We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Victim of online banking fraud with Santander account...
Ashmil
Posts: 79 Forumite
Hi folks
Is this the right place to talk about banking scams? Apologies if not...
This has actually been resolved now, i.e. I have my money back, but it was still a disturbing occurrence and I wondered if anyone could shed any light on how it might have happened.
On 7th December, I logged in to my Santander online banking, where I have 3 accounts. I logged in using Chrome in the same way I always do. All the security checks were present as normal. However once I got in, I was presented with a warning message along the lines of 'someone has erroneously made a payment to you, and wants to recall it. Please enter the passcode we will now text you to action this' I could see in the background my account balances, which all seemed in order, apart from one account which was 4.5 grand higher than it should have been. I was clearly on the actual Santander online banking page - this is verified by checking my internet history for that day. The domain name is correct.
So then I received a passcode via text, genuinely from Santander, as it was in the same thread of texts as previous passcodes I have received from Santander to approve unusual transactions in the past (e.g. International ones). I didn't seem to be able to get into my accounts until I entered the code, which I did. My balance returned to normal and everything seemed fine, and I could access my accounts. Seemed strange but legit, and I thought no more of it until I logged on on the 13th and discovered that 4.5k had been actually removed from my original balance, so it was 4.5k LOWER than it should have been.
Panicked, phoned bank, accounts frozen, passed to investigators. Long story short, the bank have reimbursed me, so I'm back to normal.
SO somehow what happened was that the evil fraudsters who did this somehow presented me with a false message which tricked me into approving 4.5k to be transferred out of my account...
BUT - how the hell did this happen? I didn't follow any dodgy links, I was ON THE BANK'S ACTUAL WEBSITE. The message was shown as part of the online banking page as normal, not a popup or separate window or anything, and I could see my accounts listed. I was properly logged in. Somehow the !!!!!!s showed me a false message through the Santander website, or so it seems... Surely that means the bank themselves were hacked? How does that work?
Does anyone have any clues about how this might have come about? I use antivirus and all the rest, but it seems like the dodginess actually happened at the bank's end...?
Thanks,
Ash.
Is this the right place to talk about banking scams? Apologies if not...
This has actually been resolved now, i.e. I have my money back, but it was still a disturbing occurrence and I wondered if anyone could shed any light on how it might have happened.
On 7th December, I logged in to my Santander online banking, where I have 3 accounts. I logged in using Chrome in the same way I always do. All the security checks were present as normal. However once I got in, I was presented with a warning message along the lines of 'someone has erroneously made a payment to you, and wants to recall it. Please enter the passcode we will now text you to action this' I could see in the background my account balances, which all seemed in order, apart from one account which was 4.5 grand higher than it should have been. I was clearly on the actual Santander online banking page - this is verified by checking my internet history for that day. The domain name is correct.
So then I received a passcode via text, genuinely from Santander, as it was in the same thread of texts as previous passcodes I have received from Santander to approve unusual transactions in the past (e.g. International ones). I didn't seem to be able to get into my accounts until I entered the code, which I did. My balance returned to normal and everything seemed fine, and I could access my accounts. Seemed strange but legit, and I thought no more of it until I logged on on the 13th and discovered that 4.5k had been actually removed from my original balance, so it was 4.5k LOWER than it should have been.
Panicked, phoned bank, accounts frozen, passed to investigators. Long story short, the bank have reimbursed me, so I'm back to normal.
SO somehow what happened was that the evil fraudsters who did this somehow presented me with a false message which tricked me into approving 4.5k to be transferred out of my account...
BUT - how the hell did this happen? I didn't follow any dodgy links, I was ON THE BANK'S ACTUAL WEBSITE. The message was shown as part of the online banking page as normal, not a popup or separate window or anything, and I could see my accounts listed. I was properly logged in. Somehow the !!!!!!s showed me a false message through the Santander website, or so it seems... Surely that means the bank themselves were hacked? How does that work?
Does anyone have any clues about how this might have come about? I use antivirus and all the rest, but it seems like the dodginess actually happened at the bank's end...?
Thanks,
Ash.
0
Comments
-
My guess is... https://www.google.co.uk/search?q=man+in+the+browser0
-
Ah didn't know about that... Scary stuff0
-
"So then I received a passcode via text, genuinely from Santander, as it was in the same thread of texts as previous passcodes I have received from Santander"
To fake that only requires that the originating number is the same as Santander's. It's easy enough to do: there are a zillion services online which will do it. The technique they use is to pretend to be the victim phone (in this case Santander) roamed onto a foreign network.
"someone has erroneously made a payment to you, and wants to recall it. Please enter the passcode we will now text you to action this"
Think about it: if that much money had been paid to you "erroneously", wouldn't the bank contact you more formally?0 -
Why would anyone want to fake the passcode? It worked because it was from Santander.securityguy wrote: »"So then I received a passcode via text, genuinely from Santander, as it was in the same thread of texts as previous passcodes I have received from Santander"
To fake that only requires that the originating number is the same as Santander's. It's easy enough to do: there are a zillion services online which will do it.
I think, what was faked was the screen showing incorrect balance and the pop-ups requiring the payment.0 -
securityguy wrote: »"So then I received a passcode via text, genuinely from Santander, as it was in the same thread of texts as previous passcodes I have received from Santander"
To fake that only requires that the originating number is the same as Santander's. It's easy enough to do: there are a zillion services online which will do it. The technique they use is to pretend to be the victim phone (in this case Santander) roamed onto a foreign network.
"someone has erroneously made a payment to you, and wants to recall it. Please enter the passcode we will now text you to action this"
Think about it: if that much money had been paid to you "erroneously", wouldn't the bank contact you more formally?
Thanks for the patronising advice to 'think about it' - yes I have been thinking about it rather a lot, would you believe - but as grumbler said, it was a genuine passcode. It worked. Clearly the browser message giving me the context was fabricated. And yes it looked convincing, it fooled little old me, and I didn't know about MITB. We live and learn eh?0 -
I have to agree with security guy here if I had the issue as you explained I would simply log out ring the bank and ask to speak to the correct department about the unusual transaction incoming and then the unusual request for the so called erroneous payment to be sent back.
When a payment is made to an account by error, mistake or even a non payment as described above the bank would contact you in writing to request this money be returned to the original source, That is unless it was the banks mistake in which case they can refute/credit it back, There is no way it would be done via the route you have described and quite simply it is a devious scam that is in place to hook people and you clearly fell for it here.
On a side note you have the money back as the bank have refunded this so there is no issue here for you at least and it is the bank who lost out here and I suspect they will have no chance of clawing it back from the account you wired it to, There's a lesson here but for fear of a backlash I'll keep quiet.
0 -
There is indeed a lesson learned, no argument there! i was sucked in. And yes I should have checked. I was convinced by the fact that the prompting message appeared to be integrally part of the Santander site I had just logged into, as I always do, and that the text and functioning code came from Santander, and that everything looked in order and back to normal once I'd entered the code. i had no idea they could play you in this way. It was very sneaky and convincing.0
-
So where were you and how were you connecting to the site at the time
Home computer on a wired connection?
Wifi at home?
Free wifi elsewhere - hotel, internet cafe?
Mobile phone?
etc0 -
Thanks chief G - it was at home, wifi. No one else uses the computer. I do have antivirus, firewall etc.0
-
I was convinced by the fact that the prompting message appeared to be integrally part of the Santander site I had just logged into, as I always do, and that the text and functioning code came from Santander, and that everything looked in order and back to normal once I'd entered the code.
as would many of us. thank you for sharing the story. i'm glad that you have been reimbursed.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards