‘I can’t stand this loss’
Stunned teacher demands reimbursement after $3m assault on bank account
A teacher left devastated after phishers emptied her savings of $1.8 million and took out a $1.6-million loan on her account is not only blaming the National Commercial Bank (NCB) for her loss but is demanding a reimbursement of her life savings.
“I need justice to be served. I can’t stand this loss. I’ll be losing in two ways: my name and reputation will be destroyed at the credit bureau and I have lost the money,” the primary-school teacher told The Gleaner.
The educator, who opted to remain anonymous but will be called Diana for the purpose of this article, had also been asking NCB to cancel the loan payments but was only recently notified that this was done after The Gleaner sought answers from the bank.
Diana is convinced that her account was hacked after she responded to a message that she believes was genuinely sent through NCB’s messaging platform.
“It wasn’t a random text message. It came through the NCB messaging portal, which means that the system was compromised and my details got into the wrong hands,” she said.
The teacher explained that the incident occurred shortly after she had conducted a series of transactions in the week of May 15, which included several online transfers and ATM withdrawals.
The following Sunday, while she was at home relaxing, Diana said she received a text message, notifying her that her debit card had been restricted due to unusual activities and that, to avoid further restriction, she should click a link provided to verify her account. Convinced that the message was sent by the bank, she quickly complied.
Two days later, she woke up to two messages informing her of unknown purchases made on two websites.
“I went online same time and, when I checked my account, my account was cleared. I had $1,780,000 and some change and dem left me with $208 and they took a loan on my account – an unsecured loan of over $1.4 million but, with the processing fees and insurance, it came up to $1,660,000.
“I started to see where they took more money than what I had in the account. So I said, ‘How they got so much money?’, but when I looked in my email, I saw where they are saying ‘You did it!’ I was like, ‘Me did what?’” Diana shared, referring to the loan approval message she was sent. “I did not even know you could have accessed an unsecured loan through their platform, especially of that magnitude, so much money.”
A closer examination of her transactions online showed that her funds, which she was saving to make a deposit on a home, and the loan amount were transferred on the same day, a situation that she believes should have triggered a restriction in light of NCB’s daily transfer limit of $500,000.
“Not one transfer that was sent from my account was sent to me. I did not receive a text. I did not receive an email saying the transfer of $20,000 was made to Tom Strokes. Nothing at all.”
Since reporting the incident, Diana said that the bank wrote to her apologising for the loss and notified her that she was the victim of social engineering.
“If I didn’t have a strong support system, I would have probably committed suicide,” she said, while crediting her co-workers and siblings for being her rock.
Dane Nicholson, head of NCB’s fraud prevention unit, declined to answer several questions sent by The Gleaner regarding the breach and the concerns, citing client confidentiality.
Nicholson, however, indicated that the majority of fraud losses occur when victims click on links or share their confidential and private information online or over the telephone.
“NCB will never send a customer a link via email or SMS related to their account. Furthermore, we will never call and request confidential information, such as your username and password, PIN, bank account or card number, or Token ID,” he said.
He also did not directly answer whether Diana would be fully or partially reimbursed.
“Every fraud incident reported undergoes a comprehensive investigation, holding responsible individuals accountable. As a commitment to our customers’ account security, we reimburse customers for quantifiable monetary losses that occur in their accounts due to our employees’ fraud or fraud that occurs on the customer’s account without any action on their part,” he said, adding that matters like Diana’s are turned over to the police.
Diana’s attorney, Matthew Hyatt, noted that the fraud has had a devastating financial and emotional impact on his client, adding that banks must be flexible and, where the circumstances deem fit, make goodwill offers to victims of scams.
“Our banks should not take the approach that, once you’re a victim of spoofing/phishing, the customer ought to have known better and not click on a link, and then decide that no compensation be given,” Hyatt said, noting that legal action could be pursued if the matter is not resolved within a reasonable time.