- Online Fraud Advice
So…..on Sunday I had a large sum of money taken out of my account as a fraudulent transaction.
Here’s what happened in brief:
Login into bank online banking….get asked for security details, provide them, website crashes….when I log back in, notice that my account is lacking a big chunk of the balance. Phone up the bank fraud line, they say that the funds will be refunded within 1 working day, reset all info etc
Fast forward to today…..phone up the bank to see whether or not my new card is in the post, ask to hear my balance and realise that the money isn’t in there! After a long hold, I’m told that I was misinformed on Sunday and that the bank are not liable to refund me as in providing my details on a phishing website (even though I logged in through their website) that I authorised the transaction…..although they blocked the second attempt to empty my account!!! They’ve basically just said that they’re trying to recover the funds for me 😯 In essence, it is all of my money to my name that they’ve got (was to be buying a house shortly) probably shouldn’t have left it all in my current account but there we go.
Any tips? I’ve called action fraud etc and got a crime number….Posted 2 years ago
the bank are not liable to refund me as in providing my details on a phishing website (even though I logged in through their website) that I authorised the transaction…
But you didn’t do that, so they are liable? Seems straight forward to me.
How did you get compromised, then?Posted 2 years agojon_nMember
I think what’s happened is that the ‘online banking’ site that you went to was fake – so when you logged in and it ‘crashed’, what they had really done was harvested your credentials, then immediately logged into the ‘real’ online banking site and rinsed your account.
How did you get to the online banking site – click on a link somewhere, typed it into the address bar, saved favourite? Did you notice anything suspicious about the site that crashed – certificate errors / no https:// at the start of the link etc? Can you check your browser history to see what the address you ended up at really was?
There’s a couple of ways this could have been done – and unless it was really the real bank website that you went to, the bank isn’t liable 🙁
In future I would suggest to them that their online banking security measures aren’t good enough (static passwords, no ‘pick the third / seventh / last letter from your secret word’ type random questions, no having to confirm your identity before setting up a new bank transfer via sms / mobile etc) and that you will be moving your business elsewhere!Posted 2 years agolegendMember
After a long hold, I’m told that I was misinformed on Sunday and that the bank are not liable to refund me as in providing my details on a phishing website (even though I logged in through their website) that I authorised the transaction…..
If all you’ve said to them is that you logged in and your account has been emptied then that is a massive conclusion to jump too. I’d be back on to them to escalate the issue, or even better get into a branchPosted 2 years ago
Yeah I went through google to the website…..seems that through their website I got redirected at the login stage….the first result in my web history is the legit coop web address (could this still be a none legit site though?) afterwards at the login in stage, the web address has changed slightly.Posted 2 years agokm79Member
Does the bank website not ask you to verify a “new” bank transfer via a 3rd level security ?
The online banking wabsite should only allow you to transfer money to known
payees without strict verification.
This. My phone would be pinging and I’d have to enter PIN numbers sent by text for this to happen.Posted 2 years ago
It was with Co-op
Was asked to use the card reader to update security details on the website….which in actual fact was authorising a payment I guess! Still can’t quite believe that the card reader worked with a fake website, and that a 5 figure transaction was allowed to go through…..nothing even remotely that much money is sent normally!!Posted 2 years ago
Still can’t quite believe that the card reader worked with a fake website
the card reader just needs the key points (usually payee account number and amount) but that could be put to you as “enter these security numbers into your card reader” etc
Given it’s fairly clear youve been phished, Id be trying to isolate the point at which you were redirected from what you say is the authentic CoOp site.Posted 2 years ago
we had this a few years ago with S’der who use a OTP code – long story short something seemed fishy and the site crashed and I logged in again they managed to take abt 4K out before I logged off.
S’der refunded the money though and asked us to download Rapport for future use.
Looked like we had some malware on the computer at the time.
All the best and hope you get it resolvedPosted 2 years agothe-muffin-manMember
This sounds really odd.
On my card reader you put your debit card in, enter the PIN number associated with that card at it generates the 8 digit code. Unless the random 8 digit codes is a ruse to make you think it’s more secure!
Hope you get it sorted – not good to hear Co-Op are washing their hands of it so quickly.Posted 2 years agobailsSubscriber
Horrible situation OP, hope you get it sorted.
What address were you redirected to, out of curisoity. Was it
Or was it the change to https://bank.co-operativebank.co.uk
(I don’t bank with co-op, I’ve just gone on their website and clicked the link to see the change).Posted 2 years agowwaswasSubscriber
I can’t really help but I would go and sit in a branch until they let you talk to someone who can do something or at least give you a path to get to where you want to be.
I’d be using the assurance given on Sunday as a reason why you didn’t escalate it there and then and possibly have more chance of recovering the funds rather than where you are now 48 hours later.
I’d also contact consumer advice orgs outside of the ombudsman.
Banks always seem to be able to recover money when it’s their own they’ve transferred in error.Posted 2 years ago
Had a long phone call to the ‘head of the fraud team’ (yeah right!) about an hour ago…..he apologised for the information given on Sunday, said that he is looking into it, and will have an answer (to my request that they do indeed refund the money!) within 24 hours. I’ll not be holding my breath! Think the next port of call will be to go through the financial ombudsman……then to look into selling organs failing that!Posted 2 years agomartinhutchMember
‘Trying to recover the funds for me’
Was it a BACS transfer? Are they attempting to reverse it? Since it’s clearly a fraudulent transaction (so much so that they blocked the second attempt), they should be moving heaven and earth to get that reversed for you.
What authentication does the account log-in use – is there any extra authentication or just a static password? Are there any restrictions, perhaps additional verification, on making a payment from a new device or terminal? Again, if the bank are being unhelpful, perhaps the ombudsman would have a view on what security systems should be the default for online banking.Posted 2 years ago
Those URLs are both legit. With .co.uk domains, the part immediately to the left is the domain name and the part before that is the host, the server name if you like.
So, if you went from http://www.domainname.co.uk to bank.domainname.co.uk you’ve just changed to a different server within the same organisation. If you’re redirected from bank.domainname.co.uk to bank.otherdomainname.co.uk though, this is potentially a different organisation entirely, so possibly a scammer.
Note that they can be sneaky, co-operative.bank.co.uk looks legit at first glance, but it’s not. Renember, it’s what’s directly next to the .co.uk that’s important, anything else is window dressing.
(For the benefit of fellow geeks, this is an oversimplification for clarity).Posted 2 years ago
Cheers for the advice and well wishes chaps, let’s hope that some good comes from this situation…..hard to describe how I feel to be honest! I’m not a money driven person at all, but more money than I’ve had before or will likely have again getting taken in this way is pretty crap!Posted 2 years agoleffeboySubscriber
This is really horrible but if the address is correct as you say then even using the card reader they would have to be doing some sort of man in the middle attack and I didn’t think that was possible with https
The only thing I can think is that you have something that is fooling your browser into showing a url that is wrong but that isn’t so easy
In any case it looks as though it would gave caught almost anyone. Im off to split up my accounts 🙁Posted 2 years ago
The topic ‘Online Fraud Advice’ is closed to new replies.