May Saw Massive Increase in TSB Phishing Scams

There has been a massive increase in TSB phishing scams over the past month. In April, TSB bank transitioned to a new core banking system. Previously, TSB data had been on a system provided by Lloyds, although following the takeover by Spanish bank Banco Sabadell, data needed to be moved to its banking system.

When customer accounts were transferred to the new system, many customers were locked out of their accounts. The outage lasted for more than 5 days, during which time many customers could not gain access to their accounts or their money. Bank transfers were directed to incorrect accounts and money disappeared from several customers’ accounts.

TSB anticipated problems with the changeover and has waited almost three years to make the change. However, the potential savings from moving to the new Proteo4UK system were too great to ignore. TSB expects to save around £160 million a year by using the new system.

Such a major update could see many things go wrong and they did. The migration commenced on April 20, 2018 and customers immediately started experiencing problems accessing their accounts. Customers turned to Twitter and other social media platforms to express their anger and the scale of the issue became clear. It did not take long for scammers to take advantage.

There has been a sharp rise in TSB phishing scams since the IT issues started. Scammers are using emails and text messages – SMiShing – to send malicious links to TSB customers. The emails and SMS messages direct users to malicious websites that collect login credentials to TSB bank accounts.

The fraudulent websites have been designed to look exactly the same as the genuine TSB site in all but domain name. Once credentials are harvested, the scammers contact customers via text or phone to ask for the authorization codes sent to mobile phones under TSB’s 2-factor authentication controls. Once the code is obtained, bank accounts can be accessed, and funds transferred.

A study conducted by mobile software security company Wandera showed 28 phishing scams were detected in April by the 100,000 customers that use its security services. That figure jumped to 236 in May.

The UK’s national reporting center for fraud – Action Fraud – has similarly detected a sharp rise in TSB phishing scams via text message and email. By the end of the third week in May there had been 321 phishing scams reported compared to 30 the previous month. Reports of cybercrime related to TSB scams doubled from 24 in April to 51 in May.

TSB customers should be on high alert. TSB never requests PIN numbers or confirmation codes via email, text message or over the phone and security information such as passwords or full memorable information will never be requested by text or email.

“We have seen an increase in opportunistic fraudsters sending text messages claiming to be from TSB that ask people to reply with their personal or banking details,” said Action Fraud Director, Pauline Smith. ““Don’t assume anyone who’s sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report it to Action Fraud.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of