Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":761,"date":"2018-03-30T17:35:48","date_gmt":"2018-03-30T17:35:48","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=761"},"modified":"2019-04-17T10:53:30","modified_gmt":"2019-04-17T10:53:30","slug":"do-you-trust-your-bank-not-to-spam-you-read-this","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2018\/03\/30\/do-you-trust-your-bank-not-to-spam-you-read-this\/","title":{"rendered":"Do You Trust Your Bank Not to Spam You? Read This"},"content":{"rendered":"

$\"6562.jpg\"$ Banks seem to be getting an awful lot of media attention these days, and for all the wrong reasons. Take, for example, back in 2013, when scandalous news broke<\/a> that several large banks in the UK were infected with Conficker, their systems zombified on a botnet and spamming like good little zombies. That\u2019s horrific news for anyone who actually uses a bank to keep their money safe, and as for your personal information, forget about it. That ship sailed a long time ago \u2013 banks will sell you down the river for a few meager sheckels.<\/p>\n

But shouldn’t the role of banks be toprotect your hard-earned money and<\/em> your information? Like other systems that require super-duper protection (air traffic control systems, power generation grids, nuclear missile silos, for example), bank data centers should be some of the most secure sites in the world, right?<\/p>\n

Common sense meet miserly bankers. You see, that type of hardware and software requires some serious bucks, and if the UK banking model is any example, then it appears that they\u2019d still be using IBM Selectrics if they had a say in the matter. In fact, we\u2019ve seen activity on their servers dating back to 2011 that suggest malicious users have settled in for the long haul. And if you think you\u2019ll be protected by El Regulatory bodies that are supposed to ensure the banks don\u2019t get away with murder, just take a look at what happened at the Information Commissioner\u2019s Office (ICO), per The Register<\/em>.<\/p>\n

According to a recent article<\/a>, the ICO declined a chance to launch an inquiry into Santander Bank. The Boston-based bank has a footprint in the UK, and in 2013, it became public that the company has a bit of a Trojan problem. And we\u2019re not talking about contraceptives. According to El Reg<\/em><\/a>, Santander customers were getting deluged with \u201ctrojans and other junk to email addresses exclusively used with the bank.\u201d SC Magazine<\/em> reported<\/a> in November that Santander Bank and NatWest FastPay were both investigating allegations of security breaches, so it\u2019s safe to say that they knew about the breaches long before they became public.<\/p>\n

But now it\u2019s April 2014, and the beleaguered customers of Santander are still being spammed with junk and malware from Santander, and at least two users have filed complaints with the ICO, according to El Reg<\/em>. Great, you say, now we\u2019ll see some results, right?<\/p>\n

That\u2019s a big fat no. The ICO, normally associated with action<\/a> and still fines against anyone with the audacity to spam strangers, said they won\u2019t proceed with an inquiry because they lack \u201csufficient evidence,\u201d according to El Reg<\/em>. Santander, of course, has decided to run dark and run deep, and hasn\u2019t responded to repeated requests for comment.<\/p>\n

The Register reports that \u201cattacks against unique email addresses registered with Santander bank have continued since [November], giving rise to concerns that the bank may have had a data breach. Some of the emails feature the surname of recipients, a piece of information not included in the unique email address itself of one affected customer.\u201d<\/p>\n

The breach was first detected by Belgian security firm MX Lab, and it wasn\u2019t hard to track down the offending zombie sites because the email addresses being used should only have been known to Santander, the UK Government Gateway, and NatWest FastPay.<\/p>\n

\u201cI\u2019ve received an invite for what looks to be a \u2018money mule\u2019 job sent to the leaked email address … but rather scarily the subject field is populated with my SURNAME (which doesn’t form any part of the email address),\u201d Santander client Andrew told El Reg. \u201cSo it appears rather likely that REAL NAMES leaked with the email addresses. This takes the leak to a whole new level. I wonder whether phone numbers and addresses leaked too?\u201d It\u2019s difficult to say whether Andrew\u2019s fears are justified, but The Register<\/em> points out that there\u2019s \u201cno suggestion that there\u2019s any problem with Santander’s online banking system. Instead the issues centres on unaddressed fears that email addresses supplied to the bank somehow leaked out.\u201d<\/p>\n

Of course, there\u2019s always the risk of user error here, but that\u2019s unlikely. The sheer number of people with similar circumstances and experiences pretty much debunks the idea that users gave themselves up to exposure. There\u2019s an ongoing discussion board at Money Saving Expert where users have been sharing their frustrations.<\/p>\n

Irrespective of the reason why, the more disturbing thought now is the ICO\u2019s refusal to delve into the issue. And that may be in part due to a recent court ruling in the UK<\/a>. It\u2019s pure speculation, but it\u2019s not like the ICO to take this lying down.<\/p>\n","protected":false},"excerpt":{"rendered":"