By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

TSB customers targeted by scams - how to keep safe

Opportunistic fraudsters are capitalising on the bank's widely publicised IT issues
Reena SewrazSenior Money and Retail editor

Action Fraud is warning of a sharp rise in scam text and emails preying on TSB customers following the bank's IT meltdown last month.

A total of 321 complaints have been received by the UK police's dedicated fraud tracking team since the beginning of May compared to 30 in the previous month. Over the same period, there have been 51 reports of cybercrime to Action Fraud referencing TSB, compared to 24 in the month before.

Worryingly, this has overloaded TSB's fraud hotline and we've heard from distraught victims who have seen life-changing amounts of cash emptied from their accounts being forced to wait hours on hold for help, including one Which? member who has seen £10,000 disappear from her account.

Which? explains what to watch out for and how to keep safe.

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy

TSB scams to watch out for

Opportunistic fraudsters are using the system issueTSB customers suffered earlier this monthto target people with a wave of smishing texts and phishing email scams.

We've seen a deluge of examples of them on Twitter with many non-TSB customers raising the alarm.

Gallery

1 / 3

  • caption
  • caption
  • caption

A large collection of images displayed on this page are available at https://www.which.co.uk/news/article/tsb-customers-targeted-by-scams-how-to-keep-safe-aShHx4N8YIf0

But inevitably these scams are hitting the mark and causing confusion for real TSB customers.

What is a 'spoof' text message?

A 'spoof' text message involves a fraudster disguising a message with the name of a bank or other genuine business.

The scams are particularly effective at fooling victims because of the way smartphones group messages which claim to come from the same source.

So if you already have genuine texts from TSB on your phone and a fraudster sends a message as 'TSB' your phone will automatically include it under the real ones, making it harder to tell it's a scam.

Find out more about how this ploy works in our exclusive investigationhow text message scammers pose as your bank to rip you off.

TSB scams in action

One convincing example we've seen is a spoof text that genuinely appears to be from TSB and is being added to existing TSB message threads on a victim's phones.

It says: 'Hello, TSB here. Use password 751540. Didn't request this? Please call us on 03459758758'.The text is almost identical to the messages that TSB genuinely sends about logging into your account, making the scam extremely convincing.

The number is 'spoofing' TSB's sender ID which allows it to be grouped with other TSB messages. It's also spoofing a genuine TSB phone number but those that click the link end up ringing a scammer.

On the call, the scammer is likely to ask for your internet banking user ID, full name, and date of birth - which is all the information they need to reset your password.

This will generate a genuine text, with a genuine One Time Password or OTP code which the scammer will convince you to share with them - giving them free reign to empty your account.

Has there been a data breach?

The information needed to initiate this sort of scam has led some to ask if TSB has experienced a data breach.

During the IT debacle, as well as thousands of customers being locked out of their online accounts, some were able to see the details of other customers' balances and payments when they logged on.

However, TSB insists there has been no data breach and customer details are safe.

A TSB fraud spokesperson said: 'While our systems are safe and secure, unfortunately, fraudsters are increasingly sophisticated and looking to take advantage of situations like these by approaching customers.

'Protecting our customers' information is our number one priority. We are doing all we can to ensure customers don't become a victim of fraud, whether they bank with us in branch, online or via the telephone and this is something we are working on with Action Fraud and a number of external organisations.

'We are also working with these organisations to help them identify fraudulent sites so we can take them down as quickly as possible.'

'£10,000 was emptied from my account'

TSB's fraud services seem to be buckling under the pressure as fraud victims have been left on hold when trying to report what's happened to them.

Which? member Pat Durham, from Nottinghamshire, thought something was suspicious when she got locked out of her TSB online banking two weeks ago. She went into a branch the same day and found that someone had accessed her account and managed to empty nearly £10,000 in various transactions.

The retired teacher, 64, told Which? Money she had not received any suspicious emails or texts claiming to be from TSB so has no idea how the fraudsters were able to access her account.

But she found it nearly impossible to get through to the TSB fraud team once she had discovered the life-changing sum of money had been stolen and on one day was left waiting three hours on the fraud hotline in her local branch.

When she got through she was not given any idea about if the cash would be repaid or when she could get back into her account.

Mrs Durham has since been refunded an arbitrary £8,000 - £2,000 short of what she lost, out of the blue and with no communication from TSB, leaving her confused and worried.

We asked TSB about what it's doing to help fraud victims facing hours to speak to an adviser. A spokesperson said: 'We apologise for the long wait times that customers may be experiencing. We've put in additional resources to help customers with their enquiries and we are working hard to improve call wait times.'

Your rights to a refund

Banks do not have to refund fraud victims if they can prove a customer shared sensitive information like user IDs, PINs or passwords.

However, some are calling for TSB to shoulder some of the responsibility as fraudsters capitalise on the bank's very public IT problems, which have left customers more vulnerable to falling for these cons.

Gareth Shaw, Which? Money expert, said: 'TSB customers will be looking for immediate answers to some big questions. Not only have they endured last month's IT shambles, but they now find themselves more vulnerable to fraudsters who have capitalised on the meltdown.

“The bank has a long way to go to restore its customers' trust and must take into consideration the additional consequences of its IT glitch when dealing with complaints of fraud.'

We asked TSB if it would treat customers fallen victim to fraud differently given the circumstances, a spokesperson said: 'If customers have been a victim of fraud as a direct result of our recent IT issues they won't be left out of pocket.'

This statement doesn't confirm, however, whether or not customers who fall victims of scams will be refunded in full.

Find out more in our guide to how to get your money back after a scam.

How to spot a fake TSB text, email, call or tweet

TSB has issued a warning to customers about the increase in bogus emails, texts and tweets phishing for information.

The bank has sent customers emails and updated its site with information about how to keep safe and on how to spot when a communication isn't from them.

Here are ten things it says it would never ever do:

  1. Ask you for your PIN or your online banking passwords
  2. Email you with a link directly to a web page that asks you for your username, password or any other personal details
  3. Ask you to email or text us your PINs, card details or passwords
  4. Ask you to authorise a payment or send money into a new account that you haven't already set up
  5. Ask you to bank through a website or app that isn't TSB
  6. Request that you to carry out a 'test' transaction online
  7. Ask you to make any transaction unless it's inside a branch
  8. Ask you to hand over cash or cards to anyone
  9. Talk to you on social media through accounts that aren't our official ones (Twitter - @TSB,Facebook - @Tsbbankuk andInstagram - @Tsbbank)
  10. Advise you to purchase land, diamonds or any other commodities

Find out more in our guide tohow to spot a scam

How to keep safe

You should always question unsolicited texts, calls, emails and tweets claiming to be from TSB.

Phone numbers and email addresses can be made to look authentic, so always contact TSB directly via a known email or phone number, such as the one on the back of your bank card.

Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.

If you think you have received a phishing email or text, report it to Action Fraud using theonline reporting tool.

If you have received a suspicious TSB email, do not respond to it, report it to Action Fraud and forward it toemailscams@tsb.co.uk,then delete it.

More on this

Related articles

About Us

Which? Limited is registered in England and Wales to 2 Marylebone Road, London NW1 4DF, company number 00677665  and is an Introducer Appointed Representative (FRN 610689) of the following:


1. Inspop.com Ltd for the introduction of non-investment motor, home, travel and pet insurance, who are authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635). Inspop.com Ltd is authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635) and is registered in England and Wales to Greyfriars House, Greyfriars Road, Cardiff, South Wales, CF10 3AL, company number 03857130. Confused.com is a trading name of Inspop.com Ltd. 


2. LifeSearch Partners Limited (FRN656479), for the introduction of Pure Protection Contracts and Private Health Insurance, who are authorised and regulated by the FCA to provide advice and arrange Pure Protection Contracts and Private Health Insurance Contracts.  LifeSearch Partners Ltd is registered in England and Wales to 3000a Parkway, Whiteley, Hampshire, PO15 7FX, company number 03412386.


3. HUB Financial Solutions, for the introduction of equity release advice and an annuity comparison service, who are authorised and regulated by the Financial Conduct Authority (‘FCA’) to provide advice and guidance on financial products for those who have retired or are approaching retirement (FCA Firm Reference Number: 455713). HUB Financial Solutions is registered in England and Wales to Enterprise House, Bancroft Road, Reigate, Surrey RH12 7RP, company number 05125701.


4. Alan Boswell Insurance Brokers Ltd (FRN 301), for the introduction of non-investment landlord insurances, who are authorised and regulated by the Financial Conduct Authority to provide advice and arrange insurance contracts. Alan Boswell insurance brokers Ltd is registered in England at Prospect House, Rouen Rd, Norwich NR1 1RE, company number 02591252.


Other financial services:

Mortgage service provided by London & Country Mortgages (L&C), Unit 26 (2.06), Newark Works, 2 Foundry Lane, Bath BA2 3GZ. London & Country are authorised and regulated by the Financial Conduct Authority (registered number: 143002). The FCA does not regulate most Buy to Let mortgages. Your home or property may be repossessed if you do not keep up repayments on your mortgage.


We do not make, nor do we seek to make, any recommendations or personalised advice on financial products or services that are regulated by the FCA, as we’re not regulated or authorised by the FCA to advise you in this way. In some cases, however, we have included links to regulated brands or providers with whom we have a commercial relationship and, if you choose to, you can buy a product from our commercial partners. 


If you go ahead and buy a product using our link, we will receive a commission to help fund our not-for-profit mission and our campaigns work as a champion for the UK consumer. Please note that a link alone does not constitute an endorsement by Which?.