Is venting about banking troubles on social media a bad idea?

Going by the experience of the customers of Britain's TSB, it's likely to increase your chances of being targeted by fraudsters and scammers.
12 June 2018

TSB’s customers got targeted by fraudsters when venting online on Twitter. Source: Shutterstock

When our bank gives us trouble, it’s almost second nature to rant about it on social media.

However, as customers of Britain’s TSB found out, fighting the urge is a good idea if you want to protect yourself from fraud and other cyber attacks.

When the bank’s customers were locked out of their accounts recently (during an IT migration), several took to social media to complain. Fraudsters took the opportunity to glean their personal information, piece together profiles, and hack into accounts.

The bank’s Chief Executive said TSB saw the daily rate of attempted fraud on its customers spike by up to 70 times following the outage and that around 1,300 customers had money taken from their accounts.

According to experts, it’s difficult to ascertain how criminals obtain information about an account, however, activity on social media is a growing concern.

When an account is compromised, it’s usually because a customer has given their details up on social media.

Come to think of it, whether it’s the name of your spouse or mother or the town you were born in, the usual answers to the “secret questions” to resetting your banking profile are all available online.

TSB’s botched computer-systems migration have cost around GBP70 million (US$93.81 million) so far, its Spanish parent Sabadell said on June 7.

In fact, Andrew Bailey, the head of the UK’s Financial Conduct Authority, has announced that the organization will investigate the IT migration. A panel of British lawmakers said they have lost confidence in TSB’s CEO, Paul Pester.

Following the migration, fraudsters used fake text messages and emails claiming to be from the bank to trick customers into revealing information and accessing their accounts.

TSB customers reported 749 phishing attempts in May after the bank’s IT troubles became widely known, up from just 30 the previous month, according to Action Fraud, the UK’s national cyber crime reporting centre.

So, how can customers protect themselves?

Protecting yourself in a digital world is not the easiest thing. However, there are some basics that can make you a more difficult target compared to your peers and friends – which is enough to cause hackers to move on.

Update your software and apps:

Make sure you’re upgrading and updating your software and apps. Not just your banking apps but also your operating system.

Use Microsoft Windows? Don’t postpone those updates – they generally include new security patches to protect you from malware and worms that have recently been discovered.

Use two-factor authentication when possible:

Two-factor authentication is a simple security feature offered by most banks that takes protection to a whole new level.

Check with your bank if they offer such a solution and make sure you enable it.

Ideally, it means that you’ll need more than a password to log-in. In most cases, you’ll either get a code on a digital token or on your mobile phone. In some cases, you’ll be issued a special card or key that plugs into your USB port.

Use social media carefully:

First things first, make sure your private information is not public.

Your date and year of birth, the name of your spouse and children, your city of birth, and other important things should ideally be removed – especially if you use them as “secret answers” to regain access to your accounts.

Ideally, hide your email address as well so that it’s difficult to connect your social handles to your email, making it difficult for hackers trying to construct a “profile” to help them hack into your account.

Check your credit report frequently:

The way that many hackers and cyber fraudsters work is that they don’t take money away from you immediately, at least not in a way that you’d notice.

They often use a “profile” they’ve constructed of you to create new accounts in your name to launder money or borrow money in your name if you’ve got a strong credit score.

Double checking your credit report every month/quarter can really help make sure things are in order.

If you spot something fishy, inform the police first instead of trying to get in touch with the customer representatives of the financial institution that has suddenly popped up on your report.

Be cautious about emails from your bank:

If you get an email from your bank, check if it really came from the bank.

Lazy phishers will just use an email address created on Gmail. However, those that pay attention to their craft, especially those targeting high-value “customers” will mask their email ID to make it appear as if it’s coming from the bank.

Try to check the domain on the email before clicking on anything.

Also, when you’ve clicked on a link in a bank-related email, watch your status-bar. If at any time you see an address that’s not part of the bank’s domain, close the browser window immediately.

Another thing you can do when you click on links from your bank’s email is to make sure the bank’s website has a valid security certificate.

You can spot this by looking at the green lock next to the address on the address bar. It’s absence indicates something is fishy.