We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
hacked in even with rapportalliance-leicester
Comments
-
Thank you for your e-mail confirming successful installation of the
Rapport software. However you have not included your 8 digit customer ID
number. In order to reset your Internet Banking access, can you please
reply to this e-mail confirming your 8 digit customer ID number.
Once we have received this e-mail we will be able to reset your Internet
Banking access.
Thank you for your e-mail confirming installation of the Rapport software. I can confirm that your Internet Banking access has been reset and a new PIN has been sent, which you will receive within five working days. Once this has been received you will need to change it to a number of your own choice.
If you need to contact us whilst waiting for the PIN, please only key your 8 digit Customer ID into the telephone. Do not enter anything when asked to enter a PIN and do not attempt to access your account via internet banking until your new PIN arrives.
Kind regards,
Thank you for your e-mail confirming installation of the Rapport software. I can confirm that your Internet Banking access has been reset and a new PIN has been sent, which you will receive within five working days. Once this has been received you will need to change it to a number of your own choice.
If you need to contact us whilst waiting for the PIN, please only key your 8 digit Customer ID into the telephone. Do not enter anything when asked to enter a PIN and do not attempt to access your account via internet banking until your new PIN arrives.
Kind regards,
Please open your internet browser and go to "internet options". You will find this via "tools" and delete your internet "cookies, files and history." Also go to your favourites and delete the link to Alliance & Leicester. Then go to your web address box (not a search engine) and type in "[URL="file://www.alliance-leicester.co.uk/"]www.alliance-leicester.co.uk[/URL]", if it pre populates (highlights blue) or a drop down box appears, ignore and carry on typing address (go back and delete history again as possibly not done correctly). Once into alliance-leicester.co.uk, navigate to internet banking. You should delete your history etc on a regular basis. Then download Rapport. If you have any problems downloading Rapport, please call Trusteer on0203 239 2926.
Once downloaded, go into internet banking and you will need to create a screen print showing the Green Rapport logo on the address bar. The screen print should then be forwarded to; Rapport@alliance-leicester.co.uk To do the screen print, make sure you have the web page showing the Green Rapport logo, press "Ctrl+Print Scrn" and then go to "Word" and do right click and paste. You can also use "Paint" which is usually located via "All programs then accessories" and just press "Print Scrn". This should deposit a screen shot of the logo screen on to "Word". You then need to save this and send
to Rapport@alliance-leicester.co.uk as an attachment, please enclose your 8 digit id's. You should then all receive a new five digit pin via the post.
When you have received your new pin, log on to internet banking via your web address box. When in internet banking, ensure the web address looks ok, it should be secure ie https and have alliance-leicester/mybank in the address box. While navigating internet banking you should always have a secure site ie https until you log out. If you find the site is unsecure although still in Internet Banking or there are any unusual names in the title, come out straight away and speak to our Customer Services.
Any emails you receive and are not expecting, from any bank or a private source, please delete. If it is from Alliance Leicester and genuine, we will contact you via another route. If you still have the fraudulent email, please forward it to; suspiciousemails@alliance-leicester.co.uk
If you have problems doing the screen print, please action the following:
If a customer is having a problem obtaining a screenshot of the Rapport download, advise them to visit the Trusteer site;
http://www.trusteer.com/confirm
They will be asked to complete the following form.
"Hope this helps, the next is Rapport form which I filled in and returned to Rapport." joe134 Unfortunately I cannot post the phone calls0 -
If you want to test this just choose a customer ID that is similar to yours (e.g. your customer ID + 1 or something). See what question pops up first (just don't try to answer it or you'll put somebody else in the same position as you!) I can assure you, a wrong answer to that question just brings up a message telling you to try again.I bow to yourknowledge of sequence of login as using it only twice, I cannot argue the point, I honestly do not know.It,s a hell of a way to get me to download Rapport.Screenshots, passports, blocking a/c, security questions,phone calls to them, and from their security, e-mails to download Rapport, delete history, cookies etc.WHY? How do I prove it,s a scam on A&L,s behalf? When my pin arrives I can confirm login sequence, but I believe you both. I have no proof to accuse A&L of lying.I can post the e-mails from them if you want. I would love to throw the book at them, it,s not nice to know you have been compromised by something maybe I had done wrong,but as a scam it,s hard to swallow. There,s no logic to it.
That is bad advice about how to get to the genuine A&L internet banking page. The address is httpsPlease open your internet browser and go to "internet options". You will find this via "tools" and delete your internet "cookies, files and history." Also go to your favourites and delete the link to Alliance & Leicester. Then go to your web address box (not a search engine) and type in www.alliance-leicester.co.uk, if it pre populates (highlights blue) or a drop down box appears, ignore and carry on typing address (go back and delete history again as possibly not done correctly). Once into alliance-leicester.co.uk, navigate to internet banking. You should delete your history etc on a regular basis.
/mybank.alliance-leicester.co.uk. The https is very important. Any address starting http can be easily changed by something sitting on your computer, or something sitting between your computer and A&L. You should always go to a site starting https when you are logging in to online banking (and you should see a 'green bar' and padlock symbol in your browser to show it is a secure connection, as well as the green icon from Rapport). There was a post here recently from someone who apparently had a virus on their PC which modified the Natwest homepage to insert a fake login page. It is likely that happened because they went to the normal http site first. 0 -
Thanks masonic, now I know A&L were lying, I guessed that from the start.Why I don,t know? As soon as pin is in, money is out.This has caused not only personal upset, it,s my integrity as well. I guessed you guys thought I was inventing it. Even I couldn,t invent something like this.A&Lhas a lot to answer for.How I do it, i,ve no idea. Thanks for all your help, et alJust as a quick sanity check I tested this out. I already know that the security questions are never asked *after* the 5 digit PIN has been entered. I can now confirm if you get the security question wrong at login you cannot get as far as the page where it asks for your PIN. Therefore, it is not possible to get the security question wrong and the 5 digit PIN right.0 -
Not only do I have Rapport, I have WOT site advisor to check validity of site, Green circle,Then I check for padlock and https:// so I knew that I didn,t log on spoof site, if one can be sure. Cannot do much more.If you cannot rely on the banks advice, there,s something wrong, but I have posted said advise. Seeing is believingIf you want to test this just choose a customer ID that is similar to yours (e.g. your customer ID + 1 or something). See what question pops up first (just don't try to answer it or you'll put somebody else in the same position as you!) I can assure you, a wrong answer to that question just brings up a message telling you to try again.
That is bad advice about how to get to the genuine A&L internet banking page. The address is https/mybank.alliance-leicester.co.uk. The https is very important. Any address starting http can be easily changed by something sitting on your computer, or something sitting between your computer and A&L. You should always go to a site starting https when you are logging in to online banking (and you should see a 'green bar' and padlock symbol in your browser to show it is a secure connection, as well as the green icon from Rapport). There was a post here recently from someone who apparently had a virus on their PC which modified the Natwest homepage to insert a fake login page. It is likely that happened because they went to the normal http site first.0 -
When you get access to your account again, the first thing you should do is go to 'Other Services' and then 'Activity Summary'. You will see a list of everything that has happened on your account. You will see entries labelled 'Successful Log In' with a date and time, so if you can remember all of the times you logged in to A&L, you'll be able to tell if somebody else got in.Thanks masonic, now I know A&L were lying, I guessed that from the start.Why I don,t know? As soon as pin is in, money is out.This has caused not only personal upset, it,s my integrity as well. I guessed you guys thought I was inventing it. Even I couldn,t invent something like this.A&Lhas a lot to answer for.How I do it, i,ve no idea. Thanks for all your help, et al
If there are no suspicious 'Successful Log In' entries, then A&L have not been honest with you.
However, if you see something suspicious, then it's possible there was a breach and A&L got mixed up when trying to explain it to you. You will need to worry some more about your PC and take some steps to make sure there is nothing on your system that is compromising your security... (I think this is unlikely, though)0 -
This is a quite facinating thread.........
I do hope someone from the Financial Services Authority has also been following and reading it all and maybe even someone from the Alliance and Leicester............0 -
Thanks masonic, will do. I intend e-mailing the security guy @ A&L,he sent me the info submitted, I have his direct e-mail address, and ask him why the anomoly. He specifically said ID & pin were used, and cherished data failed 3 times.Now I know that,s not possible, why.? I still maintain it,s to do with ID. THis passport buisiness is bugging me.If pin was not compromised, why issue another? After passing security check on phone, why did I have to produce passport @ branch.??Then screenshots etc.You would think I was the hacker:When you get access to your account again, the first thing you should do is go to 'Other Services' and then 'Activity Summary'. You will see a list of everything that has happened on your account. You will see entries labelled 'Successful Log In' with a date and time, so if you can remember all of the times you logged in to A&L, you'll be able to tell if somebody else got in.
If there are no suspicious 'Successful Log In' entries, then A&L have not been honest with you.
However, if you see something suspicious, then it's possible there was a breach and A&L got mixed up when trying to explain it to you. You will need to worry some more about your PC and take some steps to make sure there is nothing on your system that is compromising your security... (I think this is unlikely, though)0 -
You can bet A&L are monitoring it, but won,t get involved. Just E-mailed A&L GUY, he replied requesting postcode? Asked all anomolies, awaiting reply.Not holding my breath.I think he was just a call cente guy talking from script.making out he was security.ChiefGrasscutter wrote: »This is a quite facinating thread.........
I do hope someone from the Financial Services Authority has also been following and reading it all and maybe even someone from the Alliance and Leicester............0 -
Hi, Masonic, this is reply to my e-mail to security guy at A&L",both. "Hi , I am rather confused to say the least about this supposed compromise on 8 th March. 0830 hours. You said to me on phone that ID & Pin number were used, compromised, And there were 3 unsuccessful cherished data attempts, hence block. My research shows this cannot occur, as cherished data is required before pin , so 3 failures at cherished data would produce block, pin would not have been required, or used as you maintain. Why did I have to produce my Passport when successfully answering security questions on phone? Passport wasn,t required to open the account.I would appreciate some specific answers to the anomolies during our phone conversation, and explanations please. Whilst I appreciate security on your behalf for my benefit is required, I am computer literate, and there are too many anomoliesThanks masonic, will do. I intend e-mailing the security guy @ A&L,he sent me the info submitted, I have his direct e-mail address, and ask him why the anomoly. He specifically said ID & pin were used, and cherished data failed 3 times.Now I know that,s not possible, why.? I still maintain it,s to do with ID. THis passport buisiness is bugging me.If pin was not compromised, why issue another? After passing security check on phone, why did I have to produce passport @ branch.??Then screenshots etc.You would think I was the hacker:Thank you for your email.As I have not confirmed any security, the following response is not specific to your account, it will cover internet banking as a whole.When an account holder logs on to Internet Banking (I/B), the system first needs to identify the account and to do this you must enter your 8 digit ID and then 5 digit pin. The system will then look at the computer ID and if this is different to the computer previously used, the system will then challenge it. It is at that point that the specific cherished data is required.It is not possible for the system to challenge a computer without the necessary ID and pin, because without that information, the system would not be able to identify the actual account holder and check the computer.With regard your further query, additional information could possibly be requested to be presented at a branch, even though security has been passed via the telephone, if Customer Services were concerned with the overall security of the account. This is to safeguard the account holder and the bank.Hope this is satisfactory, any queries please call or drop me an email.
This is contrary to your and other A&L members info, is it not? He does not want to commit to e-mail his phone conversation about breach at all.as if it had not taken place.I guessed he wouldn,t.This guy is Assistant Security Manager.ASM, unless it stands for something else, I can think of several.As I read it, once ID & Pin Are submitted correctly, no cherished questions are asked,so how come my hacker was asked them 3 times and failed.As claimed by A&L on phone ID and Pin were correctly used, then hacker was free to do as they wished with the A/c. "Is it me?"0 -
Yes, what he is telling you is wrong, and it is so obviously wrong that anyone who uses online banking an A&L account will easily be able to see that it is wrong. I think you just have to ignore everything this person has told you because quite frankly it is a load of rubbish. The login procedure is, once again...This is contrary to your and other A&L members info, is it not?
1) Enter customer ID
- Check to see if computer is 'known' (has A&L cookie).
2) Personal security question (if computer is unknown)
- Personal anti-phishing image and phrase shown
3) 5-digit PIN
Edit: Just to add some corrections to what you have been told, my comments in brackets:-
Take a look at this screenshot where I have found a random customer ID that works. When I click 'Next' this happens. I can assure you, I don't know whose account this is or what their 5-digit PIN is, but if I wanted I could enter their security information wrongly three times and lock them out, just like you were locked out. It is a terrible system.When an account holder logs on to Internet Banking (I/B), the system first needs to identify the account and to do this you must enter your 8 digit ID and then 5 digit pin [No, 5 digit PIN is not asked for at this time]. The system will then look at the computer ID and if this is different to the computer previously used, the system will then challenge it. It is at that point that the specific cherished data is required. [Only after getting cherished data correct is 5 digit PIN asked for]It is not possible for the system to challenge a computer without the necessary ID and pin, because without that information, the system would not be able to identify the actual account holder and check the computer.[Wrong: Only customer ID is needed and only customer ID is asked for]0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards