Fraud 26 June at 9:48PM in Credit Cards 43 replies 1.6K views

LeMarais1979

In short I received a text notification today alerting me to the fact my address had been updated, quick check on the mobile app confirmed this. I called the CC company immediately, went through the normal procedures etc. Security called back, and confirmed the person who tried to take over my account telephoned in about 10 ministers before I received the text notification, they cleared security & changed the address, tel’ number and ordered a new card. My question is - how did they know the answers to my security questions. I have no social media, bar twitter, but have never shared anything personal on there. I’m a loaner, I have a partner and children and only socialise with family. Do you think someone in customer service or similar sold/stole my info? The card has a full balance and hadn’t been used for four/five months. 

Thank you 

zx81

It's impossible for us to answer that.

But do an audit in your digital security, as that's the most common way.

LeMarais1979

zx81 said:

It's impossible for us to answer that.

But do an audit in your digital security, as that's the most common way.

 I know ... I know. Desperation, and anxiety about what happened were causes for asking such a silly question. Thank you for replying. 

lopsyfa

A possibility is a key logger or malware on a computer has capture enough personal details. These malwares are normally shipped with pirated copies of movies or software - not saying that is applicable to you. Use malwarebytes and an antivirus to scan your computers you normally enter personal details on.

joeypesci

lopsyfa said:

A possibility is a key logger or malware on a computer has capture enough personal details. These malwares are normally shipped with pirated copies of movies or software - not saying that is applicable to you. Use malwarebytes and an antivirus to scan your computers you normally enter personal details on.

They are never shipped with pirated copies of movies. I'm not saying pirating movies is right but its a scare tactic from the movie industry to try to stop pirated movies.

Gerry1

I'm surprised that identity theft doesn't happen more often.  Most banks are complete idiots when it comes to so-called security questions.  They ask for info which is in the public domain, e.g. address and postcode (look in the telephone directory) and Date of Birth (known or accessible by thousands, e.g. friends, family, employer, insurance companies, the NHS, the DWP, HMRC, energy companies, credit rating agencies, probably even the postman).

Most companies always ask for the same old information (DoB, mother's maiden name etc) so security is largely illusory.  They are breaking two of the golden rules of passwords: don't share passwords, and use information that's known only by the customer.

Even SMS two-factor authorisation is often a joke because it wrongly assumes that only the customer can access their text messages.  Phones can be lost or stolen, they can be accessed by work colleagues or carers if left unattended e.g. in a jacket or handbag, and mobile numbers can be moved to a different SIM, the security for which is often minimal for PAYG SIMs and is outside the control of the bank.

Some banks (e.g. NatWest / RBS) issue card readers which are far more secure, but sadly they are in the minority.

MinuteNoodles

joeypesci said:

lopsyfa said:

A possibility is a key logger or malware on a computer has capture enough personal details. These malwares are normally shipped with pirated copies of movies or software - not saying that is applicable to you. Use malwarebytes and an antivirus to scan your computers you normally enter personal details on.

They are never shipped with pirated copies of movies.

Doesn't need to be, it just needs to be on the site you use and TPB has had a real issue with trojans. Read this article fully. https://cybersguards.com/the-pirate-bay-tpb-malware-downloading-a-new-spyware-trojan/

While malware on torrent websites is frequently distributed through malvertising or advertising. When a “leech” user downloads a file from these sources, there is no reason to believe the file is going to be malicious in any way. When a victim opens their downloaded file, PirateMatryoshka appears as an installer.

A copy of the main page of TPB is shown to the victim, requiring the user to input their credentials in order to continue the installation. Kaspersky Labs believes this is how the malware continues to spread, because operators can create more seeds from legitimate, compromised accounts. The phishing link has been accessed approximately ten thousand times so far.

harsh_but_fair

I am more surprised that the card company - when confronted with a request to change address AND telephone number - then actioned the order of a new card.

LeMarais1979

Thank you for taking the time to reply to me; I appreciate it. 

LeMarais1979

harsh_but_fair said:

I am more surprised that the card company - when confronted with a request to change address AND telephone number - then actioned the order of a new card.

I agree. They said they were suspicious hence why they text the security alert to the original phone number. Scared me really, I’ve never experienced anything like this before, so my mind went into overdrive about how my personal data was used by someone living in South East London. Oh well, it’s all sorted now. I’ll try to be even more careful with my data. 

born_again

One reason why voice id is handy.
Do you have a password to get into the account, as well as memorable info?
As certainly as far as our systems go. Passwords are not visible to staff.