Categories: Blog

Tesco Bank: Money stolen from customers’ accounts – thousands affected

Last weekend brought unpleasant surprises for the customers of Tesco Bank, the banking system of a major retailer in the UK. Following a stream of suspicious online transactions, some resulting in fraudulent withdrawals, the bank decided to cease online operations on Sunday. Why is this important for all of us? Because it was the first time when a financial institution in the UK reacted so strongly to an online fraud incident and stopped its services to protect the customers.

What we know so far

Online criminal activity affecting 40,000 accounts was identified during the weekend and 20,000 customers had their money stolen with amounts varying from tens to hundreds of pounds. Immediately online transactions were ceased to protect the 130,000+ customers having current accounts, and the institution promised to refund the money lost during this incident. The alarm was triggered by the bank’s automatic fraud detection system which monitors ongoing transactions and detects abnormal situations like multiple transactions involving a single account being carried out in different places over short time intervals.

The financial institution did not offer information about the incident or how it was carried out. The initial suppositions of the media included a breach at one of the third party partner retailers or a hack, none confirmed or infirmed officially.

Later reports from the bank’s officials indicate the fact that the initial investigation identified what happened, but details are not disclosed as other investigations are still ongoing.

Customers who lost money in this incident claim fraudulent transactions were carried out from Rio de Janeiro, Brazil.

Banking services availability

Debit card online payments were still disabled on Monday, but customers can withdraw money from ATMs and use the cards in shops using pin payment security.

Official positions

“We apologize for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.” said Chief Executive Benny Higgins.

“This is just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption (…) We can’t carry on like this.” said Andrew Tyrie, chairman of the Treasury Committee.

“I’ve not heard of an attack of this nature and scale on a UK bank where it appears that the bank’s central system is the target,” said Prof Alan Woodward, a security consultant who has worked with Europol.

Opportunity for phishing

As the situation unfolds, the current context creates an opportunity for malicious attackers to carry out phishing attacks targeted at the bank’s customers. Since Tesco already sent official notifications, people expect to hear more or receive updates. Most would trust phishing messages that appear to be sent by Tesco, leading to an increased click through rate and consequently to better results for the cyber criminals.

How to avoid being a phishing victim

Express caution when receiving messages from Tesco and verify the authenticity using the official Twitter account or the official website. Verify the links before clicking and avoid giving personal information over the phone.

Official Twitter account: https://twitter.com/TescoBankNews

Website: http://www.tescobank.com/

Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.

Check out the BBC report on the matter here: http://www.bbc.com/news/technology-37896273

 

This post was last modified on August 21, 2023 7:27 am

Calin Ghibu

Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management. Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.

Share
Published by
Calin Ghibu
Tags: filemonitor

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023