TSB today warned that malicious cyber criminals could be targeting customers with phishing emails by masquerading as the bank itself to make them divulge their account details, security PINs or passwords.
TSB's warning comes not long after a weekend upgrade of its banking systems to shift customer records from Lloyds' online systems to its own went horribly wrong, resulting in a long outage that affected millions of customers in the UK.
Long outage continues
Even though several days have passed since the upgrade was first initiated, a lot of TSB customers are still complaining on social media about not being able to access their accounts online. Incredibly, some of them who could view their accounts found that aside from their own accounts, they could also view account and transaction records of other people on their dashboards.
"I could see all my accounts, but on top of that also three accounts belonging to someone else: a £35,000 savings account, an £11,000 Isa and a business account," Matthew Neal from Hertfordshire told the BBC.
"I could see their account numbers, sort codes and transaction histories and I had access to transfer money too, if I was that way inclined. The thing that was worrying me most was: what if someone can see mine too?"
Even though TSB is still trying to ensure that all of its customers are able to access online banking, the bank had to warn customers about a new threat earlier today after being warned about the same from some affected ones.
"Customers have made us aware that they're receiving emails and tweets claiming to be from TSB. We would never ask you for your security details such as PIN or full password and we would only contact you via social media from our Official @TSB Twitter or Official Facebook page," it said.
"We support the Take Five initiative and recommend all our customers familiarise themselves with the Take Five guidance," it added.
Hackers always ready to pounce
"It was only a matter of time until this started to happen. The sheer number of the TSB customers who have been impacted by the outage makes it a no-brainer for hackers to begin targeting those affected," said Stephen Burke, Founder & CEO of Cyber Risk Aware.
"It would not be surprising if fake SMS messages (smishing) also start appearing which pretend to be two-factor authentication messages thereby giving hackers real codes they can use to login to the users’ bank account. This would be done in conjunction and targeted to those that have taken the bait in a phishing email.
"The issue here reinforces that people will blindly click on links in email or social media messages if the person believes it has come from a trusted resource. People are trusting and criminals are taking advantage of this by preying on peoples’ emotions and having massive success, mainly due to people not querying emails and their content. People need to stop and think before clicking," he warned.