I-Team gets phone scam victim's stolen money back after Bank of America refuses to help
NORTON - Hackers took over a Norton woman's phone and then stole thousands of dollars from her bank account. When her bank refused to refund her money she called WBZ-TV's I-Team.
Cheryl Friedman said it happened in just seconds. Scammers took control of her mobile phone and stole thousands of dollars from her Bank of America checking account.
"I'm watching, basically, helplessly as they are taking money out of my account," she told WBZ. "I'm thinking, I can't be seeing what I'm seeing."
The elaborate scam started when Friedman got a call from a fraudster claiming to be from PayPal. At the time, she was trying to help a friend with a complicated refund on the app. So when the man asked Friedman to verify her own account, she didn't think much of it and clicked on the link he sent her.
"So I said OK thinking this is coming legitimately from somebody on PayPal and through the app," said Friedman.
But it wasn't legitimate and by clicking on the link, Friedman unknowingly gave the thief an opportunity.
"This is like giving everybody a key to the front door of your home," said cyber security expert Peter Tran. "They can use that key to open the door and they've got access. It's a similar thing. So that's probably the most dangerous form when you click on a link, is to give remote access to your entire device."
"They got $3,500. I think, one, I think it's crazy, my initial reaction was I can't even believe this could happen," said Friedman. "And I don't understand how someone can access your phone like that."
Tran said mobile phones are small computers. Clicking on any malicious link can give thieves remote control permission to any app on your phone. That means they can get into any of your apps and steal information and money.
To prevent becoming a victim, Tran recommends deleting any apps you no longer use, verify links sent to you before opening and finally, go through the apps you do use and review the permissions that you are allowing.
"Oftentimes, users will just click through when they install an app, not realizing they gave a permission as a blanket permission," said Tran. "When you click on a link and you allow control over the phone, that gives the controller remote access to the app, which then has permission to do what the remote controller wants to do."
As for Friedman, she reported the fraud to police and Bank of America and despite trying for months to get her money back, her claim was denied. But after the I-Team started asking questions, a spokesperson for Bank of America told WBZ, "We refunded the money stolen by the scammer after the client recently provided additional information to us."
Friedman is happy to get the money back and is a little sheepish that she fell for the scam.
"I feel foolish but I don't want anyone else to get sucked into it. I feel also, just unfortunately, angry at my bank for not flagging it and not having better fraud protection," said Friedman.