Warning re internet banking

happyinflorida

This happened this week to me. I went into my Halifax bank a/c online, got my password wrong 1st time and made approx. 3 attempts to get in. Got in ok, did everything I needed to do and left.

The next day I got an e-mail from the Halifax advising me that as I'd made a few attempts to get into my a/c I needed to verify a few things in order to prevent my internet access from being suspended.

I clicked on the bit in the e-mail and was taken to a list of security questions, asking me all the security questions I had with the Halifax. I answered them all and then got told my internet access was ok.

Today my husband got a phone call from a man at the Halifax asking if he'd transferred £2300 to another Halifax a/c?!! No he had not and knew I had not as we have not got another Halifax a/c. He also asked if we'd increased our overdraft limit as this had also been done?!!

Luckily the Halifax noticed what had gone on and have stopped it all and have promised to refund our a/c fully - thank god! - and reduce our overdraft to what it was before.

I'm horrified that this has happened, I cannot believe I've fallen for a trick e-mail, but it appeared genuine and also how did the fraudster know what had happened when I'd tried to access my Halifax a/c? Very worrying.

Makes me very nervous of doing any internet banking now and how people can tap into your computer, I really don't know.

Anyway, just wanted to warn people to stop it happening to anyone else.

nikki&asha

Just to add to the above, in the last 3 days I have had a similar email from 'Paypal' and 'Natwest'. I haven't had any difficulties signing into my paypal account and don't even have a Natwest account so I would imagine them actually knowing you'd had trouble signing it is just a coincidence - but very unfortunate for you.

You can forward any thing suspicious to the bank directly, usually a spoof@natwest.com type address easily found on their real website.

The alarm bells began when they actually asked for my credit card pin number!

Be vigilant!

cwp500

be extra extra careful if you are using a wireless router; this is not as secure as wires. If on wireless you need to get your security sorted out. NEVER give details by email if you are even 1% suspicious. Genuine companies can always be contacted by phone.

If your computer is used by sons, daughters, etc., and, perhaps, their "friends" always be paranoid about the possiblity of keylogging programmes and changes to your firewalls, virus checkers etc. There are lots of bad kids around who are very computer savvy.

Encourage your children to keep all of their personal details secret.

Mikeyorks

happyinflorida wrote: »

The next day I got an e-mail from the Halifax advising me that as I'd made a few attempts to get into my a/c

Did it say exactly that??? Are you certain?

If it did then either Halifax have an 'insider' on their technical side .... or you have an 'insider' within your PC. Both a trifle unlikely.

Halifax simply block your access after the 3rd attempt - and invite you, on screen, to contact them. And a key logger or similar on your PC which is attempting to identify your password etc on secure sites - would simply log all of your attempts and be a bit bemused by the confusion. I'm not aware any are developed sufficiently to recognise your struggle - then solicit an external Email inviting you to spill the correct detail?

If you still have the Email - and it does refer to your aborted attempts - then you need to talk to Halifax about it. And run a full virus / spamware check on your PC.

And never click on a link in an Email purporting to be from a secure site.

Stompa

Mikeyorks wrote: »

Did it say exactly that??? Are you certain?

If it did then either Halifax have an 'insider' on their technical side .... or you have an 'insider' within your PC. Both a trifle unlikely.

No, it's a fairly common phishing ploy, this sort of thing:

http://www.millersmiles.co.uk/report/5447

PBA

cwp500 wrote: »

be extra extra careful if you are using a wireless router; this is not as secure as wires.

Arguably true, but when logging on to your banking it would be through a secure site (https), so it's still secure even over an unsecured wireless connection.

This just sounds like a spammer getting lucky. They probably sent out 10 million identical random emails, and one just happened to end up with a Halifax customer who had had trouble getting on to the site. Impressive response from the Halifax to spot and cancel the transaction for you, and as it was going to another Halifax account they can tell the police exactly where to go look for the culprits!

Mikeyorks

Stompa wrote: »

No, it's a fairly common phishing ploy .....

Thanks for that. Despite having an Inbox full of A&L ones up to a few weeks ago - and hundreds of Nat West ones since ..... mine are mundane and all simply say the same thing "Nat West (or whoever) ....requests you to complete Online Banking Customer Form." - followed by the link.

Never had a Halifax one ... so good to see the scammers are at least putting a bit more thought into those!:rolleyes: Bit of a co-incidence however to allegedly get your first one the day after a login problem?

regularsaver1

http://www.halifax.co.uk/securityandprivacy/phishing.asp

from the Halifax website - they have put a warning about it on their site.

They would never email anyone and ask for details in that way. Nor would any bank.

isayoldchap

Dear Sir/Madam,

Invention of security measures is the best way to beat online fraud. We are currently working on Our Online SSL servers to ensure a safer and secure Online Banking services. Halifax Bank PLC have employed some industrial leading models to start carrying out security check on all Accounts for safety purpose.

You are hereby requested to Update Your Halifax Online Banking credentials, for thorough verification against and update. These will not interrupt your online banking.These is to be done for Your Safety and the Bank.

(Link removed). However, Failure to do so may lead to future problems with Your Online Services.


Thanks for your co-operation
Signature removed

Halifax asked for advice as this is my third just today

dunstonh

You can often spot the phishing emails because

1) the site they link to in the email address is not actually a site that belongs to your bank (hover your mouse above the link on screen and the real link it would take you to appears and it wont be like the banks).
2) banks will not send out security requests via email
3) spelling and grammar is usually very poor. (look at the post above as a copy and paste and you will see many words use capital letters to begin with).
4) The logo in the email is usually linked to the homepage banner or a website and the banks wont do that.

ManAtHome

I've had a few with the line "you have recenly logged on from a different location or device" please click on dodgy link or we'll suspend your login etc...