The victim, who wishes to remain anonymous because he is still being targeted by scammers, refused to give up when Barclays deemed him responsible for a series of transfers that left his account in early 2022.
He spent months completing his own fraud investigation, before sharing his story with Which? when no one seemed willing to listen.
Malware linked to eBay purchase
The scam started in 2021 when the victim bought a USB Endoscope Borescope camera – useful for looking down pipes and for car maintenance – on eBay for £7.59.
The Bitdefender report explains that the app was ‘likely a heavily encrypted TeaBot dropper’ that specifically targeted Great Britain and worked in the background to target bank accounts.
Find out more:When banks don’t believe fraud victims
The fraud only came to light when Barclays blocked the victim’s account due to unusual activity.
Eight unauthorised transactions had taken place over eight days, ranging from £10 to £1,985, all taken while the victim was asleep. All of the payments were to the cryptocurrency exchange Coinbase, even though he had never used this app or any other exchange.
To his surprise and horror, Barclays said that because the payments were made from his registered device, verified by the correct passcode, it couldn’t see how his device was compromised and refused to refund the money.
He begged Barclays to analyse his phone and consider the unusual pattern of behaviour but this fell on deaf ears. He made a complaint to the FOS before approaching Which? for support.
Find out more:Which? investigates the dodgy eBay item
We bought the same item from the same eBay seller and followed the instructions to install it.
We were prompted to download a different app, called ‘USB_Camera app’, which we asked independent cyber security experts to review.
They said that, although it initially ran as expected, they did find a suspicious library which has been linked to an Android malware ‘packer’ (used to compress files and hide malicious code) and said there is a very high probability the app is malicious.
Despite this new evidence, Barclays initially refused to reconsider its decision, declining to comment on the case until it had been reviewed by the FOS.
We asked if it had contacted either Norton (to confirm the malware report) or Coinbase (to confirm if the receiving account was suspected of criminal or suspicious activity) but didn't receive a response.
eBay's response
We reported the seller to eBay. It removed the listing to minimise the risk to users, but confirmed it had received no other scam reports relating to the item.
A spokesperson said: ‘eBay is a third-party seller marketplace. We do not sell any products directly but mainly connect buyers and sellers. We generally do not control the sellers’ items at any point in time. We take reports of fraud and scams very seriously.
'In the rare instance that we receive one, our dedicated law enforcement liaison teams work closely with police, and other stakeholders like Action Fraud, to investigate and provide evidence as requested.'
We also informed Google about this potentially dangerous app but it was found to not have violated any policies.
Can the FOS cope with complicated fraud cases?
The FOS rejected the victim's complaint. When we reviewed the final decision, we were surprised to find that it made no mention of the possibility of malware.
The victim says he repeatedly told the investigator that he was a victim of a remote attack but this information was either missed or ignored.
A spokesperson for the FOS said: ‘Being the victim of a fraud or a scam can be a horrendous experience – both financially and emotionally. Unfortunately, we continue to see hundreds of complaints a week from victims of fraud and scams.
'If anybody feels they have been treated unfairly by their bank they can complain to our service, we will then consider whether the firm has acted reasonably or whether they need to reimburse the consumer. We are a free, independent service, and each case is investigated on its own merits.’
Refusing to give up
The victim was prepared to take Barclays to court, but thankfully the issue was eventually resolved last week.
Which? urged Barclays to review its initial stance, reiterating our findings related to the same eBay item, and it finally agreed to refund the money.
The bank's initial investigation was based on the victim’s testimony that he had not downloaded any new apps and had antivirus software installed on his phone.
This was true – the malicious app had been installed over three months before and his device had a free antivirus tool – but the attack came later and basic tools can fail to detect sophisticated malware. We feel that Barclays asked the wrong questions and failed to investigate this particular fraud case thoroughly.
A Barclays spokesperson said: ‘Based on information our customer had initially provided, our thorough, forensic investigation did not identify a point of compromise, with the FOS agreeing with our decision. However, after the provision of new information, the funds lost to this scam have now been returned to our customer.
'We urge customers to provide as much information as possible when they report a fraud, and to remember that a legitimate organisation will never ask them to download software, transfer money, make payments, or share their security information.’
source https://www.which.co.uk/news/article/scam-victim-loses-more-than-6000-after-buying-an-8-camera-on-ebay-aMWq19Z2BnUb