We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Bank Account hacked
Options
Comments
-
My bank Santander will not refund the cash as they say it is my fault because I allowed them access to my account via my laptop and phone line.Any advise as to what to do would be appreciated.
The best avenue for you I can think of is to argue that Santander should not have allowed a transfer of that size to be done online without a phone call. As an example, I transferred £30k from Santander to a savings account, and needed to phone them and be talked through warnings about fraud etc.
I still don't think this is that promising a line of argument though. They will probably say that:
1) They have to draw a line for phone validation somewhere, and £25k (or wherever they draw it) isn't unreasonable. (And as we've seen for another recent thread, phone validation creates a significant burden for some customers.)
2) Setting up a transfer online displays a warning about APP scams, and even suggests that you date the transfer for tomorrow instead of today, so that you can reflect and change your mind.0 -
I had my Santander account hacked when I got a new Laptop. I logged into my account to check a transaction, my mobile rang with a one time pass code and showed a tranfer of £5000 to a bank account I did not recognise. My account was requesting I enter the code to complete the transfer.
I logged out of the account and contacted the bank, they closed the account and helped me to set up a new one.
I did not enter the pass code and so did not loose any money.
This was a couple of years ago and I still do not know how they did it.0 -
The £19,850 may, or may not, have been transferred out all in one go. So size may or may not have mattered in this case.londoninvestor wrote: »The best avenue for you I can think of is to argue that Santander should not have allowed a transfer of that size to be done online without a phone call.
However, more importantly, if the money was transferred to a new payee, Santander would have sent an OTP to the phone number registered on the account, and this OTP would have needed to be entered before any payment could have been made. Santander always require the OTP for a new payee, and sometimes even require an OTP for an existing payee.
If the fraudster wanted to change the existing registered phone number, they could have done this online BUT an OTP would have been sent to the old registered phone number ("In order to change your registered mobile phone number for the One Time Passcode service online you must have access to the mobile phone number that is currently registered for this service"). Again, the OTP would have had to be entered before the phone number could have been changed.
So the big question is: how did the fraudsters get hold of the OTP(s)?
If no OTP was needed, the payment(s) would have gone to one or more existing payees. In which case, the account holder would have previously made one or more payments to the existing payee(s), and Santander would probably assume that the account holder knows the recipient(s) and is probably in cahoots with them.
As is not uncommon in these "I have been mugged" threads, we simply don't have enough information for any conclusive opinions.0 -
However, more importantly, if the money was transferred to a new payee, Santander would have sent an OTP to the phone number registered on the account, and would have needed to be entered before any payment could have been made. Santander always require the OTP for a new payee, and sometimes even require an OTP for an existing payee.
If the fraudster wanted to change the existing registered phone number, they could have done this online BUT an OTP would have been sent to the old registered phone number ("In order to change your registered mobile phone number for the One Time Passcode service online you must have access to the mobile phone number that is currently registered for this service"). Again, the OTP would have had to be entered before the phone number could have been changed.
So the big question is: how did the fraudsters get hold of the OTP(s)?
Very true.0 -
I expect the fraudsters claimed their phone has been stolen or the contract was cancelled by the mobile phone company. Santander would then have no alternative but to register a new phone number.0
-
You just happened to have all that money sitting there in your current account waiting to be stolen? Where did it go?
£19850.00 is a logical and indeed sensible amount of money to have in a current account if it is a Santander 123 account paying interest on up to £20k. Nothing surprising or unusual about that.
As for where did it go, well that's the problem isn't it!0 -
I was about to post about Santander's OTP. I rarely transfer from Santander, but I have a feeling that I've had a code on each occasion.Member #14 of SKI-ers club
Words, words, they're all we have to go by!.
(Pity they are mangled by this autocorrect!)0 -
It's unfortunate that so many people still get caught out by these scams, especially when the fraudsters use the same formula and tactics over and over. This ISP/malware/security variant has been going on for years now, and usually works by convincing the user to install software to allow remote access to their system, and then either directly lifting credentials if you are silly enough to store them in plain text, or further convincing you to log into your online banking / move money to a 'safe' account / convince you to authorize the return of a pretend overpayment via some simple browser html source editing shenanigans / etc... There are slight variations on this approach, but the 4-5 hours they spent with you probably played out in a similar fashion........
...........On a personal note, though, I do struggle to see how so many people can fall for these relatively simple scams, and I do have some reservations over the industry being pushed to protect these people from themselves - it's basically forcing banks to be responsible for individual stupidity. And this will be at a cost to other customers, whether it is reduced 'benefits' to offset the additional overhead, or extra obstacles when it comes to managing/moving your own money, etc.
Whereas I do have a little sympathy for OP, Datz is quite right; this particular scam (or variations of it) has been knocking around for ages (it's so old, it's pensionable
) and there have certainly been enough warnings about it.
Unfortunately because of these scams, it makes simple bank transitions much more complicated for everyone else.
A cunning plan, Baldrick? Whatever it was, it's got to be better than pretending to be mad; after all, who'd notice another mad person around here?.......Edmund Blackadder.0 -
Whither the OP? I am curious to know how this happened and whether it was/could be resolved...0
-
So the big question is: how did the fraudsters get hold of the OTP(s)?
Two ways that I can think of:
- either OP gave it to them, or
- OP was victim of a SIM swap
The latter could have been easily achieved, especially as the OP was on the phone for several hours.
We probably won't get an answer, but I might as well ask...OP did your mobile SIM become inactive at any point?:grouphug:
Official MSE canny forumite and HUKD VIP badge member :grouphug:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards