Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • VTR1000
    • By VTR1000 15th May 19, 3:47 PM
    • 21Posts
    • 1Thanks
    VTR1000
    Santander Bank
    • #1
    • 15th May 19, 3:47 PM
    Santander Bank 15th May 19 at 3:47 PM
    How does this happen?

    11 April I get a text from my bank asking if an online debit card transaction for £1,300 is mine – reply Y or N. I reply N and within seconds get a phone call from the security dept. asking questions to confirm it’s not related to me.

    Online banking cancelled a few hours later and no access to current account without going in to a branch – and only then after going through security who allow the branch access to my account which is cancelled immediately after withdrawal has taken place. This continues for three weeks before they finally allow me access.

    I raise a complaint due to the lack of info and other things that happen during the ‘suspension’.

    Turns out that while I was speaking to security saying it wasn’t me, someone else was on the phone to the bank at the same time stating the payment was genuine – I’m assuming the online retailer referred the thief to the bank? They got through to security to discuss the transaction by answering a number of security questions, including my monthly direct debit for council tax (even I didn’t know the value of the direct debit) and more importantly, a transaction at my local Paddy Power on the 6 April – Grand National, only time I ever bet and never won… What is strange is that the impersonator quoted the transaction as Power Leisure, rather than Paddy Power, which to me means they’ve been in my account.

    I therefore asked for all the IP addresses to the online log in’s to my account from the 6th to the 11th – I’ve gone through my browser history and they’re all me.

    My security details have never been written down anywhere and I’ve only accessed my account from home or office laptop – never a public internet access point. I’ve never had any scam phone calls and buy everything with my credit card, settling the account in full every month.

    Hopefully the above makes sense.

    My question is; how does a scammer get that level of detail without working at the bank?
Page 1
    • colsten
    • By colsten 15th May 19, 7:45 PM
    • 10,290 Posts
    • 9,478 Thanks
    colsten
    • #2
    • 15th May 19, 7:45 PM
    • #2
    • 15th May 19, 7:45 PM
    Who else lives in your house?
    • Gary_Dexter
    • By Gary_Dexter 15th May 19, 9:36 PM
    • 4,445 Posts
    • 2,864 Thanks
    Gary_Dexter
    • #3
    • 15th May 19, 9:36 PM
    • #3
    • 15th May 19, 9:36 PM
    Malware on your pc?
    • jonnygee2
    • By jonnygee2 15th May 19, 9:48 PM
    • 1,255 Posts
    • 1,276 Thanks
    jonnygee2
    • #4
    • 15th May 19, 9:48 PM
    • #4
    • 15th May 19, 9:48 PM
    Where are your bins and do you shred things? Would this I for have been on statements that were thrown away? A lot of identity theft is digital but there is still a large amount of it that comes from the old fashioned technique of sifting rubbish
    • penners324
    • By penners324 16th May 19, 8:34 AM
    • 37 Posts
    • 21 Thanks
    penners324
    • #5
    • 16th May 19, 8:34 AM
    • #5
    • 16th May 19, 8:34 AM
    The first text message was a phishing scam, the follie up phone call from 'security ' was part of the scam.

    The phone call gave the scammers your security answers which they then used to contact your bank and impersonate you.

    You are how this happened.
    • VTR1000
    • By VTR1000 16th May 19, 2:01 PM
    • 21 Posts
    • 1 Thanks
    VTR1000
    • #6
    • 16th May 19, 2:01 PM
    • #6
    • 16th May 19, 2:01 PM
    Thanks for all the replies. I'll respond to the posts in order:

    1) My wife is the only other person living in our home and she doesn't know the login details as I do all of the online banking and the details aren't written down anywhere.
    2) PC regularly scanned by Malwarebytes, but there are two security password/number sets that must be known before you can login and these are never asked for in full, so unless someone was extremely lucky to get the same requests as I had previously entered (within three attempts) the account would have been locked.
    3) We don't have paper statements.
    4) Not sure if you've ever had a call from Santander security but they never ask for the full details of the security code, so they didn't get enough from me to get through to the account. Secondly the text asked about a specific shop (Louis Viutton) which Santander confirmed. The thief had already tried to make the transaction before I was called. Thirdly, of the security questions answered by the thief I've only ever confirmed DOB in a call - so the other stuff didn't come from me.
    • VTR1000
    • By VTR1000 16th May 19, 2:03 PM
    • 21 Posts
    • 1 Thanks
    VTR1000
    • #7
    • 16th May 19, 2:03 PM
    • #7
    • 16th May 19, 2:03 PM
    penners324.

    The thief was on the phone to Santander at the same time I was - the info could not possibly have come from me, so I'm confident I am not how this happened.
    • 18cc
    • By 18cc 16th May 19, 4:12 PM
    • 1,353 Posts
    • 970 Thanks
    18cc
    • #8
    • 16th May 19, 4:12 PM
    • #8
    • 16th May 19, 4:12 PM
    what info 'exactly' did you give to 'santander' when they called you.

    saying santander 'never ask full details of a security code' is meaningless
    • Zanderman
    • By Zanderman 16th May 19, 4:22 PM
    • 2,135 Posts
    • 4,940 Thanks
    Zanderman
    • #9
    • 16th May 19, 4:22 PM
    • #9
    • 16th May 19, 4:22 PM
    Turns out that while I was speaking to security saying it wasn’t me, someone else was on the phone to the bank at the same time stating the payment was genuine – I’m assuming the online retailer referred the thief to the bank? They got through to security to discuss the transaction by answering a number of security questions, including my monthly direct debit for council tax (even I didn’t know the value of the direct debit) and more importantly, a transaction at my local Paddy Power on the 6 April – Grand National, only time I ever bet and never won… What is strange is that the impersonator quoted the transaction as Power Leisure, rather than Paddy Power, which to me means they’ve been in my account.
    Originally posted by VTR1000
    How do you know all these details?
    • colsten
    • By colsten 16th May 19, 5:05 PM
    • 10,290 Posts
    • 9,478 Thanks
    colsten

    The thief was on the phone to Santander at the same time I was
    Originally posted by VTR1000
    How do you know that?
    • VTR1000
    • By VTR1000 16th May 19, 8:44 PM
    • 21 Posts
    • 1 Thanks
    VTR1000
    In order.

    1) the 3rd and 5th digit of my security code & DOB/post code. That in isolation isn't enough - trust me, I know. The impostor also gave them my council tax bill/the last payment I made on my debit card.

    2) They told me that someone claiming to be me was trying to release the payment at the same time I was talking to security.

    3) see above
    • k3lvc
    • By k3lvc 16th May 19, 8:48 PM
    • 2,655 Posts
    • 4,370 Thanks
    k3lvc
    Given the level of detail I'd be looking at

    a) you've been scammed and previously given those details to someone

    b) someone very close to home isn't being honest with you
    • VTR1000
    • By VTR1000 16th May 19, 8:57 PM
    • 21 Posts
    • 1 Thanks
    VTR1000
    I don't believe I have been scammed previously as I've never written my details down or passed any login details to anyone other than Santander - when I've rang them.

    I suspected an extended family member who had stayed recently, but they could not have had knowledge of the Paddy Power bet.

    If it wasn't for the bet and quoting it to Santander security as 'Power Leisure' (without prompting - apparently) I would be with you.
    • Zanderman
    • By Zanderman 16th May 19, 8:58 PM
    • 2,135 Posts
    • 4,940 Thanks
    Zanderman
    1) the 3rd and 5th digit of my security code & DOB/post code. That in isolation isn't enough - trust me, I know. The impostor also gave them my council tax bill/the last payment I made on my debit card.
    Originally posted by VTR1000
    Ok... I was more interested in 'how do you know', not 'what do you know'.

    Are you saying the bank have specifically told you that the fraudster specifically told them the 3 and 5th digit etc etc? Not sure why would they would tell you that? All they need to tell you is the fraudster knew your security code, not which particular digits he or she knew, surely. The Paddy Power v Paddy Leisure info is similarly detailed. Your knowledge of what the fraudster said and did is almost as weird as what you're saying about them knowing your security.
    • VTR1000
    • By VTR1000 17th May 19, 4:40 AM
    • 21 Posts
    • 1 Thanks
    VTR1000
    Zanderman. Mixing posts.

    The security code details were in answer to 18cc's question, not yours.

    The thief didn't know my security code so they asked him other security questions, last transaction, monthly dd to my local council etc.It's the last transaction that makes me that it might be related to a bank employee. It's my belief that only someone who has seen my account would get the Power Leisure answer.I certainly wouldn't know it - I didn't even know my council tax direct debit.

    And as all of the access times between the dates can be verified as me, how can someone know about the Paddy Power without there being a trace to an IP address?

    The reason I know so much is because I wrote to the chief exec and have been dealing with the senior complaints manager for the past two weeks and he's been very helpful - much more than the security dept.
    Last edited by VTR1000; 17-05-2019 at 6:52 AM.
    • colsten
    • By colsten 17th May 19, 8:59 AM
    • 10,290 Posts
    • 9,478 Thanks
    colsten

    And as all of the access times between the dates can be verified as me, how can someone know about the Paddy Power without there being a trace to an IP address?
    Originally posted by VTR1000
    I think the one thing we agree on, based on information you shared with us in this thread, is that a third party has got access to your Santander account, using IP addresses that you recognise as you are using them yourself..

    That someone can be a person who physically accessed your account from your home or office. Or it can be someone who has remote access to your PC(s)*. We can exclude the latter as you said you had scanned your PC(s)* for Malware. Which leaves the former. Note that the fraudster who allegedly rang the bank, and who used your debit card to make a £1,300 purchase, doesn't necessarily have to be the same person who physically accessed your account from your home or office.

    * Can you clarify - have you been accessing your Santander account through more than one physical PC? One at home, and one in the office? How would you know the IP address of your office, and how would you know that it was you who used the office IP address?

    The reason I know so much is because I wrote to the chief exec and have been dealing with the senior complaints manager for the past two weeks
    Originally posted by VTR1000
    I am afraid, if you didn't get a resolution in over two weeks from the Executive complaints manager, it doesn't look very promising.
    • VTR1000
    • By VTR1000 17th May 19, 9:41 AM
    • 21 Posts
    • 1 Thanks
    VTR1000

    * Can you clarify - have you been accessing your Santander account through more than one physical PC? One at home, and one in the office? How would you know the IP address of your office, and how would you know that it was you who used the office IP address?

    I am afraid, if you didn't get a resolution in over two weeks from the Executive complaints manager, it doesn't look very promising.
    Originally posted by colsten
    Two laptops, home and office. I know the IP address for the office as the head of IT gave it to me and I confirmed with an online checker that it was registered to my employer.

    The complaints manager gave me the IP addresses and times that they had accessed my accounts, which I confirmed with my browser history. I spoke with the head of IT and whilst in theory they can remotely access my laptop via the VNC software, we can see when they do as the screen changes. Also, if we do not use the laptop for 10 mins then the screen locks and the password is needed to unlock it before remote connection is possible.

    The exec complaints manager is ringing me back today to discuss my concerns that the access stemmed from them.

    Unless they have deliberately withheld other IP addresses that have accessed my account (which I don't believe) between the 6th and 11th, then the access points towards an internal issue at Santander.

    It might also explain why my account was locked down for three weeks and not the original 48 hours I was told.
    • 18cc
    • By 18cc 17th May 19, 10:12 AM
    • 1,353 Posts
    • 970 Thanks
    18cc
    This is how scams like this work

    First of all you get a text saying £1,300 has been spent was it you or not. This is not from Santander but number spoofing is used to make it look as though the text came from santander's number...

    You reply no - this is irrelevant the fraudster has no access to your reply. However they ring you up a few minutes later and say 'thanks for saying no we need to check your account and I will take you through security'

    meanwhile they are on the Santander internet banking screen. they need your Santander user ID of course they enter that onto the Santander banking screen. the Santander banking screen askes for digits 2 and 6 of your security code .the fraudster says to you in order to identify you please give me digits 2 and 6 of your security code...

    You give it to them and they enter this onto the Santander banking screen. This gives them access to your account

    They of course cannot send money to a new payee without a one-time password sent to your mobile number

    Often the scammers will make up some convincing explanation as to why you should give it to them

    I'm not saying all of this happened to you I'm just telling you the way frauds like this work
    • 18cc
    • By 18cc 17th May 19, 10:18 AM
    • 1,353 Posts
    • 970 Thanks
    18cc
    Thanks for letting me know what details you gave them

    I have never done it but I would bet that if you go to the Santander website and click I have forgotten my password then in order to reset it you probably will have to enter details like date of birth and postcode...
    • 18cc
    • By 18cc 17th May 19, 10:20 AM
    • 1,353 Posts
    • 970 Thanks
    18cc
    The problem with this kind of fraud is - I would bet most people on here would not give out security details to someone who just rang them out of the blue and said they were their bank. I certainly wouldn't anyway

    By using a text like this it forms a hook on which they can ring and it all looks legitimate

    I have said this many many times and will keep saying it - never ever give anything out to anybody pretending or otherwise to be your bank from an unsolicited phone call or even a solicited one
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,206Posts Today

6,295Users online

Martin's Twitter