Main site > MoneySavingExpert.com Forums > Essential Money > Budgeting & Bank Accounts > Santander data leak or address book assault ? AKA... (Page 2)

IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
Santander data leak or address book assault ? AKA Direct Debiting Seminar Invite.
Reply
Views: 8,776
Thread Tools Search this Thread Display Modes
# 21
Vodafone company representative
Old 18-11-2013, 10:23 AM
Has MSE’s permission to post for company
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2009
Posts: 3,210
Thanked 712 Times in 449 Posts
Default

Hi reehsetin and Stompa,

Thanks for making me aware of this.

For further help with things there's some useful information about how you can protect yourselves against phishing emails in the Privacy policy section of our website.

Although I can't provide you with a link to it due to the posting guidelines which company representatives are required to follow, there's a link at the of our home page which will take you to where it is.

Kind regards,

Lee

Web Relations

Vodafone UK
Official Company Representative
I am the official company representative of Vodafone. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Vodafone company representative is offline
Reply With Quote Report Post
# 22
yangptangkipperbang
Old 27-11-2013, 7:26 PM
Serious MoneySaving Fan
 
Join Date: Apr 2012
Posts: 1,736
Thanked 1,322 Times in 728 Posts
Default

I am getting a steady stream of stuff to both my Santander email addresses now.
The latest ones are advising me of an urgent voice mail on Skype !
yangptangkipperbang is offline
Reply With Quote Report Post
The Following User Says Thank You to yangptangkipperbang For This Useful Post: Show me >>
# 23
Lomcevak
Old 28-11-2013, 7:31 AM
MoneySaving Stalwart
 
Join Date: Dec 2011
Location: Sussex by the Sea
Posts: 385
Thanked 2,264 Times in 335 Posts
Default

Quote:
Originally Posted by yangptangkipperbang View Post
I am getting a steady stream of stuff to both my Santander email addresses now.
The latest ones are advising me of an urgent voice mail on Skype !
And me - recently i've had that Skype message and several DHL 'delivery attempts', all with a .zip to open. Forwarded to Santander phishing address and not had any kind of response, even bot-generated.

Unique email address on a domain I own (and not santander@...) so zero chance it is guessed or taken from somewhere else, must be a Santander-internal leak. I've only been a Santander customer for a few months, so must be quite recent too.
MFiT-T3#126, £186k to £150k: £20,520/£36,369 (56.42%), 2014 MFW#12 £5400/£6000 (90.00%)
£18k-in-’14#18 £18,670/£18,000 (100.37%), £2014-in-2014 £1096.35/£2014 (54.46%)
Lomcevak is offline
Reply With Quote Report Post
# 24
Stompa
Old 28-11-2013, 8:37 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Sep 2004
Posts: 6,971
Thanked 3,223 Times in 2,415 Posts
Default

Quote:
Originally Posted by Lomcevak View Post
And me - recently i've had that Skype message and several DHL 'delivery attempts', all with a .zip to open. Forwarded to Santander phishing address and not had any kind of response, even bot-generated.
I've had loads of those too, but to randomly generated addresses as well as my Santander address. Be VERY careful with them, it's highly likely that the attachment is Cryptolocker.
Stompa
Stompa is online now
Reply With Quote Report Post
The Following User Says Thank You to Stompa For This Useful Post: Show me >>
# 25
Lomcevak
Old 28-11-2013, 10:26 AM
MoneySaving Stalwart
 
Join Date: Dec 2011
Location: Sussex by the Sea
Posts: 385
Thanked 2,264 Times in 335 Posts
Default

Mostly i'm upset that a bank where I hold a lot of money has leaked at least some information about me

Less worried about the payload as I'm pretty careful with these things; the email runs as a limited user on a Linux box and although that's not impregnable it is likely pretty good against most generic trojans.
MFiT-T3#126, £186k to £150k: £20,520/£36,369 (56.42%), 2014 MFW#12 £5400/£6000 (90.00%)
£18k-in-’14#18 £18,670/£18,000 (100.37%), £2014-in-2014 £1096.35/£2014 (54.46%)
Lomcevak is offline
Reply With Quote Report Post
The Following User Says Thank You to Lomcevak For This Useful Post: Show me >>
# 26
quaybab
Old 05-12-2013, 5:43 PM
MoneySaving Convert
 
Join Date: Oct 2012
Posts: 52
Thanked 12 Times in 11 Posts
Default

Santander deny leaking (unique) email addresses and will not be investigating any further. However with information security, you deny everything and admit nothing.
quaybab is offline
Reply With Quote Report Post
The Following User Says Thank You to quaybab For This Useful Post: Show me >>
# 27
Uxb
Old 05-12-2013, 5:57 PM
MoneySaving Stalwart
 
Join Date: May 2013
Location: Central South
Posts: 566
Thanked 636 Times in 293 Posts
Default

I'd contact the information commissioner.
Uxb is offline
Reply With Quote Report Post
# 28
bubieyehyeh
Old 05-12-2013, 11:03 PM
MoneySaving Stalwart
 
Join Date: Oct 2004
Location: West Sussex
Posts: 234
Thanked 59 Times in 51 Posts
Default

They have yet to reply to my query to their phishing email address about how the email address that I only gave to santander leaked.
bubieyehyeh is offline
Reply With Quote Report Post
# 29
robin58
Old 06-12-2013, 8:04 PM
MoneySaving Stalwart
 
Join Date: Dec 2005
Posts: 322
Thanked 225 Times in 108 Posts
Default

Also look out for Emails from Barclay's saying they are confirming payment to an another account..

Has a zipped file attached which says it's a printed receipt( yeah! right ).

Had 4 emails exactly the same, except for different amounts land into my email address.

I am surprised by the amounts 'taken' , I have not already had a visit by the Barclay SWAT team.
The more I live, the more I learn.
The more I learn, the more I grow.
The more I grow, the more I see.
The more I see, the more I know.
The more I know, the more I see,
How little I know.!!
robin58 is offline
Reply With Quote Report Post
# 30
anamenottaken
Old 06-12-2013, 8:11 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Nov 2008
Posts: 3,406
Thanked 2,761 Times in 1,578 Posts
Default

Only just seen this thread. I was concerned last month when I received a number of emails (with zip file attachments) sent to an address I would have used when a customer of Abbey National. So the address acquisition could be from old records not properly disposed of.
anamenottaken is offline
Reply With Quote Report Post
# 31
bubieyehyeh
Old 06-12-2013, 10:38 PM
MoneySaving Stalwart
 
Join Date: Oct 2004
Location: West Sussex
Posts: 234
Thanked 59 Times in 51 Posts
Default

Its not old santander email addresses, mine was my current santander email address that I've used for only 2-3 years.

I've not had anymore emails since but I think my webmail provider discards email which its is sure that are dodgy and doesn't even put them in the spam folder.

Last edited by bubieyehyeh; 06-12-2013 at 10:41 PM.
bubieyehyeh is offline
Reply With Quote Report Post
# 32
Wood Dragon
Old 11-12-2013, 12:42 PM
MoneySaving Newbie
 
Join Date: Dec 2013
Posts: 1
Thanked 1 Time in 1 Post
Default Leak of email address supplied only to Santander

Just adding weight to this thread to state that I too have received spam on an email that has only been shared with Santander.

I feel that in all probability it is Santander's actions that have caused this. I have 692 of these separate emails, and only 'santander' has the problem today, it rarely happens, but when it does it coincides with a flurry of similar reports. The last one was adobe.

My comment to Santander is, if I can't trust you to keep my email address private, how can I trust you with anything else, let alone my money.

BR/ wd
Wood Dragon is offline
Reply With Quote Report Post
The Following User Says Thank You to Wood Dragon For This Useful Post: Show me >>
# 33
MrA2012
Old 11-12-2013, 8:56 PM
MoneySaving Convert
 
Join Date: Jun 2012
Posts: 18
Thanked 2 Times in 1 Post
Default

Add me to the list of people suspecting Santander of leaking emails. Like others in this thread, I have a catch-all domain and use unique email addresses for every company I deal with. I set up an address specifically for Santander, have only ever given it to Santander and have never used it to send an email. Today it received the fake FedEx shipping confirmation/verify your identity scam.
MrA2012 is offline
Reply With Quote Report Post
# 34
autolycus
Old 15-12-2013, 7:57 PM
MoneySaving Newbie
 
Join Date: Sep 2009
Posts: 9
Thanked 2 Times in 2 Posts
Default

Following up my previous contributions to this thread, I've had a phone call from Santander - yes, I did "put him through security". He said it was being investigated, and admitted I wasn't the only "victim". He then offered £50, which he confirmed in a letter. They just don't get it though, as they advised me to "change (your) email address as soon as possible".

Should I have asked for more? There are three other family members in the same position...

I'm surprised this hasn't had more press coverage, as it's far more serious than the usual scattergun phishing emails.

Kevin
autolycus is offline
Reply With Quote Report Post
The Following User Says Thank You to autolycus For This Useful Post: Show me >>
# 35
Pound
Old 16-12-2013, 12:22 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2005
Location: Bedford
Posts: 2,396
Thanked 1,147 Times in 639 Posts
Default

I've had this spam as well although surprised they havent pretended to be Santander, so far I think just Skype and Royal Mail. The only time I ever used this email was in an office at Alliance & Leicester (now Santander) when opening an account.

Pound is offline
Reply With Quote Report Post
# 36
Lomcevak
Old 16-12-2013, 6:43 AM
MoneySaving Stalwart
 
Join Date: Dec 2011
Location: Sussex by the Sea
Posts: 385
Thanked 2,264 Times in 335 Posts
Default

Quote:
Originally Posted by autolycus View Post
Following up my previous contributions to this thread, I've had a phone call from Santander - yes, I did "put him through security". He said it was being investigated, and admitted I wasn't the only "victim". He then offered £50, which he confirmed in a letter. They just don't get it though, as they advised me to "change (your) email address as soon as possible".
I'm still waiting for my complaint to get a response, but will update if/when I get it - already said that i'll escalate if they don't reply within their 8 week period so it is a date in the diary

Fundamentally it's more than the spam and the hassle of changing email address - which, by they way, doesn't work perfectly, I still get 3Dsecure messages to the old one not the new one. I'm annoyed that (a) I don't know what they've leaked, is it just the email address or other personal information too, and (b) they clearly know that it has happened but they've made no effort to tell customers
MFiT-T3#126, £186k to £150k: £20,520/£36,369 (56.42%), 2014 MFW#12 £5400/£6000 (90.00%)
£18k-in-’14#18 £18,670/£18,000 (100.37%), £2014-in-2014 £1096.35/£2014 (54.46%)
Lomcevak is offline
Reply With Quote Report Post
# 37
block10
Old 19-12-2013, 9:12 PM
MoneySaving Convert
 
Join Date: Oct 2013
Posts: 79
Thanked 38 Times in 23 Posts
Default

Data breach is now suspected at Santander

http://www.theregister.co.uk/2013/12/19/trojans_spam_unique_email_address/

Last edited by block10; 19-12-2013 at 9:14 PM. Reason: Typ
block10 is offline
Reply With Quote Report Post
The Following 3 Users Say Thank You to block10 For This Useful Post: Show me >>
# 38
Money-Saving-King
Old 20-12-2013, 10:10 AM
Serious MoneySaving Fan
 
Join Date: Feb 2013
Posts: 1,456
Thanked 2,060 Times in 835 Posts
Default

Quote:
Originally Posted by block10 View Post
Yes but that articles only source of information is this thread it even refers to this thread.
Money-Saving-King is offline
Reply With Quote Report Post
# 39
block10
Old 20-12-2013, 12:35 PM
MoneySaving Convert
 
Join Date: Oct 2013
Posts: 79
Thanked 38 Times in 23 Posts
Default

Quote:
Originally Posted by Money-Saving-King View Post
Yes but that articles only source of information is this thread it even refers to this thread.
NO it also refers to several Reg readers - Paul & Andrew. And it does link to this thread to offer further proof.

A statement from Santander confirms that they are investigating a potential breach.
block10 is offline
Reply With Quote Report Post
# 40
quaybab
Old 20-12-2013, 3:54 PM
MoneySaving Convert
 
Join Date: Oct 2012
Posts: 52
Thanked 12 Times in 11 Posts
Default

It appears £150 is the maximum you can squeeze out of Santander for (not) losing an email address. They admit no liability but coughed for taking too long to deal with the complaint (less than 2 weeks, they have 8 weeks), inconvenience and for the stock response blaming the customer.
I suspect they have lost mail server log files and not banking data but we'll see.
It is not random attack based on variants of an email address as The Register article say as I've not had multiple attempts at similar aliases.
This one won't be going to the ICO but they’'ve lost 5 others out of about a dozen given to them so I'll see how I get on with them.
Santander patently know there is a problems but can't be bothered contacting the affected customers (due to the obvious cost!). Santander aren’t investigating anything.
There is a remote change the FOS have leaked it as half of the 'infected' ones have been disclosed to them but I doubt it - although with their underhand banker club tactics, you never know.
BOFH
quaybab is offline
Reply With Quote Report Post
The Following User Says Thank You to quaybab For This Useful Post: Show me >>
Reply

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT +1. The time now is 7:14 PM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 17 September 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

TuneChecker Top Albums

  • THE SCRIPTNO SOUND WITHOUT SILENCE
  • SAM SMITHIN THE LONELY HOUR (DELUXE EDITION)
  • ED SHEERANX (DELUXE EDITION)

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.