We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Victim of online banking fraud with Santander account...
Comments
-
Thanks guys0
-
That the code worked is a very bad thing to rely on. If the code is genuine, you only find out it's genuine after you have authorised its use, by which time it's too late, and you don't always get strong confirmation of what the code relates to.
I hadn't quite twigged that the code in question is a one-time authorisation code so, as someone points out, the attack is not that they fake it to "prove" they are the real bank, but that they use a browser-side attack to cause you to request a code you might not otherwise have requested. But of course, the attacker doesn't really need that wrinkle: once they have convinced you that your balance is expected+X and you agree to pay X to some random account code, then they can leave you to it. They don't need any more tricks at that point.
The reality, which needs to be hammered home to be people (as it's the basis for courier fraud as well) is that banks _never_ ask you to transfer money to random third parties, whether because of over payment, police investigations, whatever. There are circumstances where accounts are debited or credited by the bank for administrative reasons, but those are always done by the bank (again, why would the bank need you to authorise it?) and done via internal accounts you can't see directly.0 -
Agreed - makes sense in retrospect...0
-
Thanks for sharing this. I think those who are criticising you for falling for a scam are a bit harsh - hindsight is wonderful. I'd like to think I'm reasonably security conscious: don't click on unknown links, sceptical when someone / something claims to be organisation X etc. But what you describe has enough convincing links in the chain that I might have fallen for it, even if I like to think I wouldn't.
A big concern here is what are Santander doing to make sure this doesn't happen again (to you or anyone else). Apart from refunding the money (which is great), have they not contacted you to explain how this happened, or give you some guidance to avoid this in the future, or ask you some questions about your security set-up?0 -
FormulaDriven wrote: »Thanks for sharing this. I think those who are criticising you for falling for a scam are a bit harsh - hindsight is wonderful. I'd like to think I'm reasonably security conscious: don't click on unknown links, sceptical when someone / something claims to be organisation X etc. But what you describe has enough convincing links in the chain that I might have fallen for it, even if I like to think I wouldn't.
A big concern here is what are Santander doing to make sure this doesn't happen again (to you or anyone else). Apart from refunding the money (which is great), have they not contacted you to explain how this happened, or give you some guidance to avoid this in the future, or ask you some questions about your security set-up?
Do Santander need to send out baby sitters then here ? , It is not about being harsh it is about being savvy to the facts of how banking works and for those that fall for this type of scam I do believe are not savvy enough, This is not meant as a put down but simply implying that common sense should prevail in these instances.0 -
FormulaDriven wrote: »
A big concern here is what are Santander doing to make sure this doesn't happen again (to you or anyone else).
What do you expect Santander to do? You set up a payee, you requested an OTP, you made the payment. Your PC was infected by some virus or malware.
Are you suggesting Santander should be responsible for what is running on our PCs? And that they don't take payment instructions from us any longer?0 -
securityguy wrote: »The reality, which needs to be hammered home to be people (as it's the basis for courier fraud as well) is that banks _never_ ask you to transfer money to random third parties, whether because of over payment, police investigations, whatever. There are circumstances where accounts are debited or credited by the bank for administrative reasons, but those are always done by the bank (again, why would the bank need you to authorise it?) and done via internal accounts you can't see directly.
This ^^^.
If this one rule was followed by everyone the amount of online banking fraud would be virtually eliminated. in the face of anything unusual like this, always log off and contact the bank by a safe, alternative means. e.g. a mobile phone.Retired at age 56 after having "light bulb moment" due to reading MSE and its forums. Have been converted to the "budget to zero" concept and use YNAB for all monthly budgeting and long term goals.0 -
Archi_Bald wrote: »What do you expect Santander to do? You set up a payee, you requested an OTP, you made the payment. Your PC was infected by some virus or malware.
Are you suggesting Santander should be responsible for what is running on our PCs? And that they don't take payment instructions from us any longer?
If you read the rest of my post, you might get an inkling of what I thought Santander might do. I didn't say anything about Santander taking responsibility for what runs on our PCs or suggesting they have to supervise their customers' every action.
But as Santander have lost thousands of pounds, it just surprises me that they wouldn't even have a conversation with their customer, to maybe ask about what anti-virus software they have running, explain how they think this scam worked and give some advice to make sure the customer protected themselves in future. Those all seem to me sensible things for a grown-up, transparent relationship between a bank and its customer.0 -
FormulaDriven wrote: »a grown-up, transparent relationship between a bank and its customer.
Then again, that may be where I'm going wrong...0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.2K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards