TSB - fraud/hacker managed to change my details over phone

george4064

Yesterday I was receiving loads of random text messages from random providers I have never used before, so I just ignored them.

But then I received a 'One Time Password to confirm your identity with the TSB Partner you are speaking to', this is from the same 'TSB' that I have received genuine OTP's from previously. I ignored this text message.

10 minutes later, I received another messaged from the same TSB number saying Your Internet Banking phone numbers where changed on YYYY-MM-DD at XX.XX. If you DID NOT do this call 012345678 or +1235657 from abroad' (dates, times and numbers redacted. So I decided to log into my TSB account, checked 'my details' and the phone number on my account had changed.

Phoned TSB, explained this to them and they've changed my number back. I've since changed my User ID, password, memorable information etc. I had 2FA activated on my account, so nothing to change here. I have also cancelled my TSB credit card and ordered a new one, I don't have any other accounts with TSB.

I'm thinking either of two scenarios has happened:

• This fraud has somehow cloned my phone/SIM and is able to read my text messages?
• This fraud phoned TSB, pretending to be me and somehow passed security checks without the OTP?

Welcome people's thoughts, and if I should bother writing a complaint to TSB?

I'm thinking of cancelling my credit card with TSB, as it seems their security is very poor.

cymruchris

george4064 said:

Yesterday I was receiving loads of random text messages from random providers I have never used before, so I just ignored them.

But then I received a 'One Time Password to confirm your identity with the TSB Partner you are speaking to', this is from the same 'TSB' that I have received genuine OTP's from previously. I ignored this text message.

10 minutes later, I received another messaged from the same TSB number saying Your Internet Banking phone numbers where changed on YYYY-MM-DD at XX.XX. If you DID NOT do this call 012345678 or +1235657 from abroad' (dates, times and numbers redacted. So I decided to log into my TSB account, checked 'my details' and the phone number on my account had changed.

Phoned TSB, explained this to them and they've changed my number back. I've since changed my User ID, password, memorable information etc. I had 2FA activated on my account, so nothing to change here. I have also cancelled my TSB credit card and ordered a new one, I don't have any other accounts with TSB.

I'm thinking either of two scenarios has happened:

• This fraud has somehow cloned my phone/SIM and is able to read my text messages?
• This fraud phoned TSB, pretending to be me and somehow passed security checks without the OTP?

Welcome people's thoughts, and if I should bother writing a complaint to TSB?

I'm thinking of cancelling my credit card with TSB, as it seems their security is very poor.

You ignored rather a lot of warning signs it has to be said. No matter who did it and how they did it, there were lots of red flags that you could have actioned earlier. You're probably quite lucky that you're not here asking how you can get your money back. 

Now that you've changed all your access information, it's likely that's the end of the matter.

The passwords used for the account - did you use them or anything similar in any of your other accounts? It could be that data from a breach elsewhere contained your username and password for another account that you use that's similar or the same as your TSB account.

It could be that someone has intercepted some of your mail, or as mentioned a data breach elsewhere, to get personal details, and utilised this along with your social media profiles to gather enough info to attempt to be you on the phone. 

It could be there's a virus on your PC collecting keystrokes and sending them on. (Have you done a full virus scan recently?)

The reality is that TSB won't tell you how they did it, or who did it, and to be fair, they did send enough warnings that something wasn't right. 

If you have social media profiles, review what information can be seen as a 'member of the public' to ensure that there's as little about you online referring to things like birthdays.

george4064

Thanks for the reply @cymruchris

When I phoned TSB, they told me that the phone number on my account had been changed over the phone. So I know my account was compromised via the telephone rather than online. That said, I have changed all my online login ID/passwords.

PC is fully protected with Kaspersky, and a deep virus clean didn’t pick anything. So don’t think it’s my PC.

I’m not sure what ‘warnings’ that TSB sent you’re referring to? All these random messages started at 7pm, and the TSB ones came through at 7.30 and 7.40pm. By the time I read the message, I was on the phone to TSB at 7.45pm.

Dobbibill

Have you changed your PSN with TSB for telephone banking?
Their website says you need a PSN to change address, phone or email over the phone so it may be those details that are compromised. 
https://www.tsb.co.uk/search/?q=change of address

cymruchris

george4064 said:

Thanks for the reply @cymruchris

When I phoned TSB, they told me that the phone number on my account had been changed over the phone. So I know my account was compromised via the telephone rather than online. That said, I have changed all my online login ID/passwords.

PC is fully protected with Kaspersky, and a deep virus clean didn’t pick anything. So don’t think it’s my PC.

I’m not sure what ‘warnings’ that TSB sent you’re referring to? All these random messages started at 7pm, and the TSB ones came through at 7.30 and 7.40pm. By the time I read the message, I was on the phone to TSB at 7.45pm.

You hadn't mentioned this had all happened over such a narrow time frame - your OP did give me the impression that it was over a longer period, so it was good that you got onto the bank relatively quickly. I had something similar once, although quite a few years ago now, where someone rang my bank and tried to be me. They'd stolen some of my post. They also tried to open several credit cards. It might be worth keeping a close eye on your credit reference files for a few months, if anything untoward appears, you might want to register for CIFAS protective registration. That would ensure lenders paid extra care to any NEW applications made in your name.

mcpitman

george4064 said:

PC is fully protected with Kaspersky, and a deep virus clean didn’t pick anything. So don’t think it’s my PC.

I would personally remove Kaspersky - a Russian owned internet safety device, at this current time?

A company that provides the Russian Federal Security Service with intelligence monitoring.

Currently that virus engine is based on 2019 data lists and has avoid lists for certain keystroke software.

george4064

mcpitman said:

george4064 said:

PC is fully protected with Kaspersky, and a deep virus clean didn’t pick anything. So don’t think it’s my PC.

I would personally remove Kaspersky - a Russian owned internet safety device, at this current time?

A company that provides the Russian Federal Security Service with intelligence monitoring.

Currently that virus engine is based on 2019 data lists and has avoid lists for certain keystroke software.

I have no concerns with Kaspersky, turns out it was just that TSB’s staff manning the telephones are incompetent!!

mcpitman

george4064 said:

mcpitman said:

george4064 said:

PC is fully protected with Kaspersky, and a deep virus clean didn’t pick anything. So don’t think it’s my PC.

I would personally remove Kaspersky - a Russian owned internet safety device, at this current time?

A company that provides the Russian Federal Security Service with intelligence monitoring.

Currently that virus engine is based on 2019 data lists and has avoid lists for certain keystroke software.

I have no concerns with Kaspersky

You really should look into it further. Plenty of articles out there from more reliable sources than myself.

born_again

TBH. Only antivirus I have is the default windows one. Works well & costs nothing.

Gave up on the other offerings years ago when they started to become nothing but bloatware & slowing systems down.

Harriet2006

george4064 said:

Yesterday I was receiving loads of random text messages from random providers I have never used before, so I just ignored them.

But then I received a 'One Time Password to confirm your identity with the TSB Partner you are speaking to', this is from the same 'TSB' that I have received genuine OTP's from previously. I ignored this text message.

10 minutes later, I received another messaged from the same TSB number saying Your Internet Banking phone numbers where changed on YYYY-MM-DD at XX.XX. If you DID NOT do this call 012345678 or +1235657 from abroad' (dates, times and numbers redacted. So I decided to log into my TSB account, checked 'my details' and the phone number on my account had changed.

Phoned TSB, explained this to them and they've changed my number back. I've since changed my User ID, password, memorable information etc. I had 2FA activated on my account, so nothing to change here. I have also cancelled my TSB credit card and ordered a new one, I don't have any other accounts with TSB.

I'm thinking either of two scenarios has happened:

• This fraud has somehow cloned my phone/SIM and is able to read my text messages?
• This fraud phoned TSB, pretending to be me and somehow passed security checks without the OTP?

Welcome people's thoughts, and if I should bother writing a complaint to TSB?

I'm thinking of cancelling my credit card with TSB, as it seems their security is very poor.

Hi. Just need to warn as many people as I can that I am receiving telephone calls re my Amazon Credit card. They have replicated the Amazon card helpline number and they knew my mobile number and last four numbers of the long number.  First scam was a month ago. I didn’t give anything away, but froze my card and then spoke to fraud department via the legitimate number.  I was advised to change my Amazon password, which I promptly did, and they issued me a new card with different numbers.  I relaxed. However, over the weekend the same person called again. I told him he was a scammer and to “sod off”.  He called an hour later, saying, “you didn’t seem to want to talk earlier”. Unbelievable.  I let him go on a bit and he mentioned 3 suspect transactions, one being £30 to Ee. Top up. I don’t do top up.  After a bit I told him I knew he was a scammer as Amazon cards (Newday Cards) only work Mon to Friday between 9 and 5 pm.  He said he has sPercival permission.  Told him to sod off again and to never ring me ever.I immediately froze my card via automated phone call.  My telephone line was faulty and have only just been able to check my outgoing payments.  Guess what? The ee payment has gone thru!!!  Rang fraud prevention at Amazon/newday cards. I will have the £30 refunded. But I asked how could someone buy something without my expiry date and CVC number.  I was told they didn’t know p, but it would be investigated. Very worrying.  Anyway, please warn every one you know Forum Members and if anyone knows how this was able to happen, I would be interested to know. 

born_again

Harriet2006 said:

Hi. Just need to warn as many people as I can that I am receiving telephone calls re my Amazon Credit card. They have replicated the Amazon card helpline number and they knew my mobile number and last four numbers of the long number.  First scam was a month ago. I didn’t give anything away, but froze my card and then spoke to fraud department via the legitimate number.  I was advised to change my Amazon password, which I promptly did, and they issued me a new card with different numbers.  I relaxed. However, over the weekend the same person called again. I told him he was a scammer and to “sod off”.  He called an hour later, saying, “you didn’t seem to want to talk earlier”. Unbelievable.  I let him go on a bit and he mentioned 3 suspect transactions, one being £30 to Ee. Top up. I don’t do top up.  After a bit I told him I knew he was a scammer as Amazon cards (Newday Cards) only work Mon to Friday between 9 and 5 pm.  He said he has sPercival permission.  Told him to sod off again and to never ring me ever.I immediately froze my card via automated phone call.  My telephone line was faulty and have only just been able to check my outgoing payments.  Guess what? The ee payment has gone thru!!!  Rang fraud prevention at Amazon/newday cards. I will have the £30 refunded. But I asked how could someone buy something without my expiry date and CVC number.  I was told they didn’t know p, but it would be investigated. Very worrying.  Anyway, please warn every one you know Forum Members and if anyone knows how this was able to happen, I would be interested to know. 

Opps
https://www.newday.co.uk/contact-us/

Our lines are open, Monday-Friday: 9-7pm, Saturday 9-5pm and Sunday 10-4pm. Calls may be recorded and monitored for training and security purposes and to help us manage your account.

So perhaps it was a member of newday staff.🤦‍♀️

Many retailers do not take the CVV. If your card has been compromised a Exp date is easy to guess. Once they have card details, which odds on when compromised will include expiry date.