1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

ICO decides against probe of Santander email spam scammers

Discussion in 'Security Updates' started by snoopy, Mar 21, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    ICO decides against probe of Santander email spam scammers
    Not enough 'evidence' ... while readers insist unique-to-bank addresses used.

    Evaluating the cost of a DDoS attack

    Santander customers say they are continuing to be deluged with Trojans and other junk to email addresses exclusively used with the bank months after the problem first surfaced back in November.

    At least two Reg readers have put in complaints to the Information Commissioner's Office. But the data privacy watchdog told us that it has "insufficient evidence" to proceed with an inquiry.

    The bank said it was investigating the complaints back in December amidst fears of an email database leak either at the bank or (more likely) one of its third-party marketing affiliate partners. Santander has not responded to repeated requests from El Reg for an update on its inquiry.

    Independent experts previously told El Reg that fingering the source of this type of possible leak can be difficult if not impossible, scant consolation for the multiple Santander customers at the receiving end of the ongoing junk torrent.

    This issue first surfaced last November. A Trojan was being distributed to private email addresses that should only be known by various institutions including Santander Bank, the UK Government Gateway and NatWest FastPay service. The attacks were first detected by Belgian security firm MX Lab.

    Attacks against unique email addresses registered with Santander bank have continued since, giving rise to concerns that the bank may have had a data breach. Some of the emails feature the surname of recipients, a piece of information not included in the unique email address itself of one affected customer.

    "I've received an invite for what looks to be a 'money mule' job sent to the leaked email address ... but rather scarily the subject field is populated with my SURNAME (which doesn't form any part of the email address)," Santander client Andrew told El Reg

    Full story here: http://www.theregister.co.uk/2014/03/21/santander_email_spam_mystery/
     
    snoopy, Mar 21, 2014
    #1

Share This Page