Subscriber OnlyPricewatch

Una says her phone was hacked, €3,500 is missing, yet the bank won’t pay out

She reported strange credit card transactions, but her provider says she is not entitled to a refund

Una believes hackers may have intercepted text messages that her bank, Avant Money, sent to her
Una believes hackers may have intercepted text messages that her bank, Avant Money, sent to her
Conor Pope's picture
Conor Pope
Mon Jan 27 2025 - 05:00

Pretty much everyone reading this will be wearily familiar with the endless stream of calls and text messages from scammers that flood their phones. But what if some of the messages simply never arrived and were instead diverted elsewhere by criminals so they could have free reign over their victims’ finances for longer?

Una has banked with Avant Money for more than 20 years, going right back to when it traded in Ireland under the MBNA name. She has a credit limit of just over €5,000 on her credit card and says – almost apologetically – that it is on the high side because she does a lot of travel for work and needs to pay for flights and hotel accommodation upfront before expensing it.

On Saturday November 23rd at around 6.20pm she logged on to her Avant Money credit card account to check the balance; she had made some purchases days earlier and had lodged money to cover them and wanted to make sure the lodgement had registered.

“It was then when I noticed the four very strange transactions,” her mail says. The transactions that she did not recognise amounted to more than €3,000 so she called the bank immediately “to cancel the credit card and report the fraud”.

READ MORE

A day later – a Sunday – she rang Avant Money again to make sure her card had been cancelled. Having stressed about it for hours she was “afraid while I was talking to them the previous night that more activity was done while I was on the phone.”

She says that on both occasions when she called Avant Money that weekend she was told their fraud unit would make contact on the Monday.

On the Monday, and in the absence of any contact from Avant, she rang again and was assured the card had been cancelled. She was told a new one was on the way to her. On the phone she was also assured she would only hear from the fraud unit again if they had questions for her.

On Friday November 29th – six days after she first spotted the dodgy transactions – the new credit card arrived as promised. Incidentally, her pin number arrived on the same day and in the same postal run, albeit in a different envelope.

“As advised by the bank when I spoke to them on the previous Monday I re-registered the new card online and noticed that there was a fraud refund for the full amount,” Una says. “That afternoon someone from their fraud team called me and advised that this was a temporary refund. She went through several questions with me.”

The online scams to avoid in Ireland: A new WhatsApp trick, MyGov texts and what to look out for ]

On that call Una was told that on November 15th at around 9.20pm an e-wallet was downloaded to “a device” with her credit card. Avant said two automated messages had been sent by the bank to Una’s mobile number – one asked her to confirm she had downloaded the e-wallet and the second one had a one-time security passcode.

“I did not receive either text,” Una insists.

The Avant Money employee in the call centre was able to tell Una that on November 23rd four transactions were conducted using her credit card, which, she discovered, had been downloaded to the e-wallet in Italy.

There were three transactions in the afternoon between 1pm and 1.45pm. The first was for €1,200, the second €980 and the third €950. Hours later a fourth transaction – for €300 – was processed in connection with a meal in an Italian restaurant. That happened at 6.15pm on the Saturday, not long before Una noticed there was an issue.

On the call with Avant Money Una was asked to report the activity to An Garda Síochána, which she immediately did.

'They were 100 per cent sure that the mobile had been hacked and as a result [the criminals] were able to download the e-wallet and get my credit card,' says Una. Photograph: iStock
'They were 100 per cent sure that the mobile had been hacked and as a result [the criminals] were able to download the e-wallet and get my credit card,' says Una. Photograph: iStock

“Avant sent me an email to which I replied to confirming that I had gone to the guards and that I had not received the two text messages,” she writes.

A week later she heard from Avant again and they re-asked the same questions as before, focusing on whether or not she had received the two text messages on November 15th. Again Una said she had not got them.

On December 16th she wrote to Avant Money looking for an update. At this point she says she was stressed, not sleeping and full of anxiety. Her stress levels and capacity to sleep were unlikely to have been improved by an email from Avant Money that landed just before midnight on December 16th which said that she was liable for all the losses due to the two text messages that had been sent.

The two messages she said she had never received.

“I wrote to them saying I would not accept this and wanted to take it further. I also contacted the person in my company who looks after mobile phones and he advised me to stop using the mobile immediately as it looked like it was cloned/hacked,” she says.

“He put me in contact with the phone company person who manages our company account. They were very helpful and were 100 per cent sure that the mobile had been hacked and as a result [the criminals] were able to download the e-wallet and get my credit card.”

Avant said that due to the two text messages they sent to my number (that I never got) I was fully liable. But as a gesture of good will and because I have been a customer for over 20 years they would take €500 off the amount

—  Una

Una says that when travelling she would sometimes put her credit card into her pocket along with her phone as she reckoned it was safer than bringing a bag or wallet out with her.

She says the phone company told her hackers might have done “a control and command on my phone and intercepted the two text messages that the bank said they sent to me on November 15th. That was why I didn’t see or action them, it was the hackers who actioned them. Had I seen the messages then I would have contacted the bank immediately. I also contacted a friend’s husband who works in cybersecurity and he also agreed that that phone was hacked and to stop using it immediately. My company agreed and the mobile was turned off immediately.”

Una got a new phone from her company.

On December 20th Una got another letter from Avant to say that “they would investigate my complaint and refer back to me within 14 working days.”

Una called a named person in the bank who looked at the file “as I was very upset. She said the issue is the two text messages. They were sent to my number and that is why I am liable, They do not believe that I didn’t get them even though I advised that we discovered my phone was hacked. I had gone to the guards as they requested. Also that the four transactions were completely out of character/history on my account. She said she would look into the case further and call me Monday afternoon.”

On December 22nd Una went back to the Garda “to see if they could help me again. They said to bring the phone in and they would investigate things but it would take weeks as it’s not a priority.”

Fake online shops scam: Half a million people have shared their credit card security codes ]

On December 23rd she dropped the phone in to gardaí and on the same day heard from Avant again, who said that “due to the two text messages they sent to my number (that I never got) I was fully liable. But as a gesture of good will and because I have been a customer for over 20 years they would take €500 off the amount.”

That still left Una on the hook for just under €3,000. The Avant Money staff member did say Una “could choose not to pay it but it would gather interest and then of course I would get a black credit rating so obviously this was not an option”.

Una was told the case was closed “and unless I provided clear evidence it would not be reopened and I had to pay”.

So Una went in search of the evidence. In early January she wrote to her mobile phone provider looking for her text message records and was told they “could only provide me with messages/calls that I had sent”.

She said inbound data “could be accessed but only at the request of the guards or national bodies”.

On January 8th Una called the garda dealing with her case. “She said they can’t access it as this is between me and the bank, and that their investigation is to find the hackers and the case was with the economic fraud team, and it’s a criminal investigation.”

And it was at this point that Una contacted us.

We contacted Avant Money and received a statement that we fear will be of no comfort to Una – or anyone else, really.

New phone scam conning Irish customers out of as much as €8,000, says banking industry body ]

This is what it said: “At Avant Money, the security of our customers’ personal and financial information is a top priority. All cases of suspected fraud are reviewed individually to carefully assess the details and merits of the situation. While we are committed to providing comprehensive support and protection to all our customers, we cannot discuss the details of individual cases publicly.

“This particular case was thoroughly investigated in accordance with our complaints process, and the outcome was communicated to the customer through a Final Response Letter (FRL), in compliance with the Consumer Protection Code 2012. This letter informed the customer that if they are not satisfied with the outcome, they have the option to contact the Financial Services & Pensions Ombudsman (FSPO). The FSPO is an independent body that investigates and resolves complaints impartially on behalf of customers.”