MSE News: Santander refuses to refund pensioner tricked out of £40,000 life savings

GingerFurball_2

jamesd wrote: »

Santander does appear not to have handled aspects of this well. Notice that bit about them remaining suspicious but the customer wanting to speak with the scammer? The payment time obligation is next business day, not immediately, so they could have delayed the transactions and met both their processing time and security obligations. For the later transactions that is what I suggest the customer complains about.

Banks are to show payee details for an account later this year. If text alerts include this information it may help to make this sort of thing as well as typo errors resulting in wrong payees less likely.

Santander's responsibility is to transfer money to the account the customer has asked it to.

You can only warn someone so many times - at the end of the day it's not Santander's place to refuse to transfer money if a customer wants to.

schiff

Private message received this morning. Smacks of closing the stable door but....


"Subject:
Important security information - are you sure it's Santander?
Message:
Never rely on caller ID alone to authenticate a caller or a text message. Criminals can ‘spoof’ caller ID numbers, meaning you can’t be sure the number displayed on your phone belongs to the company it claims to be from.

The banking industry has seen an increase in so-called ‘smishing’ attacks (SMS/text phishing).
• Fraudsters send texts saying they’re from your bank and that they need you to update your details or speak with you urgently about a fraudulent transaction.
• The text normally contains a premium rate telephone number for you to call.
• The number it comes from looks like it belongs to Santander, even though it’s not being sent by us.

Santander will never ask you to disclose your One Time Passcode (OTP) verbally or to call us back on a premium rate telephone number.

If you do give out your personal and security details, you might provide a fraudster with everything they need to take money from your account.


Protect yourself
• Never disclose personal or security details such as full logon details, an OTP, PIN, full passwords or security numbers.
• Never rely on caller ID alone to authenticate a caller or a text message. Criminals can ‘spoof’ these numbers to match those of a legitimate organisation.
• Always read text messages in full before responding. If there’s anything you don’t recognise, then call the number on the back of your card.
• Never give any personal or financial information to someone who calls unexpectedly.
• Never allow remote access or give control of your computer to a third party who calls out of the blue.
• Never follow a telephone instruction from a cold caller asking you to press keys on your keyboard or run any programmes.

If you think you’ve been a victim of a fraud or a scam, or are concerned you may have revealed personal or security information, please contact us immediately.

For full details and advice on this scam, and for more information about all other frauds and scams, visit our online Security Centre."

dggar

schiff wrote: »

Private message received this morning. Smacks of closing the stable door but....


"Subject:
Important security information - are you sure it's Santander?
Message:
Never rely on caller ID alone to authenticate a caller or a text message. Criminals can ‘spoof’ caller ID numbers, meaning you can’t be sure the number displayed on your phone belongs to the company it claims to be from.

The banking industry has seen an increase in so-called ‘smishing’ attacks (SMS/text phishing).
• Fraudsters send texts saying they’re from your bank and that they need you to update your details or speak with you urgently about a fraudulent transaction.
• The text normally contains a premium rate telephone number for you to call.
• The number it comes from looks like it belongs to Santander, even though it’s not being sent by us.

Santander will never ask you to disclose your One Time Passcode (OTP) verbally or to call us back on a premium rate telephone number.

If you do give out your personal and security details, you might provide a fraudster with everything they need to take money from your account.


Protect yourself
• Never disclose personal or security details such as full logon details, an OTP, PIN, full passwords or security numbers.
• Never rely on caller ID alone to authenticate a caller or a text message. Criminals can ‘spoof’ these numbers to match those of a legitimate organisation.
• Always read text messages in full before responding. If there’s anything you don’t recognise, then call the number on the back of your card.
• Never give any personal or financial information to someone who calls unexpectedly.
• Never allow remote access or give control of your computer to a third party who calls out of the blue.
• Never follow a telephone instruction from a cold caller asking you to press keys on your keyboard or run any programmes.

If you think you’ve been a victim of a fraud or a scam, or are concerned you may have revealed personal or security information, please contact us immediately.

For full details and advice on this scam, and for more information about all other frauds and scams, visit our online Security Centre."

I think the points made here should be made into "Sticky" for this thread and the Savings Thread and the Credit Card thread.

keithtmoir

I notice that the article leads on the fact it was a pensioners d=savings but it was her daughter who gave the money away. the bank should not be questioned on the fact that it did nothing wrong and it was the daughters stupidity that caused the problem

Froggitt

I'd normally be with the people on this thread saying stupid is as stupid does. I've trained my Aged P not to click on links, open attachments, reply to emails she doesn't know who they are from. She now doesnt even click on links I send her....I get a phone call every time!!!

Little did I think my so called tech savvy daughter would be scammed by a smishing text. However the reason she was fooled, was primarily because she had recently set up Apple Pay on her phone, and had text confirmations from "BRITBANK", ie displaying the bank name rather than the number. The smishing text similarly did not display the number, did display BRITBANK, and crucially, put the SMS into the same conversation as the Apple Pay texts.

Fortunately she told Mrs Froggitt about it, and they managed to get some of the payments recalled. However, only after hanging on the phone for half an hour trying to get through. I believe that BRITBANK are negligent in not having a fraud number that gets answered straight away......that half an hour gave just enough time for the first few transactions to go through.

Further, she went into the bank just a few days earlier to put a large sum of money in. It seems more than a coincidence that the smish happened on pretty much the only day that there was more than a hundred quid in the account.

Yes she is a stupid girl, giving away passcodes etc, but the bank also contributed to this by not answering the phone in a timely manner.

They are currently investigating, however I believe that she should get her money back, as the payments would have been caught if they had answered the phone quickly enough. I will be going to the FOS if they rule against her......bank negligence being the contributory factor.

GingerFurball_2

Froggitt wrote: »

I'd normally be with the people on this thread saying stupid is as stupid does. I've trained my Aged P not to click on links, open attachments, reply to emails she doesn't know who they are from. She now doesnt even click on links I send her....I get a phone call every time!!!

Little did I think my so called tech savvy daughter would be scammed by a smishing text. However the reason she was fooled, was primarily because she had recently set up Apple Pay on her phone, and had text confirmations from "BRITBANK", ie displaying the bank name rather than the number. The smishing text similarly did not display the number, did display BRITBANK, and crucially, put the SMS into the same conversation as the Apple Pay texts.

Fortunately she told Mrs Froggitt about it, and they managed to get some of the payments recalled. However, only after hanging on the phone for half an hour trying to get through. I believe that BRITBANK are negligent in not having a fraud number that gets answered straight away......that half an hour gave just enough time for the first few transactions to go through.

Further, she went into the bank just a few days earlier to put a large sum of money in. It seems more than a coincidence that the smish happened on pretty much the only day that there was more than a hundred quid in the account.

Yes she is a stupid girl, giving away passcodes etc, but the bank also contributed to this by not answering the phone in a timely manner.

They are currently investigating, however I believe that she should get her money back, as the payments would have been caught if they had answered the phone quickly enough. I will be going to the FOS if they rule against her......bank negligence being the contributory factor.

If the payments were unauthorised she'll be refunded, the bank taking half an hour to answer the phone is not relevant.

boo_star

Froggitt wrote: »

I'd normally be with the people on this thread saying stupid is as stupid does. I've trained my Aged P not to click on links, open attachments, reply to emails she doesn't know who they are from. She now doesnt even click on links I send her....I get a phone call every time!!!

Little did I think my so called tech savvy daughter would be scammed by a smishing text. However the reason she was fooled, was primarily because she had recently set up Apple Pay on her phone, and had text confirmations from "BRITBANK", ie displaying the bank name rather than the number. The smishing text similarly did not display the number, did display BRITBANK, and crucially, put the SMS into the same conversation as the Apple Pay texts.

Fortunately she told Mrs Froggitt about it, and they managed to get some of the payments recalled. However, only after hanging on the phone for half an hour trying to get through. I believe that BRITBANK are negligent in not having a fraud number that gets answered straight away......that half an hour gave just enough time for the first few transactions to go through.

Further, she went into the bank just a few days earlier to put a large sum of money in. It seems more than a coincidence that the smish happened on pretty much the only day that there was more than a hundred quid in the account.

Yes she is a stupid girl, giving away passcodes etc, but the bank also contributed to this by not answering the phone in a timely manner.

They are currently investigating, however I believe that she should get her money back, as the payments would have been caught if they had answered the phone quickly enough. I will be going to the FOS if they rule against her......bank negligence being the contributory factor.

iPhones automatically enter the code from the text into Apple Pay when they’re received and even if they didn’t, she should only have been looking for a code. If anything else is received you either call the customer service number on the website or at least google the number.

Froggitt

GingerFurball wrote: »

If the payments were unauthorised she'll be refunded, the bank taking half an hour to answer the phone is not relevant.

Define unauthorised. Yes she read out the passcodes to the smishers. No she did not authorise them to plunder the account.

Half an hour to answer the phone is relevant, as if they had answered immediately, the payments could have been stopped.

POPPYOSCAR

Froggitt wrote: »

Define unauthorised. Yes she read out the passcodes to the smishers. No she did not authorise them to plunder the account.

Half an hour to answer the phone is relevant, as if they had answered immediately, the payments could have been stopped.

Personally, I think the whole digital technology thing is a minefield.

I watched a documentary about contactless technology recently. There is more fraud than they want us to know about.

We spend more using this and they make more money out of us.

And I agree the fraud departments are not contactable enough. I once had a transaction declined and was told I had to contact the fraud department but they were not available during the weekend and I had an anxious wait until the monday when it was something simple that could have been sorted out there and then.

Kernel_Sanders

grumbler wrote: »

Keyloggers are so common, that most banks use dropdown menus instead of keyboard input.

I always presumed the dropdown menu was purely to thwart automated hacking programs (I'm talking bots, here). I discovered by chance a way of circumventing the procedure by double-clicking on the field to remove the menu, enabling insertion of the character by keyboard. I sometimes did this when I was in a hurry, but won't anymore! I'm not unduly worried though because several log-ins would have to be monitored to capture most of the characters and anyway I've always used Zemana, which is free.