Pages:
Author

Topic: Toronto Man Scammed Over $2,000 by McDonald’s Mobile App - page 2. (Read 478 times)

legendary
Activity: 3710
Merit: 1170
www.Crypto.Games: Multiple coins, multiple games
LOL, HAMBURGLAR! That is freaking funny Cheesy I don't know where these people get these nicknames from but that is awesome Cheesy. Also, how the hell does someone spend 2 thousand dollars on mcdonalds? Like it is one of the cheapest food places in the whole world, even in countries where food could be more expensive (or cheaper doesn't matter) mcdonalds usually rank at the top of the list for cheap food places.

So, when you spend 2000 dollars on mcdonalds in Canada Toronto that is like probably over 100 burgers, which means either the person didn't actually buy the burgers but there was an inside job where cashiers help him get cash and pay with app and they made some money too, or dude didn't realize he was being robbed for weeks even months before he realized it.
hero member
Activity: 3178
Merit: 977
www.Crypto.Games: Multiple coins, multiple games
Damn. This is new. I don't think such a small scale attack could make the employers think about adopting BTC as a payment option, but a series of attacks could make them consider it sometime in the future.

Even if the attacks don't happen, I am expecting them to consider offering BTC as a payment option following the lead of other popular retailers like Starbucks etc.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
Read the news as 'Florida Man' due to memes but..

Anyways, I don't think the McDonald's app is at fault in here tbh. It could be something else, and the hackers are just using the card for ordering fast food (which sucks, lol), and it appears that these hackers are fond of McDonalds. Most of the time, I see services just reimburse immediately in order to contain the situation but it seems that they don't want to do something and wanted to know everybody that their app is insecure anyway.

Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

Local banks here do not give out refunds and reimbursements easily even if its clearly their platform's fault. Lost almost a thousand dollars just 2 months ago due to their 'maintenance' and it is only last week that I have received the reimbursement which sucks because why do I need to fight for my money anyways? But then again there are still some people who are just plain stupid and still wants to get a refund to conceal their stupidity, boost their ego and not lost a single penny.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Since most of the time banks reimburse the loss, so they don't care much
Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

That's one of the reasons I like Bitcoin so much, you are pretty much forced to take internet security seriously because if you don't, you could lose your money and there is no one you can complain to.

Same here but we need often to insist to get a refund
- someone steals your card without the PIN code, the bank refunds the loss if any.
- someone steals your card with the PIN code, the bank refuses to refund anything, it considers it's your own fault. (The funny thing is we have insurance on VISA cards including the loss of means of payment etc. Roll Eyes)
But nowadays it can be easy for some to steal the card and get the code (often at the supermarket or ATM) and banks don't get that.
legendary
Activity: 1526
Merit: 1179
Since most of the time banks reimburse the loss, so they don't care much
Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

That's one of the reasons I like Bitcoin so much, you are pretty much forced to take internet security seriously because if you don't, you could lose your money and there is no one you can complain to.
hero member
Activity: 1274
Merit: 519
Coindragon.com 30% Cash Back
This simply means that any business which is connected to an online business app is risky. Everything that involves money online is hackable and we can't take control of that. It's just so sad that it's now hard to entrust and link our debit card to any mobile apps these days. We should just try to get rid of this process but focus on fiat payment method.
hero member
Activity: 2870
Merit: 574
Vave.com - Crypto Casino
First of all, I don't use MyMcD to buy, and I am very aware of using the apps on my mobile phone will give a hole for the attacker to use my private information.
But that will only happen if I install the unknown apps and I don't know if the developer is good or not.
I see on many apps that including the Payment section so the user can add their debit or credit card in the apps and that will give an attacker to try to penetrate the apps and try to steal your money.
It will need awareness from the user itself to add their payment card or let it empty so they can prevent from the attacker.
It is better not to add debit or credit card to any apps, and maybe we could only add the tokens inside the apps, so we only use the tokens without adding the debit or credit card inside the apps.
hero member
Activity: 1120
Merit: 554
The amouht is so small that Mcdonalds will just refund the victim. No payment method will ever be 100 percent safe.  Its really funny that the thief just bought more fast food, so they are the real loser in the end from the bad health effects.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Every new technology comes with new problem types. But I admit $2.000 it's a lot of burgers to eat  Cheesy
There is still a long time before merchants start to use crypto just because of an application failed unfortunately and client too... Since most of the time banks reimburse the loss, so they don't care much
legendary
Activity: 2170
Merit: 1427
On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person.

Peolpe hand over their information to third parties without realizing that it isn't a good thing. I remember that last year there was some sort of a low value shopping voucher you could claim locally, but for that you had to fill in a detailed form requiring pretty much all your information.

The worst part is that it wasn't even one of the participating stores themselves, but a random third party. What I think happened in the background is that people's data has been sold and with a small chunk of that they bought the vouchers to give it to all the participants. Another risk here is that hackers can gain access to their servers and actually abuse it.

Just say no to all that nonsense and don't use public wifi hotspots. Nowadays everyone has high GB data bundles anyway, so why do you need that wifi?
legendary
Activity: 2562
Merit: 1441
These kinds of cases often happen in each and every mobile application/retailer e-commerce apps in the whole world.McDonald's have nothing to do with this case, they are not the one who this O'rourke could point out. However, Mcdonalds must look and search for the person who is doing this. (the Toronto guy)

On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person. This Toronto guy might know O'rourke personally or he already caught O'rourke as his victim using phishing sites or emails.

O'rourke must learn that he has to be more secure in the future to avoid these kinds of cases. Because honestly, if you know or familiar with these kinds of scams and frauds, you could avoid it to happen to you.


It is possible mcdonald's app thieves hang out in a nearby parking lot with a laptop running a WIFI packet sniffer recording all mobile app transactions. The data would be encrypted but depending upon the strength of the encryption utilized it can be vulnerable to attack. Similar methods have been utilized to rip RFID financial data from credit cards and chips with RFID enabled.

Crypto currency payment apps could have an advantage here if they interact only with a retail scanner, bypassing the WIFI or internet connectivity portion of electronic payment systems. That could make them less vulnerable to man-in-the-middle-attacks or financial data being intercepted. It will take time for details to emerge, if they are ever published or publicized.
legendary
Activity: 2492
Merit: 1232
These kinds of cases often happen in each and every mobile application/retailer e-commerce apps in the whole world.McDonald's have nothing to do with this case, they are not the one who this O'rourke could point out. However, Mcdonalds must look and search for the person who is doing this. (the Toronto guy)

On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person. This Toronto guy might know O'rourke personally or he already caught O'rourke as his victim using phishing sites or emails.

O'rourke must learn that he has to be more secure in the future to avoid these kinds of cases. Because honestly, if you know or familiar with these kinds of scams and frauds, you could avoid it to happen to you.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system.
True, but pockets have been getting picked since the beginning of pockets.  What we have here is just another form of it.

What amazes me is that these thieves went on a burger binge with the stolen loot--it's almost comical if it didn't suck so bad for the victims.  And I'm not sure if McDonald's is ready for bitcoin yet, for many of the same reasons why most fast food franchises aren't.  Confirmation times is the big one that sticks out in my mind from their side, and network fees are a concern from the consumer side.  We all know that there can be points where the network is congested and both fees and wait times are increased, and that makes it impractical for fast food, fast coffee, or fast anything. 

If anything, McD's would probably create their own coin instead of using bitcoin.  But I'm not sure if they're ready to adopt blockchain tech anytime soon.  We'll see, though.
sr. member
Activity: 1008
Merit: 355
Quote
Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’

This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system. At the end of the day, the consumers are the ones bearing the burden as these big corporations can take time to solve similar incidents. I am looking forward for the time when the blockchain technology can be utilized to safeguard and secure these payment facilities so that we can enhance the trust and confidence of them...this news is not serving well for the mainstream adoption of bitcoin and the likes as third party infrastructures can be exploited by genius hackers and scammers.
full member
Activity: 952
Merit: 104
★777Coin.com★ Fun BTC Casino!
Quote
Back in February, a Halifax woman claimed the McDonald’s mobile app resulted in a fraudster getting access to her payment details and spending $500 on a fast food bingefest.

Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’.

MobileSyrup’s Patrick O’Rourke is telling everyone to delete the McDonald’s mobile app, as he fell victim to fraudsters spending over $2,000 in fast food using his BMO debit card, linked to the app.


O’Rourke says he discovered the fraud after noticing his mobile orders were unable to complete. The scammers spent his money at various McDonald’s locations in Montreal.

McDonald’s issued the following statement regarding the matter, saying:

“I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.

While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).

Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

For now, O’Rourke says he’s caught in the middle with both McDonald’s and BMO pointing fingers at each other regarding the lost money. He is out $2,000 and it appears a long road is ahead to recover the money. The situation may have been different if a credit card was linked to the account instead of debit, as unauthorized purchases can usually be reversed when disputed, especially when scams are involved.

This does not appear to be an isolated event, as many users on RFD have recently also been saying they have been scammed by the McDonald’s app.

The MyMcD’s iOS app does not feature Apple Pay for in-app payments, but it should, it seems like. Two-factor authentication for logging into the app may be worth considering as well.

How to remove your payment card from the MyMcD’s iOS app? Launch the app, click on the ‘More’ tab, then go to Profile > Payment Methods. Once you see your card, swipe it to the left and you’ll see an option to delete it.

Have you had any issues with the McDonald’s mobile app and someone else spending your money?

https://www.iphoneincanada.ca/news/toronto-man-scammed-2000-mcdonalds/

....


This news story is related to news of starbucks and other large franchises / retailers recently accepting bitcoin transactions:

https://bitcointalksearch.org/topic/starbucks-nordstrom-and-whole-foods-now-accept-bitcoin-5142884

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.

This maybe an isolated case but some large franchise who plan to adopt on blockchain and accept Bitcoin to be their means of payment would surely look for a much higher security. Most of the systems are prone to hacks yet, if they improve their securities then their vulnerability to it will be minimized.
legendary
Activity: 2562
Merit: 1441
Quote
Back in February, a Halifax woman claimed the McDonald’s mobile app resulted in a fraudster getting access to her payment details and spending $500 on a fast food bingefest.

Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’.

MobileSyrup’s Patrick O’Rourke is telling everyone to delete the McDonald’s mobile app, as he fell victim to fraudsters spending over $2,000 in fast food using his BMO debit card, linked to the app.


O’Rourke says he discovered the fraud after noticing his mobile orders were unable to complete. The scammers spent his money at various McDonald’s locations in Montreal.

McDonald’s issued the following statement regarding the matter, saying:

“I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.

While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).

Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

For now, O’Rourke says he’s caught in the middle with both McDonald’s and BMO pointing fingers at each other regarding the lost money. He is out $2,000 and it appears a long road is ahead to recover the money. The situation may have been different if a credit card was linked to the account instead of debit, as unauthorized purchases can usually be reversed when disputed, especially when scams are involved.

This does not appear to be an isolated event, as many users on RFD have recently also been saying they have been scammed by the McDonald’s app.

The MyMcD’s iOS app does not feature Apple Pay for in-app payments, but it should, it seems like. Two-factor authentication for logging into the app may be worth considering as well.

How to remove your payment card from the MyMcD’s iOS app? Launch the app, click on the ‘More’ tab, then go to Profile > Payment Methods. Once you see your card, swipe it to the left and you’ll see an option to delete it.

Have you had any issues with the McDonald’s mobile app and someone else spending your money?

https://www.iphoneincanada.ca/news/toronto-man-scammed-2000-mcdonalds/

....


This news story is related to news of starbucks and other large franchises / retailers recently accepting bitcoin transactions:

https://bitcointalksearch.org/topic/starbucks-nordstrom-and-whole-foods-now-accept-bitcoin-5142884

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.
Pages:
Jump to: