Trick Em - Part 1
Tom Reynolds wiped sweat from his brow, his eyes darting between the glowing spreadsheets on his dual monitors. The end-of-quarter financial reports were due in just two days, and as head of corporate accounts for a regional telecommunications provider, he knew failure wasn’t an option. His boss, Maria, had made that painfully clear in the last meeting.
His phone buzzed on the desk, the screen lighting up with a familiar, irritating popup:
“Google Play Services Update Required for Enhanced Security.”
The notification had been appearing intermittently since he’d downloaded what he thought was the Google Chrome browser to his new phone. In hindsight, he should have been more careful, he’d downloaded it from a random website after a quick search, bypassing the official Google Play Store. But deadlines were pressing, and the small annoyances of the day felt insignificant compared to the mountain of work ahead.
Tom sighed. An update already? He tapped the notification without much thought. The screen flickered briefly, the notification disappearing as a progress bar ticked up and vanished. Everything seemed normal again.
Satisfied, Tom tossed the phone back onto the desk, oblivious to the malicious code silently embedding itself deep into his device.
Hours later, Tom’s phone buzzed insistently. He grabbed it, noting the timestamps on a flood of texts.
“Your One-Time Password is 834920.”
“Your One-Time Password is 673201.”
“Your One-Time Password is 510498.”
Tom frowned. He hadn’t initiated any logins. His heart sank as he quickly opened his banking app.
When the app finally loaded, his heart skipped a beat. His balance, nearly $200,000 in savings, was gone!
“What the hell?” he muttered, scrolling through his transaction history.
Dozens of transactions had been processed within minutes, each for just under $5,000, routed to accounts with names like “HVE21G5” and “ZZT98RE.” Tom clicked on one of the withdrawals, but the app froze, then abruptly logged him out.
Tom’s hands trembled as he dialed the bank’s fraud hotline from his desk phone. The automated message mocked him:
“Due to high call volumes, your wait time is approximately 45 minutes.”
“Forty-five minutes? Of course, because cybercriminals always wait patiently for the bank to catch up,” Tom said in frustration as he waited for 30 minutes that felt like a lifetime.
“Thank you for calling Lycra Bank Fraud Services. This is Angela. How can I assist you?”
Tom’s words tumbled out. “My account’s been drained. Unauthorized withdrawals, dozens of them—thousands of dollars are gone. I didn’t approve of it. You need to help me.”
Angela’s tone shifted immediately. “I’m sorry to hear that. I will need to verify your identity to help you resolve this,” Angela said as she took him through standard verification questions.
Recommended by LinkedIn
Tom rattled off the details, tapping his desk impatiently as she typed.
“Thank you, Mr. Reynolds for verifying your identity.”
“Alright,” Angela said. “I’m seeing the transactions now. While I investigate further, can you tell me what happened?”
Tom exhaled shakily. “It started this morning. I got a popup on my phone saying Google Play Services needed an update.I tapped it.”
Angela’s typing paused briefly. “Google Play Services?”. Angela guessed because she had received similar calls from customers narrating similar experiences as Tom’s the week before.
“Yes,” Tom replied. “Then my phone started acting weird. It froze a couple of times, and I got these random texts with OTP codes. I wasn’t trying to log in to anything.”
Angela’s typing quickened. “I see the withdrawals, all processed within a short window. They were broken into smaller amounts under $5,000, routed to accounts with alphanumeric names. Our system flagged this pattern, but since the transactions were authenticated using OTPs, they weren’t immediately stopped. Did you authorize any of these?”
“No,” Tom said bitterly. “I didn’t even receive login attempts, just those OTP texts.”
Tom’s bank account didn’t just bleed, it hemorrhaged into oblivion, one $5,000 cut at a time.
Angela’s voice grew tense. “Mr. Reynolds, this doesn’t appear to be typical fraud. It sounds like your device may have been compromised. Let me escalate this to our security team immediately.”
Before Tom could respond, a notification buzzed on his phone. His stomach dropped as he saw the sender:
“Payment of $45,000.00 has been processed,” to a "vendor" he could not recognize.
What do you think Mr. Reynolds did wrong? Have you ever had to call your financial service provider to report fraud on your account? If yes, share your experience in the comment section. What would you have done differently if you were Mr. Reynold?
Comment | Share | Repost
© 2025-2090 ByPassed. All rights reserved. You may share or link to content from ByPassed, but please provide proper attribution and do not modify the original content without permission.
#cybersecurity #Bypassed #truecrime
Wow, the fact that this is happening daily is insane! Thanks for sharing.
This story highlights the dangers of downloading updates from untrusted sources and clicking pop up’s carelessly especially when distracted! Although we may heap the blame on Tom for this act of carelessness, part of the blame also rests with the Bank. In Nigeria, most bank Apps have a daily threshold limit which is an external safeguard against such attacks. If the Bank had setup a daily lien or limit of say about $5,000 , it implies that Tom cannot withdrawal more that that on his account within a 24hr window, even if he was the one doing the transactions himself. This not only protects Tom but the Bank also.
Great read!! Mr. Tom was actually in a hurry and tapped the notification. But before that downloading an app with unverified website is like shooting yourself in the leg. I remember in 2022, I had just gone with my grandmother to open an account for her with Access Bank and deposited a sum. When we got home. Immediately, we go home. We received a call from an uncaller, telling about the account we just opened and the need ATM card and how 'the bank' can do an express delivery bringing the ATM to our doorstep. At first, I did not know what was going on, because have already discussed in the bank, that the ATM card will be available next week. So I just cut the call. The caller called and called, even the next till he finally got my cousin when I wasn't at home. I don't know how he manipulated to move to a quiet area, took my mom's ATM card and gave the details. In their words, "so they will know how to my prepare my Grandma's ATM card. My cousin as ignorant as he was then, gave the details of the ATM card to them. Before anyone knew what was happening, my mom's account have been swept clean. One thing I learnt that period was that, cyber actors can be very persistent
A gripping and all-too-real scenario that highlights how cybercriminals exploit urgency, deception, and our tendency to trust familiar-looking prompts. Tom’s biggest mistake? Sideloading an app from an unverified source and acting on an unsolicited security update. A few key lessons here: - Always download apps from official stores (Google Play, Apple App Store). -Never tap on unexpected security pop-ups—verify updates directly in settings. -Use an authenticator app instead of SMS OTPs for better security. -Monitor your accounts regularly and set up transaction alerts. This is exactly why cybersecurity awareness is so critical. Great write-up maam!!!!!!!!!!!!!!!!!
Mr. Reynolds downloaded an app from an unverified website. Malware can be hidden in software that is intentionally or unintentionally installed on devices like phones and laptops. Hackers understand that many users are careless when clicking on links and verifying websites. A crucial way to avoid this risk is to verify links before clicking and only download apps from trusted websites and official app stores. Even a small, seemingly harmless click can set off a chain of unexpected consequences.