"I can’t believe Barclays and Facebook have taken so long to deal with this."
A British Asian yoga teacher revealed how he lost over £11,500 through a Facebook account fraud. Hackers stole his debit card details through his account, which they used for transactions to an online gambling website.
Jasbir Mann stored his details on Facebook as he regularly paid advertisement for his business on the website. Usually, the cost for this is £30.
However, between 26th – 28th September 2017, he discovered over 100 fraudulent payments had been made with his debit card. They ranged from £21 up to £215, all of them for online gambling.
In total, Jasbir had lost £11,878 through this fraud. He told The Telegraph: “Aside from the occasional lottery ticket I don’t gamble and do not know how to play poker.”
Quickly contacting his bank Barclays, he explained the situation. While they cancelled his card, they told him to remove his details on Facebook. The social media company then refunded him £5,747 of the total, stolen amount through 30 tranches on 30th September.
But the refunds stopped for an unknown reason. Upon investigating, Jasbir found 110 transactions recorded on his account that matched with the transactions. He then raised a dispute with the website regarding the remaining money, £6,132.
Shortly after, he discovered the payment history had been wiped clean. While Facebook requested him to send details using a generic link, Jasbir claimed it failed to work.
Next, he sought the help of Barclays, but described the progress for a conclusion “slow and disjointed”. Jasbir added: “I can’t believe Barclays and Facebook have taken so long to deal with this. I’m a yoga instructor, not a millionaire.”
He also questioned why they didn’t list the purchases as suspicious. With The Telegraph pressuring both on the case, Facebook finally refunded the £6,132 to Barclays in November 2017. However, they failed to provide an explanation.
Meanwhile, experts issued warnings to social media users over cyber attacks on Facebook. Some have pointed out how when you make a purchase on the website, it’s unlikely for you to be asked for authorisation of further payments.
Chris Underhill, Chief Technical officer at Equiniti Cyber Security explained:
“Your account can be linked to paid-for services such as apps, games and online shopping. And once you’ve authenticated the payments – depending on how they’re set up – you’re not asked to reauthenticate them.”
“If someone gets access, they can download your entire history and use it to impersonate you.”
Since the incident, a spokesperson from Facebook said: “We can confirm that unfortunately this account was compromised. A full refund has now been made.”
The company apologised to Jasbir for the delay in his refunds.
Barclays also commented that the fraudulent transactions went unnoticed as they claim Jasbir had previously consented to Facebook using his details through the “recurring payments” option.
However, from this case, it appears more action is needed to prevent this type of fraud.