Credit Card Fraud
Discussion
Red Devil said:
In which case you have yet to answer how LLoyds Bank plc managed to provide an incomplete company registration number for itself.
Not to mention incorrect and out-of-date information for C&G. If it's genuine as you say it doesn't inspire confidence in their checking/proof reading methods.
If they are that sloppy, what else might they be deficient about? I guess I'm not as sanguine as you seem to be.
It could be a scammer, it could be they just don't have as many standards as you may expect.Not to mention incorrect and out-of-date information for C&G. If it's genuine as you say it doesn't inspire confidence in their checking/proof reading methods.
If they are that sloppy, what else might they be deficient about? I guess I'm not as sanguine as you seem to be.
I see some appalling and some excellent emails both legitimate and scam on a daily basis.
I don't simply go off what they say, I look at where they actually came from and I don't think I can be much more consistent in saying to check the headers to be sure either way.
FiF said:
Still don't havd any idea how they got the card number.
General impression is that the card provider don't give a stuff that it's criminal activity. Cost of doing the business.
probably one of the ones where an employee from either them or a company that has used your card has sold it on. Or a hacker has hacked a 3rd party company that you've used in the past.General impression is that the card provider don't give a stuff that it's criminal activity. Cost of doing the business.
Red Devil said:
The bits in bold mean diddly squat.
I was just addressing the points raised earlier in the thread. Considering all the information together allows you to build up a picture of whether the email is genuine or not.Red Devil said:
So what if it is the correct e-mail address? If it was a clickable link in the e-mail it could easily be spoofed.
All I'm saying is that the email was from this address and the a reply from the OP is directed to the same address.Red Devil said:
As for the company information in the footer it took me less than 10 minutes to find it all in the public domain. Do you really think a scammer couldn't do likewise?
Ok great. Phishing scams don't generally work in this way though. They often deliberately contain spelling mistakes to prey on those who don't undertake due diligence.Red Devil said:
You are also wrong about it being correct to the letter.
Nope I'm not. If you receive an email from an LBG employee it would contain the exact same footer.Red Devil said:
For example the registered addresses/numbers are listed at Companies House.
The one for Loyds Bank plc is incorrect: it is missing the four zeros at the beginning.
Lloyds Bank Plc was established a long time ago, hence the 4 digit company registration number. The leading zeros are often omitted in these cases.The one for Loyds Bank plc is incorrect: it is missing the four zeros at the beginning.
Red Devil said:
The Cheltenham and Gloucester one is complete tosh. Both rookie mistakes.
C&G may well be closed for new business but the entity Cheltenham and Gloucester plc still exists and is owned by LBG.Red Devil said:
The non-geographic post code is hardly a big deal either. It's the undelivered mail one on the reverse of every Lloyds statement envelope!
Again, I was addressing a point made earlier in the thread. Also, would a fraudster invite you to make contact with a genuine postal address?Red Devil said:
In amongst many other things, the Lloyds Bank Privacy statement says this.
If we decide to use email to contact you, we will only do this if we have ensured that using email will not put your information at risk, or, if you have requested we email you, that we have explained the risks of sending an "insecure" email and that you are happy to accept that risk.
I don't see any such caveat in the e-mail the OP received.
That would be because it's been deemed as not putting your information at risk. The OP has been asked for minimal information in order to locate their account.If we decide to use email to contact you, we will only do this if we have ensured that using email will not put your information at risk, or, if you have requested we email you, that we have explained the risks of sending an "insecure" email and that you are happy to accept that risk.
I don't see any such caveat in the e-mail the OP received.
Red Devil said:
Btw, care to share with us what your position within Lloyds is? I hope you are aware of this bit from the Privacy statement (my bold)
All our employees are personally responsible for maintaining customer confidentiality.
I won't be sharing my position but I am well aware of all the policies that I have to comply with.All our employees are personally responsible for maintaining customer confidentiality.
You can waffle all you like, you could be CEO of Lloyd's Banking group, the advice to the OP still stands that he should only communicate by means of verified addresses that he knows to be the correct ones as verified from sources independent from this received mail and using email addresses and or phone numbers that he has personally entered.
The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
FiF said:
You can waffle all you like, you could be CEO of Lloyd's Banking group, the advice to the OP still stands that he should only communicate by means of verified addresses that he knows to be the correct ones as verified from sources independent from this received mail and using email addresses and or phone numbers that he has personally entered.
The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
Yet that isn't what I'm saying nor am I disagreeing with the advice.The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
The OP questioned the emails authenticity and was concerned about fraud. Based on the facts available and my knowledge as an LBG employee I'm just reassuring the OP that it is indeed a genuine email.
Edited by bugmenot on Monday 20th November 20:18
bugmenot said:
FiF said:
You can waffle all you like, you could be CEO of Lloyd's Banking group, the advice to the OP still stands that he should only communicate by means of verified addresses that he knows to be the correct ones as verified from sources independent from this received mail and using email addresses and or phone numbers that he has personally entered.
The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
Yet that isn't what I'm saying nor am I disagreeing with the advice.The claim that it's genuine because why would they tell you to write to an address is, frankly, empty rhetoric.
The OP questioned the emails authenticity and was concerned about fraud. Based on the facts available and my knowledge as an LBG employee I'm just reassuring the OP that it is indeed a genuine email.
Edited by bugmenot on Monday 20th November 20:18
Ever wondered why folks are wary of banks. The day of the friendly bank that is there to look after you disappeared years ago, just another money grabbing set of sods constantly trying to sell us stuff.
Escapegoat said:
OP. Reply to the email, telling the 'bank' that you are not sure if it is a legit email, and asking the 'bank' to ring you on the telephone number they have for you.
That will settle it.
And what if the perps (assuming it is fake) call the number that is correct because they have harvested it from some devious means that got the email.That will settle it.
Just call the bank on a known number and delete the mail after the issue is dealt with.
FiF said:
But it would be still more helpful if instead of just attempting to justify why this rather poor communication is authentic you Also kadmitted that there is a general problem and people should always be very wary in these situations and highlight best practice. Instead it comes across as an attempt at a placatory nothing to see here. Maybe you are genuine, maybe you're not.
What would be the purpose of me knowingly causing the OP unnecessary worry and distress? This thread concerns the OP's specific situation and my original post was intended to reassure him that the email was genuine.Best practice has been highlighted by others already and I'm certainly not dismissing that.
FiF said:
Ever wondered why folks are wary of banks. The day of the friendly bank that is there to look after you disappeared years ago, just another money grabbing set of sods constantly trying to sell us stuff.
And you accused me of waffling...jmorgan said:
And what if the perps (assuming it is fake) call the number that is correct because they have harvested it from some devious means that got the email.
Just call the bank on a known number and delete the mail after the issue is dealt with.
Is it really beyond your wit to think of questions you would ask them that would settle it?Just call the bank on a known number and delete the mail after the issue is dealt with.
If so, it's no wonder that fraudsters find enough gullible people for scams to work.
Escapegoat said:
jmorgan said:
And what if the perps (assuming it is fake) call the number that is correct because they have harvested it from some devious means that got the email.
Just call the bank on a known number and delete the mail after the issue is dealt with.
Is it really beyond your wit to think of questions you would ask them that would settle it?Just call the bank on a known number and delete the mail after the issue is dealt with.
If so, it's no wonder that fraudsters find enough gullible people for scams to work.
People compromise your information in many ways. They fake and scam away. Hacking company databases is the norm now apparently. Equifax ring a bell? Yahoo maybe? Going to trust an employee with a grudge with your secret passwords?
My card has been nobbled a few times. Three occasions it was probably done through a database hack reckoned the bank security guy, not what I have done online or someone looking over my shoulder at a cash machine (might have bought online not necessarily the bank database hacked/stolen/sold). Firms hold lots of information in a firms preferred method of storage, go after that then pretend to be the bank calling, secret passwords and everything.
I had one card that was done as an inside job, it was a spare emergency card never used. Nothing logged online. Replacement sent out as the date was up and the letter unopened. Several transactions immediately on that new card number and on the date before it had arrived. I had some trouble explaining that I could not have been in the US or Spain on the same date and that my passport was out of date anyway. They relented in the end.
And yes, if the letter looks like it has been tampered with, I contact the bank straight away and have done.
DELETED: Comment made by a member who's account has been deleted.
James TiT said:
Never use mothers maiden name as a security question.
I've recently had a rash of identity theft occurring too.1. I'm pretty sure someone is breaking into my post box and stealing my mail.
2. Equifax leaked a load of information https://arstechnica.co.uk/information-technology/2...
3. The banks where people are perpetrating the fraud (Barclays and Santander in my case) both require the use of mothers maiden name - it's built into their automated systems and they won't use anything else (some organisations keep a number of bits of information and you can choose that they 'ask you another one'.
4. I'm not sure that lying about your mothers maiden name is a good idea - you end up having to know who you said what to - a bit like another password token. One lie leads to another and you end up losing your veracity.
Barclays recently demanded that I supply them a new, made up, mothers maiden name which i refused to do (because of number 4). I demanded that they introduce alternative options for authenticating (i.e. number 3). I'm asking them to improve their security measures/processes, they're asking me to lie about something.
I agree that letting your mothers maiden name be used so broadly seems like a really bad idea, I would like to see that phased out as once it's known by a fraudulent party it opens lots of doors.
Hilts said:
Provide a verifiable contact telephone number.
This isn't always reliable it seems. One one of the cases of fraud I've recently suffered, I received sms messages from Barclays saying "congratulations on updating your phone number". Went to the branch to see what this means, and the mobile phone number on my account had indeed been changed and mine was no longer there. It's rather worrying as I still don't feel secure at Barclays (where I have my mortgage and some sizeable savings), as they've facilitated the creation of 3 accounts over 2 seperate occasions (a month apart) by fraudulent actors. I'm not convinced it's at an end yet.
Edited by gavsdavs on Tuesday 21st November 10:16
OddCat said:
I'm betting the email is genuine. It looks like Lloyds are responding to an email sent to them by the OP from which they have been unable to identify him....
Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
This right here explains why people get scammed. The bank time and time again state they do not ask for any information via email. Yet your betting its real. Ffs. Its a scam, oh wow they put in the right address, who cares. Thats to fool you to send the details back via email. Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
hotchy said:
OddCat said:
I'm betting the email is genuine. It looks like Lloyds are responding to an email sent to them by the OP from which they have been unable to identify him....
Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
This right here explains why people get scammed. The bank time and time again state they do not ask for any information via email. Yet your betting its real. Ffs. Its a scam, oh wow they put in the right address, who cares. Thats to fool you to send the details back via email. Question is, what did the OPs original email to Lloyd's say and to what email address did he send it ?
OddCat said:
Surely the OP has contacted Lloyds by now to confirm the validity of the email ?
Bad Company, where are youuuuuuuuuu...............????
What I have done is send the email to - emailscams@lloydsbanking.com but they haven't yet responded. I also sent it to of-london.pnn.police.uk Bad Company, where are youuuuuuuuuu...............????
I have a letter from the bank regarding the fraud / complaint arrived today, there was no mention of the email.
I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
bad company said:
What I have done is send the email to - emailscams@lloydsbanking.com but they haven't yet responded. I also sent it to of-london.pnn.police.uk
I have a letter from the bank regarding the fraud / complaint arrived today, there was no mention of the email.
I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
Good plan. I think you are gong to find that the email is real though.....I have a letter from the bank regarding the fraud / complaint arrived today, there was no mention of the email.
I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
bad company said:
What I have done is send the email to - emailscams@lloydsbanking.com but they haven't yet responded.
And they won't do since it's an automated inbox.bad company said:
I have a letter from the bank regarding the fraud / complaint arrived today, there was no mention of the email.
I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
They may be unaware since the email wasn't sent from the fraud or complaints teams. Why not ask the disputes team?I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
bugmenot said:
bad company said:
What I have done is send the email to - emailscams@lloydsbanking.com but they haven't yet responded.
And they won't do since it's an automated inbox.bad company said:
I have a letter from the bank regarding the fraud / complaint arrived today, there was no mention of the email.
I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
They may be unaware since the email wasn't sent from the fraud or complaints teams. Why not ask the disputes team?I need to speak with the bank again early next week regarding this and will ask them but I'm sure it's a scam email.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff