Thieves steal thousands from couple's bank accounts: 'Ha, ha you are the victim of ransomware'

HENDERSONVILLE, North Carolina -- Thousands of dollars vanished from a Western North Carolina couple's checking account, and it could happen to you.

"They're skillful, they know what they're doing and they target people like us, really," Stephen Savage, of Hendersonville, said.

The video in the player above is from a previous report.

The target -- the mountain couple's bank account, and all they could do was watch helplessly. And $2,800 was gone instantly, News 13 reported.

News 13 has the couple's warning to others, tips to protect your accounts and the one tool that reveals if your accounts are compromised.

SEE ALSO | California woman loses over $18K through 'Zelle' after scammers text, call her pretending to be bank

The attack "We could have been completely, no funds left in our account," Savage said, sitting at his Henderson County kitchen table talking with News 13 after he and his wife's bank account was targeted by thieves.

Stephen and Tessa Savage consider themselves computer savvy.

"I would always verify a web address before you click on any links," he said.

So, a threat to their home computer was a gut punch.

"It said, 'Ha, ha you are the victim of ransomware.' It said if you pay $900 we will unlock all your files. I found a suspicious folder or file on the computer. I removed it, and, then at that point, I tried to go to sleep. And I was thinking about it all through the night," Stephen Savage said.

About 9 p.m. a baffling text to Stephen Savage's phone didn't help.

"That said the funds had been transferred successfully. This was from TD Bank and Zelle," he said.

The Savages don't have a Zelle account or mobile banking. The next morning, the hoax further unfolded.

"My phone was not active. It was completely dead," Stephen Savage said.

He had to borrow a co-worker's phone to call Tessa, urging her to check their bank accounts.

"I saw that funds were being moved, that we hadn't moved from our savings to our checking. And, so then, I said, 'Stephen, we need to get down there," said Tessa, and both were on their way to TD Bank.

Before reaching TD Bank, $1,800 was transferred from the Savage's savings, plus $1,000 from their checking, a total of $2,800 had vanished from their accounts via Zelle.

"I said, 'How can you do that with a Zelle?' And they go, 'Well, it's just done. Somebody hits the thing and then, boom, it's gone, it's gone,'" Tessa Savage said.

Drive by and smshing frauds are rising cyber-security threats.

"Yeah, this could be a particularly sophisticated attack. If this individual is most likely was a drive by, they clicked on an email months and months and months ago. Sometimes, the, these nefarious actors will sit in your systems for six, eight, nine months before they act," said Adam Bricker, executive director of the Carolina Cyber Center at Montreat College.

Bricker explained how a smshing attack works.

RELATED | Bank account fraud, hacking causes customers to lose hundreds of dollars

"They get an SMS messages on their phone. This looks legitimate and it says it's from your bank. And, by the way, this isn't a Bank of America, Wells Fargo, Truist. it's not that bank. Anybody can spoof that bank. They go, you have a Zelle transit. Whoa, hold on. I didn't do that. And so, your instinctive reaction to say, no, I didn't do that. Now, they've got you," Bricker said.

All it takes is an email or phone number. Zelle, created by the major banks, is a quick money transfer.

"Let's say you don't have a mobile banking app. Let's say you don't use your phone for mobile banking. Your account is still largely in many, many, 5,000-plus cases linked to a Zelle capability," Bricker explained.

So, what is that first step you need to take if your account is compromised?

Steps you can take to protect yourself "Don't engage, do not respond at all. But then think to yourself, what information could they already have about me," Bricker said.

What are some good just practices for people to keep in mind?

"Three things. One, we strongly advise you use a password manager application like 1Password or LastPass, because you can set that up to have long, complex passwords," Bricker said.

Second, Bricker encouraged everyone to set up multi-factor authentication to log into accounts.

"The third thing, with all of those accounts, set up the notification, where if there is any change to them, you get notified," Bricker said.

The tool informing you where your info is compromised Bricker also recommends the website, "Have I been pwned?"

"It will show you, credit card, your phone number, your social security, your address, your username, your password has been compromised and which source it was compromised from," Bricker said.

That's giving you time to act and make changes to accounts that maybe compromised.

SEE ALSO | Scams targeting Zelle app users rising as criminals get more creative; how to avoid losing thousands

As for the Savages, they said the bank either cannot or will not give them any information about how the money was transferred.

Despite efforts to prove the transfer errors and show the Savages had no access to their mobile phone, the refund request citing Regulation E, a federal law protecting electronic fund transfers, was denied twice by TD Bank. Once it claimed there was no error. And once it said the transfers were authorized.

"I think it's shameful the way the banking industry treats the consumers, treats seniors in this country, and I think we need to hold them accountable," Tessa Savage said.

Shouldn't the attack on the Savages be covered by the Electronic Funds Transfer Act or Regulation E?

"Regulation E does require the banks to reimburse you for fraud, even if it was induced and you did the action. You were induced, tricked, duped into making the cell transaction, they should cover you for this," Bricker said.

News 13 asked TD Bank why it wasn't complying with the Electronic Funds Transfer Act or Regulation E.

The response News 13 got from TD Bank was ultimately different from what the Savages received.

"At TD, we take fraud very seriously. We investigate fraud complaints thoroughly to determine the facts and take appropriate action. Due to privacy concerns, we cannot discuss the account activity of particular customers. However, we can tell you that TD has achieved a positive resolution for the customer in this case," TD Bank told News 13.

Remember, the Savages' refund had been denied twice. The day after News 13 got a response from TD Bank, the Savages were contacted by TD Bank, notifying them the bank was refunding the entire $2,800. The Savages have since closed their accounts.

(The-CNN-Wire & 2021 Cable News Network, Inc., a Time Warner Company. All rights reserved.)