MSE News: Nationwide blunder reveals customers' email addresses 25 February 2013 at 3:50PM in Budgeting & bank accounts 11 replies 2.6K views

Former_MSE_Jamie

"Nationwide customers should watch out for spam messages, after email addresses were revealed in its monthly newsletter ..."

Read the full story:

Nationwide blunder reveals customers' email addresses



Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.

chanz4

you can buy emails from a lot of companys in bulk, so really nothing new

zerog

You can also generate emails. Since my gmail email is only 8 letters, any decent programmer can just use common names and add a few random letters and you have a big list of spammees.

marathonic

Whilst that might be true, identity theft works by people knowing precise details about a person and the more details the con-artist has, the easier it is for them.

I'm sure you know of the emails doing the rounds claiming to be from various different banks claiming that your account has been hacked and asking you to confirm a few details. They work on the assumption that some of the people to whom they send the scam email has an account with the bank in question and that a small percentage of them will not realise that it is actually a scam.

Now, picture these same people having a list of email addresses but KNOWING that they have an account with Nationwide. It makes life a whole lot easier for the scammer.

Tanllan

"We are very sorry if this has confused or inconvenienced the people who received the email."
I doubt that anyone receiving such an email was either confused or inconvenienced. An proper apology might have been better - although they do have form here.

grahamb_2

I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
whether this was a result of banking with Nationwide
how I may find the people involved so i can hack them??

Paul_Varjak

According to the original news article...

"The danger from revealing email addresses is nowhere near as severe as it is with other personal data such as names, addresses, dates of birth or bank/credit card numbers."

Every email I receive from Nationwide contains my name and post code! It would not take a genius to establish my full address from that information. But, Nationwide claim to do this as a security measure so that we can be sure the email is genuine.

Emails sent over the internet are certainly not secure, so anyone intercepting the email could easily forge that email and insert a link to a fake website etc.

It would be much better if Nationwide just missed out names and post codes from emails and just put in a message instead, saying "We never put links in emails".

If a customer then received an email with a link, that customer would immediately know that the email was fake.

Paul_Varjak

grahamb wrote: »

I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
whether this was a result of banking with Nationwide
how I may find the people involved so i can hack them??

To prevent an account being hacked always use two factor authentication (assuming your email provider allows it).

You can also improve security by getting a domain name (just £10/year from Google) and use their Gmail service. It offers two factor authentication but you can also have unlimited email addresses on each email account. Just use a different email address with each organisation you give an email address to...

[email protected]
[email protected]
[email protected]

That way, if your email address gets leaked, you have a fair idea where the leak occured!

To log into your email account, you should use an email address that you NEVER give to anyone! Any email address you do give out just simply cannot be used to log into your account, as it is just an alias for your real email account.

If your email address still get hacked with all that protection in place then your computer is probably heavily infected.

Finally, use another email address to log into any admin control panel.

anoncol

Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?

Paul_Varjak

anoncol wrote: »

Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?

Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

I had signed up on a site to do paid surveys - so it seems they leaked my address. The irony is that ACTION FRAUD actually use the same company to do surveys for them!!

The biggest worry is, of course, that those Viagra spammers will get hold of different email addresses I use from several sources - then the problem could be worse than before.

But I figure that any company who leaks my email address is not worth bothering with, so I would just close any account and discard all emails to that email address anyway - that is quite easy - just use aliases for the email address: [email protected]

marathonic

Paul_Varjak wrote: »

Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

I wouldn't call myself lucky if I was on 2-3 Viagra a week - it's a slippery slope and you could find yourself dependant before long....