely you would need more that just a passcode to register a bank card to to a banking app? To start with the account details of the stolen card will be different to the account details of the thief's.

I don’t know (I almost never use firms apps because I find the browsers better) but as I said above, that’s all you need to register a card in Apple Wallet sometimes — at other times the card issuer may require a phone call, no doubt there are other things going on behind the scenes.

A lot of people don’t look behind the obvious and just go with convenience!

srichards · 8 Sep 2022

The sim swap trick has been going on for several years. I don't think SMS was ever designed to be secure so it isn't a good choice. Most of the 2 factor systems seem to use it so it's a disaster to lose a phone. It also means your phone number is then stored in lots of places associated with an email and other personal info.

I don't have any banking apps on the phone. If you have the operator's app on your phone that's another entry to point for someone changing info and getting a new sim sent.

BADGER.BRAD · 8 Sep 2022

I have one of these, it guarantees you will not be ripped off using any phone app !

sphexx · 8 Sep 2022

srichards said:
. It also means your phone number is then stored in lots of places associated with an email and other personal info

I’ve often wondered how those phone number donations work but recently I read that in the USA Trump (needless to say) Republicans have been working a (possibly legal) scam where they randomly text “donate $10 to back Trump” with no sender details and then check any replies against lists of email + phone + credit card details where people have donated before and since the ”recurring” box is always pre-checked with Trumpian begging they use the sms reply as authority to charge the credit card. I’m not sure if I’ve got all the steps right but it sounds more tortuous than it is in practice since it would all be done on computers.

mj4456 · 8 Sep 2022

This is enough of an excuse to stop me getting a gym membership, how many people do you all know who keep a bank card in their phone case, asking for trouble?

BADGER.BRAD · 9 Sep 2022

My lad was telling me the other day one of his work mates asked him to get some money out of the cash point for him as he was going there anyway , he them told him the pin number is on the front. He had written it with a small marker pen !

bass_junkie83 · 9 Sep 2022

BADGER.BRAD said:
I have one of these, it guarantees you will not be ripped off using any phone app !

View attachment 366416

If it can receive a text message, then that phone wouldn't save you in this case unfortunately. Once they have your card they set up online banking for it on another phone, as it is the first time use for that new phone a security code is text to the registered phone. If that text can be read from the lock screen then they can activate the banking app on the new phone and then have full access to your accounts and transfer your money to their own account.

What I don't understand in all this is surely the banks can see the account that money is transferred to, so contacting that bank should provide the account holders details. Surely opening an account on false details isn't that easy?

onomatopoeia · 9 Sep 2022

bass_junkie83 said:
If it can receive a text message, then that phone wouldn't save you in this case unfortunately. Once they have your card they set up online banking for it on another phone, as it is the first time use for that new phone a security code is text to the registered phone. If that text can be read from the lock screen then they can activate the banking app on the new phone and then have full access to your accounts and transfer your money to their own account.

What I don't understand in all this is surely the banks can see the account that money is transferred to, so contacting that bank should provide the account holders details. Surely opening an account on false details isn't that easy?

What I don't understand is how the thief can log in to the bank account app on their other phone without the username and password. Just an SMS isn't enough.

I got a brand new credit card at the weekend and before I could do anything in the app I had to log in with username and password. Only then did it send an SMS. That's how multi-factor authentication should work. Relying on SMS only (or indeed HTOP/TOTP only) is not security.

Box Brownie · 9 Sep 2022

BADGER.BRAD said:
My lad was telling me the other day one of his work mates asked him to get some money out of the cash point for him as he was going there anyway , he them told him the pin number is on the front. He had written it with a small marker pen !

Completely barking!

JohnC6 · 9 Sep 2022

woof woof said:
It must be possible to get spot the offender on cctv, if the police can be bothered.

I assume CCTV is not allowed in changing rooms. After closing cases the police are now investigating at least seven identical thefts after a victim showed that they can all be linked. There will be CCTV in reception I'd have thought so the police will need to look through CCTV from clubs where a theft has taken place. They'll have a time frame and see if anyone on the footage is appearing at any of the other clubs where a theft has taken place. Their task is made easier as it will be a women. Don't let's get into the possibility of a trans-women

Of course the next hurdle if that's successful is identifying her. The records of who went through the members' card swipe machine to gain entry past reception at the relevant time might have to be looked at.

JohnC6 · 9 Sep 2022

mj4456 said:
This is enough of an excuse to stop me getting a gym membership, how many people do you all know who keep a bank card in their phone case, asking for trouble?

Knowing that thefts from lockers takes place..anywhere in the country not just ,as in this case,London, I would only take my membership card. If I really had to have my wallet or phone to go to the supermarket on the way home, it's safer to put them into the car boot. I suppose some people cycle there,though but I'll bet most go by car.

Box Brownie · 9 Sep 2022

JohnC6 said:
I assume CCTV is not allowed in changing rooms. After closing cases the police are now investigating at least seven identical thefts after a victim showed that they can all be linked. There will be CCTV in reception I'd have thought so the police will need to look through CCTV from clubs where a theft has taken place. They'll have a time frame and see if anyone on the footage is appearing at any of the other clubs where a theft has taken place. Their task is made easier as it will be a women. Don't let's get into the possibility of a trans-women

Of course the next hurdle if that's successful is identifying her. The records of who went through the members' card swipe machine to gain entry past reception at the relevant time might have to be looked at.

JohnC6 said:
Knowing that thefts from lockers takes place..anywhere in the country not just ,as in this case,London, I would only take my membership card. If I really had to have my wallet or phone to go to the supermarket on the way home, it's safer to put them into the car boot.

Hopefully those affected, thieved from or fearing theft, will be more "risk aware" and act appropriately in future to protect their assets!

Box Brownie · 9 Sep 2022

On a side note....

On 1st September we went a farm shop whilst out on a walk. I presented my CC and it was rejected, it had expired the day before and I had forgotten to swop my card out! The OH paid for the shopping.

But, sorry to be long-winded, the other till assistant said she was surprised I still had my card up until it's expiry....... she saying that she never managed to keep hers that long. Lost, stolen & cloned she said, so was always getting replacements!

It seems that there may be many folk who 'just don't care' about stuff! Oh! why do I see so many mobiles sticking out of people's back pockets :thinking:

JohnC6 · 9 Sep 2022

Box Brownie said:
Hopefully those affected, thieved from or fearing theft, will be more "risk aware" and act appropriately in future to protect their assets!

On a couple of occasions I've been in town and seen a wallet sticking well out of a rear jeans pocket..It bothered me so much I've mentioned the risk to the person and they were fine about it and pushed their wallets right down. I usually tell a wee lie saying that my brother or wife had hers stolen in that way.I don't have a brother...lol. The worst was my brother-in-law. I was walking along a road in the city centre and there walking infront of me he was. He had his cheque book in his back pocket with half of it sticking out. So easy to lift. I caught up with him and told him. On another occasion I was in Debenhams and picked up a few items and went to the pay desk. I was next in line to pay. I had to wait because the women taking payment had been told to get customers to sign up to the company credit card. The customer agreed so I stood and listened as she gave all her details to the cashier. Name, address, post code, telephone number which bank she had...

I joked about it to the customer behind me. When I went to pay I told the cashier that they shouldn't be doing that infront of other customers. They should call a member of staff to take the customer to a secure area. She said she had to ask people. I'm never annoyed with staff,either in a shop or over the phone (ie getting insurance for the car or house) because it's on the orders of management that they say what they do.

Anyway, I wasn't letting it go and I didn't trust management to stop it. Their motive is profit..get more credit card customers. They're probably on a head office bonus. So..my next stop was the police station. In asked to speak to a Crime Prevention officer. One duly came to the front desk and agreed it should be stopped. He was quite annoyed that it was happening. He not only agreed it needed stopping but phoned up to the office from reception to say he was going out and immediately went to the shop. I call that a result.

Edit: I've just read your last post and you've mentioned back pockets, too. I was writing this as you posted so hadn't seen it. It's a common practice to have a phone in the back jeans pocket these days.

Box Brownie · 10 Sep 2022

JohnC6 said:
On a couple of occasions I've been in town and seen a wallet sticking well out of a rear jeans pocket..It bothered me so much I've mentioned the risk to the person and they were fine about it and pushed their wallets right down. I usually tell a wee lie saying that my brother or wife had hers stolen in that way.I don't have a brother...lol. The worst was my brother-in-law. I was walking along a road in the city centre and there walking infront of me he was. He had his cheque book in his back pocket with half of it sticking out. So easy to lift. I caught up with him and told him. On another occasion I was in Debenhams and picked up a few items and went to the pay desk. I was next in line to pay. I had to wait because the women taking payment had been told to get customers to sign up to the company credit card. The customer agreed so I stood and listened as she gave all her details to the cashier. Name, address, post code, telephone number which bank she had... I joked about it to the customer behind me. When I went to pay I told the cashier that they shouldn't be doing that infront of other customers. They should call a member of staff to take the customer to a secure area. She said she had to ask people. I'm never annoyed with staff,either in a shop or over the phone (ie getting insurance for the car or house) because it's on the orders of management that they say what they do.

Anyway, I wasn't letting it go and I didn't trust management to stop it. Their motive is profit..get more credit card customers. They're probably on a head office bonus. So..my next stop was the police station. In asked to speak to a Crime Prevention officer. One duly came to the front desk and agreed it should be stopped. He was quite annoyed that it was happening. He not only agreed it needed stopping but phoned up to the office from reception to say he was going out and immediately went to the shop. I call that a result.

Edit: I've just read your last post and you've mentioned back pockets, too. I was writing this as you posted so hadn't seen it. It's a common practice to have a phone in the back jeans pocket these days.

This puts me in mind of before I retired I worked as a Field Fund Raiser for the RSPB.

I had one delightful older lady stop to talk to me and she wanted to join so we went through the process (this on the now ubiquitous tablet device ~ it used to be paper forms) and I entered the Name & Address details and then asked for the Bank Account Number & Sort Code.......she proceeded to open her purse and show me her 'aide memoire' of the aforementioned (Bank details) plus her PIN written in her purse.

I was horrified when she said to me "you will want my PIN as well won't you....." I went straight into 'concerned & protective mode' and reassured her "no, I don't need the PIN to complete a Direct Debit membership".

However, in then taking the time to chat with her........I explained that no one, not even her own bank, would ever ask her for her PIN.

Further saying to her that if anyone at all asks for more than her more than (minimum required) Name & Address and A/c No. & sort code and signature to setup a Direct Debit needs to be treated as very suspicious and that should that happen to please, please walk away and if the opportunity arises to report it to the Police, Store Manager, Shopping Centre Management etc.

And lastly please to be very careful opening up her purse exposing the notes she had written inside it to strangers. I do hope that she acted more carefully in future.

PS and I/we never took the details close to other people and when the stand was dual manned and we were both signing members up we always operated out of earshot!

mj4456 · 10 Sep 2022

Out shopping one day I felt fingers dipping into my jeans back pocket were the cash is kept, spinning around I was about to *reprimand someone when I saw it was the wife, she hadn’t considered my reaction when she needed to pay for something and wanted money.
* reprimand, might get me arrested for assault.

New scam/theft system?

sphexx

Likes a dare

How is a thief taking thousands from London gym-goers?

woof woof

I like a nice Chianti

How is a thief taking thousands from London gym-goers?

Box Brownie

How is a thief taking thousands from London gym-goers?

srichards

sphexx

Likes a dare

Pound Coin

Horatio Nelson

dolina

How is a thief taking thousands from London gym-goers?

Philippines 'SIM SWAP' Scam. When Mobile OTP won't cut it.

Deleted member 95743

Guest

sphexx

Likes a dare

srichards

BADGER.BRAD

sphexx

Likes a dare

mj4456

BADGER.BRAD

bass_junkie83

onomatopoeia

Box Brownie

JohnC6

JohnC6

Box Brownie

Box Brownie

JohnC6

Box Brownie

mj4456