Cyber criminals are taking advantage of TSB’s recent IT problems to exploit customers using mobile phishing attacks.
Wandera, a mobile software security company that monitors and blocks global mobile threats, revealed that there was an 834% increase in “TSB-themed phishing attacks” in May compared to April. The surge in attacks is linked to TSB’s IT outage during its migration to a new banking system. Cyber criminals targeted TSB customers at a time when they were at their most vulnerable.
According to Wired, the phishing attacks encourage TSB customers to click a fraudulent URL and enter their credentials to file a complaint against the company. Instead, customers inadvertently hand over access to their bank accounts.
Ian Thornton-Trump, chief technical officer at Octopi Managed Services, said:
When a ‘change’ goes wrong and so publicly like TSB’s, it’s like cyber blood in the water. Cyber criminals pay attention to companies rocked by internal scandals or public ‘ball drops’ and react accordingly.
TSB staff are trying to resolve the problems that caused the outage, but in the meantime fraudulent transactions are not being tracked or verified as quickly as they should be.
Alan Woodward, a cyber security specialist from the University of Surrey, said:
Criminals can pretend to be the bank and ask customers to undertake strange actions that under normal operations would seem suspicious. Customers might be so delighted to actually be able to access their web banking that they might just let their guard down that little bit more than usual.
How can I spot a phishing email?
There are a number of ways to spot a phishing email. They are often sent from an unfamiliar email address, are badly written and contain links or attachments to unrecognised sites that you are encouraged to open.
If you have any doubts about the legitimacy of an email, do not click any of the links. Hovering your mouse over the link or address will reveal the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you were expecting, so always double-check before you click.
If you are still unsure, contact the company or individual using the details you already have for them and log in to any accounts from a separate browser. Never use the contact details provided in the email.
Phishing attacks are becoming increasingly sophisticated, and the lack of basic knowledge about them only increases their success. It is therefore vital that people know how to identify and respond to a phishing attack.