Last weekend brought unpleasant surprises for the customers of Tesco Bank, the banking system of a major retailer in the UK. Following a stream of suspicious online transactions, some resulting in fraudulent withdrawals, the bank decided to cease online operations on Sunday. Why is this important for all of us? Because it was the first time when a financial institution in the UK reacted so strongly to an online fraud incident and stopped its services to protect the customers.
What we know so far
Online criminal activity affecting 40,000 accounts was identified during the weekend and 20,000 customers had their money stolen with amounts varying from tens to hundreds of pounds. Immediately online transactions were ceased to protect the 130,000+ customers having current accounts, and the institution promised to refund the money lost during this incident. The alarm was triggered by the bank’s automatic fraud detection system which monitors ongoing transactions and detects abnormal situations like multiple transactions involving a single account being carried out in different places over short time intervals.
The financial institution did not offer information about the incident or how it was carried out. The initial suppositions of the media included a breach at one of the third party partner retailers or a hack, none confirmed or infirmed officially.
Later reports from the bank’s officials indicate the fact that the initial investigation identified what happened, but details are not disclosed as other investigations are still ongoing.
Customers who lost money in this incident claim fraudulent transactions were carried out from Rio de Janeiro, Brazil.
Banking services availability
Debit card online payments were still disabled on Monday, but customers can withdraw money from ATMs and use the cards in shops using pin payment security.
“We apologize for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.” said Chief Executive Benny Higgins.
“This is just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption (…) We can’t carry on like this.” said Andrew Tyrie, chairman of the Treasury Committee.
“I’ve not heard of an attack of this nature and scale on a UK bank where it appears that the bank’s central system is the target,” said Prof Alan Woodward, a security consultant who has worked with Europol.
Opportunity for phishing
As the situation unfolds, the current context creates an opportunity for malicious attackers to carry out phishing attacks targeted at the bank’s customers. Since Tesco already sent official notifications, people expect to hear more or receive updates. Most would trust phishing messages that appear to be sent by Tesco, leading to an increased click through rate and consequently to better results for the cyber criminals.
How to avoid being a phishing victim
Express caution when receiving messages from Tesco and verify the authenticity using the official Twitter account or the official website. Verify the links before clicking and avoid giving personal information over the phone.
Official Twitter account: https://twitter.com/TescoBankNews
Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.
Check out the BBC report on the matter here: http://www.bbc.com/news/technology-37896273