Discussion topic: Apple TV QR scam?

@@Chodle, you asserted nobody's bank account has been compromised.

I had money taken from my current account without my knowledge or permission.

Again, without my knowledge or permission a demand was made for daily withdrawals. These were neither Direct Debit nor Standing Order but needed the banks intervention to prevent further unauthorized removal of funds.

I did not sign any mandate, authorisation or contract to which the rogue company could point as a defence.

If I had not been alert more money would have been stolen.

Some subscribers, as a representative cross section of society will be less alert, easily confused, slow to respond.

These victims are often prey to the dishonest. How much money must be lost before we are able to agree that an account has been compromised?

@Laing. Your apparent defence of Sky is understandable only if your main premise is correct. 

Unfortunately it isn't.

The victim isn't guilty of signing a rogue site or knowingly using an unreliable application.

Sky is aware of the danger but failed to either warn or take measures.

It is Sky who remain culpable.

The victim at no point left, or decided to leave the Sky system.

The offer didn't warn that following the link would take them to a third party site over which they have no control and whose opinions are those of the third party.

Victim blaming is common defence but rarely justified and almost never successful. The inherent fallacy in your argument undermines the whole.

---

@Harrysback wrote:

@@Chodle, you asserted nobody's bank account has been compromised.

I had money taken from my current account without my knowledge or permission.

Again, without my knowledge or permission a demand was made for daily withdrawals. These were neither Direct Debit nor Standing Order but needed the banks intervention to prevent further unauthorized removal of funds.

I did not sign any mandate, authorisation or contract to which the rogue company could point as a defence.

If I had not been alert more money would have been stolen.

Some subscribers, as a representative cross section of society will be less alert, easily confused, slow to respond.

These victims are often prey to the dishonest. How much money must be lost before we are able to agree that an account has been compromised?

---

@Harrysback I've had the Apple TV free subscription from Sky on numerous occasions and money hasn't been taken out of my account without my prior knowledge the process is simple don't use a third party QR app 

Obviously you were less alert recurring payments can be set daily or weekly you have given permission by entering your card details and pressing confirm to complete the authorization 

They can vary the amount they take weekly or daily as you have in theory agreed to the terms and conditions which you did read didn't you?

---

@best+of+the+best wrote:

---

@Harrysback I've had the Apple TV free subscription from Sky on numerous occasions and money hasn't been taken out of my account without my prior knowledge the process is simple don't use a third party QR app 

Obviously you were less alert recurring payments can be set daily or weekly you have given permission by entering your card details and pressing confirm to complete the authorization 

They can vary the amount they take weekly or daily as you have in theory agreed to the terms and conditions which you did read didn't you?

 

---

Same here, had the Sky offer twice now and all was fine.

For any of these streaming services, just check the next payment date, it will show when your next recurring payment is due, £0 ( trial price) or the cost recurring subscription out of the free renewal timeframe.

Just set yourself a calendar entry to alert you when to cancel in the final free month, simple.

Apple email you all the dates with the renewal timeframe.

Agree, using a Qr code app is not a good idea at all. That scam has been around for sometime, just use your phone/tablet camera in built qr reader or just type in the alternative website url displayed on the Sky box next to the qr code (that is all the qr code is).

---

@Harrysback wrote:

@@Chodle, you asserted nobody's bank account has been compromised.

I had money taken from my current account without my knowledge or permission.

Again, without my knowledge or permission a demand was made for daily withdrawals. These were neither Direct Debit nor Standing Order but needed the banks intervention to prevent further unauthorized removal of funds.

I did not sign any mandate, authorisation or contract to which the rogue company could point as a defence.

If I had not been alert more money would have been stolen.

Some subscribers, as a representative cross section of society will be less alert, easily confused, slow to respond.

These victims are often prey to the dishonest. How much money must be lost before we are able to agree that an account has been compromised?

---

Via what mechanism was this money being demanded if not via one of; open banking A2A, direct debit or card transaction? All of which require an action by the account holder. It might not be an action they know they are taking (like entering card details into a scam site posing as Apple) but if your account had actually been compromised, i.e. the fraudsters could act as if they were the account holder, then the money would just have been sent, not demanded, at probably the maximum rate allowed by the bank which is typically about 20k a day.

Have you reported the QR scanning app to Google or the police?

edit: I guess Paypal is another way money can be requested but that piggybacks the card networks anyway.

---

@Harrysback wrote:

How much money must be lost before we are able to agree that an account has been compromised?

---

Using imprecise phrasing is likely to cause confusion, particularly if involving law enforcement or financial entities.  Being fooled into setting up an unwanted payment is not the same thing as an 'account compromise', and would typically involve a different criminal offence (if, unfortunately, one is actually being committed at all: the perpetrators here will claim they are offering a legitimate 'service')

@Anonymous+of+the+best

Aha. Two points worthy of attention.

" Without using a QR code"…precisely.

Sky knew that the QR route was vulnerable. That's why the warning is in the help file. ( See previous message re use and purpose of same). 

So why expose subscribers to an obviously unnecessary risk?

Your second point. Regarding putting reminders in the calendar.

Gosh. You should patent that one.

The common threads in this thread seem to be:

Blame the victim; and,

Defend the Company.

Clearly with so many acolytes seeking badges and ignoring the principal today which demands that commercial enterprise protects customer data further discussion here is without merit. 

The defence each offers fails to recognise corporate responsibility and makes unfounded assumptions about how the fraudsters gained access despite the process being used by different scammers to a number of Sky subscribers.

I think that while responders are unwilling to accept the concept of corporate responsibility in this scenario further chat is like an exercise in amateurs playing an online game of Judge Judy.

Legal precedent is ignored.

@Chodley

NB

You correctly mentioned the 3 main instruments by which funds can leave a banking account.

You might be aware of the 4th method.

It's the method used by the thieves in this particular scam.

Automatic payments.

Normally used by banks and creditors to extract funds owed to them.

No customer authority is necessary.

So, not the A2A. Nor DD. Nor indeed S/O.

Automatic payments requiring no mandate, permission, signature.

Regards 

HB

---

@Harrysback wrote:

@Chodley

NB

You correctly mentioned the 3 main instruments by which funds can leave a banking account.

You might be aware of the 4th method.

It's the method used by the thieves in this particular scam.

Automatic payments.

Normally used by banks and creditors to extract funds owed to them.

No customer authority is necessary.

So, not the A2A. Nor DD. Nor indeed S/O.

Automatic payments requiring no mandate, permission, signature.

Regards 

HB

---

Neither do paperless Direct Debits these can be set up online via your banking app same with a Standing order 

Direct Debits are controlled by the business you set up the DD for 

Automatic payments are set up by the customer and controlled by the customer so if you entered your card details and clicked ok you've agreed to the amount set up which could be a daily amount of £20.00 even though you think are on a Web page for a free trial.

---

@Harrysback wrote:

@Chodley

NB

You correctly mentioned the 3 main instruments by which funds can leave a banking account.

You might be aware of the 4th method.

It's the method used by the thieves in this particular scam.

Automatic payments.

Normally used by banks and creditors to extract funds owed to them.

No customer authority is necessary.

So, not the A2A. Nor DD. Nor indeed S/O.

Automatic payments requiring no mandate, permission, signature.

Regards 

HB

---

Can you point me to the official definition and description of these "automatic payments"?

I've worked with financial institutions for about 20 years and that term is unfamiliar, other than as a generic colloquialism for standing orders or direct debits.

Yet despite Sky TV knowing that this vulnerability exists no warning is given.

Every supermarket places warning signs if the floor is dangerous...to help, warn, keep customers safe.

Sky knew. Sky failed to act.

The dodgy QR code apps may be the catalyst but when the company offering gifts is aware but chooses not to warn subscribers we must ask whether enough was done.

---

@Harrysback wrote:

Yet despite Sky TV knowing that this vulnerability exists no warning is given.

Every supermarket places warning signs if the floor is dangerous...to help, warn, keep customers safe.

Sky knew. Sky failed to act.

The dodgy QR code apps may be the catalyst but when the company offering gifts is aware but chooses not to warn subscribers we must ask whether enough was done.

---

A catalyst is something that accelerates a process. The dodgy apps are the actual process. And Google allowing them to remain on the app store (this does not happen on iPhones) is the disgrace. If people are going to be daft enough to run any old crap then Google owe it to them to manage the app store properly.

Do you seriously expect every QR code in the world to come with a common sense warning?