I pit internet banking

I’ve been having the day from hell here. This morning I got a letter from my bank warning about possible internet fraud. I phoned the bank as requested and found that both my accounts had been cleaned out in the last 2 days - over £14,000.
It was sneaky the way they did it - I got an email supposedly from Abbey national security saying that they’d installed a new security system and that I should log in to check that my e-account was still working. The log in page looked exactly as it always does, but when I tried to log in I got a message that there was too much traffic and to try again later - that was how they got hold of my credit card number and passwords of course. I’ve spent the morning talking to CID and the bank - and hopefully I’ll get the money back - though they won’t say when.
I feel shocked - violated even. First thing I do when I get down to the bank again is take my account off-line. How did they know I’m an Abbey customer though, or that I used the e-banking service?

Who says they had to know?

Send that message out to a few million addresses, your bound to hit a few who use that bank and that service…

(FYI: If you don’t already know, this scam is called “phishing” and it’s quite popular. Lots of people have fallen for it. Google that phrase and you’ll get tons of info on it.)

I’m so sorry this happened to you; I can’t even imagine. 14K pounds is a crapload of money. Very best of luck in getting it back.

It’s a filthy scam, and one that has had many, many victims. I hope it all works out for you okay.

That totally sucks! I hope everything comes out ok.

I’m sure you’ve figured this out by now, but nevernevernever follow a link from an email to get to your bank. Use the shortcut that you already have. Since you’re taking it back offline, I guess it doesn’t matter.

Bizzarly, I got an email awhile ago from Sallie Mae (the company that manages what’s left of my student loans) saying that they had changed their site and I would be logging in differently. Convenient links and all. I’d heard of phishing scams before, so I went directly to their site. Suprisingly, the email was legit, and they had changed their login procedure. I was kind of pissed, because Sallie Mae was going against the trend of “We will never send you an email asking for login info” that most online sites follow, and basically legitimizing other phishing attacks.

Not that anybody could do much with my login, other than know how much I owe. There’s some private info on there, name and address and such, but no payment info or anything. Still, I didn’t appreciate it.

Good luck, ZombiesAteMyBrain. Wish I could help more.

One piece of advice that I’ve seen is that, if youi get an email which counld be a phish, give an incorrect password the first time you log on to the site you get directed to (and of course don’t give sensitive information like credit card numbers or social security numbers at that stage. If it’s the correct site, you’ll get a message saying that you put the wrong password in, and asking you to trry again. If it’s a fraudulent site, it will act as if you put the right password in.

Once piece of advice that I’d like to give is that, if you get an email which could be a phish, don’t do what it says! Banks should know better than send notices like that via email anyway.

Now Giles, that’s not 100% guaranteed. While that may work for most phishing scams right now, it wouldn’t be much extra work for the scammers to verify the information you gave them directly with your bank using the real logon page.

My recommendation would be to bookmark the real URL of your bank, and if you get any emails at all, go to that site, or phone the bank direct.
My bank doesn’t even know my email address, and even if they did, if they sent something to me using such an unverifiable, easily forgable, unsecure method as email, I’d have something to say to the bank manager.

Man, that sucks big time. That scam has been doing the rounds for a while now, and it’s unfortunate that you hadn’t heard of it before becoming a victim.

Hope that everything works out in the end, and that you get your money that. 14 grand is a fuck of a lot of cash.

Good luck!

Especially when it’s about USD 25K

I get these from Citibank on a regular basis. The problem is, even when the source is legit, it can be fishy; one of Citibank Japan’s own executives got busted recently for scamming accountholders.

One thing I thought about doing, but haven’t yet, was making my savings account inaccessible online, such that the only way to get money in/out of it is to actually go to the bank. No ATM access either.

Seems like a good way to protect a large balance. Worst case for online fraud they only have access to whatever’s left in my checking after paying my bills.

Don’t ever do this. Not only have you confirmed that you do in fact have an account with that institution, you’ve also given them your account name. Never go to banks or other important sites from email links, period. Never.

I think the bank was somewhat at fault. There have been quite a few of these cases with this bank and it seems that they have taken no extra security measures.
The thing is too, though, that all the withdrawals from my account were made yesterday - and, yesterday the bank wrote me a letter by snail mail saying

If they knew yesterday, why,why,why, didn’t they phone me then instead of sending a snail mail letter.

Their letter also says

But they didn’t do that - apparently my account was still acessible to the internet when my daughter took me down to the bank this afternoon. DUH!!

The guy at the bank was less than helpful - he said he was going to freeze my accounts pending the end of the investigation, and he wouldn’t let me open a new account to transfer my direct debits to. God knows what I’m gonna tell the utility companies tomorrow - “I can’t pay you but please don’t cut me off” won’t raise a lot of sympathy with those guys, I’m guessing.

As a disabled person living alone I’m dependent on direct debits and my debit card - today was my first visit to the bank in months. I’m not sure how they expect me to manage without money until they clear this mess up.

I did find out where the cash went to though - the police said it was transferred through Lloyds Bank to Kazakhstan, of all places.

I would like to pit internet banking too, but for a different reason. They make it WAY too hard.

I have a Natwest account, and all I want is to check my balance and recent transactions. So I went to their website to use that feature. I inserted my account numbers and some personal details and they gave me a unique Customer Number. Then, an activation number would come through the snail mail.

The letter came about 4-5 days later. The activation code was on a special kind of translucent plastic that I had to scratch on the backside and then put it against a white paper to read the code :smack: I can’t understand what that would accomplish. Anyway, I used the activation code and then chose a 4 digit PIN number and a password. The password has to be more than 8 characters with numbers and letters.

OK, activation completed. I then tried to log in. The form first asks for your Customer Number. Thats fine, but here comes the hard part. The form then asks for three random digits from the PIN and three random characters from the password: Eg. second, fourth and ninth. :eek:

I understand why they do it (minimize the chances that a sniffer/keylogger could catch the whole password), but I know from experience that if you make the authentication process complicated enough, then the user will put the passwords on a Post-It note and stick it on the computer monitor, which is as worse as a keylogger.

Also, if you insert incorrect codes for two times straight, then you are locked out for a couple of hours.

It’s fun to visit them sometimes…and create a script that will flood their db with random text strings for all the fields they provide. I know, it’s not hard for them to weed this stuff out, but one can hope that if you get a couple machines running this script concurrently that it may tie up the scammer resources enough to lock some people out who may be trying to provide them with real information.

Until the judicial system starts treating these people like criminals, we’re in for more of the same.

As it is now the banks pretty much write off these loses and it’s the customer for themselves.

In EG world, worm writers, trojan authors would be beaten until blood came out their ears. If the survived they would then be forced to do customer support fo AOL for the rest of their natural lives

Ugh. My total and utter sympathies. I hate to bring this up at such a shitty time, but given the destination of your absconded funds, I don’t even know where you’d check to see if you’ve been profiled (as in funneling money to terrorists, kind of profiled) in some way, as you’re in Ireland, but as I said, given your stolen moneys’ destination…I wouldn’t count it outside the realm of possibilities.

Have you contacted the authorities, I hope? As shitty as it is now, in today’s age of the War on Terror, you might be at risk for far worse a problem if someone gets a wild hair and thinks you’re funneling money to terrorist sources. =/

I keep getting emails to log in to my Citibank account to verify my information.

But unfortunately for them, I’m not with Citibank. I don’t even know Citibank. Indeed, there is no Citibank in Australia.

Which is exactly why it’s called “phishing” - they just dump the bait and wait to see who it works for.