Professional Images

Huge rise in TSB-themed mobile phishing attacks after IT meltdown

Scammers have used bank’s IT problems as an opportunity to target its customers with mobile phishing attacks

The number of phishing attacks targeting TSB customers leapt by 843% in May compared with April as fraudsters took advantage of the bank’s IT meltdown.

Following a Computer Weekly request, mobile software security company Wandera, which monitors and blocks global mobile threats, found that in April, for 100,000 UK devices using Wandera security, there were 28 TSB-themed phishing attacks.

But in May, following TSB’s public IT turmoil, 236 such attacks were found by monitoring the same 100,000 devices.

This rise in attacks was sparked by the turmoil suffered by TSB customers when its banking system went offline during the migration of customer accounts to a new core banking platform.

Scammers targeted TSB customers desperate for information and support, recognising their vulnerability to phishing scams in messages purporting to come from the bank.

Towards the end of April, TSB moved millions of customer accounts from the systems of Lloyds Bank, which had hosted them since TSB was separated from Lloyds, to a new core banking platform from its current owner, Spanish bank Sabadell.

Some customers found themselves locked out of their accounts and saw money disappearing from accounts. Some were even able to view other customers’ accounts.

Wandera’s investigation found that in May, TSB was the second most used bank brand by scammers attempting to obtain customer details. PayPal was the only financial services brand used more often by scammers.

Read more about the TSB IT migration disaster

Back in April, TSB did not even appear in the top five. “TSB appeared in the top five financial services apps to be impersonated for attacks for the first time this year, showing that TSB was not a high priority for phishers prior to this incident,” said Wandera.

“This isn’t the first time hackers have leveraged global events to add credence to their phishing campaigns. Wandera’s machine learning mobile intelligence engine, MI:RIAM, recently detected and intercepted traffic in transit between thousands of devices and malicious third parties impersonating the UK government.

“These SMS phishing attacks were well timed after the culmination of the tax year to encourage unsuspecting victims to log into their accounts and part ways with their credentials.”

Read more on IT for financial services