May Saw Huge Rise in TSB Phishing Cheats

June 7, 2018


There has been a huge rise in TSB phishing cheats over the past month. In April, TSB bank switched to a new core banking system. Earlier, TSB data had been on a system supplied by Lloyds, even though after the purchase by Spanish bank Banco Sabadell, data required to be shifted to its banking system.

When customer accounts were shifted to the new system, a lot of customers were locked out of their accounts. The outage continued for over 5 days, during which time several customers couldn’t gain access to their accounts or their money. Bank transfers were directed to wrong accounts and money fled from numerous customers’ accounts.

TSB expected problems with the changeover and has waited nearly three years to make the change. Nevertheless, the possible savings from shifting to the new Proteo4UK system were too great to disregard. TSB expects to save about £160 million a year by using the latest system.

Such a key update might see several things go incorrect and they did. The relocation started on April 20, 2018 and clients instantly began experiencing difficulties retrieving their accounts. Clients turned to Twitter and other social media platforms to convey their annoyance and the scale of the problem became obvious. It didn’t take long for scammers to take advantage.

There has been a quick increase in TSB phishing cheats since the IT problems began. Scammers are using electronic mails and text messages – SMiShing – to send malevolent links to TSB clients. The electronic mails and SMS messages direct users to malevolent websites that collect login identifications to TSB bank accounts.

The fake websites have been designed to appear precisely the same as the actual TSB site in all except domain name. When identifications are harvested, the scammers contact clients through phone or text to ask for the permission codes sent to mobile phones under TSB’s 2-factor verification controls. When the code is obtained, bank accounts can be retrieved, and funds transferred.

A study carried out by mobile software safety business Wandera showed 28 phishing cheats were found in April by the 100,000 clients that use its safety services. That figure soared to 236 in May.

The UK’s national reporting center for scam – Action Fraud – has similarly found a quick increase in TSB phishing cheats through text message and electronic mail. By the end of the third week in May there had been 321 phishing cheats informed compared to 30 the preceding month. Reports of cybercrime linked to TSB scams doubled from 24 in April to 51 in May.

TSB clients must be on high alert. TSB never requests PIN numbers or verification codes through electronic mail, text message or over the phone and safety information such as passwords or complete unforgettable information will never be requested by text or electronic mail.

“We have seen a surge in cunning fraudsters sending text messages declaring to be from TSB that ask people to respond with their private or banking details,” said Action Fraud Director, Pauline Smith. “Do not accept anybody who’s sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be vigilant and inform it to Action Fraud.”