Criminals have set their sights on customers of a bank that has been struggling with a switchover to a new computer platform
A man watched helplessly as cybercriminals stole £9,000 (nearly US$12,000) from his account at British bank TSB while he waited – for four-and-a-half hours – to get through to the bank’s fraud line, according to a BBC report.
Ben Alford, of Weymouth in the United Kingdom, has described how he put in a call to TSB after noticing that somebody had taken out a loan in his name from another bank. While he was logged into his TSB online account and waited for the bank’s fraud department to deal with his phone call, he saw how two sums – £5,000 and £4,000 – were stolen from his account in two transactions. Of that money stolen, some £7,000 had been set aside for his wedding.
“Had they answered their fraud line promptly, none of this money would have been taken because it could have been stopped. I literally watched the money go out of our account,” said Mr. Alford, who shares the account with his fiancée.
He is one of many TSB customers who said that they have had money taken from their accounts. Action Fraud, the UK police unit that deals with scams, has said that the number of reports of fraud that target TSB’s customers has increased more than tenfold in 2018 – from around 30 in April to over 320 in May. This is after the ne’er-do-wells have launched campaigns that aim to take advantage of the bank’s technical issues with migration of customer data to a new IT system.
According to The Times, (this article is behind a paywall) some of the victims were robbed of five and six-figure sums after falling for phishing messages that asked them to input their login credentials. [This article on CSO actually shows what phishing attacks targeting TSB’s clients look like.] In addition, nearly two million people were recently locked out of their accounts for days due to the bank’s technical woes.
Meanwhile, Mr. Alford claims that he was not bamboozled to hand over his personal information to fraudsters. Instead, he believes that he’s one of the victims of a “SIM swap” aka “SIM split” scam – a kind of ploy of which Action Fraud issued an alert last year. In a scam that can be used in conjunction with phishing, attackers impersonate a victim and dupe his or her mobile network provider into swapping the victim’s phone number to a SIM card controlled by the attackers. Among other things, this gives the scammers the ability to get hold of passcodes that not only banks often use for two-factor authentication.
There appears to be a happy ending in sight, however. A TSB spokesperson was quoted as saying that “[i]f customers have been a victim of fraud as a direct result of our recent IT issues they won’t be left out of pocket”. The bank has refunded a portion of the stolen cash to Mr. Alford.