Just discovered all my bank accounts have been cleared out.

It would appear its all been done over the phone with transfers into another bank account. They’ve changed all my contact details and preferences in internet banking, applied for a loan and drawn all the money out of my flexi-loan, current accounts and overdraft facilities.

The bank account into which they’ve paid it has been set up in a name very close to mine. They’ve known my mother’s maiden name, where my place of birth is on my birth certificate (which is technically wrong), and because they’ve already changed contact details this has been verified by calling me back.

2 weeks of sustained attacks on my account has left me with thousands of pounds of debt, though the bank are refunding and amending everything for me.

I haven’t had any phishing calls/emails, I’m anal about virus detection on my PC, I follow all the reccomendations from the banks yet they still cleaned me out.

Just letting folk know as a reminder to check accounts regularly, and if you use internet banking do regular checks for oddities in personal details.

Sorry to hear that and I hope it’s all sorted soon, just out of interest what bank do you use?

Please tell us it wasnt santander………….

Dumpster diving?

Do you shred your personal documentation?

It isn’t just electronic stuff that they can get you with…paper documents can also turn up valuable data for identity theft…

Jesus and youre a copper ****

You haven’t shopped at superstar have you…?

🙂

A joke. SSC have been ok when I’ve used them.

Op, terrible chap. Hope it comes good soon for you. Barstewards.

Bad times but the Bank seems to be sorting you out.

I think it unlikely to be a dumpster dive, you don’t have passwords / maiden names and place of birth type stuff on anything you throw out. My guess is it will be an inside job with an employee of some company that has all your details stealing / selling on this sort of data. Very had to prove/track down the source but have you opened an account anywhere recently and provided all this stuff?

Happened to me a few years ago (HSBC). It’s sickening. I didn’t believe it when the cash machine wouldn’t give me any money and my balance read zero. I was sick when I checked my statement (was a stressful enough time as it was without adding insult to injury!).

I got the money back eventually, and any bank charges etc dropped but it’s not the point.

Hope it gets sorted quickly for you. I opened new accounts in new numbers etc to be sure as well. Right PITA.

Always use a credit card!

After I got done to my overdraft limit, I alway use a credit card to shop – online or in stores. Never had the bank card done since (as it never comes out now), but the credit card has just been done, barclaycard spotted it very quickly and managed to reverse most of the transactions before they were authorised

Somebody cloned by credit card and spent a fortune abroad and at home, inc Waitrose Home delivery. Got it all refunded. Amazed that Waitrose accept CC payment and delivery to a non CC address, but obviously they do – cost them a few hundred as the payment was reversed when I was refunded.

My brother had someone use his card to buy Oyster Card top ups for months before he noticed. They were very subtle and just took £5 every week or so, so got away with it for ages before he realised as he worked in London, so also bought Oyster Card top ups.

Other way round for me – use company debit card to buy services (regular payments made every month). Every 3rd or 4th month they decide to stop authorising the payments leaving us with hassle sorting it out, we have to ensure we keep unbroken access to the services (online ticketing systems for clients etc). Every time they call I ask them to white list but it never helps.

Bummer 🙁

I use my credit card and have it set up so it texts me when I go over £500. I still got done for £3500 though. Got the money back and 3 yrs later I heard from the Police to say that they were prosecuting. 1 acquitted, 1 fined £8000, 1 jailed for 6 months…

Picking up on what someone else has put if you are a bobby, my suggestion would start with HR and your personal records from the day you applied to join the job as when I had a look at mine the other day, everything was there including all the unusual stuff ie details from birth certificate, banking details, companies that I have had secured finance through, all sorts of stuff. I know many forces have or are switching to computerised records, whats happened to your old paper records particularly with national vetting details with all your accounts on etc etc etc.
Unfortunately in this day and age anything can go missing from any ‘secure’ organisation.

My bank is HSBC the recipient was Barclays. Luckily they made a very common error with my name, which helped flag it up. I’m a total control freak with document security. I shred anything with our name on, let alone personal details, before it goes in the bin.

The info’ they did have could only have come from certain sources – all based around my birth certificate. They had my Mother’s maiden name & the place I was born. The thing is with the place of birth, I know it’s from my birth certificate because that document is actually incorrect & I never list this on any applications etc.

HSBC have been brilliant; I had to go into branch for a few hours today and sift through my accounts, and the lady stayed well after closing to get it sorted. Because it was last thing on Friday I was told that although I’d get every penny back, I wouldn’t get it until Monday. I’ve just checked my account & it appears they have pushed it through this evening. It looks like every penny has been returned.

Always use a credit card!

My cards weren’t cloned so it won’t make any difference. They stole my identity somehow, setup accounts in my name, hacked my Internet banking to change loads of personal details then used telephone banking to make £k’s of transfers and obtain a loan. HSBC have made a big error by allowing me to change security details over the phone, which then opened the door for the transfers.

setup accounts in my name

I’d be interested in exactly how they did that, and the bank (Barclays?) ought to be providing copies of authentication documents to the Police – you have reported it haven’t you?

I’d be interested in exactly how they did that, and the bank (Barclays?) ought to be providing copies of authentication documents to the Police – you have reported it haven’t you?

They won’t cos they don’t care. Unless it’s millions of pounds, it just gets covered by the bank without a second thought.

My step-mum was a victim of identity fraud in a similar way, someone took out a loan of about £15,000 in her name and withdrew it in cash from the branch. My Dad found out when letters and statements about the repayments started coming to their home. They went into the branch and my Dad asked about police etc, the bank were just like “oh, it’s only a small amount”. 😯

Turned out to be an inside job, employee at the bank.

We are with Halifax and they seem to have a pretty good system whereby any time we move money online, a code number comes up on the screen then we receive a text confirming we are about to move the funds and to repeat the code. Looks impressive but I bet it could be hacked….

Oh – so those nasty plastic security calculators HSBC send out are completly useless?

Glad it wasn’t Santander as you would still be waiting. 6 weeks without our account when it was victim of a hacking. Always have a back-up account to work from, though the manual payments for the mortgage and all the other deductions was a drag.

Oh – so those nasty plastic security calculators HSBC send out are completly useless?

Yes & No.

The Fraud dept tried explaining it to me. When you log in it does protect you but if someone is ‘watching’ your computer in the background, once you into Internet banking they can get certain information from you. They think its to do with the Yellow button; when you set up a new payment you need to re-enter your pass code then press yellow, which generates a transaction code that you enter. One of the hacks they have found is that the baddies send you a random security check in the firm of a pop up whilst your on Internet banking. It says something along the lines of “to continue your session please enter your pass code then press yellow”. They then have your code as they’re logging your key strokes.

By any chance had you been involved in an RTA earlier in the day, and the other party wrote their insurance details on the back of some very important legal documents?

You have seen Changing Lanes right?

Glad it wasn’t Santander as you would still be waiting

Those nice people at Santender and HSBC regularly send me emails asking me to verify my online banking security details.
Oddly enough, I don’t have an account of any sort with either institution…
To the OP, that’s a bastard thing to happen, hope that it’s all sorted soon as, and you manage to find out who did it and how.

Not quite sorted yet – they hammered me over my overdraft limits meaning its likely i’ll get charges further down the line. Will need to keep my eye on that. Also, I have shares via a HSBC investment thingy and I can’t see how that’s been affected.

I had thousands taken from my HBOS account, spent in the US within 24 hours on a spree. BOS didn’t even notice that there were multiple huge transactions in the US at the same time as my usual transactions in the UK, it wasn’t until I got my statement that I noticed. They weren’t bothered at all about it but gave it all back to me within a few (worrying) days.

OP – ever use Evernote? Just read this article and thought of this thread. 50 million people’s data hacked. I’m plenty sure lots of people store bank details / pin numbers etc on Evernote…

some easy obvious clues as to how they got your details and set up new accounts in your name..

birth certificate.. place of birth and mother married name and husbands name. from that you can get marraige cert and from that mothers birth cert and maiden name. with your birth certificate you can open an account utility account anything.. even change your driving licence address and get a copy of that..

despite all the checks etc etc if you want in and you have the above your in business and it only needs a little research..

OP – ever use Evernote?

Use it? I’ve never even heard of it.

birth certificate.. place of birth and mother married name and husbands name. from that you can get marraige cert and from that mothers birth cert and maiden name. with your birth certificate you can open an account utility account anything.. even change your driving licence address and get a copy of that..

This is the puzzle that leads to potential source.

My name is unusual – possibly 6 or 7 males in UK have it: My mothers maiden name is Foreign & quite rare in UK; I possess the one and only copy of my birth certificate. I’ve only ever sent this to the Passport office, and that was more than 10 years ago (my passport has lapsed and I haven’t bothered renewing it yet).

I’ve never been on a publicly viewable voters register; I shred everything with my name on it; I regularly scan my PC (which doesn’t actually contain any birth certificate information). Yet here I am.

This the warning to everyone else; I’m perhaps a little paranoid with security yet the baddies have absolutely hammered me; I shudder to think what they do to people less suspecting than I.

Thanks for the comments everyone. Check your accounts daily..!

The Fraud dept tried explaining it to me. When you log in it does protect you but if someone is ‘watching’ your computer in the background, once you into Internet banking they can get certain information from you. They think its to do with the Yellow button; when you set up a new payment you need to re-enter your pass code then press yellow, which generates a transaction code that you enter. One of the hacks they have found is that the baddies send you a random security check in the firm of a pop up whilst your on Internet banking. It says something along the lines of “to continue your session please enter your pass code then press yellow”. They then have your code as they’re logging your key strokes.

That is surely only a problem if your computer is compromised – so if you think it’s not, they didn’t get into your internet banking that way.

It’s odd – I don’t know if they did or not get in that way, but HSBC they believe they did this And via Telwphone banking.

All of the transactions have been via telephone banking. Before attempting any transaction they’ve been into Internet banking and changed all my contact details. They’ve then pleaded ignorance on the phone, claiming to have forgotten passwords. Telephone banking have checked my contact details, rang back and reset security but with their details. They’ve then transferred all the money via telephone banking. They can’t do this via Internet banking even if they’ve got my passcode – they need to have the calculator/dongle/password generator in their possession to do this, but they can change details that gives credence to their story on the phone. It’s clever, i’ll give them that.

So what have you done with your computer if you believe HSBC that there is a keylogger installed on it?

If they really did get in that way, it means you’ve been compromised in two completely different ways if they’ve also used information which has never been via your computer. I’m not suggesting that’s not the case, but Occam’s Razor leads me to think that there’s some other single way in which has allowed them access to all the information they need. Now assuming all you’ve told us is accurate, then I’m really, really struggling to think of any way other than an inside job – which might explain why HSBC are so keen to suggest plausible means of compromise where you’re in some way at fault…

It is obviously only anecdotal but I have done a few of these cases and it has always had an inside job element . Ocram’s razor indeed all your details are only stored in two places inside your head and on the banks computer . Only one of those places is readily accessible to someone with the skills to set up a bank account on the system .

Not as bad as this, but I had a similar thing happen with Vodafone.

Someone rang up claiming to be me and somehow got my address changed, upgraded my phone and contract and had the new phone sent to ‘my’ new address.

I only found out when someone from customer services rang my mobile to ask hoe I was getting on with my new phone & contract….

One of the blokes I spoke to while getting it all sorted admitted that if people say the can’t remember their PIN, then more often than not the customer service person will eventually just let them gain access! I asked him to clarify what he meant by this and he wouldn’t repeat it.
They set me up with a second PIN and 2 more security questions and not one person asked for these during any of the phone calls I had to make to get it sorted.

They wouldn’t even put me back on the contract I had been on & the offer of an ‘upgraded’ phone by way of an apology was the cheapest Sony Ericsson that they had.

I’m now with T-Mobile.

My name is unusual – possibly 6 or 7 males in UK have it: My mothers maiden name is Foreign & quite rare in UK; I possess the one and only copy of my birth certificate.

Perhaps that’s how they did it. Start with them knowing your name – go to the public records office and ask for a copy of your birth certificate. If your name was John Smith the chances of them finding the right John Smith are miniscule, but with an unusual name it’s easy. But they also need to know who you bank with and what your login name is?

There’s mention of a keylogger in earlier posts – perhaps a packet sniffer is more likely. Does your PC connect over wifi or wire?

It would be interesting to know many people use their actual place of birth and mother’s maiden name on important data, and how many use something different?

There’s mention of a keylogger in earlier posts – perhaps a packet sniffer is more likely.

If they could get the information using a packet sniffer, then there’s something even more wrong with the bank’s systems. Anything going over wifi also goes over the internet, hence should be properly encrypted. A keylogger circumvents such encryption by detecting your keystrokes before they are encrypted.

The human part of any computer security system is almost always the weak link.

i had a similar issue with Nat west a few years ago,i threatened to go to the Police,they said,No,as they have a fraud dept who deal with it,they were also partly to blame,as there security had been breached,they did however return the money,i then closed all the acoounts,i no longer bank with them..

Hmmm. Glad I don’t use online banking. I burn all documents with personal details. Use phone banking – First Direct. Use paypal for most online purchases except Amazon. Try to use cash for most everyday day face to face purchases.

I’ve still had the odd issue with credit card fraud though. Last time it happened they phoned me to check a transaction within a day or two of it going on. Then when I confirmed it was fraudulent cancelled the card and issued a new one. Only happened once in the last 3 or 4 years.

Mildred your email has just spammed me. I think its a virus that you opened on your pc?

Got a cleaner Mildred?

Sounds like someone with a clear access to your personal documents.

It would be interesting to know many people use their actual place of birth and mother’s maiden name on important data, and how many use something different?

I’m quite shocked that people actually use their real Place of Birth and Mothers Maiden Name for “security” questions.

I was told years ago to make up something obscure, and use those.

Nobody knows what they are apart from me (other than the places that use for security questions)
Nobody could ever guess them.
Nobody could ever find them out from public or private records either.

Its funny when I’m asked for them too 🙂

Q: mothers maiden name
A: Circusclown*

Q: place of birth
A: by the bins at the back of greggs**

(*example, **also an example)