Posted on: 30th April 2018
Most of us are aware of the (still ongoing) IT meltdown that major banking company TSB has been experiencing and as we enter the second week of problems, it appears that everything is still not quite sorted.
It all started when a data migration from one IT system to another went wrong, and resulted in nearly 2 million mobile and online banking customers unable to access their accounts or make payments.
The issues have been dubbed as “one of the worst crises in British banking” (sounds like they could do with our help!) and it is extremely likely that this will tarnish TSB’s reputation for a long time to come. But enough about how much of a mess this situation is, because we’re sure you’ve probably already read all about it!
So, why has this whole TSB scandal been brought to our attention and inspired us to write a blog about it? Well, amid all the commotion, we have observed that thousands of TSB customers are taking to social media to vent their frustrations.
Don’t get us wrong, social media can be a brilliant platform for having a little moan, because the likelihood of your issue being addressed and remedied is much higher – (no company wants their customers expressing their disgust to a large following!) but with that said, in situations like this, it really is best not to sing and shout about the issues you may be facing.
Why shouldn’t you be telling everyone about your issues?
As Technical Director, Joe Burns explains, “I’ve noticed (particularly on Twitter) that a lot of people are publicly moaning about their account issues with TSB Bank. A word of warning, with my ethical hacking hat on, by making public you’re a TSB customer and you’re having issues accessing your current account or mortgage, you’re telling hackers to harvest your information which they’ll use for quite a specific and targeted phishing attack “. (You can follow Joe on LinkedIn here)
Customers have made us aware that they’re receiving emails and tweets claiming to be from TSB. We would never ask you for your security details such as PIN or full password and we would only contact you via social media from our Official @TSB Twitter or Official Facebook page.1/2
— TSB (@TSB) April 30, 2018
But, how would that work?
When hackers see an abundance of people complaining that they are experiencing issues with their online banking (or issues of a similar nature) they probably have dollar signs in their eyes! Because what better way to know which people to target with a spear phishing email, than people who are openly admitting their problems?
Calling all @tsb customers, since none of us are likely to see our money in the near future for luxuries such as food and bills, shall we set up our own economy based on bottle tops as currency? #TSB #tsbdown #tsbfail
— Matty (@mattypullan) April 24, 2018
It would be as simple as a hacker either creating a fake Twitter or Facebook profile and then messaging you- probably asking you to click on legitimate looking links and enter confidential banking information (which they can then use for their own personal financial gain).
Other methods could include researching your social media usernames and finding out your email address from websites such as pipl, which they could use to gather information about you from and then form a convincing sounding email.
In some cases, if a hacker can gain enough information about you they could steal your identity.
We did warn our followers over on our cyber security twitter page last week that this kind of thing could happen and it seems our predictions have come true, as we saw TSB warning customers about the rise in phishing emails to TSB customers since the start of the problems.
Pyranet’s top tips
- Don’t broadcast any issues that could make it obvious to hackers that you are in a vulnerable position. (Obviously, there’s a difference between moaning at Frankie and Benny’s for serving you a cold hot dog and publicly letting your bank know your online banking isn’t working) But the point is, either way, you should be mindful that the response you get from whatever your complaint is, may not always be genuine.
- If it’s too late and you’ve already vented on social media, just be vigilant about any correspondence you may receive from the alleged other party. E.G. if ‘TSB’ send you a private message or it appears they have tweeted you, be mindful that it may not be a response from the official company Twitter – so don’t rush to put your details into anything you may receive. Call the company if you are unsure.
- We endorse the ‘take five’ initiative. Look at the advice on the stop fraud website.
- Read our guide on how to spot spoof emails
- Look on a company’s Twitter profile if you want to hear about updates, or email their customer service team. Alternatively, give them a call.