Main site > MoneySavingExpert.com Forums > Essential Money > Budgeting & Bank Accounts > Santander data leak or address book assault ? AKA... (Page 3)

IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
Santander data leak or address book assault ? AKA Direct Debiting Seminar Invite.
Reply
Views: 8,838
Thread Tools Search this Thread Display Modes
# 41
Money-Saving-King
Old 20-12-2013, 5:45 PM
Serious MoneySaving Fan
 
Join Date: Feb 2013
Posts: 1,496
Thanked 2,089 Times in 849 Posts
Default

Quote:
Originally Posted by block10 View Post
NO it also refers to several Reg readers - Paul & Andrew. And it does link to this thread to offer further proof.

A statement from Santander confirms that they are investigating a potential breach.
It just seems funny it's only that and this thread. I wouldn't be surprised if one of thems the op & the other is also someone on this thread.
Money-Saving-King is offline
Reply With Quote Report Post
The Following User Says Thank You to Money-Saving-King For This Useful Post: Show me >>
# 42
jamesd
Old 21-12-2013, 8:03 PM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: May 2006
Posts: 15,799
Thanked 9,696 Times in 6,607 Posts
Default

Quote:
Originally Posted by Money-Saving-King View Post
I wouldn't be surprised if one of thems the op & the other is also someone on this thread.
Since I'm neither of those and am also affected using an address only ever supplied to A&L and hence to Santander you need another theory. In my case it's an email that claims to be from Fedex about a delivery and wanting me to verify my identity by visiting some web site that I've no intention of ever visiting.
jamesd is offline
Reply With Quote Report Post
# 43
Pound
Old 23-12-2013, 11:29 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2005
Location: Bedford
Posts: 2,396
Thanked 1,147 Times in 639 Posts
Default

I wish i could find out who is leaking my mobile number to PPI and accident claim companies.

Pound is offline
Reply With Quote Report Post
# 44
robatwork
Old 23-12-2013, 2:46 PM
Serious MoneySaving Fan
 
Join Date: Dec 2006
Posts: 1,739
Thanked 1,730 Times in 754 Posts
Default

Quote:
Originally Posted by Pound View Post
I wish i could find out who is leaking my mobile number to PPI and accident claim companies.


Probably nobody.


My theory is they just start at 07000 000000 and work their way to 07999 999999.


I guess they will hit yours at some point.
robatwork is offline
Reply With Quote Report Post
# 45
LardyCake
Old 07-01-2014, 7:12 PM
MoneySaving Stalwart
 
Join Date: Jun 2006
Posts: 272
Thanked 129 Times in 75 Posts
Default

Like others on this thread I had the scam emails (caught in spam filter) sent to an email address used only for Santander.

I got this genuine email from Santander today:

------------------------------------------------------------
"Subject: email scam and advice if you're targeted

Dear my correct name

To make sure your personal details and computer aren't compromised, we wanted to make you aware of a significant email scam that's being received by some of our customers at the moment.

How to recognise the email
The email has an attachment which appears to be correspondence linked to the email.

All official emails from us will address you by name. If an email that says it's from us doesn't do this, don't open any attachments within it.

What does the attachment do if it's opened?
It can install a virus which will encrypt your computer files and the files on your local network. Once encrypted, the computer will display a screen with a count down timer and ask for a ransom payment for the decryption key to allow you to access your files.


What's being done about the email?
The National Crime Agency's National Cyber Crime Unit (NCCU) is aware of the email and is working hard to trace the source. Until they do, this email has been assessed as a significant risk. Anyone who is infected with this malware should report it via www.actionfraud.police.uk

What should I do if I get the email?
Forward it to us at phishing@santander.co.uk

If you open the attachment, the NCCU says it would never endorse paying the ransom and there's no guarantee the fraudsters would give you the decryption key. Instead you should:

• help the NCCU find the source of the emails by reporting it at www.actionfraud.police.uk
• disconnect the computer from the network
• get your computer professionally cleaned.

Some anti-virus companies will offer corrective software solutions but won't restore any encrypted files."

Read more advice at getsafeonline.org.uk

Other ways to protect yourself
There are some preventative measures you can take to protect yourself.

Update your anti-virus and operating system with the latest versions
These will include any updates needed to protect you against new threats since the last time your software was installed.

Back up your files regularly
By preserving them off the network, they'll be safe if your computer does ever become infected.

I have Trusteer Rapport. Will this protect me?
Trusteer Rapport protects you against viruses that try to steal your banking log on details. This virus is different in that it doesn't steal anything but tries to hold you to ransom. As Trusteer Rapport isn't designed for this type of virus it doesn't protect you against it.

Questions
If you're unsure if an email is from us, or have any other questions about this issue, contact us on 0845 600 4388. Lines are open 7am to 11pm Monday to Saturday and 9am to 9pm Sunday.


Yours sincerely

Santander Customer Services"
------------------------------------------------------------

Draw your own conclusions...
LardyCake is offline
Reply With Quote Report Post
# 46
Pound
Old 07-01-2014, 10:43 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2005
Location: Bedford
Posts: 2,396
Thanked 1,147 Times in 639 Posts
Default

Quote:
Originally Posted by robatwork View Post
Probably nobody.


My theory is they just start at 07000 000000 and work their way to 07999 999999.


I guess they will hit yours at some point.
But they know my name...

Pound is offline
Reply With Quote Report Post
# 47
humptydumpty123
Old 24-01-2014, 1:51 PM
MoneySaving Newbie
 
Join Date: Jan 2014
Posts: 1
Thanked 0 Times in 0 Posts
Default Abbey National customer data leak

I also just received spam email from the amusingly named Wankaner Valentino to a disposable email address I used for an abbey national account. They seemed to have my surname too (see below).

Santander's email above says
Quote:
"All official emails from us will address you by name. If an email that says it's from us doesn't do this, don't open any attachments within it."
Given that the leaked database includes surnames (and possibly more), that advice is woefully inadequate.

---------

From: Wankaner Valentino [mailto:wankanerkvalentino@outlook.com]
Sent: 24 January 2014 12:48
To: <...>
Subject: <my surname>

Hello,
Today our Company, MVL Company, is in need of sales representatives in United Kingdom.

Our Company deals with designer goods and branded items. We've been providing our customers with exclusive products for more than five years, and we believe that the applicant for the position must have great communication skills, motivation, desire to earn money and will to go up the ladder. All charges related to this opening are covered by the Company. Your main duties include administrative support on orders and correspondence, controlling purchase orders and expense reports.

Part-time job salary constitutes 460GBP a week.
Full-time job is up to 750GBP per week .
Plus we have bonus system for the best workers!

To apply for the vacancy or to get more details about it, please email us directly back to this email.

Hope to hear from you soon!
Best regards,
Wankaner Valentino

Last edited by humptydumpty123; 24-01-2014 at 2:01 PM. Reason: update
humptydumpty123 is offline
Reply With Quote Report Post
# 48
Stompa
Old 24-01-2014, 2:05 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Sep 2004
Posts: 6,972
Thanked 3,224 Times in 2,416 Posts
Default

Quote:
Originally Posted by humptydumpty123 View Post
I also just received spam email from the amusingly named Wankaner Valentino to a disposable email address I used for an abbey national account. They seemed to have my surname too (see below).
Hmmm, same email here this morning, though mine was from 'Aijian Tyesha'.
Stompa
Stompa is offline
Reply With Quote Report Post
# 49
spatchcock
Old 24-01-2014, 5:47 PM
MoneySaving Convert
 
Join Date: Oct 2005
Posts: 15
Thanked 1 Time in 1 Post
Default {my name} New Role! Work Close to Home

I just received two versions of the same spam message to two different 'disposable' addresses. One version was only ever supplied to Alliance and Leicester and the other was only ever supplied to Abbey. Obviously both of these accounts were eventually merged into Santander. The case couldn't be clearer! I've emailed phishing@santander.co.uk, but perhaps I won't hold my breath. Should I be making a compensation claim?
spatchcock is offline
Reply With Quote Report Post
The Following User Says Thank You to spatchcock For This Useful Post: Show me >>
# 50
mynewaccount
Old 24-01-2014, 7:34 PM
MoneySaving Newbie
 
Join Date: Jul 2010
Posts: 9
Thanked 24 Times in 7 Posts
Default

Since this afternoon I've received THREE copies of the "MVL Company" recruiting email, one sent to an email address I only gave to Alliance & Leicester, one sent to an email address I only gave to Cahoot, and one sent to an email address I only gave to Santander.

Each email had my correct surname as the subject line.

Santander have SERIOUS questions to answer - I'm surprised this thread has been running for so long. How come this isn't major news? It doesn't take a genius to work out what has happened here - so how many customers are affected and what other personal information has been taken? What is at risk?
mynewaccount is offline
Reply With Quote Report Post
# 51
itsbeenawhile
Old 24-01-2014, 8:05 PM
MoneySaving Newbie
 
Join Date: Jan 2014
Posts: 1
Thanked 0 Times in 0 Posts
Default Me too

A email address I used for cahoot received the MVL spam, I raised it with cahoot who gave a 'not our fault' reply.

A couple of hours later an email address I used for Abbey (and may well still use for Santander) received the same spam.

No other matches. Both emails use my surname.

The data has definitely been compromised.

I suspect they already know and are trying to keep the lid on it.
itsbeenawhile is offline
Reply With Quote Report Post
# 52
Funkyfreddy
Old 24-01-2014, 9:36 PM
MoneySaving Stalwart
 
Join Date: Mar 2006
Posts: 302
Thanked 109 Times in 78 Posts
Default

Quote:
Originally Posted by mynewaccount View Post
Since this afternoon I've received THREE copies of the "MVL Company" recruiting email, one sent to an email address I only gave to Alliance & Leicester, one sent to an email address I only gave to Cahoot, and one sent to an email address I only gave to Santander.

Each email had my correct surname as the subject line.

Santander have SERIOUS questions to answer - I'm surprised this thread has been running for so long. How come this isn't major news? It doesn't take a genius to work out what has happened here - so how many customers are affected and what other personal information has been taken? What is at risk?
Likewise here, received the same genuine email from Santander a week or so ago as quoted by LardyCake - this morning received the same MVL offer !

>From: Burgess Catomeris <burgesszsecatomeris@outlook.com>
>To: <My Email Address with Santander>
>Subject: <My Surname - no initials>

I'd seen this thread when originally posted but until today not received anything. What additional information other than email contact has been compromised ?

Needs a spotlight shone on it surely.

FF
Funkyfreddy is offline
Reply With Quote Report Post
# 53
Chris2000
Old 25-01-2014, 4:11 PM
MoneySaving Stalwart
 
Join Date: Apr 2005
Location: UK
Posts: 305
Thanked 85 Times in 65 Posts
Default

I've also had the Natwest Direct Debiting Seminar, Fedex etc. emails to my unique Santander email address but not my cahoot one.

The data leak is relatively recent, I only registered that email domain in 2013.

Someone at Santander must be taking this very seriously.
Chris2000 is offline
Reply With Quote Report Post
# 54
Lomcevak
Old 25-01-2014, 4:17 PM
MoneySaving Stalwart
 
Join Date: Dec 2011
Location: Sussex by the Sea
Posts: 387
Thanked 2,275 Times in 337 Posts
Default

Quote:
Someone at Santander must be taking this very seriously.
Well they refused to listen to my complaint, so not sure ... just denied everything and said that due to data protection they would not share my email details. Except they have...
MFiT-T3#126, £186k to £150k: £22,026/£36,369 (60.56%), 2014 MFW#12 £6000/£6000 (100.00%)
£18k-in-’14#18 £19,501.55/£18,000 (108.34%), £2014-in-2014 £1135.20/£2014 (56.39%)
Lomcevak is offline
Reply With Quote Report Post
# 55
bonzer
Old 25-01-2014, 5:02 PM
MoneySaving Stalwart
 
Join Date: Apr 2005
Location: Gloucestershire
Posts: 399
Thanked 194 Times in 150 Posts
Default

I received the "MVL Company" spam that contained my surname as the subject line. It was to a unique address only given to Santander (originally to Abbey). My surname does not feature in the e-mail address so they must have the associated names as well.

There's a few people complaining about this on Santander's Facebook page:

https://www.facebook.com/santanderuk?filter=2

bonzer is offline
Reply With Quote Report Post
# 56
Pound
Old 25-01-2014, 6:33 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2005
Location: Bedford
Posts: 2,396
Thanked 1,147 Times in 639 Posts
Default

I haven't had the MVL email but I got a couple others about a month ago, also sent to an address only used with Santander

Update Your Natwest Account

DHL.Inc: Delivery Status ID

Pound is offline
Reply With Quote Report Post
# 57
handsoff
Old 26-01-2014, 8:49 AM
MoneySaving Newbie
 
Join Date: Mar 2013
Posts: 4
Thanked 1 Time in 1 Post
Default

I received the MVL email yesterday to a disposable email I only used for Santander. It was registered on Santander from 7 July 13, when I opened my first account, to 7 Aug 13 when I changed to another email address. The old email was still active which is why the MVL email could be delivered. It addressed me by surname.
handsoff is offline
Reply With Quote Report Post
# 58
fandango99
Old 20-02-2014, 2:00 PM
MoneySaving Newbie
 
Join Date: Oct 2009
Posts: 1
Thanked 0 Times in 0 Posts
Default More Santander Data Breach

I received a message yesterday purporting to be from HMRC, with a ZIP file containing a *.exe file.

The address it went to was exclusively registered on santander.co.uk for online banking, no one else has that address and it is not set up on any e-mail client. The IP address the spam originated from seems to be set up on a server in Hanoi, Vietnam.

Calling Santander to report this resulted in the usual blame shifting exercise, so reported it to National Crime Agency.

I wonder how long it will take for Santander to take some action over this breach. Not holding my breath.

Regards
Karl
fandango99 is offline
Reply With Quote Report Post
# 59
Uxb
Old 20-02-2014, 3:23 PM
MoneySaving Stalwart
 
Join Date: May 2013
Location: Central South
Posts: 586
Thanked 646 Times in 301 Posts
Default

You could try the Information Commissioner.

I suspect it will actually be one of Santander marketing partners rather than the bank itself where the leak has occurred.
When we all get marketing and information emails from just about anyone it is never sent from the firms themselves. it will always be from some company acting on behalf of the firm sending out the stuff who do this as their business.

Not that this exempts Santander at all, as it's their responsibility to ensure they and their partners/subcontractor handle all our data securely
So it will only be the email address compromised - which is bad enough.
Uxb is offline
Reply With Quote Report Post
The Following User Says Thank You to Uxb For This Useful Post: Show me >>
# 60
innovate
Old 20-02-2014, 8:58 PM
PPR
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Jun 2005
Location: On this planet
Posts: 15,714
Thanked 9,867 Times in 6,159 Posts
Default

Who has experienced what financial loss from these data leaks?

Let's pool resources for a concerted complaint!

please post the date and amount you lost in real money from your account, together with the email address of the scammer and the date of the scammer's email, and the crime reference number you got from the police or from Actionfraud.com.
innovate is offline
Reply With Quote Report Post
The Following User Says Thank You to innovate For This Useful Post: Show me >>
Reply

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT +1. The time now is 3:22 AM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 01 October 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

TuneChecker Top Albums

  • ED SHEERANX (DELUXE EDITION)
  • ALT-JTHIS IS ALL YOURS
  • SAM SMITHIN THE LONELY HOUR (DELUXE EDITION)

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.