You know about carjackings. Now, you also need to be wary of “bank jackings.”
Millions of Americans whip out their phones to pay for everything from dinners to vacation rentals using banking apps like Zelle, Venmo and Cash App. But that convenience is fueling a new kind of robbery.
In Chicago and other cities, gunmen have been forcing people to unlock their phones with their pass codes or technology that recognizes thumbprints and faces, according to police.
Once in, the robbers drain victims’ bank accounts. The payoff is often $1,000 or more — a lot more than criminals typically score by just stealing a wallet.
In Chicago, the robbers often wear the kinds of masks that have been common since the onset of the COVID-19 pandemic. So, even when the police can trace where a money transfer ended up from someone’s phone, the victim often can’t identify the assailant.
Holdups overall are up more than 25% in Chicago this year through Nov. 26 over last year. According to detectives, these “bank jackings” involving cellphones are a relatively new and growing phenomenon in the growing scourge of robberies, which last year included more than 1,600 carjackings. The number of bank jackings isn’t clear because the Chicago Police Department doesn’t list them as a separate category of robberies.
Zachary Skinner is among the victims. Around 1 a.m. on the Saturday after Thanksgiving, Skinner, 21, a college student from Valparaiso, Indiana, was bar-hopping with friends in Wrigleyville when a man in a ski mask walked up to him.
According to Skinner, the man asked for a donation “to help less fortunate kids afford sports gear.”
Skinner says he tried to get the guy to go away by reaching into his pocket and handing him $7.
Skinner had a “sinking feeling” it wouldn’t be enough. It wasn’t.
Another masked man approached, pulled up his shirt to show the gun in his waistband and demanded Skinner’s phone and pass code.
The man used the Zelle app on the phone to send $1,000 to a bank account with a woman’s first name.
Skinner was lucky. He was able to reach his parents and get them to freeze his bank account before the person on the other end of the illegal transfer could accept the money.
Skinner’s friends, talking nearby with other people, were unaware of what was happening.
If the robbers had managed to drain his bank account, Skinner says he would have had to work a lot of extra hours to make up for that — which would have been a major hardship because, being a two-sport college athlete, he doesn’t have a lot of free time.
Skinner says his attackers were masked, so he couldn’t identify them.
He says he should have stayed closer to his friends that night.
“It really puts things in perspective,” he says. “I mean, your life can be taken away in, like, two seconds.”
He knows that uninstalling the bank app from his phone would keep this from happening again.
“But would it be practical?” says Skinner, who uses the app all the time. “Probably not.”
A bank jacking in Streeterville
Anthony Morris is among those who have been charged in the last year with carrying out bank app robberies in Chicago. Morris, 28, a felon with convictions for burglary and theft, is accused of robbing a 40-year-old man about 4 a.m. on Dec. 29, 2022, in Streeterville. According to his arrest report, he pointed a gun at the man in a parking garage in the 600 block of North McClurg Place and told him, “Give me your phone and money, or I will kill you.”
The man gave him his wallet but said his phone was in his 41st-floor apartment nearby.
Morris then led the man to the apartment, pointing a gun at his back, police said. The man gave up his iPhone 14, and Morris took him back to the parking lot, according to the police, who say Morris stole $1,350 using the PayPal app on the man’s phone, $6,850 more with Cash App and $350 with Apple Cash.
The police report says Morris reminded the man that he now knew where he lived and said that, if he “tried to do anything stupid, he would shoot him in the head.”
Morris also tried to steal the man’s BMW but didn’t know how to drive a stick shift, according to the police.
Morris was identified through a surveillance video, and the victim was able to pick him out of a photo array, police said. Morris is awaiting trial on armed robbery and kidnapping charges.
Zelle is a digital payments network run by a firm owned by banks that include JPMorgan Chase, Wells Fargo and U.S. Bank. Offered by more than 2,100 banks and credit unions, it covers more than 80% of personal and small-business accounts in the United States.
Users enrolled in the Zelle app can send and request money by adding another person’s phone number or email address, a cash amount and a memo showing what the money is for.
Payments typically are then available in minutes, but financial institutions set different limits for how much cash can be transferred each day and month. In 2022, Zelle users sent 2.3 billion payments totaling more than $629 billion.
Other digital payment apps like Venmo and Cash App are operated by tech firms but similarly allow users to transfer money online quickly. Venmo is owned by PayPal. Cash App is owned by Block Inc., a San-Francisco company co-founded by former Twitter chief executive officer Jack Dorsey.
Venmo says it hasn’t seen a significant rise in bank jacking reports, which the payment platform calls a phone-security issue. The company recommends security measures that app users can enable to protect their accounts, like facial recognition, multifactor authentication and a PIN code. If an account is breached, Venmo says, customers should contact its customer service, change their account information, contact their financial institutions and call the police.
Cash App points to its “security lock” feature, which similarly offers layers of security to open the app and transfer cash. When users’ PIN or security settings change, they’re alerted by the company.
Zelle didn’t respond to requests for comment.
A rise of bank jackings nationally
Violent bank jacking incidents have been reported across the country in the last two years.
In New York, a political consultant from Washington disappeared on May 28, 2022, after visiting a nightclub. His body was found days later. Police discovered more than $25,000 was transferred from his bank accounts through apps on his phone, according to news reports.
Other killings have also been linked to bank app robberies in New York.
In Chicago, an architect was walking to a downtown Metra station to catch a train about 5 a.m. on July 28 when he says three armed men jumped out of a car in the first block of South Jefferson Street, grabbed his cellphone and tried unlocking it by holding the device to his face.
When the facial recognition technology didn’t work, he says the robbers demanded his pass codes and then stole $2,000 through the Zelle banking app that was linked to his Chase account. They also took his wallet, and using the ATM password he gave them at gunpoint, drained another $1,000 in cash from his bank account.
“It was probably as traumatic for my wife and children as it was for me,” he says, “because who knows what could’ve happened to me.”
The architect says his bank almost immediately reimbursed the money taken from the ATM and recently forgave the thousands of dollars the robbers charged to his credit cards.
But the man, who asked that his name not be used, says he’s still fighting to be reimbursed for the money looted from his bank with his Zelle app: “I started bugging them and asking, ‘Why haven’t you responded to the claim for over four months?’ ”
He says Chicago police officers, responding within minutes after the holdup, chased the getaway car with the help of a police helicopter, but the high-speed pursuit was called off because of police department safety rules. The robbery remains unsolved.
“They have lots of commercials about how you can go pay for your friend’s meal, it makes it really easy, but they don’t say it’s like carrying a couple thousand dollars worth of cash in your pocket all the time,” says the architect, who offers this advice: “Don’t have any banking apps on your phone.”
A Chicago police detective who’s handled three banking app robberies offers a less drastic safety solution. People could consider uninstalling their apps, reinstalling them only when they need to make a payment and then disabling them again.
“It really doesn’t take that much time,” says the detective, asking not to be named because he wasn’t authorized by the department to speak. “It keeps the bad guys out of your bank account. This is a new thing — and it’s only going to get worse.”
Contributing: Sophie Sherry, Rosemary Sobol