MSE News: Nationwide blunder reveals customers' email addresses

"Nationwide customers should watch out for spam messages, after email addresses were revealed in its monthly newsletter ..."
Read the full story:

Nationwide blunder reveals customers' email addresses

OfficialStamp.gif

Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«1

Replies

  • chanz4chanz4 Forumite
    10.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Xmas Saver!
    ✭✭✭✭✭
    you can buy emails from a lot of companys in bulk, so really nothing new
    Don't put your trust into an Experian score - it is not a number any bank will ever use & it is generally a waste of money to purchase it. They are also selling you insurance you dont need.
  • zerogzerog Forumite
    2.5K Posts
    ✭✭✭✭
    You can also generate emails. Since my gmail email is only 8 letters, any decent programmer can just use common names and add a few random letters and you have a big list of spammees.
  • marathonicmarathonic Forumite
    1.8K Posts
    Ninth Anniversary 1,000 Posts Combo Breaker
    ✭✭✭
    Whilst that might be true, identity theft works by people knowing precise details about a person and the more details the con-artist has, the easier it is for them.

    I'm sure you know of the emails doing the rounds claiming to be from various different banks claiming that your account has been hacked and asking you to confirm a few details. They work on the assumption that some of the people to whom they send the scam email has an account with the bank in question and that a small percentage of them will not realise that it is actually a scam.

    Now, picture these same people having a list of email addresses but KNOWING that they have an account with Nationwide. It makes life a whole lot easier for the scammer.
  • "We are very sorry if this has confused or inconvenienced the people who received the email."
    I doubt that anyone receiving such an email was either confused or inconvenienced. An proper apology might have been better - although they do have form here.
  • I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
    whether this was a result of banking with Nationwide
    how I may find the people involved so i can hack them??
    :eek:
  • Paul_VarjakPaul_Varjak Forumite
    4.6K Posts
    Part of the Furniture 1,000 Posts Photogenic Combo Breaker
    ✭✭✭✭
    According to the original news article...

    "The danger from revealing email addresses is nowhere near as severe as it is with other personal data such as names, addresses, dates of birth or bank/credit card numbers."

    Every email I receive from Nationwide contains my name and post code! It would not take a genius to establish my full address from that information. But, Nationwide claim to do this as a security measure so that we can be sure the email is genuine.

    Emails sent over the internet are certainly not secure, so anyone intercepting the email could easily forge that email and insert a link to a fake website etc.

    It would be much better if Nationwide just missed out names and post codes from emails and just put in a message instead, saying "We never put links in emails".

    If a customer then received an email with a link, that customer would immediately know that the email was fake.
  • Paul_VarjakPaul_Varjak Forumite
    4.6K Posts
    Part of the Furniture 1,000 Posts Photogenic Combo Breaker
    ✭✭✭✭
    grahamb wrote: »
    I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
    whether this was a result of banking with Nationwide
    how I may find the people involved so i can hack them??

    To prevent an account being hacked always use two factor authentication (assuming your email provider allows it).

    You can also improve security by getting a domain name (just £10/year from Google) and use their Gmail service. It offers two factor authentication but you can also have unlimited email addresses on each email account. Just use a different email address with each organisation you give an email address to...

    [email protected]
    [email protected]
    [email protected]

    That way, if your email address gets leaked, you have a fair idea where the leak occured!

    To log into your email account, you should use an email address that you NEVER give to anyone! Any email address you do give out just simply cannot be used to log into your account, as it is just an alias for your real email account.

    If your email address still get hacked with all that protection in place then your computer is probably heavily infected.

    Finally, use another email address to log into any admin control panel.
  • anoncolanoncol Forumite
    982 Posts
    ✭✭✭
    Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?
  • edited 26 April 2013 at 12:56AM
    Paul_VarjakPaul_Varjak Forumite
    4.6K Posts
    Part of the Furniture 1,000 Posts Photogenic Combo Breaker
    ✭✭✭✭
    edited 26 April 2013 at 12:56AM
    anoncol wrote: »
    Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?

    Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

    I had signed up on a site to do paid surveys - so it seems they leaked my address. The irony is that ACTION FRAUD actually use the same company to do surveys for them!!

    The biggest worry is, of course, that those Viagra spammers will get hold of different email addresses I use from several sources - then the problem could be worse than before.

    But I figure that any company who leaks my email address is not worth bothering with, so I would just close any account and discard all emails to that email address anyway - that is quite easy - just use aliases for the email address: [email protected]
  • marathonicmarathonic Forumite
    1.8K Posts
    Ninth Anniversary 1,000 Posts Combo Breaker
    ✭✭✭
    Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

    I wouldn't call myself lucky if I was on 2-3 Viagra a week - it's a slippery slope and you could find yourself dependant before long.... :p
This discussion has been closed.
Latest MSE News and Guides

Stoozing, sublets & summer sips

This week's MSE Forum highlights

MSE News

Martin Lewis quizzes Rishi Sunak

Watch the cost of living support Q&A here

Join the MSE Forum discussion

48 craft beers for £50 delivered

One-off bundle for newbies. Excludes Northern Ireland

MSE Deals