Credit Card Fraud
Discussion
bugmenot said:
SpaceCowboy said:
Do not reply to that email.
I worked as a Fraud Investigator for Lloyds Banking Group and cannot recall a single instance where I or any of my colleagues contacted a customer by email. Nor can I recall it even being an option made available to us.
Occasionally a text message would have been sent, but only after we had first tried to make contact by phone without success.
Because the fraud teams never communicate with customers by email. But the disputes teams do.I worked as a Fraud Investigator for Lloyds Banking Group and cannot recall a single instance where I or any of my colleagues contacted a customer by email. Nor can I recall it even being an option made available to us.
Occasionally a text message would have been sent, but only after we had first tried to make contact by phone without success.
I don't care if a zillion alleged Lloyd's employees come on here and say that's a genuine name and a genuine address bla bla, I will not advise the OP to take those posts on face value and just click reply and comply with the request for information. Potentially as shady as ....
Communicate with them using phone numbers and email addresses you know are correct, and tgat YOU have typed into the address box. If you find it's dodgy, please report it.
gumshoe said:
OddCat said:
I'm betting the email is genuine. It looks like Lloyds are responding to an email sent to them by the OP from which they have been unable to identify him....
Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
No it's not. And if they were replying to the OP or if it was from Lloyds they would not write Dear Customer, they would write Dear Mr XXXXX.Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
They would know who they are communicating with.
Re Good Morning, rather than Dear Mr X, maybe that is just a style thing. Or maybe Lloyd's trying to be as vague as possible. Or the writer is a bit cr@p.
Nahhh. This is Lloyds trying to make contact after one if their operatives took a call re the fraud but failed to get sufficient detail.
Yes. Just to be on the safe side. OP should call Lloyd's on an independent number and raise his concerns. I'm still betting the kid who sent the email does exist and did send it (from Lloyd's). It makes no sense otherwise.
Gavia said:
bad company said:
Scary, I wonder how they managed to get their message to join the genuine ones?
The best advice is never to call the number in the message, only call the number on your debit or credit card.
No idea, but it’s poor form from Barclays to not give a sThe best advice is never to call the number in the message, only call the number on your debit or credit card.
t. Their advice was as dull as “just delete the text and ignore it” with no thought for what the wider impact could be on more vulnerable customers. 
FiF said:
bugmenot said:
SpaceCowboy said:
Do not reply to that email.
I worked as a Fraud Investigator for Lloyds Banking Group and cannot recall a single instance where I or any of my colleagues contacted a customer by email. Nor can I recall it even being an option made available to us.
Occasionally a text message would have been sent, but only after we had first tried to make contact by phone without success.
Because the fraud teams never communicate with customers by email. But the disputes teams do.I worked as a Fraud Investigator for Lloyds Banking Group and cannot recall a single instance where I or any of my colleagues contacted a customer by email. Nor can I recall it even being an option made available to us.
Occasionally a text message would have been sent, but only after we had first tried to make contact by phone without success.
I don't care if a zillion alleged Lloyd's employees come on here and say that's a genuine name and a genuine address bla bla, I will not advise the OP to take those posts on face value and just click reply and comply with the request for information. Potentially as shady as ....
Communicate with them using phone numbers and email addresses you know are correct, and tgat YOU have typed into the address box. If you find it's dodgy, please report it.
bad company said:
Scary, I wonder how they managed to get their message to join the genuine ones?
The best advice is never to call the number in the message, only call the number on your debit or credit card.
SMS allows you to set any alphanumeric characters as the sender, it doesn't have to be a number.The best advice is never to call the number in the message, only call the number on your debit or credit card.
So the scammers set it to BARCLAYS and the iPhone automatically adds it to the list of messages received from them.
To be clear: NEVER call a number or click a link in an unexpected text message
OddCat said:
So we are suposed to believe that fraudsters, who have the OPs card details, randomly and by pure fluke emailed him at an email address not linked to the card and asked him for the last 4 digits of a card that they already knew ?
No; this is a coincidence. OP got a mass-mailed phishing email not long after being in touch with Lloyds. Many thousands of others also got that message. Most of those won't be Lloyds customers, some of them will be and a few of them will reply with the info the scammers want.[b]What makes you think that the people who sent the email have the OP's card details?[b]
Escapegoat said:
[b]What makes you think that the people who sent the email have the OP's card details?[b]
What ? The OP just happens to be in communication with Lloyds re a fraud issue on his Lloyds card and he gets a purely coincidental scam email purporting to be from the Fraud Dispute Department ? Thats a little bit too coincidental for me. The OP said his card was being used by fraudsters and the impression was that the same people were now behind the email (given the him being targetted by two completely unrelated scammers buth in respect of Lloyds is to much of a stretch). Hence they would know his number.
Occams Razor situation here.The email from Lloyds is too specific and relevant to the card fraud issue not to be genuine......
Edited by OddCat on Sunday 19th November 21:54
This is from an email telling me I have a new CC statement :
'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
Hilts said:
This is from an email telling me I have a new CC statement :
'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
Once you initiate contact with a specific department of the bank, and you leave insufficient details other than your email address, what are they (the bank) supposed to do ? 'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
If the OP received this at a Yahoo account then it's likely to be genuine as the lloydsbanking.com domain has a DMARC record which is at p=reject, causing all fraudulent email sent from the domain to be deleted by participating mailbox providers- of which Yahoo is one.
Still doesn't change the fact that it's an ultra-Phishy email to have sent.
The SMS stuff- there's no protection at all against spoofing, Barclays are likely blasé as there is absolutely nothing they can do to stop it.
Still doesn't change the fact that it's an ultra-Phishy email to have sent.
The SMS stuff- there's no protection at all against spoofing, Barclays are likely blasé as there is absolutely nothing they can do to stop it.
OddCat said:
Once you initiate contact with a specific department of the bank, and you leave insufficient details other than your email address, what are they (the bank) supposed to do ?
Provide a verifiable contact telephone number.Banks just don't ask for any details by email. It does not happen.
But if you want to give the info go ahead. It's...
rxe said:
I’ve also had the Barclays one. In amongst the genuine texts (e.g you’ve added a payee), there was a fraud message saying someone had spend £1400 on my card in Sports Direct in Tel Aviv (WTF, they have that god awful store there?). I then got an automated call (as expected) asking me to confirm/deny that it was me - what got my attention was “enter sort and AC”, rather than their usual “have you ever lived in Peckham” style questions.
Called them direct though the app, it was all bks, no fraud, no Sports Direct. They seemed remarkably unconcerned.
Dead giveaway. There isn't a Sports Direct in Tel Aviv.Called them direct though the app, it was all b
ks, no fraud, no Sports Direct. They seemed remarkably unconcerned. Never trust a scam.
Hilts said:
This is from an email telling me I have a new CC statement :
'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
'M&S Bank will never contact you by email or otherwise to ask you to validate personal information such as your user ID, password or account numbers.'
Never had a bank or credit card company ask for any details through email or phone. It's just such an obvious phish.
Hilts said:
Provide a verifiable contact telephone number.
Banks just don't ask for any details by email. It does not happen.
Yet a recent communication I had from Lloyds said "we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information".... and... the OP is not being asked to provide any security information or logon details.Banks just don't ask for any details by email. It does not happen.
I'm not saying the OP should reply with the details and I understand why you would (and should) be cautious, however, this is a genuine email.
Fraudsters wouldn't ask you to send an email reply to the company domain name (lloydsbanking.com) or by post to the company's address. They would also be looking for more information than a name, post code, 4 digits of a card number. Also, for reasons that OddCat has pointed out, a phishing attempt just doesn't seem to be plausible explanation for this email.
OddCat said:
gumshoe said:
OddCat said:
I'm betting the email is genuine. It looks like Lloyds are responding to an email sent to them by the OP from which they have been unable to identify him....
Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
No it's not. And if they were replying to the OP or if it was from Lloyds they would not write Dear Customer, they would write Dear Mr XXXXX.Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
They would know who they are communicating with.
Re Good Morning, rather than Dear Mr X, maybe that is just a style thing. Or maybe Lloyd's trying to be as vague as possible. Or the writer is a bit cr@p.
Nahhh. This is Lloyds trying to make contact after one if their operatives took a call re the fraud but failed to get sufficient detail.
Yes. Just to be on the safe side. OP should call Lloyd's on an independent number and raise his concerns. I'm still betting the kid who sent the email does exist and did send it (from Lloyd's). It makes no sense otherwise.
I get at least 10 of these types of email purporting to be from all major UK banks (some I don't even have accounts with... interested to hear what your view on that is
) to one of my email addresses.Unless you know the email address is completely clean, never used on a compromised machine and never given to anyone other than JUST the one bank (and they've not admitted to any leaks/hacks) there is a massive chance you will be receiving phishing emails at some point.
bugmenot said:
Lloyds employee here and I have a couple of thoughts.
I believe the name in the email is actually somebody within the credit card disputes team at Lloyds Banking Group.
The credit card disputes team do communicate via email and LloydsDisputes@lloydsbanking.com is the correct email address for them. "$Lloyds Disputes" is an internal alias.
The email footer with the registered office information is automatically added to emails sent by Lloyds and in this case it's correct to the letter.
The post code BX1 1LT is used exclusively by Lloyds and any mail sent there would be internally forwarded to the correct department.
In regards to Lloyds not having this particular email address, by any chance have you ever used this email with Halifax, Bank of Scotland or any other part of Lloyds Banking Group?
Banks wouldn't ask you to send them security or login details via email. But the request here is quite reasonable and normal in that they would indeed need your name and post code to locate your account(s) on the system and the last 4 digits of the card number to identify the particular card in question.
The problem is that you haven't actually sent an email to them. The only genuine explanation I can think of is that in dealing with your fraud case they needed to raise a dispute internally but maybe not enough information was provided by the fraud agent?
The bits in bold mean diddly squat.I believe the name in the email is actually somebody within the credit card disputes team at Lloyds Banking Group.
The credit card disputes team do communicate via email and LloydsDisputes@lloydsbanking.com is the correct email address for them. "$Lloyds Disputes" is an internal alias.
The email footer with the registered office information is automatically added to emails sent by Lloyds and in this case it's correct to the letter.
The post code BX1 1LT is used exclusively by Lloyds and any mail sent there would be internally forwarded to the correct department.
In regards to Lloyds not having this particular email address, by any chance have you ever used this email with Halifax, Bank of Scotland or any other part of Lloyds Banking Group?
Banks wouldn't ask you to send them security or login details via email. But the request here is quite reasonable and normal in that they would indeed need your name and post code to locate your account(s) on the system and the last 4 digits of the card number to identify the particular card in question.
The problem is that you haven't actually sent an email to them. The only genuine explanation I can think of is that in dealing with your fraud case they needed to raise a dispute internally but maybe not enough information was provided by the fraud agent?
Edited by bugmenot on Sunday 19th November 18:52
So what if it is the correct e-mail address? If it was a clickable link in the e-mail it could easily be spoofed.
As for the company information in the footer it took me less than 10 minutes to find it all in the public domain. Do you really think a scammer couldn't do likewise?
You are also wrong about it being correct to the letter. For example the registered addresses/numbers are listed at Companies House.
The one for Loyds Bank plc is incorrect: it is missing the four zeros at the beginning. The Cheltenham and Gloucester one is complete tosh. Both rookie mistakes.
The non-geographic post code is hardly a big deal either. It's the undelivered mail one on the reverse of every Lloyds statement envelope!
In amongst many other things, the Lloyds Bank Privacy statement says this.
If we decide to use email to contact you, we will only do this if we have ensured that using email will not put your information at risk, or, if you have requested we email you, that we have explained the risks of sending an "insecure" email and that you are happy to accept that risk.
I don't see any such caveat in the e-mail the OP received.
Btw, care to share with us what your position within Lloyds is? I hope you are aware of this bit from the Privacy statement (my bold)
All our employees are personally responsible for maintaining customer confidentiality.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff