We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Terrible email from Lloyds
Comments
-
Archi_Bald wrote: »The link I posted is not to a PDF document. Also, launching a PDF in a browser is different to double clicking on a PDF (or file purporting to be a PDF) sent as an attachment.
Which is even more reason why no company should be sending any attachment by email. Even if the user has been able to decide that the email is genuinely from the company it looks to be from, the user has no means of verifying that the attachment is clean. How are we to tell that the attachments are safe to use? Whilst it is unlikely that a bank would be sending out infected .pdf files, nothing is impossible. A corrupt bank employee could package horrible things like ransomware into a PDF and long have left the country by the time the issue gets detected. I would not want to have to prove to a bank it was their attachment that sent my PC into meltdown, lost me all my data, and cost me my livelyhood.
One particularly nasty piece of ransomware is CryptoLocker
http://en.wikipedia.org/wiki/CryptoLocker
I notice there is absolutely nothing in the Lloyds email that says they guarantee the contents of the PDFs are free of viruses and malware, or how many attachments there should be, or anything else that could reassure the user that there is nothing untoward in these attachments.
Everyone should have a back up of at least their important data to prevent such an incident having such severe consequences.
I received the same email today but from BoS. It will be interesting to hear Lloyds' response to your complaint.0 -
How reassuring could any statement made in an unsolicited email claiming to be from your bank be? Banks say they'll never send emails asking you to click a link. The situation with attachments isn't much different.
You are right, that's why they shouldn't sending any attachments. Though they have told me tonight that they have changed their T&Cs to allow them to send us attachments. I have yet to verify this against their T&Cs - may be one or two of you can help with that and post their findings here?
EDIT: can't find anything about attachments in their Personal Banking T&Cs. Just says they can contact me by email, amongst other means.
I have in the meantime had a friend who is much more technically competent than me have a look at the Lloyds email. His conclusion is as follows:
The email says:
We want you to recognise a fraudulent email if you receive one. Lloyds Bank will always greet you personally using your title, surname and the last four digits of your account number: XXXX YYYY"
This is re-assuring in that it makes you believe the email is genuine, and it probably is the first time you get such an email. Unfortunately your title, surname and the last 4 digits of your account have been sent in clear text over a public network so it is not impossible for any or all of the email data to be harvested and abused. I would be doubly careful with any subsequent emails from Lloyds bank as they could be faked, using your the genuine looking personal information.
I have detached and scanned the attachments for viruses and malware and they were found clean but you are right to be sceptical about attachments and I am very surprised that a UK bank is sending emails of this kind.0 -
Yeah, any old excuse for implementing more charges. Note that I don't have any issue with them making the T&Cs available electronically. Quite the contrary, I do not want any paper. But I also do not want email attachments.Thrugelmir wrote: »Sounds like the death knell for free online banking. As lenders will still be required to invest in the entire machinery required to mail out letters. As well as maintain 24/7 computer systems.
Precisely. Lloyds (and HBOS and TSB) have secure internal messaging. They can put links to the latest versions of T&Cs into a secure message, and they can then even track whether people have read them. They can still send an email or a text to give people a nudge if they haven't read their secure messages after x days. Anything is better than sending emails with attachments.Several banks have secure messaging systems. These can't cost much to run.
Edit: Or make the documents available through online banking and send out an email letting people know where to go to find them (without a link).0 -
Your friend makes a very good point about the information being compromised after it first gets sent to you by email.Archi_Bald wrote: »I have in the meantime had a friend who is much more technically competent than me have a look at the Lloyds email. His conclusion is as follows:
I would have thought it's even worse than that. This is not secret information - you might need to disclose your title, surname and bank account number to any number of organisations (for direct debits), who could lose control of the information along with your email address.0 -
Archi_Bald wrote: »You are right, that's why they shouldn't sending any attachments. Though they have told me tonight that they have changed their T&Cs to allow them to send us attachments. I have yet to verify this against their T&Cs - may be one or two of you can help with that and post their findings here
I searched the new BoS terms for "attachment" and no results were found.0 -
I've got the same sort of email from Halifax:
"
Our records show that due to an internal issue, you may not have received the most recent terms and conditions relating to your Halifax Current Account.
What you need to do
Please replace any previous account terms and conditions you may have with the attached current terms and conditions. Keep them somewhere safe in case you need to refer to them in the future.
Your account features have not been affected in any way."
It contains an attached PDF, but I didnt open it.Goals
Save £12k in 2017 #016 (£4212.06 / £10k) (42.12%)
Save £12k in 2016 #041 (£4558.28 / £6k) (75.97%)
Save £12k in 2014 #192 (£4115.62 / £5k) (82.3%)0 -
Could anyone actually figure out why they sent this email? As there were no changes to the T&Cs, and as the T&Cs are online, what would be the point in sending dodgy looking emails to all account holders?0
-
Could anyone actually figure out why they sent this email? As there were no changes to the T&Cs, and as the T&Cs are online, what would be the point in sending dodgy looking emails to all account holders?
As OP said, the email claims the recipient may not have received the most recent T&Cs for what Lloyds call their "new" account. I've received the same email although I've had my account for months.
I guess Lloyds were trying to cover themselves and to bind us into their updated T&C's by pushing them out to us.
For what it's worth, I've complained to Lloyds primarily about distributing .pdf email attachments to customers - when their own website (!) warns customers about malware distributed in attachments with emails purporting to be from banks!
I think Lloyds' actions in sending out such email attachments will just encourage fraudsters to create "copycat" fake emails with malicious payloads in the .pdf (or what appear to be .pdf) attachments.
I also complained that they're distributing the "most recent" T&Cs without telling us what, if anything, has changed - contrary to normal bank practice, presumably required by their regulator.
Last and least, Lloyds' email also included a "welcome pack" for a "Classic" account which I do not hold. And they even misspelled the name of the director who supposedly signed the message. Which makes you wonder if the message was genuine after all?
So overall this seems to be a very poor effort by Lloyds.0 -
Sure, regular backups should be made as a matter of course. However, you could inadvertently back up files before noticing they have been hijacked and encrypted. Even multiple backups at different times aren't a complete guarantee. The best way is to avoid the danger in the first place - e.g. by never opening any attachment that you think might infect your PC.Everyone should have a back up of at least their important data to prevent such an incident having such severe consequences.
Some very abrupt sounding guy in their complaints department told me that he could not uphold the complaint, even though I had told him upfront that I am not looking for a penny of compensation. This sort of problem is probably not on his script, so he was lost for action. He said he would write to me with his final decision and I am now waiting for his letter. I will then get on to Mr Ant!nio Horta-Os!rio, so they'll have a fair chance to review their approach to communicating electronically with customers.I received the same email today but from BoS. It will be interesting to hear Lloyds' response to your complaint.0 -
I wouldn't want to be on the other end of the phone to somebody like you with a complaint that was out of my hands to resolve.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards