As many as 20,000 Tesco Bank customers have had money stolen from their accounts in a hack attack on the bank over the weekend. But what can savers do to protect themselves. Ray Crisp reports
THE hacking of Tesco Bank customer accounts is the “most serious” ever to hit the UK banking sector, security experts believe. Around 20,000 users of Tesco Bank have had money stolen from their accounts, with online transactions now frozen after “suspicious” activity was spotted over the weekend.
Online security experts say the attack should spark both consumers and the banks themselves into becoming better prepared to deal with cyber threats.
Peter Roe, from IT analyst firm TechMarketView, says: “This looks like the most serious, and certainly the most visible, of the various difficulties suffered by the UK banking sector in recent times. The number of accounts affected suggests that this is a systemic failure of security around Tesco’s core database.
“As many banks breathe a sigh of relief that it is not their names in today’s headlines, they must surely recognise the scale of the problem. The sector needs to re-double its efforts in cyber-security. No-one is safe.”
Mark James, security specialist at cyber security firm ESET claims the move towards more digital transactions made similar attacks inevitable.
“Banks are a very desirable target; scamming individuals has relatively small rewards but if you can target the bank at source the rewards could be massive,” he adds. “This is not the first time we have seen direct hacking attempts for major banks in the UK and, with more and more people embracing online or mobile banking, we will see these types of hacking attacks becoming more successful.
“As cash seems to be used less and less, our lives are becoming more digital; even small payments these days are often covered by cards or mobile payments. If you increase the footprint, you increase the risk.”
Tesco has taken online transactions offline temporarily as a “precautionary measure” and has promised to refund any customers who have had funds stolen.
So how safe is it to use online banking?
As the use of online services has risen, with more than half of Britons using internet banking in 2015 according to the Office for National Statistics, so has the security around it. The majority of banks in the UK – including Tesco Bank – now use what is known as two-step authentication, where users must enter additional security information beyond just a username and password. Some even require an extra passcode sent to the user via text message in order to prove their identity.
Given the level of security many customers are wondering how hackers have been able to target their accounst.
The majority of hacks that take place occur due to criminals fraudulently obtaining user details. This predominately occurs by phishing, where emails and text messages are sent to users pretending to be from official sources but in fact come from hackers. These look to steal details by either tricking users into following a link and entering them into a fake website, or the link will download malware onto a user’s computer that then captures account details.
So how can falling for these attacks be avoided? Banks advise customers to be vigilant over emails they receive that appear in any way suspicious, and to avoid clicking on any links in them. Most banks also say they do not ask for security details over email or text, and users should instead contact banks directly by phone to discuss account details.
Consumer group Which? has a list of seven points to help identify an attempted fraud, including being contacted out of the blue, an offer being too good to be true, and being pressured to respond quickly and with personal details. The group also says users should look out for vague contact details, spelling and grammatical mistakes or being asked to keep the correspondence quiet.
The cause of the attack is yet to be confirmed, but Mr James says that, while there were several possible scenarios, Tesco must ensure its customers are kept up to date.
“It could be any number of reasons and as often in these cases we won’t know until Tesco’s allocated authorities have found more information. It could be mass harvesting of credentials, cards, ATMs, infiltration of the banks systems, but Tesco will need to keep the public informed if they want to come out of this on top.
“Whilst no system is 100 per cent safe, keeping the victims well-informed of your current operations, cause and future defences are what’s needed.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here