Action Fraud Reports A Sharp Rise In Fake TSB Activity

The increase in the number of reports being sent to Action Fraud is in part linked to the system issue some TSB customers have experienced over recent weeks. 

Opportunistic fraudsters are using TSB’s system issue to target people with this type of fraud. TSB, or any bank, will never ask for a PIN, password or full memorable information by email or text. 

Fraudsters are commonly using text messages as a way to defraud unsuspecting victims out of money. This is called smishing (SMS + fishing). Of the smishing attempts reported to Action Fraud, 80% requested that the recipient clicks onto a website link. The second most common delivery technique reported has been email.

Fraudsters are using specialist software which changes the sender ID on text messages so that it looks like messages are being sent by TSB. In some instances, this spoofed text is being added to existing TSB message threads on victim’s phones.
Should someone click on the link within a spoofed text message and enter their personal information, the fraudsters then call the victim back and persuade them to hand over their one off code from their mobile phone. The fraudsters can then empty the victim’s account. 

Director of Action Fraud, Pauline Smith, said:

“We have seen an increase in opportunistic fraudsters sending text messages claiming to be from TSB that ask people to reply with their personal or banking details. 

“This can have a devastating effect on people, who can lose out on large sums of money.

“Don’t assume anyone who’s sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report it to Action Fraud.”

A TSB Fraud spokesperson said: 

“While our systems are safe and secure, unfortunately fraudsters are increasingly sophisticated and looking to take advantage of situations like these by approaching customers. 

“Protecting our customers’ information is our number one priority. We are doing all we can to ensure customers don’t become a victim of fraud, whether they bank with us in branch, online or via the telephone and this is something we are working on with Action Fraud and a number of external organisations. 

“We are also working with these organisations to help them identify fraudulent sites so we can take them down as quickly as possible.”

How to Protect Yourself
Don’t assume an email or text is authentic: Always question uninvited approaches in case it’s a scam. Phone numbers and email addresses can be spoofed, so always contact the company directly via a known email or phone number, such as the one on the back of your bank card. 

Clicking on links/files:
Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password. 

If you have received a suspicious TSB email, please do not respond to it, report it 

Action Fraud:         

You Might Also Read:

TSB's IT Meltdown Was Evident A Year Before:

Barclays Bank Want To Stop Cybercrime:

 

 

« Nation State Cyber Attacks Are An Act Of War
Malta Under Large Scale Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.