MSE News: Nationwide blunder reveals customers' email addresses

Former_MSE_Jamie
Former_MSE_Jamie Posts: 98 Forumite
in Budgeting & bank accounts
"Nationwide customers should watch out for spam messages, after email addresses were revealed in its monthly newsletter ..."
Read the full story:

Nationwide blunder reveals customers' email addresses

OfficialStamp.gif

Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«1

Comments

  • chanz4
    chanz4 Posts: 10,890 Forumite
    First Anniversary Name Dropper First Post Xmas Saver!
    you can buy emails from a lot of companys in bulk, so really nothing new
    Don't put your trust into an Experian score - it is not a number any bank will ever use & it is generally a waste of money to purchase it. They are also selling you insurance you dont need.
  • zerog
    zerog Posts: 2,478 Forumite
    You can also generate emails. Since my gmail email is only 8 letters, any decent programmer can just use common names and add a few random letters and you have a big list of spammees.
  • marathonic
    marathonic Posts: 1,778 Forumite
    First Post First Anniversary Combo Breaker
    Whilst that might be true, identity theft works by people knowing precise details about a person and the more details the con-artist has, the easier it is for them.

    I'm sure you know of the emails doing the rounds claiming to be from various different banks claiming that your account has been hacked and asking you to confirm a few details. They work on the assumption that some of the people to whom they send the scam email has an account with the bank in question and that a small percentage of them will not realise that it is actually a scam.

    Now, picture these same people having a list of email addresses but KNOWING that they have an account with Nationwide. It makes life a whole lot easier for the scammer.
  • Tanllan
    Tanllan Posts: 5 Forumite
    "We are very sorry if this has confused or inconvenienced the people who received the email."
    I doubt that anyone receiving such an email was either confused or inconvenienced. An proper apology might have been better - although they do have form here.
  • grahamb_2
    grahamb_2 Posts: 12 Forumite
    I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
    whether this was a result of banking with Nationwide
    how I may find the people involved so i can hack them??
    :eek:
  • Paul_Varjak
    Paul_Varjak Posts: 4,627 Forumite
    Photogenic First Post First Anniversary Combo Breaker
    According to the original news article...

    "The danger from revealing email addresses is nowhere near as severe as it is with other personal data such as names, addresses, dates of birth or bank/credit card numbers."

    Every email I receive from Nationwide contains my name and post code! It would not take a genius to establish my full address from that information. But, Nationwide claim to do this as a security measure so that we can be sure the email is genuine.

    Emails sent over the internet are certainly not secure, so anyone intercepting the email could easily forge that email and insert a link to a fake website etc.

    It would be much better if Nationwide just missed out names and post codes from emails and just put in a message instead, saying "We never put links in emails".

    If a customer then received an email with a link, that customer would immediately know that the email was fake.
  • Paul_Varjak
    Paul_Varjak Posts: 4,627 Forumite
    Photogenic First Post First Anniversary Combo Breaker
    grahamb wrote: »
    I wonder... I am sure I entered the Nationwide competition. Last monday my e-mail account was hacked (from INDIA) and spoof e-mails with a dodgy attachment was sent to all in my address book. Can anyone advise how I can find out
    whether this was a result of banking with Nationwide
    how I may find the people involved so i can hack them??

    To prevent an account being hacked always use two factor authentication (assuming your email provider allows it).

    You can also improve security by getting a domain name (just £10/year from Google) and use their Gmail service. It offers two factor authentication but you can also have unlimited email addresses on each email account. Just use a different email address with each organisation you give an email address to...

    nationwide@mydomainname.co.uk
    amazon@mydomainname.co.uk
    mse@mydomainname.co.uk

    That way, if your email address gets leaked, you have a fair idea where the leak occured!

    To log into your email account, you should use an email address that you NEVER give to anyone! Any email address you do give out just simply cannot be used to log into your account, as it is just an alias for your real email account.

    If your email address still get hacked with all that protection in place then your computer is probably heavily infected.

    Finally, use another email address to log into any admin control panel.
  • anoncol
    anoncol Posts: 982 Forumite
    Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?
  • Paul_Varjak
    Paul_Varjak Posts: 4,627 Forumite
    Photogenic First Post First Anniversary Combo Breaker
    edited 26 April 2013 at 12:56AM
    anoncol wrote: »
    Paul, i have a couple of colleagues that do a similar thing re your own domain with multiple email addresses. Have you found any crap leaks?

    Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

    I had signed up on a site to do paid surveys - so it seems they leaked my address. The irony is that ACTION FRAUD actually use the same company to do surveys for them!!

    The biggest worry is, of course, that those Viagra spammers will get hold of different email addresses I use from several sources - then the problem could be worse than before.

    But I figure that any company who leaks my email address is not worth bothering with, so I would just close any account and discard all emails to that email address anyway - that is quite easy - just use aliases for the email address: spam@mydomain.co.uk
  • marathonic
    marathonic Posts: 1,778 Forumite
    First Post First Anniversary Combo Breaker
    Paul_Varjak wrote: »
    Only one email address has leaked so far in just over one year of creating the new domain - that is being spammed by the Viagra lot - luckily on 2-3 week at the moment.

    I wouldn't call myself lucky if I was on 2-3 Viagra a week - it's a slippery slope and you could find yourself dependant before long.... :p
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.1K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.2K Work, Benefits & Business
  • 607.9K Mortgages, Homes & Bills
  • 173K Life & Family
  • 247.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards